News

Malware found in NPM packages with 1 million weekly downloads
A significant supply chain attack hit NPM after 15 popular Gluestack packages with over 950,000 weekly downloads were ...
CSO Online12d
Poisoned models in fake Alibaba SDKs show challenges of securing AI supply chains
Fake Alibaba Labs AI SDKs hosted on PyPI included PyTorch models with infostealer code inside. With support for detecting ...
The Hacker News1d
New Supply Chain Malware Operation Hits npm and PyPI Ecosystems, Targeting Millions Globally
Supply chain attack infects 16 GlueStack npm packages used by 1M weekly users, enabling malware that steals data and controls ...
The Rise of ‘Vibe Hacking’ Is the Next AI Nightmare
In the very near future, victory will belong to the savvy blackhat hacker who uses AI to generate code at scale.
Malicious RubyGems pose as Fastlane to steal Telegram API data
Two malicious RubyGems packages posing as popular Fastlane CI/CD plugins redirect Telegram API requests to ...
TechJuice2d
Hackers and Gamers Fall Victim to Backdoored GitHub Repositories
Security experts discovered over 140 infected GitHub repositories. Out of these, 133 contained working backdoor scripts.
The Hacker News1d
Two Distinct Botnets Exploit Wazuh Server Vulnerability to Launch Mirai-Based Attacks
CVE-2025-24016 is far from the only vulnerability to be abused by Mirai botnet variants. In recent attacks, threat actors ...
Security Boulevard8d
Sysdig Reveals Discovery of Cyberattack Aimed at Tool to Build AI Apps
Sysdig today disclosed an example of how a tool for training artificial intelligence (AI) models was compromised by a cyberattack that led to the ...
Sysdig detects AI-assisted malware exploiting Open WebUI misconfigurations
Discovered by Sysdig’s Threat Research Team, the malware campaign involved exploiting misconfigured instances of Open WebUI, ...
Infosecurity-magazine.com23d
New Malware on PyPI Poses Threat to Open-Source Developers
Unlike legitimate Python debugging tools, dbgpkg lacks any functional debugging ... undetected until those modules are used during runtime. Once triggered, the malicious code checks for an existing ...
Instagram and TikTok accounts are being stolen using malicious PyPI packages
The Python Package Index (PyPI), one of the world’s biggest repositories of Python code, is often abused to holst malicious code, or trick software developers into downloading and running tainted code ...
it-daily.net8d
Cryptojacking campaign abuses DevOps APIs with GitHub tools
Security researchers at Wiz have uncovered a new campaign called JINX-0132, in which publicly accessible DevOps systems such ...