Microsoft flagged a Mistral AI hack as a supply-chain attack that hid malware in a fake AI library on PyPI. Here's what ...
ZiChatBot malware spread via 3 PyPI packages in July 2025 uses Zulip APIs as C2, enabling stealthy attacks across systems ...
A malicious version of the PyTorch Lightning package published on the Python Package Index (PyPI) delivers a ...
TanStack had 2FA, OIDC publishing, and Sigstore provenance on every release. The Mini Shai-Hulud worm published 84 malicious ...
Cryptopolitan on MSN
Mistral AI and TanStack hit in supply chain attack with SLSA-attested malware
Attackers compromised the official Mistral AI Python package on PyPI along with hundreds of other widely-used developer packages, exposing GitHub tokens, cloud credentials, and password vaults across ...
Hundreds of packages across npm and PyPI have been compromised in a new Shai-Hulud supply-chain campaign delivering ...
Microsoft Threat Intelligence said attackers placed malicious code inside a Mistral AI download distributed through a Python ...
Mini Shai-Hulud hit 2 OpenAI devices via TanStack, exposing limited credentials and forcing macOS certificate updates by June ...
The popular Python package for monitoring data quality was briefly available as a malicious version. Provider Elementary ...
18don MSN
Top open source PyPI package with over 1 million downloads each month hacked to send out malware
This was not a case of stolen credentials, but rather of vulnerability exploitation.
Morning Overview on MSN
Hackers poisoned the PyTorch Lightning AI package and it started stealing credentials the moment you imported it
A single line of Python code was all it took. Developers who ran import lightning after installing versions 2.6.2 or 2.6.3 of ...
The repository reached the #1 trending position on Hugging Face within 18 hours, highlighting how public AI repositories are ...
Some results have been hidden because they may be inaccessible to you
Show inaccessible results