The Hacker News

Malicious npm Packages Pose as PostCSS Tools to Deliver Windows RAT

JFrog found malicious npm packages that deploy a Windows RAT to steal Chrome credentials, run commands, and transfer files.
theregister

Shai-Hulud keeps burrowing: 314 npm packages infected after another account compromise

The most popular impacted package is size-sensor, downloaded 4.2 million times per month, followed by echarts-for-react (3.8 million), @antv/scale (2.2 million) and timeago.js (1.15 million). The ...
Microsoft

Kazuar: Anatomy of a nation-state botnet

Kazuar, a sophisticated malware family attributed to the Russian state actor Secret Blizzard, has been under constant development for years and continues to evolve in support of espionage-focused ...
GitHub

Python STC ReST API Client: stcrestclient

The stcrestclient package provides the stchttp ReST API library module. This allows simple function calls, nearly identical to those provided by StcPython.py, to be used to access TestCenter server ...
LinuxInsider

Weaponized Python and Linux Malware Target Executives and Cloud Systems

Two newly uncovered malware campaigns are exploiting open-source software across Windows and Linux environments to target enterprise executives and cloud systems, signaling a sharp escalation in both ...
GitHub

oVirt Engine API Python SDK

Note that most of the code of this SDK is automatically generated. If you just installed the package then you will have everything already, but if you downloaded the source then you will need to ...
The Hacker News

PyPI, npm, and AI Tools Exploited in Malware Surge Targeting DevOps and Cloud Environments

Cybersecurity researchers from SafeDep and Veracode detailed a number of malware-laced npm packages that are designed to execute remote code and download additional payloads. The packages in question ...
Nature

IvoryOS: an interoperable web interface for orchestrating Python-based self-driving laboratories

Self-driving laboratories (SDLs), powered by robotics, automation and artificial intelligence, accelerate scientific discoveries through autonomous experimentation. However, their adoption and ...
Frontiers

osl-ephys: a Python toolbox for the analysis of electrophysiology data

We describe OHBA Software Library for the analysis of electrophysiology data (osl-ephys). This toolbox builds on top of the widely used MNE-Python package and provides unique analysis tools for ...
The Economist

Off the Charts newsletter: Why Python is the best coding language for data journalism

This article is adapted from an edition of our Off the Charts newsletter originally published in October 2021. Off the Charts is a weekly, subscriber-only guide to The Economist’s award-winning data ...
LinkedIn

Python Deserialization Attack: How to Build a Pickle Bomb

Important: All the scripts provided are intended for cybersecurity research and training purposes only. Do not use them to attack real-world systems. Deserialization is the process of converting data ...