Malware Analysis

Flipping the Script: The Premiere of ‘The Women in Security’ Documentary at RSAC

Axios Compromise on npm Introduces Hidden Malicious Package

AndyC 1 April 2026

A newly discovered software supply chain attack targeting the npm ecosystem briefly compromised one of the most widely used...

Read More

Compromised litellm PyPI Package Delivers Multi-Stage Credential Stealer

Compromised litellm PyPI Package Delivers Multi-Stage Credential Stealer

AndyC 25 March 2026

This morning, the widely used Python package litellm, a popular abstraction layer for interacting with large language models (LLMs),...

Read More

CISA urges IT to harden endpoint management systems after cyberattack by pro-Iranian group

Sonatype Discovers Two Malicious npm Packages

AndyC 20 March 2026

Sonatype Security Research has identified a potential compromise of a trusted npm maintainer account that has now published two...

Read More

Hijacked npm Packages Deliver Malware via Solana, Linked to Glassworm

Hijacked npm Packages Deliver Malware via Solana, Linked to Glassworm

AndyC 18 March 2026

Sonatype Security Research has identified two hijacked npm packages in the React Native ecosystem that receive more than 30,000...

Read More

SANDWORM_MODE: The Rise of Adaptive Supply Chain Worms

SANDWORM_MODE: The Rise of Adaptive Supply Chain Worms

AndyC 3 March 2026

Earlier this year, we asked our team where they expect open source cyberattacks to go next. Sonatype Principal Security...

Read More

NDSS 2025 – Siniel: Distributed Privacy-Preserving zkSNARK

SANDWORM_MODE: The Rise of Adaptive Supply Chain Worms

AndyC 3 March 2026

Earlier this year, we asked our team where they expect open source cyberattacks to go next. Sonatype Principal Security...

Read More

Recovery scammers hit you when you’re down: Here’s how to avoid a second strike

Recovery scammers hit you when you’re down: Here’s how to avoid a second strike

AndyC 15 April 2026

If you’ve been the victim of fraud, you’re likely already a lead on a ‘sucker list’ – and if you’re not careful, your ordeal may...

Read More

Recovery scammers hit you when you’re down: Here’s how to avoid a second strike

Recovery scammers hit you when you’re down: Here’s how to avoid a second strike

AndyC 15 April 2026

If you’ve been the victim of fraud, you’re likely already a lead on a ‘sucker list’ – and if you’re not careful, your ordeal may...

Read More

As breakout time accelerates, prevention-first cybersecurity takes center stage

As breakout time accelerates, prevention-first cybersecurity takes center stage

AndyC 8 April 2026

Business Security Threat actors are using AI to supercharge tried-and-tested TTPs. When attacks move this fast, cyber-defenders need to rethink their own strategy. Phil Muncaster...

Read More

Digital assets after death: Managing risks to your loved one’s digital estate

Digital assets after death: Managing risks to your loved one’s digital estate

AndyC 2 April 2026

Digital Security Fraudsters often target the accounts of the deceased or their grieving relatives. Here’s how to keep the scammers at bay. Phil Muncaster 01...

Read More

This month in security with Tony Anscombe – March 2026 edition

This month in security with Tony Anscombe – March 2026 edition

AndyC 1 April 2026

The past four weeks have seen a slew of new cybersecurity wake-up calls that showed why every organization needs a well-thought-out cyber-resilience plan 31 Mar...

Read More

RSAC 2026 wrap-up – Week in security with Tony Anscombe

RSAC 2026 wrap-up – Week in security with Tony Anscombe

AndyC 28 March 2026

This year, AI agents took the center stage – as a defensive capability, but more pressingly as a risk many organizations haven't caught up with...

Read More

Smashing Security podcast #463: This AI company leaked its own code. It’s also built something terrifying

Smashing Security podcast #463: This AI company leaked its own code. It’s also built something terrifying

AndyC 18 April 2026

Smashing Security podcast #463: This AI company leaked its own code. It’s also built something terrifying

Smashing Security podcast #463: This AI company leaked its own code. It’s also built something terrifying

AndyC 18 April 2026

Smashing Security podcast #463: This AI company leaked its own code. It’s also built something terrifying

Smashing Security podcast #463: This AI company leaked its own code. It’s also built something terrifying

AndyC 18 April 2026

Smashing Security podcast #463: This AI company leaked its own code. It’s also built something terrifying

Smashing Security podcast #463: This AI company leaked its own code. It’s also built something terrifying

AndyC 18 April 2026

Smashing Security podcast #463: This AI company leaked its own code. It’s also built something terrifying

Smashing Security podcast #463: This AI company leaked its own code. It’s also built something terrifying

AndyC 18 April 2026