CastleRAT and CastleLoader, active since March 2025, spread malware via phishing and GitHub repos, enabling data theft.

Pro tip, don't install PowerShell commands without approval A team of data thieves has doubled down by developing its ...

In a supply chain attack, attackers injected malware into NPM packages with over 2.6 billion weekly downloads after ...

IntroductionAPT37 (also known as ScarCruft, Ruby Sleet, and Velvet Chollima) is a North Korean-aligned threat actor active since at least 2012. APT37 primarily targets South Korean individuals ...

A PyPI package for an AI model was compromised and used to deliver malware Victims were getting XMRig, a popular cryptominer, installed The attack has since been addressed, but users warned to be ...

Security researchers found malware packages using the Ethereum blockchain to conceal malicious commands on GitHub repos.

For the second time since March, a cybersecurity firm has discovered troubling malware software packages uploaded to the Python Package Index platform.

With Chainguard Libraries for Python, Chainguard delivers malware protection for one of the most critical and vulnerable parts of the supply chain — the language dependencies that developers ...

ReversingLabs reveals hackers using Ethereum Smart contracts in NPM packages to conceal malware URLs, bypass scans, and ...

Security researchers have identified a new cyber-threat targeting publicly exposed instances of the Docker Engine API. In this campaign, attackers exploit misconfigurations to deploy a malicious ...

The malware loads an XMRig Miner into memory using a known Linux fileless technique.

The Python Package Index (PyPI) has temporarily suspended user registration and the creation of new projects to deal with an ongoing malware campaign.