Researchers have uncovered a supply-chain attack that hides in Python packages, propagates like a worm, and tricks LLM-based ...

The Miasma supply chain campaign has sparked a fresh attack wave called Hades, this time involving 37 malicious wheel ...

This is probably the dictionary illustration for "deceptively simple." ...

A known Chinese advanced persistent threat (APT) group known as Mustang Panda is the likely culprit behind a sophisticated, ongoing cyber-espionage campaign. It starts with a malicious email, and ...

Dozens of cryptographically verified open source packages from Microsoft were compromised late last week to add advanced credential-stealing code that was triggered when developers opened them in AI ...

The malware used in the attack was dubbed “Miasma” and is described as a self-replicating worm designed to harvest login ...

Proofpoint says Chinese cybercrime group TA4922 is using AI-assisted phishing and apparently LLM-developed malware, including ...

Malicious Python packages masquerading as legitimate code obfuscation tools are targeting developers via the PyPI code repository. Focusing on those interested in code obfuscation is a savvy choice ...

A malicious Python package targeting Discord developers with remote access trojan (RAT) malware was spotted on the Python Package Index (PyPI) after more than three ...

A widely used open-source PyPI package, elementary-data, was compromised in a targeted attack that inserted infostealer malware via a GitHub Actions vulnerability. The malicious update, version 0.23.3 ...

North Korea-linked hackers have upgraded the InvisibleFerret malware to bypass script-based security tools, converting its Python code into compiled modules that are harder for defenders to inspect ...