Threat Research
From PyPI to the Dark Marketplace: How a Malicious Package Fuels the Sale of Telegram Identities
Introduction In today’s digital era, security breaches can occur in the blink of an eye. Telegram Desktop is renowned for its secure, user-friendly messaging interface, but what if the data used to ...
Why the 2025 PyPI Attack Signals a New Era in Cloud Risk
The 2025 PyPI supply chain attack is a stark reminder of just how vulnerable cloud ecosystems remain to sophisticated, stealthy, and evolving threats ...
Alert: Security Gaps Allow Bots to Exploit UK Driving Test Booking System
DataDome conducted a security assessment of the UK's online driving test booking system and identified several vulnerabilities in the system’s protection mechanisms ...
Atomic and Exodus crypto wallets targeted in malicious npm campaign
Threat actors have been targeting the cryptocurrency community hard lately. The ReversingLabs (RL) research team is continuously tracking an ongoing battle in which cybercriminals and other threat actors use a variety of ...
The Fast Flux DNS Threat: A Call to Action Against a Geopolitical and Hacktivist Nightmare
Artificial Intelligence (AI) has quickly become an integral part of modern workflows, with AI-powered applications like copilots, chatbots, and large-scale language models streamlining automation, decision-making, and data processing. However, these same tools ...
How DataDome Instantly Blocked a 28M-Request Flash DDoS Attack For a $3B E-Commerce Leader
DataDome stopped a 28M-request Flash DDoS in real time—no downtime or disruption for the $3B e-commerce platform under attack ...
Malware found on npm infecting local package with reverse shell
Unlike some other public repositories, the npm package repository is never really quiet. And, while there has been some decline in malware numbers between 2023 and 2024, this year's numbers don’t seem ...
Sextortion scams are on the rise — and they’re getting personal
Scammers are in on the sextortion trend. Our expert analysis on this trend found that the likelihood of being targeted by sextortion scammers in the first few months of 2025 increased by ...
Security Alert: Tax Season Brings Increased Risk of Credential Stuffing Attacks
Tax season sees a rise in credential stuffing attacks. Learn how tax platforms can strengthen security to block bots, prevent fraud, and protect user accounts in 2025 ...
Imperva Protects Against the Apache Camel Vulnerabilities
Introduction: Understanding the Apache Camel Flaw On March 9, 2025, Apache released a security advisory for CVE-2025-27636, a vulnerability in the Apache Camel framework that allows attackers to bypass header filtering via ...
