Feed aggregator

• Alone – Charity Multipurpose Non-profit WordPress Theme has a 9.8/10 flaw
• The bug allows crooks to create rogue admin accounts
• More than 120,000 takeover attempts already blocked

The "Alone – Charity Multipurpose Non-profit WordPress Theme", a commercial theme used in many WordPress websites, contained a critical vulnerability that allowed threat actors to completely take over the website, experts have warned.

The WordPress theme, designed for charities, NGOs, and fundraising campaigns, features more than 40 ready-to-use demos, donation integration, and compatibility with Elementor and WPBakery.

According to Themetix, around 200 active WordPress sites are running this theme today.

Ongoing attacks

Wordfence researchers claim exploitation started on July 12, two days before the vulnerability was publicly disclosed. So far, the company blocked more than 120,000 exploitation attempts from almost a dozen different IP addresses.

In the attacks, the threat actors try to upload a ZIP archive with a PHP-based backdoor that grants them remote code execution capabilities, as well as the ability to upload arbitrary files. Crooks also used the flaw to deliver backdoors that can create additional admin accounts.

All versions up to 7.8.3 contained a vulnerability that allowed threat actors to upload arbitrary files, including malware that can create admin accounts. That way, crooks can completely take over websites and use them to host other malware, redirect visitors to other malicious pages, serve phishing landing pages, and more.

The vulnerability is now tracked as CVE-2025-4394, and has a severity score of 9.8/10 (critical). It was addressed in version 7.8.5, which was released on June 16, 2025. If you are using this theme, it would be wise to update it as soon as possible, since the bug is being actively exploited in the wild.

WordPress is generally considered a safe website builder platform, but third-party themes and plugins - not so much. That is why security pros advise WordPress users to only keep the plugins and themes they actively use, and to make sure they are always up to date.

Via The Hacker News

You might also like

• A popular WordPress theme has been hijacked by malware - here's what we know
• Take a look at our guide to the best authenticator app
• We've rounded up the best password managers

The crew of a haunted house attraction gets more than they bargained for in this cult classic that's streaming free on Tubi.

• AMD's head of client CPUs says it's looking into dedicated NPU accelerators
• These would be the equivalent of a discrete GPU, but for AI tasks
• Such boards would lessen demand on higher-end GPUs, as they'd no longer be bought for AI work, as they are in some cases

AMD is looking to a future where it might not just produce standalone graphics cards for desktop PCs, but similar boards which would be the equivalent of an AI accelerator - a discrete NPU, in other words.

CRN reports (via Wccftech) that AMD's Rahul Tikoo, head of its client CPU business, said that Team Red is “talking to customers” about “use cases” and “potential opportunities” for such a dedicated NPU accelerator card.

CRN points out that there are already moves along these lines afoot, such as an incoming Dell Pro Max Plus laptop, which is set to boast a pair of Qualcomm AI 100 PC inference cards. That's two discrete NPU boards with 16 AI cores and 32GB of memory apiece, for 32 AI cores and 64GB of RAM in total.

To put that in perspective, current integrated (on-chip) NPUs, such as those in Intel's Lunar Lake CPUs, or AMD's Ryzen AI chips, offer around 50 TOPS - ideal for Copilot+ PCs - whereas you're looking at up to 400 TOPS with the mentioned Qualcomm AI 100. These boards are for beefy workstation laptops and AI power users.

Tikoo observed: "It’s a very new set of use cases, so we're watching that space carefully, but we do have solutions if you want to get into that space - we will be able to."

The AMD exec wouldn't be drawn to provide a hint at a timeframe in which AMD might be planning to realize such discrete NPU ambitions, but said that "it's not hard to imagine we can get there pretty quickly" given the 'breadth' of Team Red's technologies.

(Image credit: Future / John Loeffler)Analysis: potentially taking the pressure off high-end GPU demand

So, does this mean it won't be too long before you might be looking at buying your desktop PC and mulling a discrete NPU alongside a GPU? Well, not really, this still isn't consumer territory as such - as noted, it's more about AI power users - but it will have an important impact on everyday PCs, at least for enthusiasts.

These standalone NPU cards will only be needed by individuals working on more heavyweight AI tasks with their PC. They will offer benefits for running large AI models or complex workloads locally rather than on the cloud, with far more responsive performance (dodging the delay factor that's inevitably brought into the mix when piping work online, into the cloud).

