ZiChatBot malware spread via 3 PyPI packages in July 2025 uses Zulip APIs as C2, enabling stealthy attacks across systems ...

Ever wonder why packaging a Python app and its dependencies as a single executable is such a pain? Blame it on the dynamism ...

Open source software with more than 1 million monthly downloads was compromised after a threat actor exploited a ...

Malicious Lightning 2.6.2/2.6.3 released April 30 enable credential theft via hidden payload, leading to PyPI quarantine and ...

Quasar Linux (QLNX) is not an operating system, but a supply chain attack tool that is difficult to detect and remove.

PCPJack makes innovative use of parquet files for stealthy, pre-validated target discovery as it canvasses multiple cloud ...

ESET researchers have investigated an ongoing attack by the ScarCruft APT group that targets the Yanbian region via ...

The open-source package elementary-data, with over a million downloads per month, has been compromised. Attackers exploited a vulnerability in a GitHub ...

A human error at Anthropic reveals the architecture of autonomous AI agents, sparking a heated debate about copyright for ...

OX Security confirmed arbitrary command execution on six live platforms and estimates 200,000 MCP servers are exposed. Here's ...

FWC will pay Tampa Bay anglers to record fishing trips, helping scientists better track released reef fish missed by traditional dockside surveys.