Researchers warn malicious packages can harvest secrets, weaponize CI systems, and spread across projects while carrying a dormant wipe mechanism.

Sample files for Azul are kept in a Simple Storage Service (S3) compatible binary large object (blob) store, and processed ...

Kaspersky Threat Research has revealed its analysis of RenEngine, a malware loader that has recently gained public attention. Kaspersky identified RenEngine samples as early as March 2025, with its ...

A sophisticated Python-based malware deployment uncovered during a fraud investigation has revealed a layered attack ...

The Arkanix infostealer combines LLM-assisted development with a malware-as-a-service model, using dual language implementations to maximize reach and establish persistence.

The module targets Claude Code, Claude Desktop, Cursor, Microsoft Visual Studio Code (VS Code) Continue, and Windsurf. It also harvests API keys for nine large language models (LLM) providers: ...

'PromptSpy' appears to be the first Android malware that uses generative AI in its execution flow, according to antivirus provider ESET.

A North Korean attack group is running a scam operation called the Graphalgo, wherein they use fake job schemes to deliver malware.

Attackers recently leveraged LLMs to exploit a React2Shell vulnerability and opened the door to low-skill operators and calling traditional indicators into question.

Darktrace researchers say hackers used AI and LLMs to create malware to exploit the React2Shell vulnerability to mine ...

Researchers uncover SSHStalker, an IRC botnet exploiting legacy Linux flaws and SSH servers to build persistent covert access.