It’s a bird, it’s a plane—it’s the latest sign that Chinese automakers intend to dominate the global car industry for decades to come.

A string of US armory break-ins, kept quiet by authorities for months, points to a growing security crisis—and signs of an inside job.

Control your ad targeting with broad match, phrase match, and exact match keyword types. Learn how.

A conservative group is targeting payment processors as “a weapon” to get adult games deindexed in storefronts. Even games that have nothing to do with sex or abuse have been caught in the dragnet.

I think the collection will be a hit for younger gamers.

Free tool generates body and finger rigs for humanoid 3D characters. Check out its new animation browsing and retargeting system.

In this article:See more ▼Post may contain affiliate links which give us commissions at no cost to you.Preppy fonts capture that quintessential East Coast elite vibe – think Nantucket summers, yacht clubs, and monogrammed everything. These typefaces embody the perfect balance of tradition and refinement that makes preppy design so timeless and aspirational. But here’s the thing: not all fonts can pull off that coveted preppy aesthetic. The best preppy fonts have a certain je ne sais quoi – they’re classic without being stuffy, elegant without being pretentious, and refined without being inaccessible. In this comprehensive guide, we’ll explore the most gorgeous preppy fonts that’ll have your designs looking like they belong in the pages of Town & Country magazine. So grab your pearls and let’s dive into this typographic treasure trove! 👋 Psst... Did you know you can get unlimited downloads of 59,000+ fonts and millions of other creative assets for just $16.95/mo? Learn more »The Preppiest Fonts That Define 2025 Let’s start with the crème de la crème – the fonts that truly embody that preppy spirit. I’ve curated this list based on their ability to channel that classic New England charm while remaining versatile enough for modern design needs. Gatsby Prelude Gatsby Prelude is an elegant and modern Art Deco font duo. It combines sans-serif characters with decorative elements, perfect for creating sophisticated designs with a touch of vintage glamour.Burtuqol Burtuqol is a vintage slab serif font that exudes a retro charm. Its bold, chunky serifs and aged appearance make it ideal for projects requiring a nostalgic or timeworn aesthetic.Gafler Gafler is a classy vintage serif font with decorative elements. It combines elegance with a touch of old-world charm, making it perfect for high-end branding and classic design projects.Get 300+ Fonts for FREEEnter your email to download our 100% free "Font Lover's Bundle". For commercial & personal use. No royalties. No fees. No attribution. 100% free to use anywhere. Kagnue Kagnue is a modern and classy serif font. It offers a fresh take on traditional serif typefaces, blending contemporary design with timeless elegance for versatile use in various design contexts.The Blendinroom The Blendinroom is a retro serif typeface featuring luxurious ligatures. Its vintage-inspired design and intricate details make it ideal for creating sophisticated, old-world aesthetics in design projects.MODER BULES MODER BULES is a playful sans-serif font with a fun, childlike appeal. Its quirky design makes it perfect for kids-oriented projects or Halloween-themed designs, adding a touch of whimsy to typography.Nickey Vintage Nickey Vintage is a decorative display font with a strong vintage flair. Its bold, eye-catching characters make it ideal for headlines, logos, and designs that require a striking retro aesthetic.Ladger Ladger is a casual script font that exudes luxury and elegance. Its flowing lines and graceful curves make it perfect for logo designs, high-end branding, and projects requiring a touch of sophistication.Hadnich Hadnich is a modern script font with a brush-like quality. Its versatile design makes it suitable for various applications, from signage to branding, offering a contemporary take on handwritten typography.Belly and Park Belly and Park is a condensed beauty classic font family featuring both serif and sans-serif styles. Its vintage-inspired design and narrow characters make it ideal for creating elegant, space-efficient layouts.Loubag Loubag is a modern retro font family encompassing sans-serif, serif, and decorative styles. Its bold, fashion-forward design makes it perfect for creating eye-catching headlines and trendy branding materials.Petter And Sons Petter And Sons is a romantic beauty script font with decorative elements. Its elegant, flowing design makes it ideal for wedding invitations, luxury branding, and projects requiring a touch of refined beauty.Preteoria Preteoria is a modern cursive font with a sleek, contemporary feel. Its smooth curves and clean lines make it versatile for various design applications, from branding to digital media projects.Delauney Delauney is an Art Deco-inspired sans-serif font that captures the essence of the roaring twenties. Its geometric shapes and sleek lines make it perfect for creating designs with a bold, metropolitan flair.Amadi Vintage Amadi Vintage is a chic and beautiful serif font with a timeless appeal. Its elegant design and vintage-inspired details make it ideal for creating sophisticated, classic-looking designs and