Experts from Zscaler ThreatLabz have uncovered two malicious packages in the PyPI repository that, upon installation and import, secretly deploy the SilentSync Python trojan—a threat capable of seizing control of developer environments and exfiltrating...
The newly discovered Python trojan XillenStealer, identified by researchers at Cyfirma, poses a grave threat to Windows users. Engineered to harvest system information, stored credentials, and cryptocurrency wallets, it also bundles an array of...
The developers of the Python Package Index (PyPI) have announced the introduction of a new email domain verification mechanism aimed at curbing attacks that exploit expired domains and reducing the risk of package compromise....
A malicious package discovered in the NPM ecosystem by researchers at Safety turned out to be far more than a simple trojan for cryptocurrency theft—it stood as a striking example of an attack orchestrated...
Hackers have ramped up their attacks on vulnerable Linux servers with exposed SSH access, deploying the SVF Botnet—a simple yet effective malicious framework designed for conducting DDoS attacks and cryptocurrency mining. This revelation comes...
The leading cybersecurity agencies in the United States—CISA and the NSA—have issued a joint report urging software developers to adopt so-called memory-safe programming languages. These are technologies inherently designed to protect against critical memory-related...
Varalyze is a threat intelligence tool suite that combines a diverse range of web-based applications into one seamless platform through the use of APIs and python libraries. This allows for comprehensive security event triaging due...
Kereva LLM Code Scanner is a static analysis tool designed to identify potential security risks, performance issues, and vulnerabilities in Python codebases that use Large Language Models (LLMs). It analyzes your code without execution...
Carseat is a Python implementation of Seatbelt. This tool contains all (all minus one technically) modules in Seatbelt that support remote execution as an option. Just like Seatbelt you likely will need privileged access...
In the ever-evolving landscape of cybersecurity, vigilance is paramount. Even widely used and trusted software packages are not immune to vulnerabilities. One such vulnerability, CVE-2023-49083 (CVSS score of 9.1), has been discovered in the...