News

The Hacker News4d

TAG-150 Develops CastleRAT in Python and C, Expanding CastleLoader Malware Operations

CastleRAT and CastleLoader, active since March 2025, spread malware via phishing and GitHub repos, enabling data theft.
The Hacker News1d

20 Popular npm Packages With 2 Billion Weekly Downloads Compromised in Supply Chain Attack

According to ReversingLabs' 2025 Software Supply Chain Security Report, 14 of the 23 crypto-related malicious campaigns in ...
Hosted on MSN10mon

Cast a hex on ChatGPT to trick the AI into writing exploit code

The write-up includes step-by-step instructions and the prompts he used to bypass the model's safeguards and write a successful Python exploit – so that's a fun read.
Infosecurity-magazine.com6mon

Attackers Targeting Japanese Firms with Cobalt Strike

The attackers leveraged a publicly available Python exploit script, PHP-CGI_CVE-2024-4577_RCE.py, to test for vulnerabilities. If successful, they injected PowerShell commands into the victim’s ...
Bleeping Computer2mon

Exploits for pre-auth Fortinet FortiWeb RCE flaw released, patch now

Proof-of-concept exploits have been released for a critical SQLi vulnerability in Fortinet FortiWeb that can be used to achieve pre-authenticated remote code execution on vulnerable servers.
InfoWorld11d

New tools make Python app distribution easier than ever

PyApp seems to be taking the Python world by storm, providing long-awaited click-and-run Python distribution. For developers ...
Bleeping Computer1mon

New Fortinet FortiWeb hacks likely linked to public RCE exploits

Multiple Fortinet FortiWeb instances recently infected with web shells are believed to have been compromised using public exploits for a recently patched remote code execution (RCE) flaw tracked ...