ZiChatBot malware spread via 3 PyPI packages in July 2025 uses Zulip APIs as C2, enabling stealthy attacks across systems ...
PCPJack steals credentials via 6 Python modules exploiting 5 CVEs, enabling cloud spread and fraud-driven attacks.
A new version of the CloudZ remote access tool (RAT) is deploying a previously unseen malicious plugin called Pheno that ...
TL;DR Two malicious versions of the popular PyTorch Lightning package have been uploaded to PyPI following the publisher ...
A previously undocumented .NET trojan and its companion Pheno plugin allow attackers to capture mobile authentication codes ...
Threat actors are abusing Hugging Face and ClawHub to distribute malware by injecting indirect prompts into malicious files.
A North Korean APT has crafted malicious software packages to appeal to AI coding agents, while ‘slopsquatting’ shows the ...
Morning Overview on MSN
PyTorch Lightning versions 2.6.2 and 2.6.3 were compromised on April 30 — check your installs
On April 30, 2026, someone slipped credential-stealing malware into two freshly published versions of PyTorch Lightning, one ...
A previously undocumented Linux implant named Quasar Linux (QLNX) is targeting developers' systems with a mix of rootkit, ...
Morning Overview on MSN
PyTorch Lightning versions 2.6.2 and 2.6.3 were compromised on April 30 — check your installs immediately
On April 30, two releases of one of the most popular machine learning libraries on the Python Package Index were caught ...
Over 1,800 developers were likely infected in the Mini Shai-Hulud supply chain attack that hit SAP, Lightning, and Intercom ...
Some results have been hidden because they may be inaccessible to you
Show inaccessible results