Threat researchers at ReversingLabs, a software supply chain security and malware analysis platform, have discovered a malicious new PyPI package dubbed VMConnect on the Python Package Index (PyPI) repository.
Cybersecurity researchers have discovered a new bunch of malicious packages on the npm package registry that are designed to exfiltrate sensitive developer information.