open-source malware

Malicious PyTorch Lightning Packages Found on PyPI

Malicious PyTorch Lightning Packages Found on PyPI

AndyC 1 May 2026

The post Malicious PyTorch Lightning Packages Found on PyPI appeared first on 2024 Sonatype Blog. TL;DR Two malicious versions of...

Read More

Flipping the Script: The Premiere of ‘The Women in Security’ Documentary at RSAC

Axios Compromise on npm Introduces Hidden Malicious Package

AndyC 1 April 2026

A newly discovered software supply chain attack targeting the npm ecosystem briefly compromised one of the most widely used...

Read More

Hijacked npm Packages Deliver Malware via Solana, Linked to Glassworm

Hijacked npm Packages Deliver Malware via Solana, Linked to Glassworm

AndyC 18 March 2026

Sonatype Security Research has identified two hijacked npm packages in the React Native ecosystem that receive more than 30,000...

Read More

SANDWORM_MODE: The Rise of Adaptive Supply Chain Worms

SANDWORM_MODE: The Rise of Adaptive Supply Chain Worms

AndyC 3 March 2026

Earlier this year, we asked our team where they expect open source cyberattacks to go next. Sonatype Principal Security...

Read More

NDSS 2025 – Siniel: Distributed Privacy-Preserving zkSNARK

SANDWORM_MODE: The Rise of Adaptive Supply Chain Worms

AndyC 3 March 2026

Earlier this year, we asked our team where they expect open source cyberattacks to go next. Sonatype Principal Security...

Read More

This month in security with Tony Anscombe – May 2026 edition

This month in security with Tony Anscombe – May 2026 edition

AndyC 2 June 2026

In this roundup, Tony looks at attacks against Polish water treatment facilities, how AI-directed attacks failed in Mexico, and what Google believes is the first...

Read More

ESET APT Activity Report Q4 2025–Q1 2026

ESET APT Activity Report Q4 2025–Q1 2026

AndyC 2 June 2026

ESET ResearchThreat Reports An overview of the activities of selected APT groups investigated and analyzed by ESET Research in Q4 2025 and Q1 2026 Jean-Ian...

Read More

What to consider before asking an AI chatbot for health advice

What to consider before asking an AI chatbot for health advice

AndyC 2 June 2026

Using chatbots for medical advice could elicit hallucinations and even expose you to security and privacy risks. Here’s what’s at stake and how to stay...

Read More

BTMOB: A stealthy RAT burrowing deep into Android devices

BTMOB: A stealthy RAT burrowing deep into Android devices

AndyC 27 May 2026

The malware pairs remote access capabilities with ready-made campaign tools, lowering the barrier for full device compromise Daniel Cunha Barbosa 26 May 2026 • ,...

Read More

Foul play: Fake FIFA websites target soccer fans looking for World Cup tickets, merchandise

Foul play: Fake FIFA websites target soccer fans looking for World Cup tickets, merchandise

AndyC 26 May 2026

Digital Security Watch out for bogus World Cup websites that mimic official ticket and merchandise flows to steal money and personal data Christian Ali Bravo...

Read More

Foul play: Fake FIFA websites target soccer fans looking for World Cup tickets, merchandise

Foul play: Fake FIFA websites target soccer fans looking for World Cup tickets, merchandise

AndyC 26 May 2026

Digital Security Watch out for bogus World Cup websites that mimic official ticket and merchandise flows to steal money and personal data Christian Ali Bravo...

Read More

The AI Exchange: Innovators in Payment Security Featuring In-Solutions Global Ltd

The AI Exchange: Innovators in Payment Security Featuring In-Solutions Global Ltd

AndyC 3 June 2026

Instagram Account Hijacks Expose the Security Risks of AI-Powered Support

Instagram Account Hijacks Expose the Security Risks of AI-Powered Support

AndyC 3 June 2026

Microsoft unveils Scout, an autonomous AI agent built on OpenClaw

U.S. CISA adds Oracle WebLogic flaw to its Known Exploited Vulnerabilities catalog

AndyC 3 June 2026

Google June 2026 Android Update Patches 124 Flaws, One Actively Exploited

Google June 2026 Android Update Patches 124 Flaws, One Actively Exploited

AndyC 3 June 2026

Gamaredon Exploits WinRAR to Deliver GammaWorm and GammaSteel Against Ukraine

Gamaredon Exploits WinRAR to Deliver GammaWorm and GammaSteel Against Ukraine

AndyC 3 June 2026