Cybersecurity researchers have discovered a malicious package on the Python Package Index (PyPI) repository named chimera-sandbox-extensions, that steals sensitive developer-related information such as credentials, and configuration data. The package was downloaded 143 times, mainly targeting users of Chimera Sandbox, a service released by tech company Grab. It connects to an external domain to download and execute a payload, siphons a wide range of data, and sends it back to the domain to assess whether further exploitation is warranted.
RSAC in focus: Key takeaways for CISOs
The RSAC Conference 2025 highlighted key developments in agentic AI, identity security, and collaborative defense strategies, influencing the evolving responsibilities of CISOs.
