note

Visualizing the Shop Floor: In-House Production Management Board Built with Excel and Python Flask

This is a memo regarding a production management board I built for internal use. We are always running multiple projects simultaneously, not just the immediate ones, but also future ones with flexible ...
theregister

Crime crew impersonates help desk, abuses Microsoft Teams to steal your data

A previously unknown threat group using tried-and-tested social engineering tactics - Microsoft Teams chat invitations and helpdesk staff impersonation - is also using custom malware in its ...
Security Boulevard

SAML vs OIDC vs OAuth: The 60-Second B2B Playbook

TL;DR (read this first): OAuth 2.0 is authorization (a valet key for APIs). OIDC is authentication built on top of OAuth 2.0 (modern login for web, mobile, and SPAs). SAML 2.0 is a separate, XML-based ...
LinkedIn

PyPI Telnyx Python SDK Backdoored to Steal Credentials on Windows, macOS, and Linux

Telnyx Python SDK on PyPI, using a multi‑stage WAV steganography payload to steal credentials across Windows, macOS, and Linux systems. The backdoor lives in telnyx/_client.py and is triggered at ...
Bleeping Computer

New Infinity Stealer malware grabs macOS data via ClickFix lures

A new info-stealing malware named Infinity Stealer is targeting macOS systems with a Python payload packaged as an executable using the open-source Nuitka compiler. The attack uses the ClickFix ...
SecurityWeek

Cloudflare-Themed ClickFix Attack Drops Infiniti Stealer on Macs

macOS users are targeted in a fresh ClickFix campaign that uses a Cloudflare-themed verification page to deliver a Python-based information stealer, Malwarebytes reports. The attack starts with a fake ...
Infosecurity-magazine.com

VVS Stealer Uses Advanced Obfuscation to Target Discord Users

A Python-based malware family known as VVS stealer has been observed using advanced obfuscation and stealth techniques to target Discord users and extract sensitive ...
The Hacker News

Python-Based WhatsApp Worm Spreads Eternidade Stealer Across Brazilian Devices

Cybersecurity researchers have disclosed details of a new campaign that leverages a combination of social engineering and WhatsApp hijacking to distribute a Delphi-based banking trojan named ...
Bleeping Computer

From infostealer to full RAT: dissecting the PureRAT attack chain

An investigation into what appeared at first glance to be a “standard” Python-based infostealer campaign took an interesting turn when it was discovered to culminate in the deployment of a ...
theregister

Python-powered malware snags hundreds of credit cards, 200K passwords, and 4M cookies

More than 4,000 victims across 62 countries have been infected by stealthy infostealers pilfering people's passwords, credit card numbers, and browser cookies, which are then sold to other criminals ...
The Hacker News

Malicious PyPI Packages Exploit Instagram and TikTok APIs to Validate User Accounts

Cybersecurity researchers have uncovered malicious packages uploaded to the Python Package Index (PyPI) repository that act as checker tools to validate stolen email addresses against TikTok and ...
Security Boulevard

Why the 2025 PyPI Attack Signals a New Era in Cloud Risk

MixMode Threat Research is a dedicated contributor to MixMode.ai’s blog, offering insights into the latest advancements and trends in cybersecurity. Their posts analyze emerging threats and deliver ...