Operation Navy Ghost is targeting Python developers who build Telegram bots by hiding backdoors inside trojanized Pyrogram forks uploaded to PyPI. The campaign has been active since November 2025, ...
A campaign active since last November has been targeting Python developers building Telegram bots with trojanized Pyrogram ...
New benchmarks show semantic code graphs helping coding agents find change locations faster and complete updates more ...
Microsoft has identified an active supply chain attack targeting the @antv node package manager (npm) package ecosystem. A threat actor compromised an @antv maintainer account and published malicious ...
Any development environment that installed or imported one of the 172 compromised npm or PyPI packages published since May 11 should be treated as potentially compromised. On affected developer ...
The TeamPCP hacking group continues its supply-chain rampage, now compromising the massively popular "LiteLLM" Python package on PyPI and claiming to have stolen data from hundreds of thousands of ...
The reticulate package provides a comprehensive set of tools for interoperability between Python and R. The package includes facilities for: Calling Python from R in a variety of ways including R ...
On June 11, 2025, the Python core team released Python 3.13.5, the fifth maintenance update to the 3.13 line. This release is not about flashy new language features, instead, it addresses some ...
AI-generated computer code is rife with references to non-existent third-party libraries, creating a golden opportunity for supply-chain attacks that poison legitimate programs with malicious packages ...
ESET researchers provide details on a previously undisclosed China-aligned APT group that we track as PlushDaemon and one of its cyberespionage operations: the supply-chain compromise in 2023 of VPN ...