Cybersecurity researchers have discovered a malicious package on the Python Package Index (PyPI) repository named chimera-sandbox-extensions, that steals sensitive developer-related information such as credentials, and configuration data. The package was downloaded 143 times, mainly targeting users of Chimera Sandbox, a service released by tech company Grab. It connects to an external domain to download and execute a payload, siphons a wide range of data, and sends it back to the domain to assess whether further exploitation is warranted.
Cybersecurity takes a big hit in new Trump executive order
In an executive order (EO), President Trump removed a requirement for organisations selling critical software to the US government to self-attest their compliance with certain
