JFrog says six malicious npm packages used hidden install-time execution, JSONKeeper fetches, and sandbox checks to enable remote access.
Sysdig says JADEPUFFER used CVE-2025-3248 in Langflow to automate intrusion, credential theft, encryption, and data wipe.
HOSTAFRICA launches Africa's first hosting MCP server: Manage your VPS from Claude and ChatGPTYour AI assistant can now start servers, create backups and configure firewalls – no control panel ...
A campaign active since last November has been targeting Python developers building Telegram bots with trojanized Pyrogram ...