CSO Online

Top 5 real-world AI security threats revealed in 2025

Security researchers uncovered a range of cyber issues targeting AI systems that users and developers should be aware of — ...
eLife

DendroTweaks, an interactive approach for unraveling dendritic dynamics

An interactive toolbox for standardizing, validating, simulating, reducing, and exploring detailed biophysical models that can be used to reveal how morpho-electric properties map to dendritic and ...
Science Daily

A new tool is revealing the invisible networks inside cancer

Spanish researchers have created a powerful new open-source tool that helps uncover the hidden genetic networks driving ...
The Hacker News

SilentSync RAT Delivered via Two Malicious PyPI Packages Targeting Python Developers

Cybersecurity researchers have discovered two new malicious packages in the Python Package Index (PyPI) repository that are designed to deliver a remote access trojan called SilentSync on Windows ...
bitnewsbot

Malicious PyPI Packages Uncovered: Supply Chain Risk for Python

Cybersecurity researchers have found harmful software in the official Python Package Index (PyPI) and npm package repositories, putting software supply chains at risk. The packages, called termncolor ...
Bleeping Computer

Hackers target Python devs in phishing attacks using fake PyPI site

The Python Software Foundation warned users this week that threat actors are trying to steal their credentials in phishing attacks using a fake Python Package Index (PyPI) website. PyPI is a ...
CSOonline

Malicious PyPI package targets Chimera users to steal AWS tokens, CI/CD secrets

“Chimera-sandbox-extensions” exploit highlights rising risks of open-source package abuse, prompting calls for stricter dependency controls and DGA malware detection. A malicious Python package posing ...
Developer Tech

Python package ‘set-utils’ targets Ethereum wallets

A malicious package designed to steal private keys for Ethereum wallets has been uncovered within the Python Package Index (PyPI). According to Socket, this package – named ‘set-utils’ – masquerades ...
Bleeping Computer

Malicious PyPi package steals Discord auth tokens from devs

A malicious package named 'pycord-self' on the Python package index (PyPI) targets Discord developers to steal authentication tokens and plant a backdoor for remote control over the system. The ...
GitHub

Template for creating PyPI hosted python packages

Pytest has been chosen for unit testing based on its scalability and flexability for different applications - see here for more: https://builtin.com/data-science ...
InfoWorld

3 takeaways from the Ultralytics AI Python library hack

When attackers compromised Ultralytics YOLO, a popular real-time object detection machine-learning package for Python, most assumed the Python Package Index, or PyPI, must be the point of failure.
IEEE

1+1>2: Integrating Deep Code Behaviors with Metadata Features for Malicious PyPI Package ...

Abstract: PyPI, the official package registry for Python, has seen a surge in the number of malicious package uploads in recent years. Prior studies have demonstrated the effectiveness of ...