Our tracking of OceanLotus activities from 2024–2026 reveals a shift in operational focus. During this period, the Vietnam-aligned OceanLotus adopted a more selective approach to external operations ...
The Miasma supply chain campaign has sparked a fresh attack wave called Hades, this time involving 37 malicious wheel artifacts across 19 packages in the Python Package Index (PyPI) registry, as the ...
Running a routine Python pip update command on March 24 could’ve pulled malware that stole passwords and crypto savings. Running npm update a week later could've dropped a trojan. Critical LiteLLM and ...
I wore the world's first HDR10 smart glasses TCL's new E Ink tablet beats the Remarkable and Kindle Anker's new charger is one of the most unique I've ever seen Best laptop cooling pads Best flip ...
A supply chain attack dubbed ForceMemo is using stolen GitHub tokens to inject malware into hundreds of Python repositories, targeting projects ranging from Django applications and machine learning ...
Hundreds of GitHub accounts were accessed using credentials stolen in the VS Code GlassWorm campaign. Threat actors have been abusing credentials stolen in the VS Code GlassWorm campaign to hack ...
runmacro: A runner for DiffPy macro files. agentify: A deployer for diffpy.cmi agentic skills. For more information about the diffpy.apps library, please consult our ...
Security researchers uncovered two vulnerabilities in the popular Python-based AI app building tool that could allow attackers to extract credentials and files — and gain a lateral edge. Two ...
Cybersecurity researchers have discovered vulnerable code in legacy Python packages that could potentially pave the way for a supply chain compromise on the Python Package Index (PyPI) via a domain ...