branding materials.LEDERSON LEDERSON is a vintage-inspired shadow font. Its weathered look and strong character make it perfect for designs requiring an authentic, aged aesthetic.Fancyou Fancyou is a versatile serif font with alternate characters. Its elegant design and customizable options make it suitable for a wide range of projects, from formal invitations to modern branding materials.Catterpie Font Catterpie is a handwritten script font that mimics natural handlettering. Its fluid, signature-like style makes it perfect for creating personal, authentic-looking designs and branding materials.Jemmy Wonder Jemmy Wonder is a Victorian-inspired serif font with a strong vintage character. Its ornate details and old-world charm make it ideal for creating designs with a classic, nostalgic feel.Monthey Monthey is a bold, elegant vintage display serif font. Its chunky characters and 70s-inspired design make it perfect for creating eye-catching headlines and retro-themed branding materials.Madville Madville is a classy script font with a versatile design. Its elegant curves and smooth transitions make it suitable for a wide range of projects, from formal invitations to modern branding materials.Crowk Crowk is a luxury serif font with a timeless, elegant appeal. Its refined design and classic proportions make it ideal for high-end branding, editorial layouts, and sophisticated design projects.Peachy Fantasy Peachy Fantasy is an Art Nouveau-inspired display font with decorative elements. Its vintage charm and unique character make it perfect for creating eye-catching headlines and artistic design projects.Cormier Cormier is a decorative sans-serif font with a strong artistic flair. Its unique design and fashion-forward aesthetic make it ideal for creating bold, attention-grabbing headlines and branding materials.Syntage Syntage is a decorative modern luxury font with both serif and ornamental elements. Its retro-inspired design and luxurious details make it perfect for high-end branding and sophisticated design projects.Jeniffer Selfies Jeniffer Selfies is a retro-inspired bold font combining sans-serif and script styles. Its playful design and vintage feel make it ideal for creating nostalgic, fun-loving designs and branding materials.The Rilman The Rilman is a ligature-rich rounded sans-serif font with a 90s-inspired design. Its retro charm and smooth edges make it perfect for creating playful, nostalgic designs and branding materials.Milky Croffle Milky Croffle is a classic beauty elegant serif font. Its refined design and timeless appeal make it ideal for creating sophisticated layouts, high-end branding, and projects requiring a touch of traditional elegance. What Makes a Font Feel Preppy? You might be wondering what exactly gives a font that unmistakable preppy vibe. After years of working with typography, I’ve identified several key characteristics that define the preppy aesthetic: Classic Serif Structure: Most preppy fonts are serifs, drawing inspiration from traditional typography used in prestigious publications and academic institutions. These serifs aren’t just decorative – they’re a nod to centuries of refined typographic tradition. Elegant Proportions: Preppy fonts tend to have well-balanced letterforms with moderate contrast between thick and thin strokes. They’re neither too delicate nor too bold – just perfectly poised, like a well-tailored blazer. Timeless Appeal: The best preppy fonts don’t scream “trendy.” Instead, they whisper “timeless.” They’re the typography equivalent of a strand of pearls – always appropriate, never out of style. Sophisticated Details: Look for subtle refinements in letterforms – graceful curves, well-crafted terminals, and thoughtful spacing. These details separate truly preppy fonts from their more pedestrian cousins. Heritage Inspiration: Many preppy fonts draw inspiration from historical typefaces used by Ivy League universities, prestigious publishing houses, and old-money families. This connection to tradition is what gives them their authentic preppy pedigree. Where to Use Preppy Fonts (And Where Not To) Preppy fonts aren’t one-size-fits-all solutions, but when used appropriately, they’re absolutely magical. Here’s where they shine brightest: Wedding Invitations: Nothing says “elegant affair” quite like a beautifully chosen preppy serif. These fonts are perfect for formal invitations, save-the-dates, and wedding stationery that needs to feel sophisticated and timeless. Luxury Branding: Brands targeting affluent audiences or positioning themselves as premium often benefit from preppy typography. Think boutique hotels, high-end fashion, or artisanal goods. Editorial Design: Magazines, newsletters, and publications focusing on lifestyle, fashion, or culture can leverage preppy fonts to establish credibility and sophistication. Corporate Identity: Professional services, law firms, financial institutions, and consulting companies often choose preppy fonts to convey trustworthiness and establishment credibility. Academic Materials: Universities, prep schools, and educational institutions naturally gravitate toward preppy typography that reflects their traditional values and heritage. However, preppy fonts might not be the best choice for: Tech Startups: The traditional nature of preppy fonts can feel at odds with innovation