Microsoft

From package to postinstall payload: Inside the Mastra npm supply chain compromise by Sapphire Sleet

A poisoned npm package infected 140+ projects with a hidden payload. This report highlights how to detect, hunt, and defend ...
Bleeping Computer

GlassWorm malware hits 400+ code repos on GitHub, npm, VSCode, OpenVSX

The GlassWorm supply-chain campaign has returned with a new, coordinated attack that targeted hundreds of packages, repositories, and extensions on GitHub, npm, and VSCode/OpenVSX extensions. Evidence ...
CSOonline

Vibe-coded ransomware proof-of-concept ended up on Microsoft’s marketplace

A suspicious Visual Studio Code extension with file-encrypting and data-stealing behavior successfully bypassed marketplace review and entered the developer ecosystem. In a suspected test effort, ...
InfoWorld

7 newer data science tools you should be using with Python

Already using NumPy, Pandas, and Scikit-learn? Here are seven more powerful data wrangling tools that deserve a place in your toolkit. Python’s rich ecosystem of data science tools is a big draw for ...
The Hacker News

Malicious PyPI, npm, and Ruby Packages Exposed in Ongoing Open-Source Supply Chain Attacks

Several malicious packages have been uncovered across the npm, Python, and Ruby package repositories that drain funds from cryptocurrency wallets, erase entire codebases after installation, and ...
LinkedIn

Unlock Seamless Testing: A Deep Dive into a Hybrid Python Automation Framework

In today's software landscape, applications are rarely simple. They often rely on a sophisticated backend powered by APIs and an interactive frontend that users depend on. Yet, when it comes to ...
LinkedIn

How to Build a Seamless CSV Importer: A Step-by-Step Guide With Dromo

In modern applications, a seamless CSV importer is crucial for efficient data onboarding and user satisfaction. CSV files are ubiquitous for exchanging data – from customer lists to product ...
GitHub

A command line interface and Python module for accessing the CKAN Action API

The ckanapi command line interface lets you access local and remote CKAN instances for bulk operations and simple API actions. Use -r to specify the remote CKAN instance, and -a to provide an API KEY.
Bitdefender

When Stealers Converge: New Variant of Atomic Stealer in the Wild

Here at Bitdefender, we're constantly working on improving detection capabilities for our macOS cyber-security products; part of this effort involves revisiting old (or digging up new) samples from ...
Bitdefender

New macOS Backdoor Written in Rust Shows Possible Link with Windows Ransomware Group

Combined with information in our previous research, the investigation of these samples revealed new components of the attack, as well as several undocumented aspects related to C2 communication (hat ...
GitHub

jsfenfen/990-xml-reader

Update: 12/16. The IRS has announced it will no longer post xml 990 filings to AWS, thereby undermining irsx' ability to automatically retrieve filings. The IRS does appear to make the raw filings ...