A malicious campaign compromised Python Package Index (PyPI) targeting two packages, deepseeek and deepseekai. Orchestrated by an alias, “bvk”, the packages, designed to steal sensitive user data and environment variables, exploited an increasing interest in AI and machine learning. Despite quick quarantining, both packages were downloaded multiple times across various countries. Analysing the script revealed the use of AI. This incident serves as a warning of how cybercriminals exploit trending technologies.
Hackers Using HTTP Client Tools To Takeover Microsoft 365 Accounts
Hackers are increasingly using HTTP client tools to execute account takeover attacks on Microsoft 365, targeting 78% of tenants. Notable clients like OkHttp, Axios, and
