TeamPCP hackers compromised the Telnyx package on the Python Package Index today, uploading malicious versions that deliver credential-stealing malware hidden inside a WAV file. Earlier today, the ...

A large-scale campaign is targeting developers on GitHub with fake Visual Studio Code (VS Code) security alerts posted in the Discussions section of various projects, to trick users into downloading ...

The newly observed malware abuses VS Code’s “runOn:folderOpen” feature to execute automatically from trusted projects, enabling near-frictionless compromise. A newly disclosed malware strain dubbed ...

The GlassWorm malware made news when it pivoted from exclusively targeting Windows users to also targeting Mac OS users in January, and in the time since, the malware campaign has spread across at ...

This scam is alarming and something that many people could fall victim to if they are not careful. The Identity Theft Resource Center warns that criminals are creating realistic looking fake captcha ...

Socket uncovers large-scale GitHub spam campaign abusing “Discussions” notifications Fake advisories with bogus CVEs trick developers into downloading malware via cloud-hosted links Thousands of ...

Kaspersky has warned of a new malware campaign targeting developers through fake Claude Code and OpenClaw downloads. Using malicious search ads, hackers are infecting Windows and Mac users with ...

A newly uncovered malware campaign is combining ClickFix delivery with AI generated evasion techniques to steal enterprise user accounts and passwords. The attacks are designed to provide intruders ...

Security researchers McAfee uncovered a major malware campaign leveraging Generative Artificial Intelligence (GenAI) to infect as many people with cryptocurrency miners as possible. In an in-depth ...

The danger in the code came from characters that are invisible to the human eye. In early March researchers at several security firms examined what looked like empty space and found hidden Unicode ...