A poisoned npm package infected 140+ projects with a hidden payload. This report highlights how to detect, hunt, and defend ...

The Miasma supply chain campaign has sparked a fresh attack wave called Hades, this time involving 37 malicious wheel ...

Bitdefender security researchers have discovered that attackers continue to exploit Microsoft HTML Application Host (MSHTA), a legacy utility available by default on Windows systems that can execute ...

The TeamPCP hacking group continues its supply-chain rampage, now compromising the massively popular "LiteLLM" Python package on PyPI and claiming to have stolen data from hundreds of thousands of ...

The promise of autonomous AI agents is rapidly turning into a security beachhead for initial access. Our labs have detected a series of malicious campaigns targeting OpenClaw (formerly known as ...

Two newly uncovered malware campaigns are exploiting open-source software across Windows and Linux environments to target enterprise executives and cloud systems, signaling a sharp escalation in both ...

Looking for a job at Meta, Disney, and Spotify? It could be a scam, NordVPN warns The malicious DLL adds a Windows registry “Run” key to establish persistence and then runs a portable Python ...

An investigation into what appeared at first glance to be a “standard” Python-based infostealer campaign took an interesting turn when it was discovered to culminate in the deployment of a ...

detect-secrets is an aptly named module for (surprise, surprise) detecting secrets within a code base. However, unlike other similar packages that solely focus on finding secrets, this package is ...

In 2024, ESET researchers discovered several malicious tools in the systems used by Kurdish and Iraqi government officials. The APT group behind the attacks is BladedFeline, an Iranian threat actor ...