Fake CVE exploit repos pull frint and skytext packages to steal researcher credentials, with servers still live as of July 1.
MotherDuck is launching Flights, an agent-native data pipeline that enables users to choose the MCP server and AI agent of their choice to build and deploy data pipelines in minutes using a flexible, ...
The original incomplete DeepSeek sample can be transformed into a fully functional attack with minimal effort,' Check Point researcher tells The Reg ...
Operation Navy Ghost is targeting Python developers who build Telegram bots by hiding backdoors inside trojanized Pyrogram forks uploaded to PyPI. The campaign has been active since November 2025, ...
Attackers can inject indirect prompts in normal-looking repositories to trick Claude Code into spawning a reverse shell.
The North Korean state-sponsored hacking group known as ScarCruft (aka APT37) has been observed using spear-phishing messages impersonating Microsoft Account security notifications to deliver a new ...
AI-powered security intelligence at your fingertips — 28 tools + a one-call triage_cve orchestrator, 24 data sources, one protocol. A production-grade Model Context Protocol (MCP) server that turns ...
A fake Microsoft support website is tricking people into downloading what looks like a normal Windows update. Instead, it installs malware designed to steal passwords, payment details, and account ...
The TeamPCP hacking group continues its supply-chain rampage, now compromising the massively popular "LiteLLM" Python package on PyPI and claiming to have stolen data from hundreds of thousands of ...
The botnet’s operators provide customers with access to an infected network of Docker containers so they can conduct DDoS attacks. A newly discovered distributed denial-of-service (DDoS) botnet ...
This library is intended to be used with the public VirusTotal APIs. However, it could be used to interact with premium API endpoints as well. It is highly recommended that you use the VirusTotal v3 ...