Multiple weaponized proof-of-concept (PoC) exploits on GitHub delivered a Python-based remote access trojan (RAT) called ChocoPoC that can execute commands and steal sensitive data. However, ChocoPoC ...
A campaign active since last November has been targeting Python developers building Telegram bots with trojanized Pyrogram ...
In yet another software supply chain attack, threat actors have managed to compromise the popular Python package Lightning to push two malicious versions to conduct credential theft. As of writing, ...
On Monday, the Axios npm supply chain attack came to light where malicious packages had been inserted into one of JavaScript’s most widely used libraries. Three major threat intelligence firms have ...
On March 31, 2026, two new npm packages for updated versions of Axios, a popular HTTP client for JavaScript that simplifies making HTTP requests to a REST endpoint with over 70 million weekly ...
As these examples show, vulnerabilities can lurk within production code for years or decades—and attacks can come at any time. In 2021, a vulnerability was revealed in a system that lay at the ...
Cybersecurity researchers have disclosed what they say is an active "Shai-Hulud-like" supply chain worm campaign that has leveraged a cluster of at least 19 malicious npm packages to enable credential ...
LibreOffice 26.2 has been released with multi-user’ database support, improved Excel clipboard compatibility and a new x86-64-v2 hardware baseline for Linux users. The Document Foundation’s first ...
Get up and running with routes, views, and templates in Python’s most popular web framework, including new features found only in Django 6.0. Django is a one-size-fits-all Python web framework that ...
This blogpost introduces our latest white paper, presented at Virus Bulletin 2025, where we detail the operations of the North Korea-aligned threat actor we call DeceptiveDevelopment and its ...
ESET researchers provide details on a previously undisclosed China-aligned APT group that we track as PlushDaemon and one of its cyberespionage operations: the supply-chain compromise in 2023 of VPN ...