Open source software with more than 1 million monthly downloads was compromised after a threat actor exploited a vulnerability in the developers’ account workflow that gave access to its signing keys ...
TanStack had 2FA, OIDC publishing, and Sigstore provenance on every release. The Mini Shai-Hulud worm published 84 malicious ...
Microsoft flagged a Mistral AI hack as a supply-chain attack that hid malware in a fake AI library on PyPI. Here's what ...
Security researchers have uncovered covert infostealer malware hidden in one of the top-ranking repositories on Hugging Face, ...
Mini Shai-Hulud hit 2 OpenAI devices via TanStack, exposing limited credentials and forcing macOS certificate updates by June ...
The PCPJack worm targets cloud environments and vulnerable web applications to remove TeamPCP infections and steal ...
A North Korean APT has crafted malicious software packages to appeal to AI coding agents, while ‘slopsquatting’ shows the ...
A new malware framework called PCPJack is stealing credentials from exposed cloud infrastructure while actively removing ...
New research exposes how prompt injection in AI agent frameworks can lead to remote code execution. Learn how these ...
Cryptopolitan on MSN
Mistral AI and TanStack hit in supply chain attack with SLSA-attested malware
Attackers compromised the official Mistral AI Python package on PyPI along with hundreds of other widely-used developer packages, exposing GitHub tokens, cloud credentials, and password vaults across ...
The newly disclosed LPE, dubbed Copy Fail (CVE-2026-31431), comes from a vulnerability in the Linux kernel's authencesn ...
An attacker poisoned 84 TanStack npm versions across 42 packages, stealing GitHub OIDC tokens and cloud keys while planting a ...
Some results have been hidden because they may be inaccessible to you
Show inaccessible results