Researchers have uncovered a supply-chain attack that hides in Python packages, propagates like a worm, and tricks LLM-based ...

A known Chinese advanced persistent threat (APT) group known as Mustang Panda is the likely culprit behind a sophisticated, ongoing cyber-espionage campaign. It starts with a malicious email, and ...

A North Korean hacking group is using Python-based malware disguised as fake job applications to target crypto workers. The malware, PylangGhost, is a variant of GolangGhost and aims to infiltrate ...

SentinelOne details Gaslight, a Rust-based macOS implant linked to North Korea-aligned actors that uses prompt injection to ...

Secure software supply chain solution provider Chainguard Inc. today expanded its Chainguard Repository product with malware ...

Critical Telnet flaw (CVE-2026-24061) exposes 800,000 devices worldwide Attackers gain root access, attempt Python malware deployment after bypassing authentication Patch released; users urged to ...

A newly uncovered malicious package on the Python Package Index (PyPI) has raised fresh concerns about the security of open source software repositories. The package, named “dbgpkg,” was discovered by ...

A new campaign exploiting machine learning (ML) models via the Python Package Index (PyPI) has been observed by cybersecurity researchers. ReversingLabs said threat actors are using the Pickle file ...

One of North Korea's most sophisticated threat groups has been hiding remote access malware for macOS and Linux inside of open source Python packages. North Korean advanced persistent threats (APTs) ...

Check out Python’s powerful new linters and profiling tools, and learn how virtual environments can save you time and trouble ...

Russian state-backed hackers have stepped up their game with new malware families that hide behind fake CAPTCHA tests. The group, known as Star Blizzard or ColdRiver, now uses ClickFix attacks to ...