Researchers at Fortinet’s FortiGuard Labs discovered two malicious packages, Zebo-0.1.0 and Cometlogger-0.1, on Python’s open-source platform PyPI. The packages, designed for surveillance, data exfiltration, and unauthorized control, can grant attackers access to systems and sensitive data. Although open-source coding allows community scrutiny, experts warn of cybersecurity risks and suggest exercising caution when using third-party scripts and packages.
New botnet exploits vulnerabilities in NVRs, TP-Link routers
A new botnet based on the Mirai malware has been exploiting a yet-to-be-patched remote code vulnerability in DigiEver DS-2105 Pro network video recorders, infecting them