Threat actors behind the campaign have sent malicious emails with a PDF attachment containing a link that redirects to a breached web server housing an internet shortcut file.
Seven malicious Python Package Index packages, which amassed nearly 7,500 downloads prior to their removal, have been leveraged by threat actors to facilitate the exfiltration of cryptocurrency wallet recovery passwords.
Threat actors were able to access patients' medical and health insurance details, as well as their birthdates and addresses, noted UT Southwestern in a filing with the Office of the Texas Attorney General.
Open source software security is being planned to be strengthened by the Cybersecurity and Infrastructure Security Agency through the Principles for Package Repository Security.
U.S. federal technology consulting firm Acuity was claimed to be compromised by IntelBroker, who noted obtaining data from the U.S. Immigration and Customs Enforcement and U.S. Citizenship and Immigration Services .