Cybersecurity researchers have discovered a malicious package on the Python Package Index (PyPI) repository that’s capable of harvesting sensitive developer-related information, such as credentials, configuration data, and environment variables, among others.
The package, named chimera-sandbox-extensions, attracted 143 downloads and likely targeted users of a service called Chimera Sandbox,
Related Post
- June 16, 2025
⚡ Weekly Recap: iPhone Spyware, Microsoft 0-Day, TokenBreak
Some of the biggest security problems start quietly. No alerts. No warnings. Just small actions that seem normal but aren’t.
- June 16, 2025
Playbook: Transforming Your Cybersecurity Practice Into An MRR
Introduction The cybersecurity landscape is evolving rapidly, and so are the cyber needs of organizations worldwide. While businesses face mounting
- June 15, 2025
Upcoming Speaking Engagements
This is a current list of where and when I am scheduled to speak: I’m speaking at the International Conference
- June 14, 2025
Discord Invite Link Hijacking Delivers AsyncRAT and Skuld
A new malware campaign is exploiting a weakness in Discord’s invitation system to deliver an information stealer called Skuld and
Leave feedback about this