package

Rogue NuGet Package Poses as Tracer.Fody, Steals Cryptocurrency Wallet Data

AndyC 17 December 2025

Dec 16, 2025Ravie LakshmananCybersecurity / Cryptocurrency Cybersecurity researchers have discovered a new malicious NuGet package that typosquats and impersonates the...

Brushing Scams: What They Are and How to Stay Safe From Unsolicited Packages

AndyC 10 December 2025

It’s an increasingly common surprise: a package shows up at your door with your name and your address…but you never ordered...

Apple, Private Cloud Compute, and trusted AI

Critical React Native NPM Vulnerability Exposes Developer Systems to Remote Attacks

AndyC 6 November 2025

A severe vulnerability was discovered in the React Native Community CLI, a popular open-source package downloaded nearly two million...

AI agents might smooth some of retail’s worst data problems

Slopsquatting Attacks: How AI Phantom Dependencies Create Security Risks

AndyC 22 October 2025

TL;DR AI coding assistants can hallucinate package names, creating phantom dependencies that don’t exist in official repositories. Attackers exploit...

Alert: Malicious PyPI Package soopsocks Infects 2,653 Systems Before Takedown

AndyC 3 October 2025

Oct 02, 2025Ravie LakshmananPython / Malware Cybersecurity researchers have flagged a malicious package on the Python Package Index (PyPI) repository...

What We Know About the NPM Supply Chain Attack

AndyC 19 September 2025

Key takeaways Attackers reportedly launched a targeted phishing campaign to compromise Node Package Manager (NPM) maintainer accounts and inject malicious...

Hacking

Malicious PyPI Package Posing as Solana Tool Stole Source Code in 761 Downloads

AndyC 14 May 2025

Cybersecurity researchers have discovered a malicious package on the Python Package Index (PyPI) repository that purports to be an application...

Mobile security matters: Protecting your phone from text scams

AndyC 10 May 2025

It all starts so innocently. You get a text saying “Your package couldn’t be delivered. Click here to reschedule.” Little do...

Revived CryptoJS library is a crypto stealer in disguise

AndyC 1 May 2025

An illicit npm package called ‘crypto-encrypt-ts‘ may appear to revive the unmaintained but vastly popular CryptoJS library, but what it...

Hacking

Deceptive Python Libraries on PyPI Downloaded Over 39,000 Times, Pilfer Confidential Data

AndyC 6 April 2025

A group of cybersecurity analysts have detected deceitful modules within the Python Package Index (PyPI) archive that have been created...

Hacking

Deceptive PyPI Bundles Absconded Cloud Tokens—Exceeding 14,100 Installations Before Elimination

AndyC 15 March 2025

A group of cybersecurity analysts has alerted about a malevolent operation aimed at consumers of the Python Package Index (PyPI)...

Hacking

An evil PyPI Package has stolen Ethereum Private Keys through Polygon RPC Transactions

AndyC 8 March 2025

Research experts in online security have found a harmful Python bundle within the Python Package Index (PyPI) archive that is...

Hacking

Malicious PyPI Package “automslc” Enables 104K+ Unauthorized Deezer Music Downloads

AndyC 27 February 2025

Cybersecurity researchers have flagged a malicious Python library on the Python Package Index (PyPI) repository that facilitates unauthorized music downloads...

Hacking

PyPI Adds Archiving Status to Notify Users Regarding Unmaintained Python Packages

AndyC 4 February 2025

The caretakers of the Python Package Index (PyPI) repository have revealed a fresh capability that empowers package creators to mark...

Hacking

Unfixed PHP Voyager Vulnerabilities Expose Servers to One-Click Remote Code Execution Attacks

AndyC 31 January 2025

A trio of security vulnerabilities have been revealed in the freely available PHP software Voyager that may be leveraged by...

package

Rogue NuGet Package Poses as Tracer.Fody, Steals Cryptocurrency Wallet Data

Brushing Scams: What They Are and How to Stay Safe From Unsolicited Packages

Critical React Native NPM Vulnerability Exposes Developer Systems to Remote Attacks

Slopsquatting Attacks: How AI Phantom Dependencies Create Security Risks

Alert: Malicious PyPI Package soopsocks Infects 2,653 Systems Before Takedown

What We Know About the NPM Supply Chain Attack

Malicious PyPI Package Posing as Solana Tool Stole Source Code in 761 Downloads

Mobile security matters: Protecting your phone from text scams

Revived CryptoJS library is a crypto stealer in disguise

Deceptive Python Libraries on PyPI Downloaded Over 39,000 Times, Pilfer Confidential Data

Deceptive PyPI Bundles Absconded Cloud Tokens—Exceeding 14,100 Installations Before Elimination

An evil PyPI Package has stolen Ethereum Private Keys through Polygon RPC Transactions

Malicious PyPI Package “automslc” Enables 104K+ Unauthorized Deezer Music Downloads

PyPI Adds Archiving Status to Notify Users Regarding Unmaintained Python Packages

Unfixed PHP Voyager Vulnerabilities Expose Servers to One-Click Remote Code Execution Attacks

ESET Threat Report H2 2025

Black Hat Europe 2025: Was that device designed to be on the internet at all?

Black Hat Europe 2025: Was that device designed to be on the internet at all?

Black Hat Europe 2025: Was that device designed to be on the internet at all?

Black Hat Europe 2025: Was that device designed to be on the internet at all?

Black Hat Europe 2025: Was that device designed to be on the internet at all?

Donate Bitcoin to this address

Donate Ethereum to this address

Inside the Global Airline that Eliminated 14,600 SaaS Security Issues with AppOmni

Cybersecurity Crossed the AI Rubicon: Why 2025 Marked a Point of No Return

When Zero-Days Go Active: What Ongoing Windows, Chrome, and Apple Exploits Reveal About Modern Intrusion Risk

Securing the Road Ahead: The Intersection of Cybersecurity and Intelligent Transportation

GNV ferry fantastic under cyberattack probe amid remote hijack fears

Donate Bitcoin to this address

Donate Ethereum to this address

You may have missed