North Korea is doubling down on a familiar playbook by weaponizing trust in open-source software and developer workflows. The ...

Two fake spellchecker packages on PyPI hid a Python RAT in dictionary files, activating malware on import in version 1.2.0.

An emerging phishing campaign is exploiting a dangerous combination of legitimate Cloudflare services and open source Python tools to deliver the commodity AsyncRAT. The attack demonstrates threat ...

Experts reveal Evelyn Stealer malware abusing VS Code extensions to steal developer credentials, browser data, and ...

Hackers are hunting for vulnerable endpoints to deploy Python malware.

New WhatsApp Web attack spreads self-propagating ZIP files containing Astaroth banking malware through trusted conversations.

A report from ReversingLabs reveals a massive 73% increase in malicious open-source packages in 2025, with over 10,000 ...

Interview With everyone from would-be developers to six-year-old kids jumping on the vibe coding bandwagon, it shouldn't be surprising that criminals like automated coding tools too.… "Everybody's ...

A JavaScript sandbox bug rated CVSS 9.9 enables attackers to bypass AST‑based protections, while a Python execution bypass ...

Two vulnerabilities in the n8n workflow automation platform could allow attackers to fully compromise affected instances, access sensitive data, and execute arbitrary code on the underlying host.