The Safety Blog

A sophisticated multi-stage Python RAT masquerading as an Islamic prayer Telegram bot was discovered in the PyPI package "telegrem," establishing persistent remote access, stealing credentials, exfiltrating sensitive data, and installing SSH backdoors on victim systems.

In December, we tracked 3,683 malicious packages across NPM and PyPI, including a persistent campaign hijacking Claude Code to steal API keys and exfiltrate developer conversations

Threat actors successfully targeted popular hash validation libraries for months with malicious packages that stole crypto assets

Shai-hulud part III: "The Reckoning?" has arrived early

Scopper is a new compact, lightweight remote access trojan (RAT) that uses Telegram for its C2

A malicious npm package disguised as a Polymarket trading library that silently steals cryptocurrency wallet files and private keys to drain victims cryptocurrencies

OWASP Top 10 2025: Supply Chain Security for Developer Environments

A NPM malware campaign “Integrator-Filescrypt" targeting cryptocurrency users leverages sneaky Russian cloaking technology to evade security detection

A malicious NPM package pretends to be the official Claude Code package so it can steal Anthropic credentials and proxy malicious requests to compromised accounts

NPM based malware targets Vietnamese hospital billing system with coordinated campaign

NPM packages being used in active credential phishing attack

An NPM attack compromised dozens of popular packages which then ran malicious GitHub actions in the compromised accounts

A massive NPM attack targeted the most popular package maintainers

Safety research team analyzed the multiple AI prompts used in the Nx software supply chain attack

New NPM Based Infostealer Malware Targets Cryptocurrrency developers

New NPM Based Infostealer Malware Targets Cryptocurrrency developers

Safety’s malicious package detection identified a malicious package that appears to have been written by Claude AI

How Safety built a high-impact co-op program by scaling thoughtfully, mentoring deeply, and empowering interns with real project ownership.

Canada's Bill C-8 and what it means for Canadian cybersecurity strategy.

June 2025's announcement regarding the EU-Canada Security and Defence Partnership and what this means for cybersecurity.

Threat actors are using Python libraries targeting the Solana cryptocurrency ecosystem

A sprawling threat campaign over six months spanning dozens of npm packages.

Safety’s malicious package detection identified a malicious npm package today named express-exp. This package was brand new, and had only one version, 1.0.1.

A new npm package published by Cashfree leaks credit card data to an ngrok endpoint.

Part I: The importance of CVSS severity when assessing software supply chain vulnerabilities.

Part II: The importance of Severity when assessing software supply chain vulnerabilities.

Learn best practices for secure Python development.

Part 1 in a series dedicated to software supply chains and security.

Learn why software supply chain security is essential for Python development today, and explore historical supply chain breaches like Log4j and SolarWinds, and how to protect against them.

In-depth analysis of a recently discovered vulnerability in the libwebp library.

A high-severity vulnerability in cURL and its associated library libcurl was disclosed on 11 October, 2023.

A recent attack by ethical hackers on PyTorch, a popular Machine Learning library, is a stark reminder of the importance of securing software supply chains.

NVD Update Delays and the Impact on the Developer Community: Safety Cybersecurity's Proactive Response

The National Vulnerability Database backlog has left many in the cybersecurity community concerned about reliability and timeliness of vulnerability data.

Discover how to safeguard AI integrity against the rising threat of data poisoning attacks in modern software supply chains.

How Executive Order 14028 aims to strengthen national cybersecurity by securing the software supply chain.

A software supply chain attack recently compromised multiple versions of Ultralytics YOLO, one of the most widely used Python AI libraries for computer vision tasks.

Why career frameworks matter and best practices to create one that reflects your company's values.

A recently-discovered malicious package has raised alarms across the cryptocurrency development community.

Findings from the Canadian National Cyber Threat Assessment (NCTA) and actionable advice for developers, DevOps and SecOps professionals.

Safety's Cybersecurity Intelligence team discovered an unpublished vulnerability (CVE-2023-33976) in the TensorFlow Python package.

A critical security vulnerability was discovered in the llama-cpp-python package, which could have significant implications for systems using this library.

Learn how to navigate the complexities of open-source licenses to mitigate legal and operational risks.