Data Security , Supply chain Malicious elementary-data package version 0.23.3 steals developer data and cryptocurrency wallets April 28, 2026 Share By SC Staff As reported by Bleeping Computer, a malicious version of the popular elementary-data Python package, version 0.23.3, was pushed to the Python Package Index (PyPI) and GitHub Container Registry, designed to steal sensitive developer data and cryptocurrency wallets. The attack exploited a GitHub Actions script injection flaw, allowing the attacker to inject shell code that exposed a GitHub token. This token was then used to forge a signed commit and tag, triggering the project's legitimate release pipeline. The compromised pipeline built and published the backdoored package and a malicious Docker image. The malicious release contained a file, elementary.pth, which executed at startup to steal SSH keys, Git credentials, cloud credentials, Kubernetes and Docker secrets, developer tokens, cryptocurrency wallet files, and system data. The same payload was present in the Docker image. Researchers advise users who downloaded the malicious version or images to rotate all secrets and restore their environments from a known safe state. The vulnerability was discovered by community member crisperik, and a clean replacement, elementary-data 0.23.4, was quickly released. Source: Bleeping Computer SC Staff Related Data Security Udemy allegedly breached by ShinyHunters, data leak warned SC Staff April 28, 2026 Cybernews reports that U.S-based. e-learning platform Udemy was claimed to have more than 1.4 million records compromised by the ShinyHunters extortion group, which threatened to expose the data trove should the firm opt out of negotiations by Apr. 27. Security Operations French police arrest hacker ‘HexDex’ for alleged widespread data theft SC Staff April 27, 2026 The investigation began in late December 2025 following approximately 100 reports of data theft. Data Security BlackFile hackers target retail, hospitality with vishing and data extortion SC Staff April 27, 2026 BlackFile initiates attacks through voice phishing (vishing) calls, using spoofed numbers to impersonate IT support. Related Events Cybercast Beyond the Hype: The Cybersecurity Trends CISOs are Keeping an Eye on in 2026 On-Demand Event Cybercast Beyond the data perimeter: Why next-generation DSPM is the foundation for modern data security On-Demand Event Virtual Conference Securing the Future of Finance: Strategies to Counter Modern Cyber Threats On-Demand Event Get daily email updates SC Media's daily must-read of the most current and pressing daily news Business Email By clicking the Subscribe button below, you agree to SC Media Terms of Use and Privacy Policy . Subscribe Related Terms Block Cipher Ciphertext Cryptographic Hash Functions Cyclic Redundancy Check (CRC) Data Aggregation Data Encryption Standard (DES) Diffie-Hellman Digital Envelope Digital Signature Digital Signature Standard (DSS) You can skip this ad in 5 seconds