PyPI unverified 1,800 emails since June 2025 to block expired-domain attacks, strengthening open-source supply chain security ...

PipeMagic is a plugin-based modular malware that uses a domain hosted on the Microsoft Azure cloud provider to stage the ...

PyPI malware termncolor and colorinal downloaded 884 times exploit DLL side-loading, persistence, and C2 communication.

Deepfake CFO scam stole $25.6M via fake video calls, proving adversarial AI is redefining identity fraud risks.

1Password Device Trust is one example of a zero trust solution that blocks a device from authenticating to company SaaS apps ...

UAT-7237 exploits unpatched Taiwan servers using SoundBill, Cobalt Strike, and SoftEther VPN for persistent control.

MadeYouReset exploit bypasses HTTP/2 Rapid Reset mitigations, affecting major servers and enabling large-scale DoS attacks.

ERMAC was first documented by ThreatFabric in September 2021, detailing its ability to conduct overlay attacks against ...

U.S. sanctions Garantex, successor Grinex, after $100M illicit crypto flow fuels ransomware and sanctions evasion.

EncryptHub exploits CVE-2025-26633 with social engineering and rogue MSC files, delivering Fickle Stealer malware.

"An improper neutralization of special elements used in an OS command ('OS Command Injection') vulnerability [CWE-78] in ...

The policy applies to markets like Bahrain, Canada, Hong Kong, Indonesia, Israel, Japan, the Philippines, South Africa, South ...