There are obvious privacy benefits from keeping work on-device, rather than heading cloud-wards, and these discrete NPUs will be designed to be more efficient than GPUs taking on these kinds of workloads - so there will be power savings to be had.

And it's here we come to the crux of the matter for consumers, at least enthusiast PC gamers looking at buying more expensive graphics cards. As we've seen in the past, sometimes individuals working with AI purchase top-end GPUs - like the RTX 5090 or 5080 - for their rigs. When dedicated NPUs come out from AMD (and others), they will offer a better choice than a higher-end GPU - which will take pressure off the market for graphics cards.

So, especially when a new range of GPUs comes out, and there's an inevitable rush to buy, there'll be less overall demand on higher-end models - which is good news for supply and pricing, for gamers who want a graphics card to, well, play PC games, and not hunker down to AI workloads.

Roll on the development of these standalone NPUs, then - it’s got to be a good thing for gamers in the end. Another thought for the much further away future is that eventually, these NPUs may be needed for AI routines within games, when complex AI-driven NPCs are brought into being. We've already taken some steps down this road, cloud-wise, although whether that's a good thing or not is a matter of opinion.

You might also like

• Need a new GPU? Nvidia's RTX 5000 Super models may be coming sooner than you expect
• Nobody wants 8GB GPUs from Nvidia and AMD – and this retailer just made that clear
• Where to buy AMD Radeon RX 9070 XT and RX 9070: the best retailers in the US and UK to check for stock

The full moon takes place a mere three days before the Perseids meteor shower peaks, and 11 days before the next planet parade.

OLED vs mini-LED is a battle that’s been raging on for a few years now. While LG, Sony and Panasonic sit firmly in the OLED camp, Samsung, Hisense and TCL place their trust more in mini-LED. Granted, most of these brands have both TV types in their lineups, but it’s clear which one each favors.

Samsung and LG are makers of some of the best TVs, and you’ll regularly find Samsung at the top of our best mini-LED TVs list and LG at the top of the best OLED TVs. Each has had a strong showing with their flagship models in 2025, with both the Samsung QN90F (mini-LED) and LG G5 (OLED) earning five stars in their reviews. But what about the mid-range models?

I recently tested the Samsung QN80F and gave it four stars in my review, mainly due to its average sound quality, reflective screen and a sometimes inconsistent picture. I also had a chance to evaluate it side-by-side with LG’s most entry-level OLED: the LG B5. While these TVs sit in different places in their respective lineups, they’re priced very similarly, with the 55-inch QN80F selling for $1,299 / £1,199 and the 55-inch B5 for $1,299 / £1,399.

So, how does the QN80F fare against the ‘cheapest’ 2025 OLED on the market, and which TV is worth the money?

Color me impressed

Both the Samsung QN80F (left) and LG B5 (right) have great color reproduction, and while the QN80F may be brighter, the B5's picture has greater depth and clarity. (Image credit: Universal Pictures / Future )

Samsung and LG TVs both have exceptional color reproduction, with colors on Samsung mini-LED models generally looking bright and punchy, and LG OLEDs looking deeper and richer. Putting the QN80F mini-LED next to the LG B5, this was once again the case.

With both TVs set to their Movie picture modes, I watched the Wizard & I scene from a 4K Blu-ray of Wicked, and the B5 demonstrated bolder and more engaging colors. Pink flowers, blue details on walls and uniforms, and Elphaba’s green skin all looked more vivid on the B5, primarily due to the B5’s stronger contrast. Colors still appeared bright and vibrant on the QN80F with the same scene, but they didn’t have the same depth.

Measuring UHDA-P3 color gamut on both TVs yielded results of 93.05% on the Samsung QN80F and 99.5% on the LG B5, so it’s no real surprise that the B5 had the edge when it came to color depth and detail.

Brightness and reflections

The Samsung QN80F (left) has both higher peak and fullscreen brightness than the LG B5, and that can be a real benefit with certain movie scenes (Image credit: Universal Pictures / Future)

Brightness is where the Samsung QN80F takes a big win. While mini-LED is traditionally a brighter display technology than OLED, flagship OLEDs such as the LG G5 and Samsung S95F have made great strides in giving OLED a brightness boost, with both hitting over 2,000 nits. But, then again, these pricey TVs use new, advanced OLED panels (QD-OLED on the S95F, and ‘four-stack’ OLED on the LG G5).

