In Operation Muck and Load, over 200 GitHub repositories serve a Go module that leads to Windows malware infections.
According to Socket, malicious payment SDK packages on npm and PyPI are harvesting developer credentials and CI/CD ...
These are my go-to libraries for Python data crunching.