A campaign active since last November has been targeting Python developers building Telegram bots with trojanized Pyrogram ...
An agentic coding tool tasked with cloning and setting up a seemingly benign GitHub repository could execute a malicious ...
On June 24, 2026, Microsoft’s Digital Crimes Unit (DCU) facilitated the takedown, suspension, and blocking of domains that ...
Essential Ways to Run a Python Script Python is one of the most popular programming languages today, widely praised for its simplicity and versatility. Whether you’re a beginner dipping your toes into ...
As the popularity of the CapCut video editing tool continues to soar, with features such as background removal with over 200 million monthly active users in the US alone, threat actors (TAs) have ...
I'd like to thank my co-author, Martin Zugec, for his valuable contributions to this report. This intrusion adds three dimensions to the public understanding of Chinese APT activity in contested ...
In yet another software supply chain attack, threat actors have managed to compromise the popular Python package Lightning to push two malicious versions to conduct credential theft. As of writing, ...
On Monday, the Axios npm supply chain attack came to light where malicious packages had been inserted into one of JavaScript’s most widely used libraries. Three major threat intelligence firms have ...
On March 31, 2026, two new npm packages for updated versions of Axios, a popular HTTP client for JavaScript that simplifies making HTTP requests to a REST endpoint with over 70 million weekly ...
On 2026-03-31, an unknown threat actor compromised the npm account of jasonsaayman, the primary maintainer of axios. The attacker changed the account email to ifstap@proton[.]me and manually published ...
As these examples show, vulnerabilities can lurk within production code for years or decades—and attacks can come at any time. In 2021, a vulnerability was revealed in a system that lay at the ...
Cybersecurity researchers have disclosed what they say is an active "Shai-Hulud-like" supply chain worm campaign that has leveraged a cluster of at least 19 malicious npm packages to enable credential ...
Some results have been hidden because they may be inaccessible to you
Show inaccessible results