Malicious Code Infiltrates Python Package Index

A recent supply-chain attack on a popular Python package has raised a critical question: how much trust do you really have in the software that quietly powers your work? A malicious .pth file hidden in the litellm package version 1.82.8 can automatically execute malicious code on every Python startup.

https://osintsights.com/malicious-code-infiltrates-python-package-index?utm_source=mastodon&utm_medium=social

#SupplyChain #PythonPackageIndex #MaliciousCode #EmergingThreats #SoftwareCompromise

When I use Channel4(UK) app, whenever a McDonald's advert comes on, the app will freeze on an image while subtitles and sound usually carry on -- causing me to need to close the app.

I call this the Channel4 "Google Play Services, Adobe, Location Tracking, Malicious Code" glitch. 👍

#Google #Android #Adobe #LocationTracking #MaliciousCode #Channel4UK #SpyCops

Un hacker ha inserito codice malevolo nella estensione Amazon Q per Visual Studio Code, progettata per assistere programmatori con AI generativa. Il codice, seppur difettoso e non dannoso, mirava a cancellare dati di sistema. Amazon ha rimosso la versione compromessa e invitato gli utenti ad aggiornare all’ultima release sicura.

https://www.bleepingcomputer.com/news/security/amazon-ai-coding-agent-hacked-to-inject-data-wiping-commands/

#amazonavscode #hackerattack #maliciouscode #cybersecurity #softwareupdate

Ubuntu Security Flaw Lets Attackers Bypass Full Disk Encryption
#OMGUbuntu article: https://www.omgubuntu.co.uk/2025/07/ubuntu-security-initramfs-bypass-encryption

“Not all #Linux distributions are affected, such as #OpenSUSE_Tumbleweed.”

“#Attackers with physical access to a Linux system can access a debug shell simply by entering the wrong #decryption #password several times in a row. On Ubuntu, they hit esc at the password prompt, punch in a few key combos and debug shell appears.
They can mount a USB drive with tools that let them modify the #initramfs (Initial RAM Filesystem – a temporary system run during boot to prep the main OS) to inject #maliciouscode, and then repack it – without tripping any #security flags.
Then, the next time the owner boots up their #laptop and enters their correct password, the code runs with elevated privileges to do whatever the #attacker wants.”

“Impactful though this exploit could be in the wild, there is no reason for most #Ubuntu users to be concerned about it.
This #vulnerability is what the security industry refer to as an '#evilmaidattack': it requires physical access to a #device to pull off.”

“Finally, protecting against this #vulnerability is easy. Users can simply tweak their system #kernel so that the #computer #reboots on failed password attempts, instead of providing a #debug shell.”

Enhancing Security in VSCode Extensions: Addressing the Threat of Malicious Code

https://thedefendopsdiaries.com/enhancing-security-in-vscode-extensions-addressing-the-threat-of-malicious-code/

#vscode
#maliciouscode
#ransomware
#cybersecurity
#softwaresecurity

Someone copied our GitHub project, added stars, and injected malicious code

https://old.reddit.com/r/golang/comments/1jbzuot/someone_copied_our_github_project_made_it_look/

#HackerNews #GitHub #Security #CodeInjection #MaliciousCode #OpenSource #Community

#Development #Explainers
Trojaned clipboard · How attackers try to abuse your clipboard https://ilo.im/15z3gs

_____
#Security #Malware #MaliciousCode #Code #Clipboard #Browser #Website #WebDev #Frontend #Backend