A newly discovered supply-chain campaign called TrapDoor has planted more than 34 malicious packages across npm, PyPI and Crates.io to target crypto and cloud developers. The packages, disguised as ...
A new coordinated cross-ecosystem software supply chain attack campaign has targeted npm, PyPI, and Crates.io to distribute credential-stealing malware. The campaign, codenamed TrapDoor, spans more ...
Chinese threat actor Silver Fox is behind a wave of malicious emails aimed at organizations in Russia and India, targeting them with tax-themed message lures aimed at delivering a previously ...
Tracked as CVE-2026-31431 with a CVSS score of 7.8, Copy Fail was uncovered and named by researchers at Xint.io and Theori. The flaw allows an unprivileged local user to write four controlled bytes ...
Hackers have compromised virtually all versions of Aqua Security’s widely used Trivy vulnerability scanner in an ongoing supply chain attack that could have wide-ranging consequences for developers ...
Open source packages published on the npm and PyPI repositories were laced with code that stole wallet credentials from dYdX developers and backend systems and, in some cases, backdoored devices, ...
Two malicious packages with nearly 8,500 downloads in Rust's official crate repository scanned developers' systems to steal cryptocurrency private keys and other secrets. Rust crates are distributed ...
Cybercriminals have been known to approach their targets under the guise of company recruiters, enticing them with fake employment offers. After all, what better time to strike than when the potential ...
North Korean threat actors behind the ongoing Contagious Interview campaign have been observed dropping a new JavaScript malware called OtterCookie. Contagious Interview (aka DeceptiveDevelopment) ...
Some results have been hidden because they may be inaccessible to you
Show inaccessible results