A critical flaw found in the open source Langflow platform was added to the US Cybersecurity and Infrastructure Security Agency’s (CISA's) Known Exploited Vulnerabilities (KEV) catalog. Langflow is a Python-based Web application, a popular tool in the realm of agentic AI that allows users to build AI-driven agents and workflows. The vulnerability, tracked as CVE-2025-3248, is described as a missing authentication flaw that allows remote attackers to compromise Langflow servers. With a CVSS sc
python (12)
Whenever a new form of digital communication becomes prevalent, actors inevitably adopt it to send spam and try to profit from unsuspecting users. Email has been the perennial choice for spam delivery, but the prevalence of new communications platforms has expanded the spam attack surface considerably.
This report explores AkiraBot, a Python framework that targets contact forms and chat widgets on small to medium-sized business websites. AkiraBot is designed to post AI-generated spam messages ta
Havoc is a powerful command-and-control (C2) framework. Like other well-known C2 frameworks, such as Cobalt Strike, Silver, and Winos4.0, Havoc has been used in threat campaigns to gain complete control over the target. Additionally, It is open-source and available on GitHub, making it easier for threat actors to modify it to evade detection.
FortiGuard Labs recently discovered a phishing campaign that combines ClickFix and multi-stage malware to deploy a modified Havoc Demon Agent. The threat a
In a recent opinion piece, Linus Torvalds shares his views on C and C++. “I must be a glutton for punishment. Not only was my first programming language IBM 360 Assembler, but my second language was C. Programming anything in them wasn't easy. Programming safely in either is much harder.” So, when the US Cybersecurity and Infrastructure Security Agency (CISA) and the Federal Bureau of Investigations (FBI announced they were doubling down on their efforts to persuade software manufacturers t
Recently, cybersecurity researchers have found that entry points could be abused across multiple programming ecosystems like PyPI, npm, Ruby Gems, NuGet, Dart Pub, and Rust Crates to stage software supply chain attacks. "Attackers can leverage these entry points to execute malicious code when specific commands are run, posing a widespread risk in the open-source landscape," Checkmarx researchers Yehuda Gelb and Elad Rapaport said in a report.[1]
The software supply chain security company noted
The CEO at Redwood Research, Buck Shlegeris, a nonprofit company exploring AI's risks, recently learned an amusing but hard lesson in automation when he asked his LLM-powered agent to open a secure connection from his laptop to his desktop machine. "I expected the model would scan the network and find the desktop computer, then stop," Shlegeris explained. "I was surprised that after it found the computer, it decided to continue taking actions, first examining the system and then deciding to do
The Checkmarx Research team recently discovered an attack campaign targeting the software supply chain, with evidence of successful exploitation of multiple victims. These include the Top.gg GitHub organization (a community of over 170k users) and several individual developers. The threat actors used multiple TTPs in this attack, including account takeover via stolen browser cookies, contributing malicious code with verified commits, setting up a custom Python mirror, and publishing malicious
The cloud hack tool scene is highly intertwined, with many tools relying on one another’s code. This is particularly true for malware families like AlienFox, Greenbot, Legion, and Predator, which share code from a credential scraping module called Androxgh0st. Analysts identified a tool that is related but distinct from these families. FBot is a Python-based attack tool with features to target web servers and cloud services as well as Software-as-a-Service (SaaS) technologies, including:
- Ama
Partial encryption is a growing trend in the world of ransomware, but with it comes the potential for data recovery on affected files. We’ll give an overview here on what the term “partial encryption” means. It is perhaps more accurate to say, “intermittent encryption,” but even so, it will be important to understand this recent trend in how many ransomware infections operate. From there, we’ll introduce White Phoenix, the freely available tool developed by CyberArk which can be used on part
By monitoring an open-source ecosystem, the FortiGuard Labs team recently discovered over 60 zero-day attacks embedded in PyPI packages (Python Package Index) between early February and mid-March of 2023. In this report[1], analysts cover all the packages found, grouping them into similar attacks or behaviors.
The packages in this set were found to be similar:
- py-hydraurlstudy (version 2.37)
- tptoolpywgui (version 10.56)
- libgetrandram (version 7.78)
- esqultraultrapong (version 7.37)
- esqhacke
Security researchers have identified more than 20 malicious PyPI packages designed to steal passwords and other sensitive information from the victims’ machines. Investigators are warning of two such packages ‘ultrarequests’ and ‘pyquest’ that were masquerading as ‘requests’, a highly popular open source package. The malicious repositories copied the description from the legitimate package and contained fake statistics. PyPI as an index which allows users to search for packages by keywords o
An adversary known for targeting the Financial Cyber Sector, at least since 2018, has switched up its tactics to include a new Python-based remote access Trojan (RAT).[1] This RAT can steal passwords, documents, browser cookies, email credentials, software licenses, and credentials for trading software/platforms, customer credit card information, and proof of address/identity documents, and other sensitive information. The group is suspected of offering APT style hacker-for-hire services to o
