Malicious Python Packages on PyPI Downloaded 39,000+ Times, Steal Sensitive Data
Cybersecurity researchers have uncovered malicious libraries in the Python Package Index (PyPI) repository that are designed to steal sensitive information
Theft in cybersecurity covers stolen data, credentials, devices, and funds, often creating risks of unauthorized access, fraud, and privacy loss.
Search across headline titles and summaries.
Background for this topic.
Unauthorized taking or copying of information, credentials, intellectual property, or digital assets is cyber theft. News under this tag may involve stolen passwords, payment data, personal information, source code, cloud tokens, cryptocurrency, or sensitive business files. Theft can result from phishing, malware, compromised accounts, insider access, exposed storage, or the loss of an unencrypted device; the relevant issue is the unauthorized acquisition or control of an asset, whether or not the attacker also alters systems.
Security teams should identify where valuable data and credentials are stored, restrict access by role, require strong authentication, encrypt data at rest and in transit, and monitor unusual downloads or transfers. Vulnerability management matters when flaws expose databases, endpoints, or cloud services to unauthorized retrieval. After suspected theft, preserving logs, revoking tokens and credentials, determining what was accessed or copied, and assessing privacy or notification obligations are central to containing the incident and measuring its impact.
Cybersecurity researchers have uncovered malicious libraries in the Python Package Index (PyPI) repository that are designed to steal sensitive information
Port of Seattle, the U.S. government agency overseeing Seattle's seaport and airport, is notifying roughly 90,000 individuals of a data breach after their personal information was stolen in an August 2024 ransomware attack. [...]
The cascading supply chain attack that initially targeted Coinbase before becoming more widespread to single out users of the "tj-actions/changed-files" GitHub Action has been traced further back to the theft of a personal access token (PAT) related to SpotBugs
We're not Putin up with this alleged industrial espionage, say the Dutch A Russian national appeared in a Netherlands court on Thursday accused of industrial espionage against ASML, the world’s leading manufacturer of chip factory equipment and a key supplier that helps the likes of TSMC pump out top-drawer processors.…
Australians checking their pensions are melting down call centres and websites Australian retirement fund operators are scrambling after reports emerged of unauthorized access to customer accounts leading to theft of cash.…
The Computer Emergency Response Team of Ukraine (CERT-UA) has revealed that no less than three cyber attacks were recorded against state administration bodies and critical infrastructure facilities in the country with an aim to steal sensitive data
The Hunters International Ransomware-as-a-Service (RaaS) operation is shutting down and rebranding with plans to switch to date theft and extortion-only attacks. [...]
Also: Gootloader Malware, GCHQ Intern Pleads Guilty, Check Point Breach UpdateThis week, a "Fast Flux" warning, Gootloader malware, an GCHQ intern pleaded guilty to stealing top secret data and Check Point undercuts hacking claim. Also, Google rolled out end-to-end encryption for some Gmail users, Apple backported patches and Dutch prosecutors cut internet access.
Microsoft is warning of several phishing campaigns that are leveraging tax-related themes to deploy malware and steal credentials
The State Bar of Texas is warning it suffered a data breach after the INC ransomware gang claimed to have breached the organization and began leaking samples of stolen data. [...]
Oracle has finally acknowledged to some customers that attackers have stolen old client credentials after breaching a "legacy environment" last used in 2017. [...]
Oracle has finally acknowledged to some customers that attackers have stolen old client credentials after breaching a "legacy environment" last used in 2017. [...]
A cascading supply chain attack on GitHub that targeted Coinbase in March has now been traced back to a single token stolen from a SpotBugs workflow, which allowed a threat actor to compromise multiple GitHub projects. [...]
Stamp it out: Infostealer malware at German outfit may be culprit Britain's Royal Mail is investigating after a crew calling itself GHNA claimed it has put 144GB of the delivery giant’s data up for sale, perhaps after acquiring it with the same stolen credentials it used to crack Samsung Germany.…
Threat hunters are warning of a sophisticated web skimmer campaign that leverages a legacy application programming interface (API) from payment processor Stripe to validate stolen payment information prior to exfiltration
Bosses say theft now the name of the game with a shift in tactics, apparent branding Big-game ransomware crew Hunters International says its criminal undertaking has become "unpromising, low-converting, and extremely risky," and it is mulling shifting tactics amid an apparent rebrand.…
Royal Mail is investigating claims of a security breach after a threat actor leaked over 144GB of data allegedly stolen from the company's systems. [...]
A novel skimming attack has been observed by Jscramber, using the Stripe API to steal payment information by injecting malicious scripts into pages
A new version of the Triada trojan has been discovered preinstalled on thousands of new Android devices, allowing threat actors to steal data as soon as they are set up. [...]
Hackers stole $1.67bn of cryptocurrencies in the first quarter of 2025, a 303% increase