In a new twist on software supply chain attacks, researchers have discovered a Python package hiding malware inside of compiled code, allowing it to evade ordinary detection measures. On April 17, ...

A malicious Python package on PyPI uses Unicode as an obfuscation technique to evade detection while stealing and exfiltrating developers' account credentials and other sensitive data from compromised ...

A sophisticated Python-based malware deployment uncovered during a fraud investigation has revealed a layered attack involving obfuscation, disposable infrastructure and commercial offensive tools.

According to cybersecurity firm Hacken, financial losses from crypto hacks topped $440 million in the third quarter of 2024. Researchers at the Checkmarx cybersecurity firm sounded the alarm on a ...

Malicious Python packages masquerading as legitimate code obfuscation tools are targeting developers via the PyPI code repository. Focusing on those interested in code obfuscation is a savvy choice ...

Chainguard, the trusted source for open source, today announced it has expanded Chainguard Libraries coverage across Python, Java, and JavaScript, with customers seeing 94% coverage across the Python ...

A team of data thieves has doubled down by developing its CastleRAT malware in both Python and C variants. Both versions spread by tricking users into pasting malicious commands through a technique ...

Security researchers have identified a new cyber-threat targeting publicly exposed instances of the Docker Engine API. In this campaign, attackers exploit misconfigurations to deploy a malicious ...