Zscaler reveals SilentSync remote access trojan hidden in two malicious PyPI Python packages, risking browser data theft and multi-OS compromise.

North Korean-linked crews connected to the pervasive IT worker scams have upped their malware game, using more advanced tools ...

Discover the types of malware in 2025, from backdoors to ransomware, and learn which families hackers use most in real-world attacks.

Dustin Kirkland of Chainguard explains how verified, hardened components and AI-powered automation can prevent malware ...

The campaign, per Proofpoint, mainly focused on individuals who specialized in international trade, economic policy, and U.S.-China relations, sending them emails spoofing the U.S.-China Business ...

ESET researchers reveal how malware operators collaborate with covert North Korean IT workers, posing a threat to both headhunters and job seekers.

The Python Package Index (PyPI), run by the Python Software Foundation, has officially invalidated all the publishing tokens that were stolen in the GhostAction supply chain attack that happened ...

A team of data thieves has doubled down by developing its CastleRAT malware in both Python and C variants. Both versions spread by tricking users into pasting malicious commands through a technique ...

Chainguard, a trusted foundation for software development and deployment, is launching Chainguard Libraries for JavaScript, a collection of trusted builds of thousands of common JavaScript ...

IntroductionZscaler ThreatLabz regularly monitors for threats in the popular Python Package Index (PyPI), which contains open source libraries that are frequently used by many Python developers. In ...

North Korean hackers target the crypto sector with BeaverTail malware, using fake job offers to steal login credentials and crypto wallets.