and disruption. Modern sans serifs usually work better for tech companies. Children’s Brands: While elegant, preppy fonts might feel too formal for products targeting young children. Playful, rounded fonts are typically more appropriate. Casual Brands: If your brand personality is laid-back and approachable, overly formal preppy fonts might create distance between you and your audience. How to Choose the Perfect Preppy Font Selecting the right preppy font requires careful consideration of several factors. Here’s my tried-and-true process: Consider Your Audience: Are you designing for actual prep school alumni, or are you trying to capture that aspirational preppy aesthetic for a broader audience? Your target demographic should influence how traditional or accessible your font choice is. Evaluate the Context: A wedding invitation can handle more ornate details than a business card. Consider where your text will appear and how much personality the context can support. Test Readability: Preppy doesn’t mean hard to read. Always test your chosen font at various sizes to ensure it remains legible. Your typography should enhance communication, not hinder it. Think About Pairing: Will you be using this font alone or pairing it with others? Consider how your preppy serif will work alongside sans serifs for body text or script fonts for accents. Consider Your Medium: Some preppy fonts work beautifully in print but struggle on screens. Others are optimized for digital use but lose their charm in print. Choose accordingly. Pairing Preppy Fonts Like a Pro The magic of preppy typography often lies in thoughtful font pairing. Here are some winning combinations that never fail: Classic Serif + Clean Sans Serif: Pair your preppy serif headline font with a crisp, readable sans serif for body text. This creates hierarchy while maintaining sophistication. Traditional Serif + Script Accent: Use a refined script font sparingly for special elements like signatures or decorative text, balanced by a solid preppy serif for main content. Serif + Serif Variation: Sometimes pairing two serifs from the same family – perhaps a regular weight for body text and a bold condensed version for headlines – creates beautiful, cohesive designs. Remember, less is often more with preppy design. Stick to two or three fonts maximum, and let the inherent elegance of your chosen typefaces do the heavy lifting. The Psychology Behind Preppy Typography Understanding why preppy fonts work so well psychologically can help you use them more effectively. These typefaces tap into powerful associations: Trust and Reliability: The traditional nature of preppy fonts suggests stability and permanence. When people see these fonts, they subconsciously associate them with established institutions and time-tested values. Sophistication and Education: Preppy fonts are reminiscent of academic institutions and intellectual pursuits. They suggest refinement, education, and cultural awareness. Exclusivity and Status: Let’s be honest – part of the preppy aesthetic’s appeal is its association with privilege and exclusivity. These fonts can make designs feel more premium and aspirational. Quality and Craftsmanship: The careful attention to typographic detail in preppy fonts suggests similar attention to quality in whatever they’re representing. Modern Takes on Classic Preppy Style While preppy fonts are rooted in tradition, the best designers know how to give them contemporary flair. Here are some ways to modernize preppy typography: Unexpected Color Palettes: Pair traditional preppy fonts with modern colors. Think sage green and cream instead of navy and white, or soft blush tones for a fresh take. Generous White Space: Give your preppy fonts room to breathe with plenty of white space. This modern approach to layout keeps traditional fonts feeling fresh and uncluttered. Mixed Media Integration: Combine preppy typography with photography, illustrations, or graphic elements for a more contemporary feel while maintaining that sophisticated foundation. Strategic Contrast: Pair your refined preppy fonts with unexpected elements – maybe a bold geometric shape or modern photography – to create dynamic tension. Preppy Font Alternatives for Every Budget Not every preppy project has a premium font budget, and that’s okay! Here are some strategies for achieving that coveted preppy look without breaking the bank: Google Fonts Gems: Fonts like Playfair Display, Crimson Text, and Libre Baskerville offer sophisticated serif options that can work beautifully for preppy designs. Font Pairing Magic: Sometimes combining two free fonts thoughtfully can create a more expensive-looking result than using a single premium font poorly. Focus on Execution: A free font used with excellent spacing, hierarchy, and layout will always look better than an expensive font used carelessly. Common Preppy Font Mistakes to Avoid Even with the perfect preppy font, poor execution can ruin the effect. Here are the most common mistakes I see designers make: Overdoing the Decoration: Just because a font has elegant details doesn’t mean you need to add more flourishes. Let the typeface’s inherent sophistication speak for itself. Ignoring Hierarchy: Preppy design relies on clear, elegant hierarchy. Don’t make everything the same size or weight – create visual flow