A team of data thieves has doubled down by developing its CastleRAT malware in both Python and C variants. Both versions spread by tricking users into pasting malicious commands through a technique ...

CastleRAT and CastleLoader, active since March 2025, spread malware via phishing and GitHub repos, enabling data theft.

IntroductionAPT37 (also known as ScarCruft, Ruby Sleet, and Velvet Chollima) is a North Korean-aligned threat actor active since at least 2012. APT37 primarily targets South Korean individuals ...

Security researchers found malware packages using the Ethereum blockchain to conceal malicious commands on GitHub repos.

Qix is an open source maintainer account that was compromised by a phishing attack. This allowed attackers to infect 18 popular npm packages with malicious code. Together, these packages are ...

ReversingLabs reveals hackers using Ethereum Smart contracts in NPM packages to conceal malware URLs, bypass scans, and ...

The Infos3c Grabber Stealer specialises in stealing sensitive information such as passwords, cryptocurrency wallets, gaming accounts, and Discord/Telegram data. It also has capabilities to capture ...

Malware targeting Ethereum smart contracts is not entirely new. Earlier this year, the North Korean-affiliated Lazarus Group ...

ScarCruft’s Operation HanKook Phantom uses RokRAT malware in spear-phishing campaigns, targeting South Korean academics for ...

Scheduled for rollout starting in September 2026, the program aims to restrict malware distribution by requiring developer ...

The Python Package Index (PyPI) is putting a stop to so-called “domain resurrection attacks” that have been observed in the wild before to launch cyberattacks. Domain resurrection is a supply chain ...

"Tymoshchuk is a serial ransomware criminal who targeted blue-chip American companies, healthcare institutions, and large ...