package

Compromised litellm PyPI Package Delivers Multi-Stage Credential Stealer

Compromised litellm PyPI Package Delivers Multi-Stage Credential Stealer

AndyC 25 March 2026

This morning, the widely used Python package litellm, a popular abstraction layer for interacting with large language models (LLMs),...

Read More

ENISA Technical Advisory on Secure Package Managers: Essential DevSecOps Guidance

ENISA Technical Advisory on Secure Package Managers: Essential DevSecOps Guidance

AndyC 13 March 2026

ENISA Technical Advisory on Secure Package Managers: Essential DevSecOps Guidance Pierluigi Paganini March 12, 2026 ENISA’s first Technical Advisory on...

Read More

Report: Approximately 59K Additional Vulnerabilities Will Be Discovered in 2026

Slopsquatting: How Attackers Exploit AI-Generated Package Names

AndyC 12 March 2026

TL;DR AI coding assistants can hallucinate package names, creating phantom dependencies that don’t exist in official repositories. Attackers exploit...

Read More

Malicious npm Package Posing as OpenClaw Installer Deploys RAT, Steals macOS Credentials

Malicious npm Package Posing as OpenClaw Installer Deploys RAT, Steals macOS Credentials

AndyC 10 March 2026

Cybersecurity researchers have discovered a malicious npm package that masquerades as an OpenClaw installer to deploy a remote access trojan...

Read More

Lazarus Campaign Plants Malicious Packages in npm and PyPI Ecosystems

Lazarus Campaign Plants Malicious Packages in npm and PyPI Ecosystems

AndyC 13 February 2026

Cybersecurity researchers have discovered a fresh set of malicious packages across npm and the Python Package Index (PyPI) repository linked...

Read More

Power Secure Swift Development at Scale With Sonatype Nexus Repository

Power Secure Swift Development at Scale With Sonatype Nexus Repository

AndyC 12 February 2026

From its beginnings as a language for Apple platforms, Swift Package Manager has expanded its reach considerably. It now...

Read More

Malicious PyPI Package Impersonates SymPy, Deploys XMRig Miner on Linux Hosts

Malicious PyPI Package Impersonates SymPy, Deploys XMRig Miner on Linux Hosts

AndyC 23 January 2026

Ravie LakshmananJan 22, 2026Cryptojacking / Malware A new malicious package discovered in the Python Package Index (PyPI) has been found...

Read More

Anti-Malware

What Is Quishing? How QR Code Scams Work and How to Avoid Them

AndyC 22 January 2026

You thought you were scanning a menu. Or paying for parking. Or checking a package notice taped to your door....

Read More

RSAC 2026 wrap-up – Week in security with Tony Anscombe

RSAC 2026 wrap-up – Week in security with Tony Anscombe

AndyC 28 March 2026

This year, AI agents took the center stage – as a defensive capability, but more pressingly as a risk many organizations haven't caught up with...

Read More

A cunning predator: How Silver Fox preys on Japanese firms this tax season

A cunning predator: How Silver Fox preys on Japanese firms this tax season

AndyC 28 March 2026

Business Security Silver Fox is back in Japan, spoofing tax and HR emails timed to the one season when no one thinks twice about opening...

Read More

Virtual machines, virtually everywhere – and with real security gaps

Virtual machines, virtually everywhere – and with real security gaps

AndyC 26 March 2026

Twenty years ago, almost to the day, Amazon Web Services (AWS) launched Simple Storage Service (S3). A few months later, the company’s Elastic Compute Cloud (EC2) service opened for public...

Read More

Cloud workload security: Mind the gaps

Cloud workload security: Mind the gaps

AndyC 25 March 2026

Business Security As IT infrastructure expands, visibility and control often lag behind – until an incident forces a reckoning Tomáš Foltýn 24 Mar 2026 • ...

Read More

Move fast and save things: A quick guide to recovering a hacked account

Move fast and save things: A quick guide to recovering a hacked account

AndyC 21 March 2026

Cybercriminals go after people’s personal information across every kind of online platform, including WhatsApp, Instagram, LinkedIn, Roblox, YouTube and Spotify, not to mention finance apps....

Read More

EDR killers explained: Beyond the drivers

EDR killers explained: Beyond the drivers

AndyC 20 March 2026

In recent years, EDR killers have become one of the most commonly seen tools in modern ransomware intrusions: an attacker acquires high privileges, deploys such...

Read More

Are your NHIs fully supported for optimal performance?

What role does innovation play in Agentic AI development?

AndyC 30 March 2026

Urgent Alert: NetScaler bug CVE-2026-3055 probed by attackers could leak sensitive data

Urgent Alert: NetScaler bug CVE-2026-3055 probed by attackers could leak sensitive data

AndyC 30 March 2026

Security Affairs newsletter Round 569 by Pierluigi Paganini – INTERNATIONAL EDITION

SECURITY AFFAIRS MALWARE NEWSLETTER ROUND 90

AndyC 30 March 2026

RSAC 2026 Highlights: From Agentic AI to Active Defense

RSAC 2026 Highlights: From Agentic AI to Active Defense

AndyC 30 March 2026

RSAC 2026 Highlights: From Agentic AI to Active Defense

RSAC 2026 Highlights: From Agentic AI to Active Defense

AndyC 30 March 2026