through thoughtful typography scaling. Poor Spacing: Cramped text kills the elegant feel of preppy fonts. Give your typography generous leading and appropriate margins. Wrong Context: Using an ultra-formal preppy font for a casual pizza restaurant’s menu will feel jarring and inappropriate. Match your font choice to your content and audience. The Future of Preppy Typography As we look ahead in 2025, preppy fonts continue to evolve while maintaining their classic appeal. We’re seeing interesting trends emerge: Variable Font Technology: Modern preppy fonts are increasingly available as variable fonts, allowing designers to fine-tune weight, width, and optical size for perfect customization. Screen Optimization: Classic preppy fonts are being redrawn and optimized for digital screens without losing their traditional charm. Inclusive Preppy: Designers are expanding the preppy aesthetic beyond its traditional boundaries, creating fonts that maintain sophistication while feeling more accessible and diverse. Sustainable Design: The timeless nature of preppy fonts aligns perfectly with sustainable design principles – these typefaces won’t look dated next year, making them environmentally responsible choices. Conclusion: Embracing Timeless Elegance Preppy fonts represent more than just letterforms – they’re a gateway to timeless elegance and sophisticated communication. Whether you’re designing wedding invitations for a Martha’s Vineyard ceremony or creating brand identity for a boutique law firm, the right preppy font can elevate your work from merely professional to genuinely distinguished. The beauty of preppy typography lies in its ability to feel both traditional and fresh, formal yet approachable. These fonts have stood the test of time because they tap into something fundamental about how we perceive quality, tradition, and sophistication. As you explore the world of preppy fonts, remember that the best typography choices support your message rather than overshadowing it. Choose fonts that enhance your content’s inherent qualities and speak to your audience’s aspirations and values. So whether you’re channeling that old-money aesthetic or simply want to add a touch of refined elegance to your designs, preppy fonts offer a wealth of possibilities. After all, good typography, like good manners, never goes out of style.

First Enchantment The Sims 4 Enchanted by Nature gets an official reveal trailer confirming that fairies are so back As promised, Maxis has dropped the first trailer for the next major expansion to The Sims 4, coming this July. Image credit: EA / Maxis News by Sherif Saed Contributing Editor Additional contributions by Rebecca Jones Published on June 12, 2025 Our first look at Enchanted by Nature, the new expansion coming to The Sims 4 next month, has officially arrived. Maxis and EA previously confirmed that the first trailer would be dropping today, before we get a deep look at gameplay on June 26. This is the game’s first major expansion since Businesses & Hobbies arrived in March, and as the name suggests, adds nature-inspired content. To see this content please enable targeting cookies. The major reveal, of course, is the long-anticipated return of fairies to The Sims, and it looks as though plenty of notes have been taken from their extremely well-received debut as a playable occult type back in The Sims 3. We all kind of saw that one coming though, since EA are surely too canny to blatantly tease Simmers with a popular returning feature only to pull the rug out. More unexpectedly, it seems that your Sims will soon be able to reject indoor life entirely by foraging for their meals, wild bathing, and sleeping out under the stars. All fun and games until they run afoul of one of several new and interesting ailments being introduced in the pack; fortunately, treating said ailments with traditional remedies also seems to have a big role to play as part of the new Apothecary... crafting type? Skill? Career? We'll surely find out more in that gameplay trailer, due out later this month. All of this takes place the new world of Innisgreen, which is partially inspired by Ireland, but only if you squint through a heavy layer of folklore and fantasy theming. It's definitely more Hobbiton than 21st century hometown for the most part, unless our Irish cousins have started living in whimsical treehouses and neglected to tell us; although one neighbourhood does seem to be based on the more down-to-earth setting of Cobh, County Cork — home of the famous "Deck of Cards" painted houses. To see this content please enable targeting cookies. Enchanted by Nature is part of a larger nature-themed season for The Sims 4. Though the expansion itself doesn’t arrive until July 10, the limited-time event, Nature’s Calling, kicks off June 24 to set the scene for what’s to come. Then, on July 1, the game’s next update will arrive, bringing with it more nature-themed skins and other customisation options. This is all part of The Sims 4’s June-August roadmap, which developer Maxis outlined just last week. The roadmap also revealed another major update is scheduled for August 19, itself adding even more customisation options to the game. Next up, of course, is the proper Enchanted by Nature gameplay reveal, which takes place just two weeks from now, on Thursday, June 26.

