TanStack had 2FA, OIDC publishing, and Sigstore provenance on every release. The Mini Shai-Hulud worm published 84 malicious ...

Hundreds of packages across npm and PyPI have been compromised in a new Shai-Hulud supply-chain campaign delivering ...

OpenAI says malware tied to the Shai-Hulud supply chain attack accessed internal repositories after infecting two employee ...

Microsoft Threat Intelligence said attackers placed malicious code inside a Mistral AI download distributed through a Python ...

Attackers compromised the official Mistral AI Python package on PyPI along with hundreds of other widely-used developer packages, exposing GitHub tokens, cloud credentials, and password vaults across ...

TeamPCP’s Mini Shai-Hulud campaign used hijacked GitHub OIDC tokens to spread a credential-stealing worm through TanStack npm ...

The repository reached the #1 trending position on Hugging Face within 18 hours, highlighting how public AI repositories are ...

Criminal hackers have used artificial intelligence to develop a working zero-day exploit, the first confirmed case of its ...

Microsoft says attackers compromised the mistralai PyPI package with malware that executed on import, while researchers link ...

While previous assessments categorized AI-assisted cyberattacks as experimental, current data suggests generative AI is now a mature, industrialized component of offensive operations.

Hugging Face hosts 352,000 unsafe model issues. ClawHub's registry contains 341 malicious AI agent skills. The AI supply chain is now the most attractive target in software security.

Google's GTIG identified the first zero-day exploit developed with AI and stopped a mass exploitation event. The report documents state actors using AI for vulnerability research and autonomous ...