Malicious PyPI and npm Packages Discovered Exploiting Dependencies in Supply Chain Attacks

THN Daily Updates Age of Invisible Machines: A Guide to Orchestrating AI Agents and Making Organizations More Self-Driving, Revised and Updated, 2nd Edition ($26.00 Value) FREE for a Limited Time The Book That Saw 2027--In 2022. Now Sharpened for the Road Ahead. Download Now Sponsored LATEST NEWS Aug 18, 2025 Malicious PyPI and npm Packages Discovered Exploiting Dependencies in Supply Chain Attacks Cybersecurity researchers have discovered a malicious package in the Python Package Index (PyPI) repository that introduces malicious behavior through a dependency that allows it to establish persistence and achieve cod... Read More Wazuh for Regulatory Compliance Organizations handling various forms of sensitive data or personally identifiable information (PII) require adherence to regulatory compliance standards and frameworks. These compliance standards also apply to organiza... Read More Blue Report 2025 is Here: 2X Increase in Password Cracking 46% of environments had passwords cracked, up from 25% last year. Download the Picus Blue Report for a more comprehensive look at the findings. Read More ERMAC V3.0 Banking Trojan Source Code Leak Exposes Full Malware Infrastructure Cybersecurity researchers have detailed the inner workings of an Android banking trojan called ERMAC 3.0, uncovering serious shortcomings in the operators' infrastructure. "The newly uncovered version 3.0 reveals a sign... Read More Russian Group EncryptHub Exploits MSC EvilTwin Vulnerability to Deploy Fickle Stealer Malware The threat actor known as EncryptHub is continuing to exploit a now-patched security flaw impacting Microsoft Windows to deliver malicious payloads. Trustwave SpiderLabs said it recently observed an EncryptHub campaign ... Read More AI's Hidden Security Debt Nearly half of AI-generated code contained exploitable bugs, with 36% introducing SQL injection risks. Read More Taiwan Web Servers Breached by UAT-7237 Using Customized Open-Source Hacking Tools A Chinese-speaking advanced persistent threat (APT) actor has been observed targeting web infrastructure entities in Taiwan using customized versions of open-sourced tools with an aim to establish long-term access withi... Read More U.S. Sanctions Garantex and Grinex Over $100M in Ransomware-Linked Illicit Crypto Transactions The U.S. Department of the Treasury's Office of Foreign Assets Control (OFAC) on Thursday renewed sanctions against Russian cryptocurrency exchange platform Garantex for facilitating ransomware actors and other cybercri... Read More Age of Invisible Machines: A Guide to Orchestrating AI Agents and Making Organizations More Self-Driving, Revised and Updated, 2nd Edition ($26.00 Value) FREE for a Limited Time The Book That Saw 2027--In 2022. Now Sharpened for the Road Ahead. Download Now Sponsored This email was sent to sikubaycom.s3cr3tz@blogger.com. You are receiving this newsletter because you opted-in to receive relevant communications from THN. To manage your email newsletter preferences, please click here. Contact THN: info@thehackernews.com Unsubscribe THN | K.P BLock, Pitampura, Delhi