On June 24, 2026, Microsoft’s Digital Crimes Unit (DCU) facilitated the takedown, suspension, and blocking of domains that ...
Operation Navy Ghost is targeting Python developers who build Telegram bots by hiding backdoors inside trojanized Pyrogram forks uploaded to PyPI. The campaign has been active since November 2025, ...
Attackers can inject indirect prompts in normal-looking repositories to trick Claude Code into spawning a reverse shell.
A campaign active since last November has been targeting Python developers building Telegram bots with trojanized Pyrogram ...
Learn how malicious AI agent skills easily bypass static scanners. Discover how runtime checking secures tools like Claude ...
Opera has introduced a new safety feature that protects against malicious 'ClickFix' clipboard attacks.
Fake CVE exploit repos pull frint and skytext packages to steal researcher credentials, with servers still live as of July 1.
Multiple weaponized proof-of-concept (PoC) exploits on GitHub delivered a Python-based remote access trojan (RAT) called ChocoPoC that can execute commands and steal sensitive data. However, ChocoPoC ...
Our tracking of OceanLotus activities from 2024–2026 reveals a shift in operational focus. During this period, the Vietnam-aligned OceanLotus adopted a more selective approach to external operations ...
description: The following analytic detects the execution of PowerShell scripts containing Base64 encoded content, specifically identifying the use of `FromBase64String`. It leverages PowerShell ...