Popular JavaScript modules including size-sensor and echarts-for-react hit as hijacked account closed GitHub warnings ...
A new report out today from cybersecurity company Forcepoint LLC’s X-Labs research team details a supply chain attack that ...
An attacker pushed a malicious version of the popular elementary-data package Python Package Index (PyPI) to steal sensitive developer data and cryptocurrency wallets. The dangerous release is 0.23.3, ...
Cryptopolitan on MSN
Mistral AI and TanStack hit in supply chain attack with SLSA-attested malware
Attackers compromised the official Mistral AI Python package on PyPI along with hundreds of other widely-used developer packages, exposing GitHub tokens, cloud credentials, and password vaults across ...
TeamPCP’s Mini Shai-Hulud campaign used hijacked GitHub OIDC tokens to spread a credential-stealing worm through TanStack npm ...
Hundreds of packages across npm and PyPI have been compromised in a new Shai-Hulud supply-chain campaign delivering ...
TanStack had 2FA, OIDC publishing, and Sigstore provenance on every release. The Mini Shai-Hulud worm published 84 malicious ...
Microsoft flagged a Mistral AI hack as a supply-chain attack that hid malware in a fake AI library on PyPI. Here's what ...
An attacker poisoned 84 TanStack npm versions across 42 packages, stealing GitHub OIDC tokens and cloud keys while planting a ...
Open source software with more than 1 million monthly downloads was compromised after a threat actor exploited a vulnerability in the developers’ account workflow that gave access to its signing keys ...
The CEMU development team has made an urgent security announcement, revealing that compromised files had been spread via its ...
21don MSN
Top open source PyPI package with over 1 million downloads each month hacked to send out malware
This was not a case of stolen credentials, but rather of vulnerability exploitation.
Some results have been hidden because they may be inaccessible to you
Show inaccessible results