PyPI Vulnerabilities

npm and PyPI Ecosystems Hit by Supply Chain Malware

npm and PyPI ecosystems hit by supply chain malware have sent shockwaves through the developer community, with a sophisticated attack targeting popular open-source packages. Cybersecurity researchers, including experts from Aikido Security, have uncovered a malicious campaign compromising over a dozen GlueStack packages, affecting nearly 1 million weekly downloads. This attack, detected on June 6, 2025, at 9:33 p.m. GMT, exploits…

Read More »