cognitive cybersecurity intelligence

News and Analysis

PyPI halted new users and projects while it fended off supply-chain attack

The Python Package Index (PyPI), a key repository for open-source developers, suspended new project creation and user registration following a surge of package uploads containing malicious code. The suspension lasted 10 hours. Security firm Checkmarx reported that the attack likely involved automated uploads of harmful packages using a method called typosquatting, which relies on user typos when entering package names. This isn’t the first instance of such a threat facing the software development ecosystem, with a similar attack targeting GitHub last month.

Source: arstechnica.com –

Subscribe to newsletter

Subscribe to HEAL Security Dispatch for the latest healthcare cybersecurity news and analysis.

More Posts

Scenes from a “No Kings” Protest, 10-18-25

Scenes from a “No Kings” Protest, 10-18-25

The following are just a few of the pictures I took today at a “No Kings” protest held in Nassau County, New York. It was

American Airlines Subsidiary Envoy Compromised in Oracle Hacking Campaign

American Airlines Subsidiary Envoy Compromised in Oracle Hacking Campaign

Envoy Air, a wholly owned subsidiary of American Airlines, has confirmed it fell victim to a hacking campaign exploiting vulnerabilities in Oracle’s E-Business Suite (EBS).

Stop Reacting, Start Strategizing: A New Era for Cybersecurity and DR

Stop Reacting, Start Strategizing: A New Era for Cybersecurity and DR

People making cybersecurity and disaster recovery (DR) decisions today often operate as if they’re in a vacuum. Their company has a need – perhaps they

New Phishing Attack Leverages Azure Blob Storage to Impersonate Microsoft

New Phishing Attack Leverages Azure Blob Storage to Impersonate Microsoft

Threat actors are leveraging Microsoft Azure Blob Storage to craft highly convincing phishing sites that mimic legitimate Office 365 login portals, putting Microsoft 365 users