python
-
AI-Powered Cyberattack on Mexican Government Exposes Hundreds of Millions of Records
In a groundbreaking technical report released by Gambit Security researcher Eyal Sela, new details have emerged about a massive cyberattack…
Read More » -
Trojanized PyPI AI Proxy Steals Claude Prompt, Exfiltrates Data
A malicious PyPI package, hermes-px, masquerades as a “Secure AI Inference Proxy” while secretly stealing user prompts and abusing a…
Read More » -
Axios npm Supply Chain Breach: Microsoft Shares Mitigation Steps
Microsoft hasdetailed how organizations can detect and mitigate a recent supply chain compromise involving malicious Axios npm releases and infrastructure…
Read More » -
North Korean Hackers Breach Axios Package, Target Windows, macOS, and Linux Systems
A North Korea–nexus threat actor hijacked the popular Axios NPM package in a high‑impact software supply chain attack, deploying a…
Read More » -
Axios NPM Packages Breached in Ongoing Supply Chain Attack
A severe supply chain attack has compromised the widely used Axios HTTP client on the npm registry. Attackers injected a…
Read More » -
ChatGPT Vulnerability Enabled Silent Leakage of Prompts and Sensitive Information
Artificial intelligence assistants increasinglyhandle our most sensitive data, operating under the assumption that enclosed environments keep this information secure. However,…
Read More » -
Phishing ZIP Files Used to Deploy PXA Stealer Targeting Financial Firms
A significant surge in PXA Stealer campaigns targeting global financial institutions during Q1 2026. This marks a notable shift in…
Read More » -
Microsoft Unveils New Guidance to Detect and Defend Against Trivy Supply Chain Attack
Aqua Security’s vulnerability scanner, Trivy, faced a sophisticated CI/CD supply chain compromise. The threat actor, identified as TeamPCP, exploited prior…
Read More » -
TeamPCP Unleashes Iran-Targeted CanisterWorm Kubernetes Wiper
CanisterWorm’s latest evolution turns TeamPCP’s cloud-native toolkit into a geopolitically tuned wiper, capable of bricking entire Kubernetes clusters when it…
Read More » -
AstraZeneca Data Breach Allegedly Claimed by LAPSUS$ as Internal Data Access Reported
The notorious hacking collective known as LAPSUS$ has resurfaced, allegedly claiming responsibility for a significant data breach involving multinational pharmaceutical…
Read More » -
Copyright Complaint Lures Linked to New PureLog Stealer Credential Theft Wave
Criminals are actively deploying the PureLog Stealer malware through a sophisticated, multi-stage assault campaign that disguises itself as legitimate copyright…
Read More » -
Pyronut Package Backdoors Telegram Bots With RCE
Malicious ‘Pyronut’ is a trojanized Python package that backdoors Telegram bots and userbots, giving attackers remote code execution over both…
Read More » -
Iran-Linked Botnet Exposed After Open Directory Leak Reveals 15-Node Relay Network
A misconfigured opendirectory on an Iranian server has exposed a live censorship-bypass relay and SSH-based botnet operation, revealing how a…
Read More »