Packages

APPLICATIONS

Real Hacker Staff3 weeks ago
6

Malicious PyPI, npm, and Ruby Packages Exposed in Ongoing Open-Source Supply Chain Attacks

Several malicious packages have been uncovered across the npm, Python, and Ruby package repositories that drain funds from cryptocurrency wallets,…
Read More »
APPLICATIONS

Real Hacker Staff4 weeks ago
10

Over 70 Malicious npm and VS Code Packages Found Stealing Data and Crypto

As many as 60 malicious npm packages have been discovered in the package registry with malicious functionality to harvest hostnames,…
Read More »
APPLICATIONS

Real Hacker StaffMay 20, 2025
4

Malicious PyPI Packages Exploit Instagram and TikTok APIs to Validate User Accounts

Cybersecurity researchers have uncovered malicious packages uploaded to the Python Package Index (PyPI) repository that act as checker tools to…
Read More »
APPLICATIONS

Real Hacker StaffMay 9, 2025
3

Malicious npm Packages Infect 3,200+ Cursor Users With Backdoor, Steal Credentials

May 09, 2025Ravie LakshmananSupply Chain Attack / Malware Cybersecurity researchers have flagged three malicious npm packages that are designed to…
Read More »
APPLICATIONS

Real Hacker StaffApril 22, 2025
3

GCP Cloud Composer Bug Let Attackers Elevate Access via Malicious PyPI Packages

Cybersecurity researchers have detailed a now-patched vulnerability in Google Cloud Platform (GCP) that could have enabled an attacker to elevate…
Read More »
APPLICATIONS

Real Hacker StaffApril 19, 2025
6

Rogue npm Packages Mimic Telegram Bot API to Plant SSH Backdoors on Linux Systems

Apr 19, 2025Ravie LakshmananLinux / Malware Cybersecurity researchers have uncovered three malicious packages in the npm registry that masquerade as…
Read More »
REVIEWS

Real Hacker StaffApril 13, 2025
10

A look at slopsquatting, a supply chain attack where threat actors create malicious packages on indexes using AI-hallucinated names resembling popular libraries (Bill Toulas/BleepingComputer)

Featured Podcasts Lenny’s Podcast: Everyone’s an engineer now: Inside v0’s mission to create a hundred million builders | Guillermo Rauch…
Read More »
APPLICATIONS

Real Hacker StaffApril 5, 2025
2

North Korean Hackers Deploy BeaverTail Malware via 11 Malicious npm Packages

Apr 05, 2025Ravie LakshmananMalware / Supply Chain Attack The North Korean threat actors behind the ongoing Contagious Interview campaign are…
Read More »
APPLICATIONS

Real Hacker StaffApril 5, 2025
11

Malicious Python Packages on PyPI Downloaded 39,000+ Times, Steal Sensitive Data

Apr 05, 2025Ravie LakshmananMalware / Supply Chain Attack Cybersecurity researchers have uncovered malicious libraries in the Python Package Index (PyPI)…
Read More »
APPLICATIONS

Real Hacker StaffMarch 28, 2025
9

Nine-Year-Old npm Packages Hijacked to Exfiltrate API Keys via Obfuscated Scripts

Mar 28, 2025Ravie LakshmananCryptocurrency / Developer Security Cybersecurity researchers have discovered several cryptocurrency packages on the npm registry that have…
Read More »

FBI tracks down man suspected of plotting major crimes via chats on Roblox

By bombing Iran, the US continues to make the world safe for war | Israel-Iran conflict

Poppin Sticky Memo Ball Review: Color-Code in Style

OnePlus Bullets Wireless Z3 review

Can the Global South stop genocide? Gandikota Nellutla and Ken Roth | TV Shows

An interview with LinkedIn CEO Ryan Roslansky on how AI is affecting the jobs market, AI agents, dealing with fake AI-generated accounts, and more (Shirin Ghaffary/Bloomberg)

London-based PhysicsX, which uses AI to design industrial parts such as engine and drone components, raised $135M, a source says at just under a $1B valuation (Kieran Smith/Financial Times)

Weekly poll results: iOS 26 is a mixed bag, new features liked better than the new look

Best Lenses for Fujifilm X-E5 in 2025

An interview with computational linguist Emily Bender, who coined the term “stochastic parrot”, on her AI skepticism, co-writing the book The AI Con, and more (George Hammond/Financial Times)

Packages

Malicious PyPI, npm, and Ruby Packages Exposed in Ongoing Open-Source Supply Chain Attacks

Over 70 Malicious npm and VS Code Packages Found Stealing Data and Crypto

Malicious PyPI Packages Exploit Instagram and TikTok APIs to Validate User Accounts

Malicious npm Packages Infect 3,200+ Cursor Users With Backdoor, Steal Credentials

Rogue npm Packages Mimic Telegram Bot API to Plant SSH Backdoors on Linux Systems

A look at slopsquatting, a supply chain attack where threat actors create malicious packages on indexes using AI-hallucinated names resembling popular libraries (Bill Toulas/BleepingComputer)

North Korean Hackers Deploy BeaverTail Malware via 11 Malicious npm Packages

Malicious Python Packages on PyPI Downloaded 39,000+ Times, Steal Sensitive Data

Nine-Year-Old npm Packages Hijacked to Exfiltrate API Keys via Obfuscated Scripts

An African Pioneer — Global Issues

W.A.G.s to Riches cast: Who’s on the new Netflix series

Animated Lord Of The Rings Movie Gets New Blu-Ray Edition Next Week

Here’s when the vivo X200 FE will launch in India

League of Legends update 25.13 patch notes

NYT Strands today — my hints, answers and spangram for Wednesday, December 25 (game #297)

Quordle today – my hints and answers for Wednesday, December 25 (game #1066)

James Gunn claims “binge” show releases are worse than weekly schedules

Scump scared for CoD’s future as Black Ops 6 player count nosedives

Nothing Phone (3a) and Nothing Phone (3a) Plus to have some intriguing hardware changes

US government agency targeting foreign disinformation shuts down | News