by Paul Ducklin A PYTHON PERSPECTIVE VORTEX No audio player below? Listen directly on Soundcloud. With Doug Aamoth and Paul Ducklin. Intro...

by Paul Ducklin Public source code repositories, from Sourceforge to GitHub, from the Linux Kernel Archives to ReactOS.org, from PHP...

Two code packages named "nodejs-encrypt-agent" in the popular npm JavaScript library and registry recently were discovered containing the open source information-stealing TurkoRat malware.Researchers from...

Heads up: threat actors are now deploying a Go-language implementation of Cobalt Strike called Geacon that first surfaced on GitHub four years ago and...

One of the pieces of advice that security practitioners have been giving out for the past couple of decades, if not longer, is that...

Why do people still download files from sketchy places and get compromised as a result? One of the pieces of advice...

Last January, thousands of users of two popular open source libraries, "faker" and "colors," were shocked to see their applications breaking and showing gibberish...

The online gaming industry has seen rapid growth since the COVID-19 lockdowns began. However, with more and more players and new platforms entering the...

Scams How fraudsters groom their marks and move in for the kill using tricks from the playbooks of romance and investment scammers Márk...

How fraudsters groom their marks and move in for the kill using tricks from the playbooks of romance and investment scammers ...

A baker's dozen of packages hosted on the NuGet repository for .NET software developers are actually malicious Trojan components that will compromise the installation...

by Paul Ducklin Thanks to Tommy Mysk and Talal Haj Bakry of @mysk_co for the impetus and information behind this...