Sysdig says JADEPUFFER used CVE-2025-3248 in Langflow to automate intrusion, credential theft, encryption, and data wipe.
Multiple weaponized proof-of-concept (PoC) exploits on GitHub delivered a Python-based remote access trojan (RAT) called ChocoPoC that can execute commands and steal sensitive data. However, ChocoPoC ...
Operation Navy Ghost is targeting Python developers who build Telegram bots by hiding backdoors inside trojanized Pyrogram forks uploaded to PyPI. The campaign has been active since November 2025, ...
1.)you can start a keylogger on target machine, and can get all key strokes in keystrokes file in real time. 2.)you can start a screen shorter to take continous screen shot of target machine in real ...
The threat actor behind the malware-as-a-service (MaaS) framework and loader called CastleLoader has also developed a remote access trojan known as CastleRAT. "Available in both Python and C variants, ...
NOTE: This project should be used for authorized testing or educational purposes only. You are free to copy, modify and reuse the source code at your own risk. Global event hook on all (incl.
Just about every cyberattack needs a Command and Control (C2) channel — a way for attackers to send instructions to compromised systems and receive stolen data. This gives us all a chance to see ...
Tenable Research examines DeepSeek R1 and its capability to develop malware, such as a keylogger and ransomware. We found it provides a useful starting point, but ...
Security firm Kaspersky has warned of a new attack on GitHub repositories in which the attackers offer harmless fake software that steals bank details and Bitcoin wallets. The campaign, dubbed ...
Cybercriminals have been known to approach their targets under the guise of company recruiters, enticing them with fake employment offers. After all, what better time to strike than when the potential ...