ESET Research has discovered a cluster of malicious Python projects being distributed in PyPI, the official Python package repository. The threat targets both Windows...

Fraudsters are taking advantage of the new verification system implemented by X, formerly known as Twitter, in order to impersonate brands and steal personal...

Proof-of-concept (PoC) exploits for the security flaw CVE-2023-4911, dubbed Looney Tunables, have already been developed, following last week's disclosure of the critical buffer overflow...

Microsoft's PowerShell Gallery presents a software supply chain risk because of its relatively weak protections against attackers who want to upload malicious packages to...

French outfit Mithril Security has managed to poison a large language model (LLM) and make it available to developers – to prove a point...

by Paul Ducklin PONG FOR ONE!? No audio player below? Listen directly on Soundcloud. With Doug Aamoth and Paul Ducklin. Intro and...

A weakness in Node Package Manager (npm) could allow anybody to hide malicious dependencies and scripts within their packages, a former GitHub employee claims.Npm...

The economic downturn is already a devastating blow to job seekers everywhere. Now scammers are taking advantage of the situation by ramping up their...

SAN FRANCISCO, June 12, 2023 – Cycode, the leading application security platform, today announced the launch of Cimon, a seamless solution that enhances the security of CI/CD...

Security researchers are warning about a bug in Microsoft Visual Studio installer that gives cyberattackers a way to create and distribute malicious extensions to...

Attackers can exploit ChatGPT's penchant for returning false information to spread malicious code packages, researchers have found. This poses a significant risk for the software supply...

The official open source code repository for the Python programming language, the Python Package Index (PyPI), will require all user accounts to enable two-factor...