Python infostealers are spreading from Windows to macOS via Google Ads, ClickFix lures, and fake installers to steal credentials and financial data.

How modern infostealers target macOS systems, leverage Python‑based stealers, and abuse trusted platforms and utilities to distribute credential‑stealing payloads.

Two malware campaigns weaponize open-source software to target executives and cloud systems, combining social engineering ...

AutoPentestX is an open-source Linux penetration testing toolkit that automates scanning, CVE mapping, and reporting without unsafe exploitation.

According to the firm’s latest supply chain security report, there was a 73% increase in detections of malicious open-source packages in 2025. The past year also saw a huge jump in the scope of ...

ReversingLabs (RL), the trusted name in file and software security, today released its fourth annual Software Supply Chain Security Report. The 2026 ...

This was not a single company breach, the credentials were harvested from millions of infected user devices using infostealer malware. Binance appeared in the dataset ...

North Korea is doubling down on a familiar playbook by weaponizing trust in open-source software and developer workflows. The ...

Abstract: Malicious Python packages make software supply chains vulnerable by exploiting trust in open-source repositories like Python Package Index (PyPI). Lack of real-time behavioral monitoring ...

Security researchers uncovered two vulnerabilities in the popular Python-based AI app building tool that could allow attackers to extract credentials and files — and gain a lateral edge.

The Python-based information stealer SolyxImmortal uses legitimate APIs and libraries for stealthy data gathering and ...

New WhatsApp Web attack spreads self-propagating ZIP files containing Astaroth banking malware through trusted conversations. Boto Cor-de-Rosa campaign tracks delivery success.