Just when you thought Python was all about clean code, a discovery proves otherwise. Security researchers have discovered seven malicious Python packages on PyPI that exploit Gmail’s SMTP protocol to set up hidden C2 tunnels. In another ongoing threat, the MintsLoader malware is being used to deploy the GhostWeaver RAT through phishing and drive-by download attacks. Additionally, a massive subscription campaign has been exposed, involving more than 200 counterfeit websites. Stay ahead with the biggest cybersecurity developments trending today.
01
Researchers uncovered seven malicious Python packages on PyPI, which abuse Gmail’s SMTP protocol to create covert C2 tunnels for data exfiltration and command execution, bypassing traditional firewall detection.
02
MintsLoader, a malware loader, is being used to deliver the PowerShell-based RAT GhostWeaver through phishing and drive-by download campaigns, targeting industrial, legal, and energy sectors.
03
Two emerging malware families—TerraStealerV2, a credential and cryptocurrency wallet stealer, and TerraLogger, a standalone keylogger—have both been attributed to the financially motivated threat actor Golden Chickens, indicating ongoing development aimed at credential theft and keylogging.
04
An open-source tool, Eye Pyramid, has been linked to ransomware operations such as Rhysida, Vice Society, and BlackCat, with associated infrastructure utilizing bulletproof hosting and deploying payloads like Cobalt Strike and Sliver.
05
A malicious npm package named 'crypto-encrypt-ts', posing as a revival of the popular CryptoJS library, has been discovered stealing cryptocurrency wallet keys and exfiltrating data via Better Stack while maintaining persistence through cron jobs.
06
Cybercriminals were seen exploiting the power outages in Spain and Portugal by launching phishing emails impersonating TAP Air Portugal, luring victims with fake flight compensation claims to steal personal and financial information.
07
A large-scale subscription scam involving over 200 fake websites, often promoted through Facebook ads, has been tricking users into sharing credit card details by mimicking legitimate services.
08
Microsoft has resolved an Exchange Online bug, tracked as EX1064599, in the Microsoft 365 admin center, where an ML error wrongly flagged Gmail emails as spam, moving them to junk folders.
09
A high-security flaw, CVE-2025-2082, in Tesla's Model 3 could allow RCE via TPMS. The flaw stems from an integer overflow in the VCSEC module, affecting pre-firmware 2024.14 vehicles.
10
NVIDIA identified a critical vulnerability (CVE-2025-23254) in TensorRT-LLM affecting versions before 0.18.2. The vulnerability allows code execution, data tampering, and info disclosure due to improper IPC handling.