Daniel Pearson , CEO, KnownHostJune 12, 20253 Min ReadBusiness success concept. Cubes with arrows and target on the top.Cyber incidents are expected to cost the US $639 billion in 2025. According to the latest estimates, this dynamic will continue to rise, reaching approximately 1.82 trillion US dollars in cybercrime costs by 2028. These figures highlight the crucial importance of strong cybersecurity strategies, which businesses must build to reduce the likelihood of risks. As technology evolves at a dramatic pace, businesses are increasingly dependent on utilizing digital infrastructure, exposing themselves to threats such as ransomware, accidental data loss, and corruption.  Despite the 3-2-1 backup rule being invented in 2009, this strategy has stayed relevant for businesses over the years, ensuring that the loss of data is minimized under threat, and will be a crucial method in the upcoming years to prevent major data loss.   What Is the 3-2-1 Backup Rule? The 3-2-1 backup rule is a popular backup strategy that ensures resilience against data loss. The setup consists of keeping your original data and two backups.  The data also needs to be stored in two different locations, such as the cloud or a local drive.  The one in the 3-2-1 backup rule represents storing a copy of your data off site, and this completes the setup.  This setup has been considered a gold standard in IT security, as it minimizes points of failure and increases the chance of successful data recovery in the event of a cyber-attack.  Related:Why Is This Rule Relevant in the Modern Cyber Threat Landscape? Statistics show that in 2024, 80% of companies have seen an increase in the frequency of cloud attacks.  Although many businesses assume that storing data in the cloud is enough, it is certainly not failsafe, and businesses are in bigger danger than ever due to the vast development of technology and AI capabilities attackers can manipulate and use.  As the cloud infrastructure has seen a similar speed of growth, cyber criminals are actively targeting these, leaving businesses with no clear recovery option. Therefore, more than ever, businesses need to invest in immutable backup solutions.  Common Backup Mistakes Businesses Make A common misstep is keeping all backups on the same physical network. If malware gets in, it can quickly spread and encrypt both the primary data and the backups, wiping out everything in one go. Another issue is the lack of offline or air-gapped backups. Many businesses rely entirely on cloud-based or on-premises storage that's always connected, which means their recovery options could be compromised during an attack. Related:Finally, one of the most overlooked yet crucial steps is testing backup restoration. A backup is only useful if it can actually be restored. Too often, companies skip regular testing. This can lead to a harsh reality check when they discover, too late, that their backup data is either corrupted or completely inaccessible after a breach. How to Implement the 3-2-1 Backup Rule? To successfully implement the 3-2-1 backup strategy as part of a robust cybersecurity framework, organizations should start by diversifying their storage methods. A resilient approach typically includes a mix of local storage, cloud-based solutions, and physical media such as external hard drives.  From there, it's essential to incorporate technologies that support write-once, read-many functionalities. This means backups cannot be modified or deleted, even by administrators, providing an extra layer of protection against threats. To further enhance resilience, organizations should make use of automation and AI-driven tools. These technologies can offer real-time monitoring, detect anomalies, and apply predictive analytics to maintain the integrity of backup data and flag any unusual activity or failures in the process. Lastly, it's crucial to ensure your backup strategy aligns with relevant regulatory requirements, such as GDPR in the UK or CCPA in the US. Compliance not only mitigates legal risk but also reinforces your commitment to data protection and operational continuity. Related:By blending the time-tested 3-2-1 rule with modern advances like immutable storage and intelligent monitoring, organizations can build a highly resilient backup architecture that strengthens their overall cybersecurity posture. About the AuthorDaniel Pearson CEO, KnownHostDaniel Pearson is the CEO of KnownHost, a managed web hosting service provider. Pearson also serves as a dedicated board member and supporter of the AlmaLinux OS Foundation, a non-profit organization focused on advancing the AlmaLinux OS -- an open-source operating system derived from RHEL. His passion for technology extends beyond his professional endeavors, as he actively promotes digital literacy and empowerment. Pearson's entrepreneurial drive and extensive industry knowledge have solidified his reputation as a respected figure in the tech community. See more from Daniel Pearson ReportsMore ReportsNever Miss a Beat: Get a snapshot of the issues affecting the IT industry straight to your inbox.SIGN-UPYou May Also Like

