A malicious Python package on PyPI uses Unicode as an obfuscation technique to evade detection while stealing and exfiltrating developers' account credentials and other sensitive data from compromised ...

In a new twist on software supply chain attacks, researchers have discovered a Python package hiding malware inside of compiled code, allowing it to evade ordinary detection measures. On April 17, ...

Newly discovered campaign takes advantage of the fact that most vulnerability scanning tools don't read compiled open-source software. Attackers who are targeting open-source package repositories like ...

Security researchers at ReversingLabs have discovered a novel attack that used compiled Python code to evade detection. According to ReversingLabs reverse engineer Karlo Zanki, this could be the first ...

Sometimes the simplest techniques can foil the complex systems created by security firms and large enterprises to detect malicious programs and files. Putting malware to sleep, waiting for a user to ...

With increased deployment of security solutions on cloud infrastructure, hackers have started adopting detection evasion tactics from Windows desktop computers to cloud environments. One such tactic ...

North Korea is doubling down on a familiar playbook by weaponizing trust in open-source software and developer workflows. The ...

Researchers studying cybersecurity have discovered a new and sophisticated phishing effort that spreads dangerous payloads ...