Four AI supply-chain attacks in 50 days exposed the release pipeline red teams aren't covering

Four supply-chain attacks hit OpenAI, Anthropic, and Meta in 50 days — none inside the model. A 7-row matrix maps what AI ...
Memeburn

Microsoft Flagged Mistral AI Hack in PyPI Malware Supply Attack

Microsoft flagged a Mistral AI hack as a supply-chain attack that hid malware in a fake AI library on PyPI. Here's what ...
Decrypt

Hackers Insert Malware Into Mistral AI Software Download

Microsoft Threat Intelligence said attackers placed malicious code inside a Mistral AI download distributed through a Python ...

Protect your enterprise now from the Shai-Hulud worm and npm vulnerability in 6 actionable steps

TanStack had 2FA, OIDC publishing, and Sigstore provenance on every release. The Mini Shai-Hulud worm published 84 malicious ...
Cryptopolitan

Mistral AI and TanStack hit in supply chain attack with SLSA-attested malware

Attackers compromised the official Mistral AI Python package on PyPI along with hundreds of other widely-used developer packages, exposing GitHub tokens, ...

Google Detects First AI-Developed Zero-Day Exploit Used by Threat Actors

While previous assessments categorized AI-assisted cyberattacks as experimental, current data suggests generative AI is now a mature, industrialized component of offensive operations.

Shai Hulud attack ships signed malicious TanStack, Mistral npm packages

Hundreds of packages across npm and PyPI have been compromised in a new Shai-Hulud supply-chain campaign delivering ...
SecurityWeek

TanStack, Mistral AI, UiPath Hit in Fresh Supply Chain Attack

Over 170 TanStack, Mistral AI, OpenSearch, UiPath, and other packages were affected in a new Mini Shai-Hulud supply chain ...
GitHub

Official Python3 API connector for Bybit's HTTP and WebSockets APIs.

Put simply, pybit (Python + Bybit) is the official lightweight one-stop-shop module for the Bybit HTTP and WebSocket APIs. Originally created by Verata Veritatis, it's now maintained by Bybit ...
The Hacker News

Mini Shai-Hulud Worm Compromises TanStack, Mistral AI, Guardrails AI & More Packages

TeamPCP’s Mini Shai-Hulud campaign used hijacked GitHub OIDC tokens to spread a credential-stealing worm through TanStack npm ...
GitHub

PySR: High-Performance Symbolic Regression in Python and Julia

PySR is an open-source tool for Symbolic Regression: a machine learning task where the goal is to find an interpretable symbolic expression that optimizes some objective. Over a period of several ...