Python is everywhere in modern software. From machine learning models to production microservices, chances are your code—and your business—depends on Python packages you didn’t write. But in 2025, that trust comes with a serious risk. Every few weeks, we’re seeing fresh headlines about malicious packages uploaded to the Python Package Index (PyPI)—many going undetected until…
As autonomous vehicles continue to evolve, new research highlights the importance of rigorous security testing to protect against both intentional attacks and unintentional unsafe commands in teleoperation systems.
As autonomous vehicles continue to evolve, new research highlights the importance of rigorous security testing to protect against both intentional attacks and unintentional unsafe commands in teleoperation systems.
Secrets managers hold all the keys to an enterprise’s kingdom. Two popular ones had longstanding, critical, unauthenticated RCE vulnerabilities.
The now-patched vulnerabilities exist at the firmware level and enable deep persistence on compromised systems.
Cybersecurity researchers have demonstrated an “end-to-end privilege escalation chain” in Amazon Elastic Container Service (ECS) that could be exploited by an attacker to conduct lateral movement, access sensitive data, and seize control of the cloud environment. The attack technique has been codenamed ECScape by Sweet Security researcher Naor Haziz, who presented the findings today at…
The malicious ad tech purveyor known as VexTrio Viper has been observed developing several malicious apps that have been published on Apple and Google’s official app storefronts under the guise of seemingly useful applications. These apps masquerade as VPNs, device “monitoring” apps, RAM cleaners, dating services, and spam blockers, DNS threat intelligence firm Infoblox said…
New research reveals that a malicious traffic distribution system (TDS) is run not by “hackers in hoodies,” but by a series of corporations operating in the commercial digital advertising industry.
Using invisible prompts, the attacks demonstrate a physical risk that could soon become reality as the world increasingly becomes more interconnected with artificial intelligence.
Two critical vulnerabilities affect the security vendor’s management console, one of which is under active exploitation. The company has updated cloud-based products but won’t have a patch for its on-premises version until mid-August.