A newly documented BlankGrabber infection chain is using a bogus “certificate” loader to disguise a multi-stage Windows compromise, adding another layer of deception to a commodity stealer already ...

TeamPCP hackers compromised the Telnyx package on the Python Package Index today, uploading malicious versions that deliver ...

TeamPCP hackers say AI helped them launch a devastating spree of attacks. But they wouldn’t have succeeded if developers’ ...

After hacking Trivy, TeamPCP moved to compromise repositories across NPM, Docker Hub, VS Code, and PyPI, stealing over 300GB ...

Threat actors abused trusted Trivy distribution channels to inject credential‑stealing malware into CI/CD pipelines worldwide ...

A phishing campaign targeting healthcare, government, hospitality, and education sectors uses several evasion techniques to ...

UTC, Aikido Security detected an unusual pattern across the npm registry: dozens of packages from multiple organizations were ...

A malicious Python package masquerading as a legitimate Telegram development tool has been identified as a vehicle for remote code execution attacks, raising concerns about supply chain security ...

A large-scale GlassWorm malware campaign targeting developer platforms appears to be significantly more extensive and ...

The GlassWorm supply-chain campaign has returned with a new, coordinated attack that targeted hundreds of packages, ...

Hackers use credentials stolen in the GlassWorm campaign to access GitHub accounts and inject malware into Python ...

Researchers say they’ve discovered a supply-chain attack flooding repositories with malicious packages that contain invisible code, a technique that’s flummoxing traditional defenses designed to ...