The LG B5 uses a standard W-OLED panel, and when it comes to brightness, it shows. When I measured the B5’s peak HDR brightness, it hit 668 nits in Movie mode, whereas the Samsung QN80F clocked in at 1,106 nits in the same mode. A near-500 nit brightness difference is easy to appreciate, and as Elphaba ran through a wheat field in the same Wizard & I scene from Wicked, the sun appeared brighter on the QN80F thanks to its high HDR brightness in peak highlights, and the wheat itself had a glossier, more eye-catching look.

One thing that couldn’t be ignored in my comparison was how reflective the screens on both TVs were. I anticipated this from the B5, mainly due to its low measured fullscreen HDR brightness (a meagre 131 nits), but I expected the QN80F, which clocked in at 754 nits on the same test, to perform better. In bright room lighting conditions, both of these TVs suffer from distracting mirror-like reflections when watching darker scenes. In dimmed conditions, they perform better, but there can still be visible reflections.

Black levels: OLED’s best friend

Black levels are slightly raised on the Samsung QN80F (left), but look much richer and deeper on the LG B5 (right) (Image credit: Warner Bros. / Future )

Despite a very reflective screen on both TVs and their struggles with bright room viewing, they display decent contrast in most environments. The QN80F’s higher brightness gives a stronger perceived contrast thanks to the higher brightness difference between light and dark tones. But look closer, and it’s clear that contrast and black levels are areas where OLED shines.

Watching the subway fight scene and opening crime scene in The Batman, the B5 demonstrated superb contrast, and while there was a hint of black crush at times, shadow detail was also excellent. I found the QN80F to have solid contrast in isolated viewing during my testing, but next to the B5, there was an obvious winner. The B5’s sharper textures and finer details also gave the picture a more 3D-like effect.

Blacks on the B5 also have that inky quality that OLED fans love. In both The Batman and in Nosferatu, particularly the scenes where Hutler first arrives at Orlock’s castle, the QN80F’s black levels were slightly raised, taking on a grayer tone, whereas the black of the forest and the night sky were truly as foreboding and ominous as intended on the B5.

Final thoughts

Samsung QN80F (left) and LG B5 (right) (Image credit: Future)

Both the B5 and QN80F have a strong feature set, especially for gaming, and the new versions of LG’s webOS and Samsung’s Tizen smart TV platforms are arguably the best to date. But both TVs will require one of the best soundbars to provide a cinematic experience at home, so my comparison all comes down to picture quality.

The QN80F takes a big win for brightness, but I couldn’t help but prefer the B5’s overall picture during my side-by-side test. Its superior colors, deeper blacks and more realistic-looking textures gave it the edge. If I had the money to spend, I’d be picking the LG B5.

You might also like

• I tested LG, Samsung and Sony's elite 2025 OLED TVs side-by-side – here's the one I'd buy with my own money
• I tested Samsung and Sony’s 2025 QD-OLED TVs side-by-side, and it’s a battle for the ages
• Glare-Free vs anti-reflection: This is how Samsung and LG's flagship OLED TV screens fared when I tested them

The biggest change for customers is a familiar one for competitors like DoorDash.

About a month after announcing that it would stop sharing data that hurricane forecasters and scientists rely on, the Navy now says it will continue distributing it.

(Image credit: AP)

• Asus updates MyAsus app to fix two new security issues affecting PCs
• Company confirms past issues in routers and software are now fully resolved
• Users urged to update software, use strong passwords, and disable unused services

Asus has released new security patches for its MyAsus software, following fresh reports from security researchers highlighting flaws across multiple services.

The update applies to all compatible desktops, laptops, NUCs, and All-in-One PCs, addressing two vulnerabilities tracked as CVE-2025-4569 and CVE-2025-4570.

The new versions are 4.0.36.0 for x64 systems and 4.2.35.0 for Arm-based computers - and users can update through the MyAsus app or via the Microsoft Store.

Patch now

The CVE-2025-4569 flaw received a CVSS v4.0 score of 7.7, marking it as high severity. CVE-2025-4570 was rated at 6.9, a medium-level risk.

Both are resolved in the update. Asus also confirmed that is has addressed related issues in Armoury Crate, DriverHub, and specific router models, although details were limited. The company says all reported vulnerabilities have now been resolved.

This patch follows a string of vulnerability disclosures this year.

Back in April 2025, the company patched a critical vulnerability in routers using AiCloud, a service that lets users access and share files over the internet.

Tracked as CVE-2025-2492, it had a severity score of 9.2 and could allow remote attackers to execute functions without permission.

Asus urged users to disable AiCloud on unsupported models and update the firmware immediately.

