AI-native Villager, which automates Kali and DeepSeek penetration tests, has reached 11,000 PyPI downloads fueling dual-use ...

AI-powered Villager tool reached 11,000 PyPI downloads since July 2025, enabling scalable cyberattacks and complicating ...

Villager is being pitched as a legitimate AI-powered pentest tool for red teams, but the platform, made by Chinese company Cyberspike, has been loaded almost 11,000 times on PyPI in two months, ...

The new AI-native framework, freely available online, could make advanced cyberattacks faster, easier, and more accessible ...

Attackers abused GitHub Actions workflows to siphon off thousands of credentials from hundreds of npm and PyPI repositories.

In a report published today and shared with The Register, the AI security company's Regalado and fellow researcher Amanda ...

The Python Package Index (PyPI) is putting a stop to so-called “domain resurrection attacks” that have been observed in the wild before to launch cyberattacks. Domain resurrection is a supply chain ...

On September 5, 2025, GitGuardian discovered GhostAction, a massive supply chain attack affecting 327 GitHub users across 817 ...

Widely adopted it is. The tool is freely available on PyPI, the world’s biggest Python Package Index, and it has been ...

A new supply chain attack on GitHub, dubbed 'GhostAction,' has compromised 3,325 secrets, including PyPI, npm, DockerHub, GitHub tokens, Cloudflare, and AWS keys.

According to ReversingLabs' 2025 Software Supply Chain Security Report, 14 of the 23 crypto-related malicious campaigns in ...

Hundreds of GitHub users and repositories have been hit by another supply chain attack, in which threat actors have already ...