Decrypt

Hackers Insert Malware Into Mistral AI Software Download

Microsoft Threat Intelligence said attackers placed malicious code inside a Mistral AI download distributed through a Python ...

Shai Hulud attack ships signed malicious TanStack, Mistral npm packages

Hundreds of packages across npm and PyPI have been compromised in a new Shai-Hulud supply-chain campaign delivering ...
InfoWorld

Malicious Hugging Face model masquerading as OpenAI release hits 244K downloads

The repository reached the #1 trending position on Hugging Face within 18 hours, highlighting how public AI repositories are ...

Protect your enterprise now from the Shai-Hulud worm and npm vulnerability in 6 actionable steps

TanStack had 2FA, OIDC publishing, and Sigstore provenance on every release. The Mini Shai-Hulud worm published 84 malicious ...
Neowin

Windows Package Manager 1.2 now live with improved ARM64 support0 0

Now, Windows Package Manager has reached version 1.2 with a bunch of improvements in tow. For starters, there is better support for ARM64 devices such as the Surface Pro X. Essentially, winget will ...
Morning Overview on MSN

A supply chain attack called 'Mini Shai-Hulud' poisoned official SAP packages and stole developer credentials through AI coding agent configs

On April 29, 2026, someone hijacked four widely used SAP packages on the npm registry, slipped credential-stealing malware ...