Armored Likho BusySnake Stealer, a Python-based infostealer first disclosed by Kaspersky, is actively targeting government ...
According to Socket, malicious payment SDK packages on npm and PyPI are harvesting developer credentials and CI/CD ...
GigaWiper is a destructive backdoor that combines multiple wiping and ransomware-like capabilities into a single operational ...
A threat group researchers call "Armored Likho" has gained access to government agencies and electrical power entities in ...
Fake CVE exploit repos pull frint and skytext packages to steal researcher credentials, with servers still live as of July 1.
SentinelOne says macOS.Gaslight uses prompt injection to mislead AI-based malware analysis, steal data, and use Telegram for ...
The Gaslight macOS malware from a North Korean cluster doesn't bypass AI analysis platforms yet, but its 38-message prompt injection cascade makes the direction of travel clear. Here's why this ...
Microsoft, international law enforcement, and cybersecurity firms used AI to analyze and shut down the infrastructure used to run campaigns with Amadey and StealC malware in what the IT giant calls a ...
Mozilla researchers revealed a new attack that tricks Claude Code into running hidden commands from seemingly harmless GitHub ...
Sysdig says JADEPUFFER used CVE-2025-3248 in Langflow to automate intrusion, credential theft, encryption, and data wipe.
The original incomplete DeepSeek sample can be transformed into a fully functional attack with minimal effort,' Check Point researcher tells The Reg ...
A new self-destructing backdoor called Mistic used in intrusions since April appears to be linked to a criminal gang that compromises corporate networks and then sells that access to ransomware groups ...