Supply chain attack infects 16 GlueStack npm packages used by 1M weekly users, enabling malware that steals data and controls ...

Discovered by Sysdig’s Threat Research Team, the malware campaign involved exploiting misconfigured instances of Open WebUI, ...

A significant supply chain attack hit NPM after 15 popular Gluestack packages with over 950,000 weekly downloads were ...

Detection as code (DaC) is a powerful way for security teams to streamline rule development, automate threat detection, and respond to attacks with greater speed and precision. The DaC ...

Discover how supply chain attacks target crypto projects through third-party tools, and learn key strategies to protect code, infrastructure and users.

Fake Alibaba Labs AI SDKs hosted on PyPI included PyTorch models with infostealer code inside. With support for detecting ...

ESET researchers analyzed a cyberespionage campaign conducted by BladedFeline, an Iran-aligned APT group with likely ties to ...

Attackers inject malicious code into AI models hosted on the public repositories. These models allow attackers to manipulate ...

I’m always looking for creative and cost-effective ways to put my Raspberry Pi boards to work. While the Pi itself is a great ...

Black Basta affiliates use Teams phishing, Python scripts, and cURL to attack finance, insurance, and construction sectors.

A vulnerability in the DanaBot malware operation introduced in June 2022 update led to the identification, indictment, and ...

As the popularity of Python ... mitigating malware without disrupting their developers' workflows and productivity. This left enterprises susceptible to the risks of malicious code that could ...