News

The Register on MSN1d

AI-powered penetration tool, an attacker's dream, downloaded 10K times in 2 months

Shady, China-based company, all the apps needed for a fully automated attack - sounds totally legit Villager, a new ...
The Hacker News7d

TAG-150 Develops CastleRAT in Python and C, Expanding CastleLoader Malware Operations

CastleRAT and CastleLoader, active since March 2025, spread malware via phishing and GitHub repos, enabling data theft.
The Hacker News3d

20 Popular npm Packages With 2 Billion Weekly Downloads Compromised in Supply Chain Attack

According to ReversingLabs' 2025 Software Supply Chain Security Report, 14 of the 23 crypto-related malicious campaigns in ...
Hosted on MSN10mon

Cast a hex on ChatGPT to trick the AI into writing exploit code

OpenAI's language model GPT-4o can be tricked into writing exploit code by encoding the malicious instructions in hexadecimal, which allows an attacker to jump the model's built-in security guardrails ...

PyPl is blocking hundreds of expired domains to halt malware attacks

The Python Package Index (PyPI) is putting a stop to so-called “domain resurrection attacks” that have been observed in the wild before to launch cyberattacks. Domain resurrection is a supply chain ...