The Python Package Index (PyPI), run by the Python Software Foundation, has officially invalidated all the publishing tokens that were stolen in the GhostAction supply chain attack that happened ...

ESET researchers reveal how malware operators collaborate with covert North Korean IT workers, posing a threat to both headhunters and job seekers.

The campaign detailed in the report, dubbed “ShadowV2,” is a Python-based command-and-control framework hosted on GitHub ...

Your weekly strategic brief on the cyber threat landscape. Uncover the deeper patterns behind attacks, from bootkit malware ...

A threat actor named WhiteCobra has targeting VSCode, Cursor, and Windsurf users by planting 24 malicious extensions in the ...

A team of data thieves has doubled down by developing its CastleRAT malware in both Python and C variants. Both versions spread by tricking users into pasting malicious commands through a technique ...

Turn an unused Raspberry Pi into something useful with projects like a travel router, weather station, game server, streaming ...

The new AI-native framework, freely available online, could make advanced cyberattacks faster, easier, and more accessible ...

The stealer campaign has evolved into a multi-stage delivery chain that ultimately deploys the modular, feature-rich PureRAT.

The case of the Latvian streamer Raivo Plavniek is particularly tragic, known as RastlandTV. The content creator, suffering ...

Qix is an open source maintainer account that was compromised by a phishing attack. This allowed attackers to infect 18 popular npm packages with malicious code. Together, these packages are ...