The Hacker News

Fake Python Spellchecker Packages on PyPI Delivered Hidden Remote Access Trojan

Two fake spellchecker packages on PyPI hid a Python RAT in dictionary files, activating malware on import in version 1.2.0.
GitHub

fmorriso/Python-MongoDB-Pydantic-Example

Following information is expected to be available and accurate in a file named .env with values different than the ones shown: MONGODB_CONNECTION_TEMPLATE='fmorrison ...
GitHub

Using the "Cheap Yellow Display" with LVGL graphics library.

There is a cheap brandless ESP32 circuit board that comes with a 320 x 240 LCD display with touch that a number of Chinese businesses seem to be selling, also via AliExpress and Amazon. There's a ...
InfoWorld

Unplugged holes in the npm and yarn package managers could let attackers bypass defenses against Shai-Hulud

A researcher at Koi Security says the two key platforms have not plugged the vulnerabilities enabling the worm attacks, and ...