heise online

Script Injection and Data Theft: Python Data Analysis Tool Compromised

The popular Python package for monitoring data quality was briefly available as a malicious version. Provider Elementary advises an immediate update. An attacker uploaded a manipulated version 0.23.3 ...

‘TrapDoor’ malware targets crypto dev tools in supply chain attack

Developer platform Socket says a malware called TrapDoor is targeting crypto and AI developers across npm, PyPI and Crates, aiming to steal crypto wallet info and browser data.

GitHub confirms 3,800 internal repos stolen through poisoned VS Code extension as supply chain worm hits Microsoft’s Python SDK

GitHub confirmed attackers stole 3,800 internal repositories via a poisoned VS Code extension. The same threat group, TeamPCP ...

Forcepoint details TeamPCP supply chain attack that turned LiteLLM into a credential stealer

A new report out today from cybersecurity company Forcepoint LLC’s X-Labs research team details a supply chain attack that ...
Health.com

WaterTok: Flavored Water Recipes Are All Over TikTok—But Are They Healthy?

Nick Blackmer is a librarian, fact-checker, and researcher with more than 20 years of experience in consumer-facing health and wellness content. Some people add flavor packets and syrups to their ...
GitHub

Buzur — AI Prompt Injection Defense Scanner (Python)

Buzur is an open-source 19-phase scanner that protects AI agents and LLM applications from indirect prompt injection attacks (OWASP LLM Top 10 #1). It inspects web content, URLs, images ...
Microsoft

Kazuar: Anatomy of a nation-state botnet

Kazuar, a sophisticated malware family attributed to the Russian state actor Secret Blizzard, has been under constant development for years and continues to evolve in support of espionage-focused ...
The Star

GREEN PACKET BHD

The Company's principal activities consist of research development manufacturing marketing and distribution of wireless networking and telecommunication products networking solutions and other high ...