What happens when Python packages turn predator? Researchers uncovered 20 malicious PyPI packages, downloaded over 14,100 times, quietly stealing cloud access tokens. A phishing scheme has GitHub developers in its crosshairs, targeting 12,000 repositories with fake Security Alert issues to coax them into authorizing a rogue OAuth app. The Black Basta crew, never ones to rest, now wields BRUTED - an automated brute-forcing framework hitting edge devices. Here are the top 10 highlights from the past 24 hours.
01
ReversingLabs identified 20 malicious PyPI packages that were cumulatively downloaded over 14,100 times. The packages were designed to steal cloud access tokens.
02
A phishing campaign targeted approximately 12,000 GitHub repositories with false "Security Alert" issues, deceiving developers into authorizing a malicious OAuth app.
03
Cybercriminals are using malicious Microsoft OAuth apps that pretend to be Adobe and DocuSign apps to deliver malware and steal Microsoft 365 account credentials.
04
The Black Basta ransomware group has developed an automated brute-forcing framework, named BRUTED, to breach edge networking devices such as firewalls and VPNs.
05
Cado Security Labs have discovered a new cryptomining campaign that exploits misconfigured Jupyter Notebooks, targeting both Windows and Linux systems, with the main purpose of loading a cryptominer.
06
Sucuri found a complex malware attack on a WordPress WooCommerce website, which involved a credit card skimmer, a hidden backdoor file manager, and a malicious script.
07
A sophisticated phishing attack targeting Coinbase users is circulating, tricking recipients into setting up a new wallet using a pre-generated recovery phrase controlled by the attackers.
08
Cisco has fixed a high-severity DoS vulnerability (CVE-2025-20115) in its IOS XR software that affects carrier-grade routers such as the ASR 9000, NCS 5500, and 8000 series when BGP confederation is configured.
09
A critical RCE vulnerability, CVE-2025-24813, is being actively exploited in Apache Tomcat servers, allowing attackers to take control with a single PUT API request.
10
Security researcher Yohanes Nugroho developed a decryptor for the Linux variant of Akira ransomware, which uses GPU power to retrieve the decryption key and unlock files for free.
