Malicious PyPI Package Targets Developers with Stealer Malware — BleepingComputer

TeamPCP has compromised the Telnyx package on the Python Package Index (PyPI), embedding malware within WAV audio files. This supply chain attack aims to steal sensitive data from developers who download the affected package. The malware operates by exploiting a hidden stealer, posing a significant risk to software development environments and underlining the importance of verifying package integrity before installation.

European Commission Probes AWS Cloud Breach — BleepingComputer

The European Commission is investigating a security breach involving its Amazon Web Services (AWS) cloud account. Hackers reportedly accessed sensitive data, prompting concerns over cloud security configurations and data protection measures. This incident highlights the need for robust cloud security practices, including regular audits and incident response planning to mitigate potential data exposure risks.

• Fake VS Code alerts on GitHub spread malware to developers [BleepingComputer]
• Iran-linked hackers breach FBI director's personal email, publish photos and documents - Reuters [Google News Security]
• Apple Sends Lock Screen Alerts to Outdated iPhones Over Active Web-Based Exploits [The Hacker News]
• China Upgrades the Backdoor It Uses to Spy on Telcos Globally [Dark Reading]
• AitM Phishing Targets TikTok Business Accounts Using Cloudflare Turnstile Evasion [The Hacker News]