Top open source PyPI package with over 1 million downloads each month hacked to send out malware

This was not a case of stolen credentials, but rather of vulnerability exploitation.

Open source package with 1 million monthly downloads stole user credentials

Open source software with more than 1 million monthly downloads was compromised after a threat actor exploited a ...
usace.army.mil

Natick's technical data packages have far-reaching impact

NATICK, Mass. -- Some of the most significant contributions are sometimes made quietly behind the scenes. This is the case for the team who works on technical data packages, or TDPs, at the U.S. Army ...
Business Wire

PDI Offers Tobacco Scan Data Package for Free to Single-Site and Independently-Owned C-Stores

ATLANTA--(BUSINESS WIRE)--PDI (www.pdisoftware.com), a global provider of ERP, fuel pricing, supply chain logistics, and marketing cloud solutions for the convenience retail and petroleum wholesale ...
Dark Reading

Stealthy, Thieving Python Packages Slither Onto Windows Systems

A threat actor has been delivering a "relentless campaign" since early April to seed the software supply chain with hundreds of malicious Python packages aimed at stealing sensitive data and ...
Dark Reading

60 RubyGems Packages Steal Data From Annoying Spammers

For two years now, a Korean threat actor has been publishing malicious open source software (OSS) packages designed to steal credentials from spam marketers. Are you tired of shady, throwaway online ...