Jun 16, 2025Ravie LakshmananMalware / DevOps Cybersecurity researchers have discovered a malicious package on the Python Package Index (PyPI) repository that's capable of harvesting sensitive developer-related information, such as credentials, configuration data, and environment variables, among others. The package, named chimera-sandbox-extensions, attracted 143 downloads and likely targets users of a service called Chimera Sandbox, which was released by Singaporean tech company Grab last August to facilitate "experimentation and development of [machine learning] solutions." The package masquerades as a helper module for Chimera Sandbox, but "aims to steal credentials and other sensitive information such as Jamf configuration, CI/CD environment variables, AWS tokens, and more," JFrog security researcher Guy Korolevski said in a report published last week. Once installed, it attempts to connect to an external domain whose domain name is generated using a domain generation algorithm (DGA) in order to download and execute a next-stage payload. Specifically, the malware acquires from the domain an authentication token, which is then used to send a request to the same domain and retrieve the Python-based information stealer. The stealer malware is equipped to siphon a wide range of data from infected machines. This includes - JAMF receipts, which are records of software packages installed by Jamf Pro on managed computers Pod sandbox environment authentication tokens and git information CI/CD information from environment variables Zscaler host configuration Amazon Web Services account information and tokens Public IP address General platform, user, and host information The kind of data gathered by the malware shows that it's mainly geared towards corporate and cloud infrastructure. In addition, the extraction of JAMF receipts indicates that it's also capable of targeting Apple macOS systems. The collected information is sent via a POST request back to the same domain, after which the server assesses if the machine is a worthy target for further exploitation. However, JFrog said it was unable to obtain the payload at the time of analysis. "The targeted approach employed by this malware, along with the complexity of its multi-stage targeted payload, distinguishes it from the more generic open-source malware threats we have encountered thus far, highlighting the advancements that malicious packages have made recently," Jonathan Sar Shalom, director of threat research at JFrog Security Research team, said. "This new sophistication of malware underscores why development teams remain vigilant with updates—alongside proactive security research – to defend against emerging threats and maintain software integrity." The disclosure comes as SafeDep and Veracode detailed a number of malware-laced npm packages that are designed to execute remote code and download additional payloads. The packages in question are listed below - eslint-config-airbnb-compat (676 Downloads) ts-runtime-compat-check (1,588 Downloads) solders (983 Downloads) @mediawave/lib (386 Downloads) All the identified npm packages have since been taken down from npm, but not before they were downloaded hundreds of times from the package registry. SafeDep's analysis of eslint-config-airbnb-compat found that the JavaScript library has ts-runtime-compat-check listed as a dependency, which, in turn, contacts an external server defined in the former package ("proxy.eslint-proxy[.]site") to retrieve and execute a Base64-encoded string. The exact nature of the payload is unknown. "It implements a multi-stage remote code execution attack using a transitive dependency to hide the malicious code," SafeDep researcher Kunal Singh said. Solders, on the other hand, has been found to incorporate a post-install script in its package.json, causing the malicious code to be automatically executed as soon as the package is installed. "At first glance, it's hard to believe that this is actually valid JavaScript," the Veracode Threat Research team said. "It looks like a seemingly random collection of Japanese symbols. It turns out that this