Then in June 2025, Asus also patched CVE-2024-3080, a critical authentication bypass flaw affecting seven popular router models, including ZenWiFi XT8 and RT-AX88U.

That update also covered a buffer overflow issue and a system command execution bug, both tied to admin privileges.

In a related incident, a high-severity flaw tracked as CVE-2023-39780 was exploited by attackers to build a botnet using compromised routers.

That vulnerability allowed persistent access via non-volatile memory.

Asus responded by urging users to reset affected devices and use stronger credentials.

It's important to keep your router secure - regardless of the make - by checking firmware regularly, updating software, and limiting remote access features whenever possible.

You might also like

• These are the best Asus routers you can buy right now
• Thousands of Asus routers hacked to create a major botnet
• FBI warns outdated routers are being hacked and hijacked for criminal purposes

AlphaEarth Foundations could help tackle food insecurity, deforestation, urban expansion and water sharing issues.

The Osmo 360 does 8K video, 120 megapixel photos but for right now it isn't available in the US.

• Weapons director Zach Cregger admits he's feeling the pressure after the success of his previous movie, Barbarian
• But he told TechRadar that he "feels secure" in the movie he's made
• Weapons is in theaters from August 8

Zach Cregger terrified us all in 2022 with his horror hit Barbarian and he is set to do it again with the new movie Weapons.

It's not easy following up from a breakout movie. With Barbarian scoring an impressive 92% on Rotten Tomatoes from the critics, horror fans are hoping for the same standard when it comes to Weapons.

In Cregger's latest movie, we follow the mysterious disappearances of multiple children who ran away from their homes at exactly 2:17am. Weapons viral marketing campaign had everyone talking, and now the pressure is on for it to be as good as Barbarian.

Speaking to TechRadar, Cregger told me about how he was feeling ahead of Weapons' release. He said: "I'm nervous just because I love the movie so much, and I want people to go see it, but I feel very confident because I feel secure in the movie that I made. "

"I love Weapons. I think it's a bigger riff on Barbarian. This is more and in a good way. I feel like I can sleep soundly at night no matter what happens, knowing like I did my job, but, you know, you hope people show up. "

Weapons is also Cregger's first time scoring a movie alongside two of his friends, so fans will get to hear some of his music on this project.

He told me: "I did it with two of my best friends who I was in a band with in high school, and we just kind of have the same musical mind and so the three of us, Hays and Ryan Holladay and myself, we kind of scored it.

"We scored the movie before I shot it, and then when I was editing it, you know, we just laid the score in."

One of the things I loved about Barbarian was the one word, impactful title, something that he did again with Weapons. I asked about the title and he said : "I think it's such a mysterious thing and with the mystery, it's just incredible. It just feels right."

You might also like

• Weapons has some of the best viral marketing I’ve ever seen, but the new horror movie’s director admits he ‘was not a believer at the beginning’
• Alien: Earth's official trailer is here – and the sci-fi horror series' xenomorph isn't the only frightening creature that'll need to be avoided
• Shudder’s new indie sci-fi shocker is one of the most unsettling horror movies I’ve seen in years

• Square Enix has announced The Adventures of Elliot: The Millennium Tales and Octopath Traveler 0
• The Adventures of Elliot arrives in 2026 for Nintendo Switch 2, PS5, Xbox Series X, Xbox Series S, and PC
• Octopath Traveler 0 is exclusive to Switch and Switch 2 and is releasing on December 4

To close out the July 31 Nintendo Direct Partner Showcase, Square Enix announced two new HD-2D role-playing games (RPGs), The Adventures of Elliot: The Millennium Tales and Octopath Traveler 0.

The Adventures of Elliot: The Millennium Tales is an all-new action-adventure RPG set to arrive in 2026, for the Nintendo Switch 2, PS5, Xbox Series X, Xbox Series S, and PC.

Although the game isn't releasing until next year, Switch 2 players can download a free 'Debut Demo' today that provides an early look at the game.

Developed by Team Asano, the developer behind Octopath Traveler and Bravely Default, The Millennium Tales tells the story of Elliot in a fast-paced adventure that combines thrilling real-time action and rewarding exploration.

Set in the world of Philabieldia, humanity’s last bastion is the Kingdom of Huther, protected by its tall walls and Princess Heuria’s powerful magic.

"When a mysterious set of ruins is discovered, a young adventurer named Elliot and his fairy companion Faie are sent off on a journey to investigate. What seems like a simple, if dangerous, mission soon becomes a grand saga that will be woven across time and space," Square Enix describes.

