Hacking Activity
Posts
Hacking Activity: Issue 02

Hacking Activity: Issue 02

Fake PyPi site, Cursor AI fixes prompt injection flaw, CISA new open source tool, and more..

Eslam Salem
August 07, 2025 • Estimated Reading Time: 2 minutes

In this Issue:
- 🔥 Hackers target Python devs with fake PyPI site 
- 🔥 Cursor Fixed Flaw Allowing Attackers to Run Commands via Prompt Injection 
- 🔥 Active Exploitation of Microsoft SharePoint 
- 🔥 Breach Microsoft 365 Accounts With Fake OAuth Apps with Tycoon Kit 
- 🛠️ Scalable file analysis and data generation tool by CISA
- 🛠️ AI Runbooks for Security Operations

Hackers target Python devs in phishing attacks using fake PyPI site

The Python Software Foundation warned users this week that threat actors are trying to steal their credentials in phishing attacks using a fake Python Package Index (PyPI) website.

Cursor AI Code Editor Fixed Flaw Allowing Attackers to Run Commands via Prompt Injection

Critical flaw in Cursor AI editor let attackers execute remote code via Slack and GitHub—fixed in v1.3 update.

Active Exploitation of Microsoft SharePoint Vulnerabilities: Threat Brief (Updated July 31)

Unit 42 has observed active exploitation of recent Microsoft SharePoint vulnerabilities. Here’s how you can protect your organization.

Attackers Use Fake OAuth Apps with Tycoon Kit to Breach Microsoft 365 Accounts

Hackers used fake Microsoft OAuth apps to target 3,000+ accounts across 900 environments in 2025.

GitHub - cisagov/thorium: A scalable file analysis and data generation platform that allows users to easily orchestrate arbitrary docker/vm/shell tools at scale.

A scalable file analysis and data generation platform that allows users to easily orchestrate arbitrary docker/vm/shell tools at scale. - cisagov/thorium

GitHub - dandye/ai-runbooks

Contribute to dandye/ai-runbooks development by creating an account on GitHub.

Have questions, comments, or feedback? Just reply directly, I’d love to hear from you.

Thanks for reading!