New Shai-Hulud attack trojanizes 19 science-focused PyPI packages

Hackers compromised 19 packages on the PyPI, collectively downloaded hundreds of thousands of times, in a new Shai-Hulud ...
The Hacker News

Hades PyPI Attack: 19 Packages Poisoned to Auto-Run Bun Credential Stealer

The Miasma supply chain campaign has sparked a fresh attack wave called Hades, this time involving 37 malicious wheel ...
SecurityWeek

Over 100 NPM, PyPI Packages Hit in New Shai-Hulud Supply Chain Attacks

Over 100 NPM and PyPI packages were injected with malicious code in the Miasma and Hades Shai-Hulud supply chain attack ...
Dark Reading

'Hades' Campaign Against PyPI Puts New Spin on Shai-Hulud

Threat actors have struck the software supply chain yet again, this time hitting the Python Package Index (PyPI) with Mini Shai-Hulud in an attempt to spread poisoned code. In the latest campaign, ...

For the 2nd time in weeks, Microsoft packages laced with credential stealer

Dozens of cryptographically verified open source packages from Microsoft were compromised late last week to add advanced credential-stealing code that was triggered when developers opened them in AI ...
IT News For Australia Business

Mini Shai-Hulud worm injects disk wiper into Microsoft Azure PyPI package

Supply chain attacks with a Dune sci-fi saga branding continue to spread across the open-source ecosystem, with a Microsoft package being among the latest target of worm-like malware that steals ...
Transparency International

Corruption Perceptions Index 2022

The 2022 Corruption Perceptions Index (CPI) shows that most countries are failing to stop corruption. The CPI ranks 180 countries and territories around the world by their perceived levels of public ...
The New York Times

New York Times - Top Stories

Trump Says Iran Downed U.S. Helicopter and Vows to Retaliate President Trump blamed Iran for shooting down a helicopter over the Strait of Hormuz, saying the U.S. must respond. Tehran did not take ...
Transparency International

Corruption Perceptions Index 2023

The 2023 Corruption Perceptions Index (CPI) shows that corruption is thriving across the world. The CPI ranks 180 countries and territories around the globe by their perceived levels of public sector ...
Bleeping Computer

Shai Hulud attack ships signed malicious TanStack, Mistral npm packages

Hundreds of packages across npm and PyPI have been compromised in a new Shai-Hulud supply-chain campaign delivering credential-stealing malware targeting developers. The attacker hijacked valid OpenID ...
MarketWatch

U.S. Dollar Index (ICE US) Front Month

DX.1 | A complete U.S. Dollar Index (ICE US) Front Month futures overview by MarketWatch. View the futures and commodity market news, futures pricing and futures trading.
VentureBeat

Protect your enterprise now from the Shai-Hulud worm and npm vulnerability in 6 actionable steps

Any development environment that installed or imported one of the 172 compromised npm or PyPI packages published since May 11 should be treated as potentially compromised. On affected developer ...