XDA Developers on MSN

A popular Python library just became a backdoor to your entire machine

Supply chain attacks feel like they're becoming more and more common.

Trivy vulnerability scanner breach pushed infostealer via GitHub Actions

The Trivy vulnerability scanner was compromised in a supply-chain attack by threat actors known as TeamPCP, which distributed ...
The Independent

DOGE staffer had ‘God-level’ Social Security access and expected Trump’s pardon, whistleblower says

A former employee with the so-called Department of Government Efficiency allegedly claimed he tapped into two sensitive Social Security Administration databases and intended to share the information ...
TechCrunch

India disrupts access to popular developer platform Supabase with blocking order

Supabase, a popular developer database platform, has been blocked in India — one of its key markets — TechCrunch has learned. New Delhi ordered internet providers to block its website, resulting in ...
ProPublica

Trump Administration Moves to Allow Intelligence Agencies Easier Access to Law Enforcement Files

ProPublica is a nonprofit newsroom that investigates abuses of power. Sign up to receive our biggest stories as soon as they’re published. These highlights were written by the reporters and editors ...
CNN

With ICE using Medicaid data, hospitals and states are in a bind over warning immigrant patients

The Trump administration’s move to give deportation officials access to Medicaid data is putting hospitals and states in a bind as they weigh whether to alert immigrant patients that their personal ...
Microsoft

New Clickfix variant ‘CrashFix’ deploying Python Remote Access Trojan

In January 2026, Microsoft Defender Experts identified a new evolution in the ongoing ClickFix campaign. This updated tactic deliberately crashes victims’ browsers and then attempts to lure users into ...
The Hacker News

Fake Python Spellchecker Packages on PyPI Delivered Hidden Remote Access Trojan

Cybersecurity researchers have discovered two malicious packages in the Python Package Index (PyPI) repository that masquerade as spellcheckers but contain functionality to deliver a remote access ...
NPR

The Trump administration admits even more ways DOGE accessed sensitive personal data

For much of the last year, staffers who were initially part of the Department of Government Efficiency effort improperly accessed and shared sensitive personal data on millions of Americans. The Trump ...