Malicious packages for dYdX cryptocurrency exchange empties user wallets

Open source packages published on the npm and PyPI repositories were laced with code that stole wallet credentials from dYdX ...
The Hacker News

Compromised dYdX npm and PyPI Packages Deliver Wallet Stealers and RAT Malware

Compromised dYdX npm and PyPI packages delivered wallet-stealing malware and a RAT via poisoned updates in a software supply chain attack.
GitHub

PyPLUTO: a data analysis Python package for the PLUTO code

PyPLUTO is a Python library which loads and plots the data obtain from the PLUTO code simulations. The aim of this package is to simplify some non-trivial python routines in order to quickly recover ...
InfoWorld

PythoC: A new way to generate C code from Python

PythoC lets you use Python as a C code generator, but with more features and flexibility than Cython provides. Here’s a first look at the new C code generator for Python. Python and C share more than ...
FOX59 News

Money Matters: Don’t scan QR codes on packages you didn’t order

Photojournalist Austin Sheets heads out into the cold and the snow and finds a coffee shop in Indianapolis whose doors are open and whose coffee warms up the brave few who brave the elements. Philip ...
FOX59 News

BBB: Don’t scan QR codes on packages you didn’t order

WXIN/WTTV – The Better Business Bureau wants you to be aware of a scam that involves packages you didn’t order arriving at your door. That “surprise” delivery may be not be a gift at all. In a ...
Dark Reading

Npm Package Hides Malware in Steganographic QR Codes

Attackers have poisoned a code package on the npm registry in a novel way, hiding credential-stealing malware in steganographic QR codes embedded in a package purporting to offer a JavaScript utility.
Krebs on Security

Self-Replicating Worm Hits 180+ Software Packages

At least 187 code packages made available through the JavaScript repository NPM have been infected with a self-replicating worm that steals credentials from developers and publishes those secrets on ...
WGAL

Chambersburg police and FBI warn of QR code scam involving unsolicited packages

WGAL NEWS EIGHT. POLICE IN CHAMBERSBURG IN THE FBI WANT YOU TO BE ON ALERT FOR A SCAM INVOLVING UNSOLICITED PACKAGES AND QR CODES. THEY SAY THIS IS A VARIATION OF A BRUSHING SCAM. THE FBI SAYS ...
CSOonline

Massive npm supply chain attack hits 18 popular packages with 2B weekly downloads

Malware hidden in widely used libraries like chalk and debug hijacked crypto transactions via browser APIs, exposing deep flaws in the open-source trust model. A massive supply chain attack ...
Krebs on Security

18 Popular Code Packages Hacked, Rigged to Steal Crypto

At least 18 popular JavaScript code packages that are collectively downloaded more than two billion times each week were briefly compromised with malicious software today, after a developer involved ...