Threat actors are publishing clean extensions that later update to depend on hidden payload packages, bypassing marketplace ...

Hackers use credentials stolen in the GlassWorm campaign to access GitHub accounts and inject malware into Python repositories.

AI is getting scary good at finding hidden software bugs - even in decades-old code ...

The Contagious Interview campaign weaponizes job recruitment to target developers. Threat actors pose as recruiters from crypto and AI companies and deliver backdoors such as OtterCookie and ...

When you're trying to get the best performance out of Python, most developers immediately jump to complex algorithmic fixes, using C extensions, or obsessively running profiling tools. However, one of ...

IntroductionOn March 1, 2026, ThreatLabz observed new activity from a China-nexus threat actor targeting countries in the Persian Gulf region. The activity took place within the first 24 hours of the ...

Anthropic, a smaller rival started by OpenAI defectors, has found runaway success with its programming agent, Claude Code.

Malicious JavaScript code delivered by the AppsFlyer Web SDK hijacked cryptocurrency, potentially in a supply-chain attack.

Some years ago, my linguistic research team and I started to develop a computational tool aimed at reconstructing the text of ...

InstallFix delivers an infostealer to your device.

Using a tool to solve a protein's structure, for most researchers in the world of structural biology and computational ...

Attackers are using fake Claude Code install pages and malicious search ads to spread infostealer malware targeting Windows and macOS systems.