> TritonInfoSec News
Home / Apr 28, 2026 / Story
0
#2 BleepingComputer general April 27, 2026 at 15:17 UTC

PyPI package with 1.1M monthly downloads hacked to push infostealer

By Bill Toulas

AI Summary

The elementary-data Python package on PyPI with 1.1 million monthly downloads was compromised by attackers who pushed a malicious version to steal developer credentials and cryptocurrency wallets. This supply chain attack demonstrates how threat actors target high-profile open source packages to maximize the impact of their credential harvesting operations.

Read full article → https://www.bleepingcomputer.com/news/security/pyp…

Relevance score: 92.0/100

# More from April 28

  1. 1
    GlassWorm malware attacks return via 73 OpenVSX "sleeper" extensions BleepingComputer
  2. 3
    Home security giant ADT data breach affects 5.5 million people BleepingComputer
  3. 4
    Medtronic confirms breach after hackers claim 9 million records theft BleepingComputer
  4. 5
    Alleged Silk Typhoon hacker extradited to US for cyberespionage BleepingComputer
  5. 6
    OpenSSH Flaw Allowing Full Root Shell Access Lurked for 15 Years SecurityWeek
  6. 7
    Unpatched 'PhantomRPC' Flaw in Windows Enables Privilege Escalation Dark Reading
  7. 8
    UNC6692 Combines Social Engineering, Malware, Cloud Abuse Dark Reading
  8. 9
    Robinhood account creation flaw abused to send phishing emails BleepingComputer
  9. 10
    Energy and Water Management Firm Itron Hacked SecurityWeek