JFrog found malicious npm packages that deploy a Windows RAT to steal Chrome credentials, run commands, and transfer files.
Hackers compromised 19 packages on the PyPI, collectively downloaded hundreds of thousands of times, in a new Shai-Hulud supply-chain attack that delivered malware designed to steal developer secrets.
More than 400 packages in the Arch User Repository (AUR) are distributing a Linux rootkit and infostealer malware targeting credentials and access tokens. A report from the open-source intelligence ...
Mastra AI’s 144 JavaScript packages was executed in just 88 minutes by North Korea’s Sapphire Sleet hacking group, which ...
The Azure Artifacts Credential Provider automates the acquisition of credentials for your Azure Artifacts feed. It is most commonly used as a component in package manager tools, such as credential ...
ESET researchers have discovered two as-yet undocumented Windows variants of SprySOCKS, a previously Linux-only backdoor reportedly used by FishMonger, the group believed to be operated by a Chinese ...
For those who are not familiar with uv, uv run is a command that activate at runtime the virtual environment while running the command. The default lockfile targets the standard PyTorch wheels for ...
Attackers can inject indirect prompts in normal-looking repositories to trick Claude Code into spawning a reverse shell.
After years of trying to educate developers to use pull_request_target securely, the platform finally implements stronger ...
Mozilla researchers revealed a new attack that tricks Claude Code into running hidden commands from seemingly harmless GitHub repositories.
Some results have been hidden because they may be inaccessible to you
Show inaccessible results