As Elliot, the player will explore an expansive world equipped with multiple weapon types, like swords, bows, chains, and sickles, which can be customized to increase stats. Faie will also have a 'Sprint' power that lets Elliot zip around faster.

The final reveal of the showcase was Octopath Traveler 0, which is the newest entry in the Octopath Traveler series, coming to Nintendo Switch and Nintendo Switch 2 on December 4, 2025.

"Start from zero and discover the newest entry in the OCTOPATH TRAVELER series. Experience a story of restoration and retribution over the divine rings—an epic saga that unfolds across the realm of Orsterra," the game description reads.

This new entry brings all-new features and returning core elements from the series, including the HD-2D graphics that blend retro pixel art and 3D CG art, Path Actions, the Break and Boost battle system, and more.

For the first time in the series, players will be able to play as their own customized protagonist and "rebuild their hometown after great destruction is brought to it".

Physical pre-orders for Octopath Traveler 0 are now available, with digital pre-orders coming later.

You might also like...

• The 14 best Nintendo Switch 2 games to play in 2025
• The Nintendo Switch 2 is the company’s least ambitious console to date, but its improvements are astronomical
• I’ve spent 150 hours with The Legend of Zelda: Breath of the Wild, and the Switch 2 Edition is an incredible upgrade

• FTX shut down in 2021, but continued to generate data in the backend
• Contact information on more than 35,000 FTX Japan users found leaking
• The company could face regulatory pressure as a result

FTX Japan, the Japanese arm of the dead cryptocurrency exchange FTX, leaked sensitive data on more than 35,000 users, putting them at risk of phishing and identity theft, experts have warned.

Researchers at Cybernews said they found an exposed database with 26 million files, including usernames and real names, email addresses, postal addresses, FTX account IDs, and detailed transaction logs including information on borrowing and lending, cryptocurrencies, collateral, margin rates, and risk flags.

The files are relatively fresh, too, as some of the logs were apparently generated in July 2024.

Troubling implications

Explaining how it’s possible that an exchange that shut down in late 2021 was still generating, and thus leaking files, as early as 2024, Cybernews said FTX Japan completed its bankruptcy and withdrawals in February 2023, but its backend systems probably remained active throughout 2024.

Following the fallout of FTX, its Japanese subsidiary was acquired by another Japanese crypto exchange called bitFlyer, and was rebranded to Custodiem in 2024.

“It is unclear whether the discovered leak belongs to the actively used Custodiem infrastructure, or is an abandoned, unmodified artifact remaining after the FTX collapse,” the Cybernews researchers explained.

The implications are troubling, since cybercriminals can use the information to target people who already lost a lot in the bankruptcy. For example, Celsius customers (another crypto company that went bankrupt at approximately the same time), are being bombarded with phishing emails in which crooks impersonate the company and claim the victims are eligible for withdrawals.

At the same time, the company itself is risking further regulatory pressure, and possibly fines, as a result.

Cybernews also said that the data leak raises concerns about privacy and regulatory compliance, since under Japanese laws, crypto firms need to uphold to high standards.

How to stay safe

The breach means cybercriminals could have a field day with the leaked data, which should be more than enough of sensitive information to launch highly personalized, successful phishing campaigns, leading to identity theft, wire fraud, and even ransomware attacks.

If you're concerned you may have been caught up in the incident, don't worry - there are a number of methods to find out. HaveIBeenPwned? is probably the best resource only to check if your details have been affected, offering a run-down of every big cyber incident of the past few years.

And if you save passwords to a Google account, you can use Google's Password Checkup tool to see if any have been compromised, or sign up for one of the best password manager options we've rounded up to make sure your logins are protected.

You might also like

• Ingram Micro confirms ransomware attack, internal systems affected and shut down
• Take a look at our guide to the best authenticator app
• We've rounded up the best password managers

Buckle up: Wrestling's iconic summer event is now a two-night affair.

• Weapons director Zach Cregger has admitted he "was not a believer" when it came to the movie's viral marketing
• However, the realistic marketing campaign has gone down well with fans
• The new movie is in theaters from August 8

Weapons is the hugely anticipated new movie from Zach Cregger, and while fans may be thoroughly spooked by the marketing they've seen so far, the director has revealed he was nervous at first.

The new horror movie, which arrives in cinemas on August 8, centers around a group of children who simultaneously disappear at 2:17am.

