资讯

The Hacker News

SilentSync RAT Delivered via Two Malicious PyPI Packages Targeting Python Developers

Zscaler reveals SilentSync remote access trojan hidden in two malicious PyPI Python packages, risking browser data theft and ...
Bleeping Computer

Python info-stealing malware uses Unicode to evade detection

A malicious Python package on PyPI uses Unicode as an obfuscation technique to evade detection while stealing and exfiltrating developers' account credentials and other sensitive data from compromised ...

Software packages with more than 2 billion weekly downloads hit in supply-chain attack

Hackers planted malicious code in open source software packages with more than 2 billion weekly updates in what is likely to ...
The Hacker News

TAG-150 Develops CastleRAT in Python and C, Expanding CastleLoader Malware Operations

CastleRAT and CastleLoader, active since March 2025, spread malware via phishing and GitHub repos, enabling data theft.
The Register on MSN

AI-powered penetration tool, an attacker's dream, downloaded 10K times in 2 months

Shady, China-based company, all the apps needed for a fully automated attack - sounds totally legit Villager, a new ...
Cyber Defense Magazine

Fake (Hallucinated) Remote Code Execution (RCEs) in LLM Applications

Introduction As agents become integrated with more advanced functionality, such as code generation, you will see more Remote ...
InfoWorld

VS Code 1.104 emphasizes AI model selection, agent security

The latest update to Microsoft’s code editor previews an automatic model selection capability and improvements to agent ...
Wired

They Cracked the Code to a Locked USB Drive Worth $235 Million in Bitcoin. Then It Got Weird

At 9:30 am on a Wednesday in late September, a hacker who asked to be called Tom Smith sent me a nonsensical text message: “query voltage recurrence.” Those three words were proof of a remarkable feat ...