Multiple weaponized proof-of-concept (PoC) exploits on GitHub delivered a Python-based remote access trojan (RAT) called ChocoPoC that can execute commands and steal sensitive data. However, ChocoPoC ...
Mozilla 0DIN’s Claude Code demo shows how clean GitHub repos can expose AI coding agents to prompt injection, reverse shells, ...
Google links Turla to STOCKSTAY, a new .NET backdoor used in phishing attacks against Ukraine government and military targets ...
This repository contains API client implementations for the OpenSky Network in Python and Java as well as the sources for the documentation. By using the OpenSky API ...
Update - 18:55 UTC - The Arch Linux team put up an official announcement now: We are currently experiencing a high volume of malicious package adoptions and updates in the Arch User Repository. We are ...
GitHub confirmed on May 20 that a poisoned VS Code extension installed on an employee’s device gave attackers access to roughly 3,800 internal repositories at the Microsoft-owned code storage and ...
With almost 175,000 npm projects listing the library as a dependency, the attack had a huge cascade effect and shows how quickly a compromised package can propagate through the ecosystem. Attackers ...
The Trivy vulnerability scanner was compromised in a supply-chain attack by threat actors known as TeamPCP, which distributed credential-stealing malware through official releases and GitHub Actions.
‘If you suspect you were running a compromised version, treat all pipeline secrets as compromised and rotate immediately,’ Trivy maintainer says. Attackers have compromised the widely used open-source ...
A set of three security vulnerabilities has been disclosed in mcp-server-git, the official Git Model Context Protocol (MCP) server maintained by Anthropic, that could be exploited to read or delete ...
Some results have been hidden because they may be inaccessible to you
Show inaccessible results