JINX-0164 has targeted crypto developers through fake LinkedIn meeting invites that lead to macOS malware infections, ...

With over 2.2 billion installs, the flawed Python package offers attackers a huge blast radius, including silent access to ...

In collaboration with Google and the Shadowserver Foundation, CrowdStrike Counter Adversary Operations team struck all four of Glassworm's command-and-control (C2) channels simultaneously, severing ...

Developers using open-source tools face heightened supply-chain risk after the botnet lost all four of its command channels.

A single developer. One poisoned extension. Five supply chain surfaces compromised in 48 hours. And a threat group claiming ...

Sometime around the last week of May 2026, attackers uploaded poisoned packages to three of the most widely used software ...

A new report out today from cybersecurity company Forcepoint LLC’s X-Labs research team details a supply chain attack that compromised LiteLLM, a widely used open-source Python ...

Open source software with more than 1 million monthly downloads was compromised after a threat actor exploited a vulnerability in the developers’ account workflow that gave access to its signing keys ...

Abstract: Malicious Python packages make software supply chains vulnerable by exploiting trust in open-source repositories like Python Package Index (PyPI). Lack of real-time behavioral monitoring ...

Two PyPI packages hid a Base64 downloader in a compressed Basque dictionary, delivering a Python RAT to ~1,000 users via updatenet.work (RouterHosting/Cloudzy). The ...