CastleRAT and CastleLoader, active since March 2025, spread malware via phishing and GitHub repos, enabling data theft.

Attackers used custom Python tools, Tor for obfuscation and log deletion techniques to evade detection. Palo Alto Networks ...

ReversingLabs reveals hackers using Ethereum Smart contracts in NPM packages to conceal malware URLs, bypass scans, and ...

Malware targeting Ethereum smart contracts is not entirely new. Earlier this year, the North Korean-affiliated Lazarus Group ...

A new supply chain attack on GitHub, dubbed 'GhostAction,' has compromised 3,325 secrets, including PyPI, npm, DockerHub, ...

Security researchers found malware packages using the Ethereum blockchain to conceal malicious commands on GitHub repos.

In a report published today and shared with The Register, the AI security company's Regalado and fellow researcher Amanda ...

One of the great things about sharing hacks is that sometimes one person’s work inspires someone else to take it even further. A case in point is [Ivor]’s colorimeter hacking (parts two and ...

Google researchers say the hackers abused a third-party tool in an attack spree designed to harvest credentials.

Today we're out fishing for gar, specifically longnose gar. We're using small lures baited with a twister worm and casting ...