Claude didn't just plan an attack on Mexico's government. It executed one for a month — across four domains your security stack can't see.

A hacker jailbroke Claude to steal 150GB of Mexican government data in a month-long campaign. CrowdStrike's latest threat report shows it's part of a wider pattern — and maps four domains most ...

Chainguard Customers Have 94% Python Ecosystem Coverage for Their Environments

Chainguard, the trusted source for open source, today announced it has expanded Chainguard Libraries coverage across Python, Java, and JavaScript, with customers seeing 94% coverage across the Python ...
Communications of the ACM

A Decade of Docker Containers

Docker is a widely used developer tool that first simplifies the assembly of an application stack (docker build), then allows for the rapid distribution of the resulting executabl ...
SecurityWeek

‘Arkanix Stealer’ Malware Disappears Shortly After Debut

The Arkanix Stealer malware can collect and exfiltrate system information, browser data, VPN information, and arbitrary files ...
IEEE

Fileless Attack Patterns Implemented in Python: Design, Encryption, and Detection Lessons

Abstract: This paper presents a controlled, pedagogical demonstration showing how high-level programming conveniences can be used to build compact, fileless malware for classroom instruction in ...
Hoodline

AI Agent Attack on Matplotlib Maintainer Rattles Silicon Valley

According to GitHub, the PR was marked as a first-time contribution and closed by a Matplotlib maintainer within hours, as ...
Dark Reading

ClickFix Attacks Abuses DNS Lookup Command to Deliver ModeloRAT

ClickFix campaigns have adapted to the latest defenses with a new technique to trick users into infecting their own machines with malware.

North Korean job scammers target JavaScript and Python developers with fake interview tasks spreading malware

Operation Dream Job is evolving once again, and now comes through malicious dependencies on bare-bones projects.
The Hacker News

Microsoft Discloses DNS-Based ClickFix Attack Using Nslookup for Malware Staging

Microsoft details a new ClickFix variant abusing DNS nslookup commands to stage malware, enabling stealthy payload delivery ...

Fake job recruiters hide malware in developer coding challenges

A new variation of the fake recruiter campaign from North Korean threat actors is targeting JavaScript and Python developers ...
KESQ News

New judicial ethics code says judges may speak out against ‘illegitimate’ attacks

(CNN) — Newly released ethics guidance for the federal judiciary makes clear that judges can speak out against “illegitimate forms of criticism and attacks.” The guidance comes as judges have been ...