CastleRAT and CastleLoader, active since March 2025, spread malware via phishing and GitHub repos, enabling data theft.

Cybersecurity firm HiddenLayer uncovers a “CopyPasta License Attack” that exploits Coinbase’s favored AI coding tool, Cursor.

Members of the North Korean hacker group Lazarus posing as recruiters are baiting Python developers with coding test project for password management products that include malware.

Attackers uploaded fake Python packages to PyPI that posed as Bitcoinlib tools and targeted wallet data. The malware infected crypto development environments, stole private keys and seed phrases ...

For the second time since March, a cybersecurity firm has discovered troubling malware software packages uploaded to the Python Package Index platform.

Static analysis of the malware’s ELF executable revealed a 64-bit, statically linked ELF with intact debug information, indicating Python code compiled with Cython. The code is relatively short, ...

Hackers are exploiting Ethereum smart contracts to inject malware into popular NPM coding libraries, using packages to run ...

Analysis of chatter on dark web forums shows that efforts are already under way to use OpenAI's chatbot to help script malware.