PyPI Warns of Ongoing Phishing Campaign Using Fake Verification Emails and Lookalike Domain
Jul 29, 2025Ravie LakshmananPhishing / Developer Security The maintainers of the Python…
Hackers Breach Toptal GitHub, Publish 10 Malicious npm Packages With 5,000 Downloads
Jul 28, 2025Ravie LakshmananMalware / Developer Tools In what's the latest instance…
Google Launches OSS Rebuild to Expose Malicious Code in Widely Used Open-Source Packages
Jul 23, 2025Ravie LakshmananSoftware Integrity / DevSecOps Google has announced the launch…
Critical mcp-remote Vulnerability Enables Remote Code Execution, Impacting 437,000+ Downloads
Jul 10, 2025Ravie LakshmananVulnerability / AI Security Cybersecurity researchers have discovered a…
Chinese Hackers Exploit Ivanti CSA Zero-Days in Attacks on French Government, Telecoms
Jul 03, 2025Ravie LakshmananThreat Intelligence / Vulnerability The French cybersecurity agency on…
Critical Open VSX Registry Flaw Exposes Millions of Developers to Supply Chain Attacks
Jun 26, 2025Ravie LakshmananOpen Source / Vulnerability Cybersecurity researchers have disclosed a…
Over 70 Malicious npm and VS Code Packages Found Stealing Data and Crypto
As many as 60 malicious npm packages have been discovered in the…
Open Source Web Application Firewall with Zero-Day Detection and Bot Protection
From zero-day exploits to large-scale bot attacks — the demand for a…
Malicious PyPI Package Posing as Solana Tool Stole Source Code in 761 Downloads
May 13, 2025Ravie LakshmananSupply Chain Attack / Blockchain Cybersecurity researchers have discovered…