During a recent penetration test, we came across an AI-powered desktop application that acted as a bridge between Claude (Opus 4.5) and a third-party asset management platform. The idea is simple: ...

Instead of the usual phishing email or fake download page, attackers are using Google Forms to kick off the infection chain. The attack typically begins when a victim downloads a business-themed ZIP ...

The TeamPCP hacking group continues its supply-chain rampage, now compromising the massively popular "LiteLLM" Python package on PyPI and claiming to have stolen data from hundreds of thousands of ...

A phishing campaign targeting healthcare, government, hospitality, and education sectors uses several evasion techniques to avoid detection.

Malicious LiteLLM 1.82.7–1.82.8 via Trivy compromise deploys backdoor and steals credentials, enabling Kubernetes-wide persistence and lateral spread.

Two versions of LiteLLM, an open source interface for accessing multiple large language models, have been removed from the Python Package Index (PyPI) following a supply chain attack that injected ...

The hackers compromised GitHub Action tags, then shifted to NPM, Docker Hub, VS Code, and PyPI, and teamed with Lapsus$.

CanisterWorm infects 28 npm packages via ICP-based C2, enabling self-propagation and persistent backdoor access across developer systems.

Threat actors have demonstrated just how quickly they operate today after exploiting a critical open source vulnerability ...

Use Playerctl, Python, and Conky timer to create a 'now playing' Spotify desktop widget.

Overview AI agents enable autonomous workflows, making them essential skills for future-ready tech professionalsChoosing hands-on Udemy courses helps build real ...

Opal Security, the modern identity security and access governance company, today announced three new AI-native capabilities that together form the industry's first unified platform for seeing, ...