Researchers have uncovered a supply-chain attack that hides in Python packages, propagates like a worm, and tricks LLM-based ...

GitHub is just the latest victim of TeamPCP, a gang that has carried out a spree of software supply chain attacks that has impacted hundreds of organizations.

Fake Claude Code install sites are pushing malware that steals API keys, developer credentials, crypto wallets, and other ...

Cybercriminals paid between $5,000 and $9,000 to make their malware harder to detect on Windows, highlighting its effectiveness and a shift in how the cybercrime market operates. Microsoft has ...

Attackers are using multi-model artificial intelligence harnesses to generate malware on the fly, with no malicious code ever ...

Developer platform Socket says a malware called TrapDoor is targeting crypto and AI developers across npm, PyPI and Crates, aiming to steal crypto wallet info and browser data.

Microsoft says it has disrupted a malware-signing-as-a-service (MSaaS) operation that abused the company's Artifact Signing service to generate fraudulent code-signing certificates used by ransomware ...

GitHub confirmed attackers stole 3,800 internal repositories via a poisoned VS Code extension. The same threat group, TeamPCP, simultaneously compromised Microsoft's durabletask Python ...

A supply chain attack targeting the Laravel Lang localization packages has exposed developers to a sophisticated credential-stealing malware campaign after attackers abused GitHub version tags to ...

An undocumented malware implant suspected to be associated with a China-linked actor has been identified by researchers at Cato Networks’ Cyber Threats Research Lab (CTRL). Their discovery was made ...

Hackers are now abusing ChatGPT to generate malicious webpages that trick unsuspecting users into downloading malware onto their machines.