How Can Disrupting DNS Communications Thwart a Malware Attack?
Malware eventually has to exfiltrate the data it accessed. By watching DNS traffic for suspicious activity, organizations can halt the…
Malicious ‘Lolip0p’ PyPi packages install info-stealing malware
A threat actor has uploaded to the PyPI (Python Package Index) repository three malicious packages that carry code to drop info-stealing…
Malicious PyPi packages create CloudFlare Tunnels to bypass firewalls
Six malicious packages on PyPI, the Python Package Index, were found installing information-stealing and RAT (remote access trojan) malware while…
Cyberattackers Torch Python Machine Learning Project
The popular PyTorch Python project for data scientists and machine learning developers has become the latest open source project to…
PyTorch discloses malicious dependency chain compromise over holidays
PyTorch has identified a malicious dependency with the same name as the framework's 'torchtriton' library. This has led to a successful compromise via the…
Hackers bombard PyPi platform with information-stealing malware
The PyPi python package repository is being bombarded by a wave of information-stealing malware hiding inside malicious packages uploaded to…
Malicious ‘SentinelOne’ PyPI package steals data from developers
Threat actors have published a malicious Python package on PyPI, named 'SentinelOne,' that pretends to be the legitimate SDK client…
TikTok ‘Invisible Body’ challenge exploited to push malware
Hackers are capitalizing on a trending TikTok challenge named 'Invisible Challenge' to install malware on thousands of devices and steal…
W4SP Stealer Stings Python Developers in Supply Chain Attack
Threat actors continue to push malicious Python packages to the popular PyPI service, striking with typosquatting, authentic sounding file names,…
With the Software Supply Chain, You Can’t Secure What You Don’t Measure
Reports to the National Vulnerability Database jumped in 2022, but we should pay just as much attention to the flaws…