Cybersecurity researchers have identified a Python-based remote access trojan called ChocoPoC distributed through trojanized proof-of-concept exploits on GitHub. The malware appears designed to target security researchers with capabilities to execute commands and exfiltrate sensitive data.
Security researchers uncovered multiple weaponized proof-of-concept (PoC) exploits hosted on GitHub delivering ChocoPoC, a Python-based remote access trojan. The campaign specifically targets cybersecurity researchers who download and execute these compromised PoC files.
ChocoPoC operates as a full-featured RAT, enabling attackers to execute arbitrary commands on infected systems and steal sensitive data. The malware's capabilities include command execution and data exfiltration, making it a significant threat to researchers who may inadvertently download trojanized exploits.
The attack vector exploits a common practice among security professionals: downloading proof-of-concept code from GitHub to test vulnerabilities or understand exploit mechanics. By poisoning legitimate-looking PoC repositories, threat actors gain access to the systems of skilled security practitioners who typically have elevated privileges and access to sensitive information.
This campaign highlights a critical supply chain risk in the security research community. Researchers routinely share and download PoC code to collaborate, verify findings, and develop defenses. GitHub's popularity as a distribution platform makes it an attractive vector for sophisticated threat actors seeking to compromise high-value targets.
The use of Python for the malware suggests portability across Windows, macOS, and Linux systems. This cross-platform capability expands the potential victim base beyond a single operating system.
Organizations should implement strict code review practices before executing any PoC exploits, even from seemingly trusted sources. Security teams should monitor for suspicious Python processes and implement network segmentation to limit potential data exfiltration. Additionally, researchers should verify the integrity and provenance of downloaded code and consider executing PoCs in isolated environments.
The discovery underscores the ongoing threat landscape where attackers target security professionals themselves, recognizing that compromising researchers provides access to valuable security intelligence and research.
Tailscale disclosed a critical vulnerability in its SSH implementation that allowed attackers to gain root access through insecure argument handling. The flaw has been patched in recent versions.
A new study found that social media platforms referred over 5.7 million visits to nonconsensual deepfake pornography sites between December 2025 and March 2026, with YouTube and X accounting for the majority of traffic.
Vancouver Police Department has implemented a discreet button on its website that instantly closes the page and clears browser history when clicked. The feature is designed to help domestic violence survivors quickly hide their browsing activity.
Europe's digital identity wallet age verification system will only work on iOS and Android devices, excluding alternative mobile platforms. The technical specification has drawn criticism from privacy advocates and open-source developers.