The Hacker News

Hackers Use LinkedIn Messages to Spread RAT Malware Through DLL Sideloading

Researchers found a LinkedIn phishing campaign delivering a remote access trojan via DLL sideloading, WinRAR SFX files, and ...
CSO Online

Flaws in Chainlit AI dev framework expose servers to compromise

Security researchers uncovered two vulnerabilities in the popular Python-based AI app building tool that could allow ...

Fake ad blocker extension crashes the browser for ClickFix attacks

A malvertising campaign is using a fake ad-blocking Chrome and Edge extension named NexShield that intentionally crashes the ...
SecurityWeek

‘SolyxImmortal’ Information Stealer Emerges

The Python-based information stealer SolyxImmortal uses legitimate APIs and libraries for stealthy data gathering and ...

Ukraine's army targeted in new charity-themed malware campaign

Officials of Ukraine's Defense Forces were targeted in a charity-themed campaign between October and December 2025 that ...
The Register on MSN

Popular Python libraries used in Hugging Face models subject to poisoned metadata attack

The open-source libraries were created by Salesforce, Nvidia, and Apple with a Swiss group Vulnerabilities in popular AI and ...
Dark Reading

AsyncRAT Malware Infests Orgs via Python & Cloudflare

The phishing campaign shows how attackers continue to weaponize legitimate cloud services and open source tools to evade ...
GitHub

ExfilState — Architectural Cache Side Channel Fuzzer

This repository contains the architectural side channel fuzzer from the research paper "ExfilState: Automated Discovery of Timer-Free Cache Side Channels on ARM CPUs". The framework largely depends on ...
IEEE

Exploring the Adoption of Fuzz Testing in Open-Source Software: A Case Study of the Go Community

Abstract: Fuzz testing (or fuzzing) is a software testing technique aimed at identifying software vulnerabilities. Recently, the Go community added native support for fuzz testing into their standard ...
The Hacker News

Traditional Security Frameworks Leave Organizations Exposed to AI-Specific Attack Vectors

In December 2024, the popular Ultralytics AI library was compromised, installing malicious code that hijacked system resources for cryptocurrency mining. In August 2025, malicious Nx packages leaked 2 ...
GitHub

A comprehensive security library for Python web applications, providing middleware for IP filtering, rate limiting, and other security features with both synchronous and ...

For detailed installation instructions and configuration options, see Installation Guide.