A convincing Microsoft lookalike tricks users into downloading malware that steals passwords, payments, and account access.

Malicious telnyx 4.87.1/4.87.2 on PyPI used audio steganography March 27, 2026, enabling cross-platform credential theft.

You can wrap an executable file around a PowerShell script (PS1) so that you can distribute the script as an .exe file rather than distributing a “raw” script file. This eliminates the need to explain ...

The TeamPCP hacking group has hacked the Telnyx PyPI package as part of a supply chain campaign targeting the broad OSS ecosystem.

Instead of the usual phishing email or fake download page, attackers are using Google Forms to kick off the infection chain. The attack typically begins when a victim downloads a business-themed ZIP ...

Mark Collier briefed me on two updates under embargo at KubeCon Europe 2026 last month: Helion, which opens up GPU kernel ...

Anthropic’s leak of proprietary Claude Code sparked the developer community to group around “claw-code,” the fastest-growing ...

Use Playerctl, Python, and Conky timer to create a 'now playing' Spotify desktop widget.

PM This week in cybersecurity: botnets, RCE flaws, AI-driven attacks, stealers, and more. Fast, no-fluff roundup.

In this post, we will show you how to bypass the warning Windows protected your PC, Microsoft Defender SmartScreen prevented an unrecognised app from starting, Running this app might put your PC at ...

On March 31, 2026, the popular HTTP client Axios experienced a supply chain attack, causing two newly published npm packages ...

Hackers hijacked the npm account of the Axios package, a JavaScript HTTP client with 100M+ weekly downloads, to deliver ...