Bleeping Computer

Python info-stealing malware uses Unicode to evade detection

A malicious Python package on PyPI uses Unicode as an obfuscation technique to evade detection while stealing and exfiltrating developers' account credentials and other sensitive data from compromised ...
Dark Reading

Python-Based Malware Slithers Into Systems via Legit VS Code

A known Chinese advanced persistent threat (APT) group known as Mustang Panda is the likely culprit behind a sophisticated, ongoing cyber-espionage campaign. It starts with a malicious email, and ...
The Hacker News

Picklescan Bugs Allow Malicious PyTorch Models to Evade Scans and Execute Code

Picklescan flaws allowed attackers to bypass scans and execute hidden code in malicious PyTorch models before the latest ...
Dark Reading

Malicious Python Repository Package Drops Cobalt Strike on Windows, macOS & Linux Systems

Public repositories of open source code are a critical part of the software supply chain that many organizations use to build applications. They are therefore an attractive target for adversaries ...
ZDNet

Google open-sources Atheris, a tool for finding security bugs in Python code

Google's security experts have open-sourced another automated fuzzing utility in the hopes that developers will use it to find security bugs and patch vulnerabilities before they are exploited. Named ...

Malicious Blender model files deliver StealC infostealing malware

A Russian-linked campaign delivers the StealC V2 information stealer malware through malicious Blender files uploaded to 3D model marketplaces like CGTrader.
Cryptopolitan on MSN

WhatsApp worm spreads Python-based banking and crypto credential-stealing trojan in Brazil

A new WhatsApp-propagating worm is infecting devices in Brazil, delivering a banking trojan called Eternidade (Portuguese for Eternity) Stealer that steals credentials for cryptocurrency wallets and ...