Dark Reading

Stealthy, Thieving Python Packages Slither Onto Windows Systems

A threat actor has been delivering a "relentless campaign" since early April to seed the software supply chain with hundreds of malicious Python packages aimed at stealing sensitive data and ...
Business Wire

PDI Offers Tobacco Scan Data Package for Free to Single-Site and Independently-Owned C-Stores

ATLANTA--(BUSINESS WIRE)--PDI (www.pdisoftware.com), a global provider of ERP, fuel pricing, supply chain logistics, and marketing cloud solutions for the convenience retail and petroleum wholesale ...
Security Boulevard

Self-Propagating npm Malware Turns Trusted Packages Into Attack Paths

TL;DR An open source malware campaign dubbed CanisterSprawl has been observed in npm, stealing sensitive data from developer ...
Bleeping Computer

Malicious ‘SentinelOne’ PyPI package steals data from developers

Threat actors have published a malicious Python package on PyPI, named 'SentinelOne,' that pretends to be the legitimate SDK client for the trusted American cybersecurity firm but, in reality, steals ...