-
Malicious Python Packages on PyPI Downloaded 39,000+ Times, Steal Sensitive Data
Cybersecurity researchers have uncovered malicious libraries in the Python Package Index (PyPI) repository that are designed to steal sensitive information. Two of the packages, bitcoinlibdbfix and bitcoinlib-dev, masquerade as fixes for recent issues detected in a legitimate Python module called bitcoinlib, according to ReversingLabs. A third package discovered by Socket, disgrasya, contained a
-
Oregon chipmakers feel tariff pain, despite US exemption
Semiconductors are exempt from Trump tariffs, but many companies remain vulnerable.
-
Prosper Portland to consider sale of Convention Center-adjacent hotel
Prosper Portland acquired the property in 2002 as a possible site for an Oregon Convention Center hotel.
-
Oregon cannabis ranked 2nd in thriving in open US market
Robin Goldstein from UC Davis ranks the states by cannabis industry economic potential.
-
Portland’s largest law firms join amicus brief supporting Perkins Coie
The firms were among more than 500 to lend their names to a friend-of-the-court brief filed in U.S. District Court.
-
Portland Office of Small lead on 2025 plans
Portland’s new Office of Small Business is set to fully launch in May — although the four-person team behind it has already been hard at work.
-
OIA Global acquires customs brokerage, freight forwarding leader JF Moran
OIA Global, an end-to-end supply chain management company, has acquired customs brokerage and freight forwarding leader JF Moran.
-
SpotBugs Access Token Theft Identified as Root Cause of GitHub Supply Chain Attack
The cascading supply chain attack that initially targeted Coinbase before becoming more widespread to single out users of the “tj-actions/changed-files” GitHub Action has been traced further back to the theft of a personal access token (PAT) related to SpotBugs. “The attackers obtained initial access by taking advantage of the GitHub Actions workflow of SpotBugs, a…
-
Have We Reached a Distroless Tipping Point?
There’s a virtuous cycle in technology that pushes the boundaries of what’s being built and how it’s being used. A new technology development emerges and captures the world’s attention. People start experimenting and discover novel applications, use cases, and approaches to maximize the innovation’s potential. These use cases generate significant value, fueling demand for the…
-
Critical Ivanti Flaw Actively Exploited to Deploy TRAILBLAZE and BRUSHFIRE Malware
Ivanti has disclosed details of a now-patched critical security vulnerability impacting its Connect Secure that has come under active exploitation in the wild. The vulnerability, tracked as CVE-2025-22457 (CVSS score: 9.0), concerns a case of a stack-based buffer overflow that could be exploited to execute arbitrary code on affected systems. “A stack-based buffer overflow in…
