Threat actors have struck the software supply chain yet again, this time hitting the Python Package Index (PyPI) with Mini Shai-Hulud in an attempt to spread poisoned code. In the latest campaign, ...

A newly discovered supply-chain campaign called TrapDoor has planted more than 34 malicious packages across npm, PyPI and Crates.io to target crypto and cloud developers. The packages, disguised as ...

The TrapDoor malware campaign has targeted crypto developer environments tied to Aptos, Sui, and Solana through more than 34 malicious packages and over 384 related versions across npm, PyPI, and ...

Socket says a campaign of malicious packages is aiming to steal crypto and is injecting hidden instructions that hijack popular AI coding assistants. An active supply chain attack is targeting crypto ...

GitHub confirmed attackers stole 3,800 internal repositories via a poisoned VS Code extension. The same threat group, TeamPCP, simultaneously compromised Microsoft's durabletask Python ...

IT researchers have discovered a vulnerability in the Linux kernel that attackers can exploit to gain root privileges. The discoverers have named the vulnerability “Copy Fail.” Virtually all Linux ...

This is an unofficial Python sockets wrapper for querying Veeder-Root automatic tank gauges remotely through the Internet. This wrapper is primarily made to support ...

TeamPCP has again expanded its supply chain attacks on open-source repositories by targeting Telnyx, according to security researchers. The cyber threat group recently rose to notoriety by uploading ...

Flaws replicated from Meta’s Llama Stack to Nvidia TensorRT-LLM, vLLM, SGLang, and others, exposing enterprise AI stacks to systemic risk. Cybersecurity researchers have uncovered a chain of critical ...

Slopsquatting and vibe coding are fueling a new wave of AI-driven cyberattacks, exposing developers to hidden risks through fake, hallucinated packages. Security researchers and developers are raising ...