TechRadar

JSON services hijacked by North Korean hackers to send out malware

Lazarus Group used JSON storage services to host malware in the Contagious Interview campaign targeting developers Attackers lured victims via fake LinkedIn job offers, delivering BeaverTail, ...
VentureBeat

Qwen-Image Edit gives Photoshop a run for its money with AI-powered text-to-image edits that work in seconds

Adobe Photoshop is among the most recognizable pieces of software ever created, used by more than 90% of the world's creative professionals, according to Photutorial. Built on the 20-billion-parameter ...
Infosecurity-magazine.com

Banana Squad’s Stealthy GitHub Malware Campaign Targets Devs

A new campaign exploiting GitHub to distribute malicious Python code disguised as legitimate hacking tools has been uncovered by cybersecurity researchers. The operation, tied to the group known as ...
CSOonline

Poisoned models in fake Alibaba SDKs show challenges of securing AI supply chains

Fake Alibaba Labs AI SDKs hosted on PyPI included PyTorch models with infostealer code inside. With support for detecting malicious code inside ML models lacking, expect the technique to spread.
The Hacker News

Crypto Developers Targeted by Python Malware Disguised as Coding Challenges

The North Korea-linked threat actor assessed to be behind the massive Bybit hack in February 2025 has been linked to a malicious campaign that targets developers to deliver new stealer malware under ...
theregister

GitHub supply chain attack spills secrets from 23,000 projects

It's not such a happy Monday for defenders wiping the sleep from their eyes only to deal with the latest supply chain attack. StepSecurity disclosed a compromise of the popular GitHub Action ...
GitHub

A flexible Python implementation for encoding and decoding data using various base-N encodings (e.g., Base64, Base32, Base16, Base4096, etc.). The implementation supports ...

Note: If you are looking for a faster, more robust implementation for standart encodings, use the standard library. This library goal is to provide a flexible implementation for custom base-N ...
Microsoft

Announcing the Adaptive Prompt Injection Challenge (LLMail-Inject)

We are excited to introduce LLMail-Inject, a new challenge focused on evaluating state-of-the-art prompt injection defenses in a realistic simulated LLM-integrated email client. In this challenge, ...
The Hacker News

PyPI Attack: ChatGPT, Claude Impersonators Deliver JarkaStealer via Python Libraries

Cybersecurity researchers have discovered two malicious packages uploaded to the Python Package Index (PyPI) repository that impersonated popular artificial intelligence (AI) models like OpenAI ...
Bleeping Computer

Malicious PyPI package with 37,000 downloads steals AWS keys

A malicious Python package named 'fabrice' has been present in the Python Package Index (PyPI) since 2021, stealing Amazon Web Services credentials from unsuspecting developers. According to ...
Infosecurity-magazine.com

Lazarus Group Targets Developers in Fresh VMConnect Campaign

Lazarus Group has been observed continuing its VMConnect campaign by targeting developers with new malicious software packages on open source repositories, according to ReversingLabs. The researchers ...