Armored Likho BusySnake Stealer, a Python-based infostealer first disclosed by Kaspersky, is actively targeting government ...
A threat group researchers call "Armored Likho" has gained access to government agencies and electrical power entities in ...
Fake CVE exploit repos pull frint and skytext packages to steal researcher credentials, with servers still live as of July 1.
According to Socket, malicious payment SDK packages on npm and PyPI are harvesting developer credentials and CI/CD ...
The Python Package Index (PyPI), run by the Python Software Foundation, has officially invalidated all the publishing tokens that were stolen in the GhostAction supply chain attack that happened ...
Zscaler found attackers using SEO poisoning and hidden prompts in malicious websites to manipulate AI agents into making cryptocurrency payments.
The original incomplete DeepSeek sample can be transformed into a fully functional attack with minimal effort,' Check Point researcher tells The Reg ...
Vibe coding's dark side, "vibe hacking," is on the rise. Cybersecurity companies such as McAfee and Bitdefender have observed recent spikes in vibe-coded malware, also called "vibeware," with telltale ...
Sysdig says JADEPUFFER used CVE-2025-3248 in Langflow to automate intrusion, credential theft, encryption, and data wipe.
ESET Research has released its H1 2026 Threat Report with statistics from December 2025 through May 2026.ClickFix – a social ...
A new report reveals that AI agents can autonomously execute ransomware attacks, evidenced by the case of JADEPUFFER, which ...