A malicious package called “dbgpkg” on the Python Package Index (PyPI) reportedly serves as a delivery mechanism for a stealthy backdoor, posing as a debugging tool. Researchers found it modifies code and remains undetected until certain modules are triggered. The package, potentially tied to the pro-Ukrainian hacktivist group Phoenix Hyena, has triggered concerns about the security of open-source software repositories. Experts urge developers to scrutinize utilities before installation.
Hazy Hawk Exploits Organizations’ DNS Gaps to Abuse Cloud Resources & Deliver Malware
Security researchers have identified a threat actor called “Hazy Hawk” that is hijacking abandoned cloud resources from prominent organisations to distribute scams and malware. The
