Companies are treating these repositories like content delivery networks - now the Linux Foundation and colleagues are saying ...

New research exposes how prompt injection in AI agent frameworks can lead to remote code execution. Learn how these ...

Google says attackers are using AI for zero-day research, malware development, reconnaissance, and access to premium AI tools ...

Fake OpenAI Privacy Filter hit #1 on Hugging Face with 244,000 downloads, spreading infostealer malware to Windows users.

Malicious Lightning 2.6.2/2.6.3 released April 30 enable credential theft via hidden payload, leading to PyPI quarantine and ...

Attackers compromised the official Mistral AI Python package on PyPI along with hundreds of other widely-used developer packages, exposing GitHub tokens, cloud credentials, and password vaults across ...

Hugging Face hosts 352,000 unsafe model issues. ClawHub's registry contains 341 malicious AI agent skills. The AI supply chain is now the most attractive target in software security.

With model devs pushing more aggressive rate limits, raising prices, or even abandoning subscriptions for usage-based pricing ...

Stop throwing money at GPUs for unoptimized models; using smart shortcuts like fine-tuning and quantization can slash your ...

In March 2026, someone hijacked a maintainer account for Axios, a JavaScript HTTP library downloaded more than 45 million ...

ESET researchers have investigated an ongoing attack by the ScarCruft APT group that targets the Yanbian region via ...

A single line of Python code was all it took. Developers who ran import lightning after installing versions 2.6.2 or 2.6.3 of ...