PyPI package with 1.1M monthly downloads hacked to push infostealer

An attacker pushed a malicious version of the popular elementary-data package Python Package Index (PyPI) to steal sensitive ...

The Prompt Engineering Cheat Sheet: How to Write Better AI Prompts

Learn prompt engineering with this practical cheat sheet that covers frameworks, techniques, and tips for producing more ...

Open source package with 1 million monthly downloads stole user credentials

Open source software with more than 1 million monthly downloads was compromised after a threat actor exploited a ...

Hacker who allegedly carried out cyberattacks for China is extradited to U.S.

Xu Zewei is accused of participating in a Chinese government hacking group that broke into thousands of U.S. organizations ...
Decrypt

Malicious Web Pages Are Hijacking AI Agents, And Some Are Going After Your PayPal

Google's security team scanned billions of web pages and found real payloads designed to trick AI agents into sending money, ...
SecurityWeek

Easily Exploitable ‘Pack2TheRoot’ Linux Vulnerability Leads to Root Access

An easily exploitable, high-severity vulnerability in the PackageKit cross-distro package management abstraction layer allows ...
The Hacker News

⚡ Weekly Recap: Fast16 Malware, XChat Launch, Federal Backdoor, AI Employee Tracking & More

This week’s ThreatsDay covers supply chain attacks, fake help desks, wiper malware, AI prompt traps, RMM abuse, phishing kits ...