These code bombs lurk in the PyPI package repository, waiting to be inadvertently baked into software developers’ applications.
https://threatpost.com/cryptominers-python-supply-chain/167135/
A critical privilege-escalation vulnerability could lead to backdoors for admin access nesting in web servers.
https://threatpost.com/all-in-one-seo-plugin-bug-threatens-3m-websites-with-takeovers/177240/