The Hacker News

Compromised dYdX npm and PyPI Packages Deliver Wallet Stealers and RAT Malware

Compromised dYdX npm and PyPI packages delivered wallet-stealing malware and a RAT via poisoned updates in a software supply chain attack.
Microsoft

New Clickfix variant ‘CrashFix’ deploying Python Remote Access Trojan

CrashFix crashes browsers to coerce users into executing commands that deploy a Python RAT, abusing finger.exe and portable Python to evade detection and persist on high‑value systems.
GitHub

asifashraf/yt-dlp-2025-06-29

yt-dlp_linux_armv7l Linux standalone armv7l (32-bit) binary yt-dlp_linux_aarch64 Linux standalone aarch64 (64-bit) binary yt-dlp_win.zip Unpackaged Windows executable (no auto-update) yt-dlp_macos.zip ...