Tootfinder

»npm Packages With 2 Billion Weekly Downloads Hacked in Major Attack:
Aikido Security flagged the largest npm attack ever recorded, with 18 packages like chalk, debug, and ansi-styles hacked to hijack crypto wallets via injected code.«
Good heavens! Another example of how "simple" and popular programming languages are misused to exploit users.
😠

npm Packages With 2 Billion Weekly Downloads Hacked in Major Attack
Follow us on Bluesky, Twitter (X), Mastodon and Facebook at @Hackread

A template for data analysis projects structured as R packages (or not) https://github.com/Pakillo/template by @…

GitHub - Pakillo/template: A template for data analysis projects structured as R packages (or not)
A template for data analysis projects structured as R packages (or not) - Pakillo/template

UPS is 'disposing of' U.S.-bound packages over customs paperwork problems (Kayla Steinberg/NBC News)
https://www.nbcnews.com/business/business-news/ups-delay-customs-tariffs-packages-destroyed-rcna236607
http://www.memeorandum.com/251010/p38#a251010p38

python_dependency: Python Dependency Network
Python's package dependency networks. Nodes in the network are Python's packages registered to PyPI and edges are dependencies among packages.
This network has 58743 nodes and 108399 edges.
Tags: Technological, Software, Unweighted
https://networks.sk…

DOGE is still slashing government contracts, with around $2.2 billion in cyber contracts cut through August 2025.
Check out today's Metacurity for more on which contracts have been cut and other top infosec developments you should know, including
--18 popular JavaScript code packages were compromised by malware,
--WhatsApp former security chief accuses Meta of security and privacy flaws,
--Treasury sanctions Myanmar and Cambodia scam businesses and people,
--IC…

DOGE has slashed government cyber contracts by $2.2 billion so far
18 popular JavaScript code packages compromised by malware, WhatsApp ex-security chief accuses Meta of security and privacy flaws, Treasury sanctions Myanmar & Cambodia scam workers and firms, ICE is spending $4m on facial to hunt for cop assaulters, Hacked Boris Johnson files leaked, much more

Binary Eye
#QRcode #Fdroid #Android

Aikido Security says attackers injected malware into 18 popular npm packages, including the debug package, with over 2.6B total weekly downloads (Sergiu Gatlan/BleepingComputer)
https://www.bleepingcomputer.com/news/secu

It’s almost like programming language monocultures with “best practices“ and paradigms requiring hundreds or thousands of dependencies even for simple apps are harmful https://www.bleepingcomputer.com/news/security/hackers-hijack-npm-packages-with-2-billion-weekly-downloads-in-supply-chain-attack/

python_dependency: Python Dependency Network
Python's package dependency networks. Nodes in the network are Python's packages registered to PyPI and edges are dependencies among packages.
This network has 58743 nodes and 108399 edges.
Tags: Technological, Software, Unweighted
https://networks.sk…

python_dependency: Python Dependency Network
Python's package dependency networks. Nodes in the network are Python's packages registered to PyPI and edges are dependencies among packages.
This network has 58743 nodes and 108399 edges.
Tags: Technological, Software, Unweighted
https://networks.sk…