Microsoft Threat Intelligence said attackers placed malicious code inside a Mistral AI download distributed through a Python ...

10 trillion downloads are crushing open-source repositories - here's what they're doing about it ...

New research exposes how prompt injection in AI agent frameworks can lead to remote code execution. Learn how these ...

Google says attackers are using AI for zero-day research, malware development, reconnaissance, and access to premium AI tools ...

Fake OpenAI Privacy Filter hit #1 on Hugging Face with 244,000 downloads, spreading infostealer malware to Windows users.

Hugging Face hosts 352,000 unsafe model issues. ClawHub's registry contains 341 malicious AI agent skills. The AI supply chain is now the most attractive target in software security.

Attackers compromised the official Mistral AI Python package on PyPI along with hundreds of other widely-used developer packages, exposing GitHub tokens, cloud credentials, and password vaults across ...

Stop throwing money at GPUs for unoptimized models; using smart shortcuts like fine-tuning and quantization can slash your ...

In March 2026, someone hijacked a maintainer account for Axios, a JavaScript HTTP library downloaded more than 45 million ...

The website for the popular JDownloader download manager was compromised earlier this week to distribute malicious Windows ...

On Halloween 2018 a developer filed an issue in the GitHub repo for the VS Code Python extension, asking for the ability for users to "spin up multiple 'Python Interactive' windows." In August 2020, ...

TeamPCP’s Mini Shai-Hulud campaign used hijacked GitHub OIDC tokens to spread a credential-stealing worm through TanStack npm ...