particular obfuscation scheme uses the Unicode characters as variable names and a sophisticated chain of dynamic code generation to work." Decoding the script reveals an extra layer of obfuscation, unpacking which reveals its main function: Check if the compromised machine is Windows, and if so, run a PowerShell command to retrieve a next-stage payload from a remote server ("firewall[.]tel"). This second-stage PowerShell script, also obscured, is designed to fetch a Windows batch script from another domain ("cdn.audiowave[.]org") and configures a Windows Defender Antivirus exclusion list to avoid detection. The batch script then paves the way for the execution of a .NET DLL that reaches out to a PNG image hosted on ImgBB ("i.ibb[.]co"). "[The DLL] is grabbing the last two pixels from this image and then looping through some data contained elsewhere in it," Veracode said. "It ultimately builds up in memory YET ANOTHER .NET DLL." Furthermore, the DLL is equipped to create task scheduler entries and features the ability to bypass user account control (UAC) using a combination of FodHelper.exe and programmatic identifiers (ProgIDs) to evade defenses and avoid triggering any security alerts to the user. The newly-downloaded DLL is Pulsar RAT, a "free, open-source Remote Administration Tool for Windows" and a variant of the Quasar RAT. "From a wall of Japanese characters to a RAT hidden within the pixels of a PNG file, the attacker went to extraordinary lengths to conceal their payload, nesting it a dozen layers deep to evade detection," Veracode said. "While the attacker's ultimate objective for deploying the Pulsar RAT remains unclear, the sheer complexity of this delivery mechanism is a powerful indicator of malicious intent." Crypto Malware in the Open-Source Supply Chain The findings also coincide with a report from Socket that identified credential stealers, cryptocurrency drainers, cryptojackers, and clippers as the main types of threats targeting the cryptocurrency and blockchain development ecosystem. Some of the examples of these packages include - express-dompurify and pumptoolforvolumeandcomment, which are capable of harvesting browser credentials and cryptocurrency wallet keys bs58js, which drains a victim's wallet and uses multi-hop transfers to obscure theft and frustrate forensic tracing. lsjglsjdv, asyncaiosignal, and raydium-sdk-liquidity-init, which functions as a clipper to monitor the system clipboard for cryptocurrency wallet strings and replace them with threat actor‑controlled addresses to reroute transactions to the attackers "As Web3 development converges with mainstream software engineering, the attack surface for blockchain-focused projects is expanding in both scale and complexity," Socket security researcher Kirill Boychenko said. "Financially motivated threat actors and state-sponsored groups are rapidly evolving their tactics to exploit systemic weaknesses in the software supply chain. These campaigns are iterative, persistent, and increasingly tailored to high-value targets." AI and Slopsquatting The rise of artificial intelligence (AI)-assisted coding, also called vibe coding, has unleashed another novel threat in the form of slopsquatting, where large language models (LLMs) can hallucinate non-existent but plausible package names that bad actors can weaponize to conduct supply chain attacks. Trend Micro, in a report last week, said it observed an unnamed advanced agent "confidently" cooking up a phantom Python package named starlette-reverse-proxy, only for the build process to crash with the error "module not found." However, should an adversary upload a package with the same name on the repository, it can have serious security consequences. Furthermore, the cybersecurity company noted that advanced coding agents and workflows such as Claude Code CLI, OpenAI Codex CLI, and Cursor AI with Model Context Protocol (MCP)-backed validation can help reduce, but not completely eliminate, the risk of slopsquatting. "When agents hallucinate dependencies or install unverified packages, they create an opportunity for slopsquatting attacks, in which malicious actors pre-register those same hallucinated names on public registries," security researcher Sean Park said. "While reasoning-enhanced agents can reduce the rate of phantom suggestions by approximately half, they do not eliminate them entirely. Even the vibe-coding workflow augmented with live MCP validations achieves the lowest rates of slip-through, but still misses edge cases." Found this article interesting? Follow us on Twitter  and LinkedIn to read more exclusive content we post. SHARE    