SecurityWeek

136 NPM Packages Delivering Infostealers Downloaded 100,000 Times

For the past four months, over 130 malicious NPM packages deploying information stealers have been collectively downloaded ...
Bleeping Computer

Malicious RubyGems pose as Fastlane to steal Telegram API data

Two malicious RubyGems packages posing as popular Fastlane CI/CD plugins redirect Telegram API requests to attacker-controlled servers to intercept and steal data. RubyGems is the official package ...
Bleeping Computer

Carding tool abusing WooCommerce API downloaded 34K times on PyPI

A newly discovered malicious PyPi package named 'disgrasya' that abuses legitimate WooCommerce stores for validating stolen credit cards has been downloaded over 34,000 times from the open-source ...
Visual Studio Magazine

Azure Cosmos DB Python SDK Update Powers AI with OpenAI Integration

Microsoft announced the stable release of Azure Cosmos DB Python SDK 4.14.0, adding AI-driven document reranking, optimized batch reads, and automatic write retries developed in collaboration with ...
CSOonline

Google launches dependency API and curated package repository with security metadata

This week, Google launched a free API service that provides software developers with dependency data and security-related information on over 5 million software components across different programming ...