The Hacker News

Hades PyPI Attack: 19 Packages Poisoned to Auto-Run Bun Credential Stealer

The Miasma supply chain campaign has sparked a fresh attack wave called Hades, this time involving 37 malicious wheel ...
bitnewsbot

PyPI Spellchecker Packages Delivered Python RAT via Payload

Two PyPI packages hid a Base64 downloader in a compressed Basque dictionary, delivering a Python RAT to ~1,000 users via updatenet.work (RouterHosting/Cloudzy). The ...
TechRepublic

Old Python package comes back to life and delivers malicious payload

A recently spotted supply chain attack abused an old but legitimate Python package to deliver a malicious payload. Read more on how the attacker managed to do it and how to protect yourself from it.
bitnewsbot

DEEP#DOOR Python Backdoor Steals Cloud Credentials

Sophisticated Python backdoor DEEP#DOOR steals cloud credentials via tunneling. The attack chain begins with a batch script that disables Windows security controls and dynamically extracts an embedded ...
Microsoft

New Clickfix variant ‘CrashFix’ deploying Python Remote Access Trojan

In January 2026, Microsoft Defender Experts identified a new evolution in the ongoing ClickFix campaign. This updated tactic deliberately crashes victims’ browsers and then attempts to lure users into ...
Bleeping Computer

From infostealer to full RAT: dissecting the PureRAT attack chain

An investigation into what appeared at first glance to be a “standard” Python-based infostealer campaign took an interesting turn when it was discovered to culminate in the deployment of a ...
GitHub

leeroopedia/workflow-trailofbits-fickling-pytorch-payload-injection

This workflow uses Fickling (by Trail of Bits) to inject arbitrary Python code into PyTorch model files. When someone loads the tampered model with torch.load(), the injected code executes ...