Cybersecurity researchers discovered a deceptive Python package named 'requests-darwin-lite' on PyPI that camouflages a Sliver C2 framework inside a logo image to target macOS systems.

The malicious package employs steganography to execute commands on macOS after installation, revealing the sophistication of current cyber attacks.

With 417 downloads before removal, 'requests-darwin-lite' demonstrates how open-source repositories can be exploited to distribute malware.

The incident with 'requests-darwin-lite' coincides with IntelBroker's report of sensitive data breaches at Barclays and HSBC, attributed to a third-party contractor cyber attack.

These events underscore the critical need for enhanced security measures in open-source software distribution and third-party vendor management to protect against cyber threats.