Speaking to TechRadar, Cregger said: "They came to me and they were like, 'we're thinking of doing this'. They had a term for it that I wasn't even aware of, but they're like, 'we're gonna make this website, we're gonna make it seem like it really happened.'

"And I'll be honest, I was like, 'I don't think I like this idea because we're trying to trick people', and then are people gonna get annoyed and they realize it's just a movie and they're gonna be like f*** this movie."

He added: "That was my fear, but they were like just trust us. So I was like, 'OK!', and then sure enough, everybody really responded to it, so they get all the credit, you know, and I, and I love what they did. I love it, but I was not a believer at the beginning, I'll tell you."

The website Cregger is referring to is MaybrookMissing.net, which is set up to look like a real missing person's case. There's teasers for the movie, fake CCTV footage and even a reference to his previous movie Barbarian for eagle-eyed fans.

Weapons has really gone hard on this marketing technique, which is known as an Alternate Reality Game. Movies such as Cloverfield and District 9 have adopted this approach in the past, setting up websites and hotlines to entice audiences into a story.

In my opinion, they work incredibly well with horrors or mysteries and it really got me hyped to see the movie, so it's a job well done.

This led me to ask about fan theories based on the marketing campaign, as I was sure people have drawn their own conclusions about what to expect from it. Cregger told me: "Oh yeah, I've seen a lot of theories and I don't even really want to comment on them because if I discredit some of them, then it's, I'm giving people ammo for for for spoiling it.

"But the one that I will say that I've seen a lot that I'm always just kind of like, 'wow', is that people say like an alien is involved in this, and I think that's probably my favorite fan theory."

With plenty of intrigue here, you'll have to go and see the movie if you want to unravel the mystery.

You might also like

• 7 new horror movies on Prime Video, Shudder, HBO Max and more in July 2025
• Alien: Earth's official trailer is here – and the sci-fi horror series' xenomorph isn't the only frightening creature that'll need to be avoided
• Five Nights at Freddy’s 2 has a trailer that’s even more discouraging than the first movie, but die-hard fans will be pleased with one detail

President Trump, who has insisted Aug. 1 is a firm deadline for countries around the world, said that "the complexities of a Deal with Mexico are somewhat different from other Nations."

(Image credit: Julio Cesar Aguilar)

Matt Fitzpatrick and Keegan Bradley are among the big names set to battle it out at the Sedgefield Country Club.

Sectarian violence in recent weeks in Syria's Sweida region has left more than 1,000 people dead. Druze in the Israel-occupied Golan Heights say they feel betrayed by Syria's interim government.

(Image credit: JALAA MAREY)

The next installment of the popular Nintendo Switch game lets you customize who the hero will be.

• Developers who published projects on PyPI with their email in package metadata are being targeted
• They are asked to "verify" their email address with a fake PyPI platform
• The "verification" process relays login credentials to attackers

Python developers are being targeted with dangerous phishing attacks, The Python Software Foundation (PSF) has warned .

PSF said threat actors were actively targeting developers who have published projects on PyPI with their email in package metadata. These developers are receiving emails asking them to “verify” their email address on the platform, providing a link to do so.

Clicking on the link redirects the victims to a page that looks seemingly identical to the original one - the URL for the original one is PyPI.org, and for the spoofed one - PyPJ.org, a difference small enough to pass under some people’s radars. This type of fraud is called “typosquatting” and is often used in attacks.

Disrupting the scam

The site looks almost the same as the real thing, and prompts the users to log into their accounts. However, sharing the credentials just relays them to the attackers, who can then log into the actual site, and tamper with the packages found there.

PSF is a nonprofit organization that manages and supports the Python programming language, and operates The Python Package Index (PyPI.org), the most popular package index for the programming language in the world.

Tainting legitimate PyPI packages with malware is also a common occurrence. Many Python developers trust the platform, and use the code found there in various projects. By downloading malicious packages, they can grant attackers access to their projects, and possibly even sensitive company files.

To tackle the impersonation campaign, PyPI admins added a banner to the homepage, and have reached out to CDN providers and name registrars to terminate the phishing sites.

Python developers who received such emails are advised not to click on any links, and just delete the emails immediately. Those who are unsure if the email they received is legitimate or not are advised to open up PyPi directly in their browser, instead of clicking any links in the email.

Via BleepingComputer

You might also like

• Malicious Python packages are stealing vital data, and have been downloaded thousands of times already
• Take a look at our guide to the best authenticator app
• We've rounded up the best password managers