The exploit code was almost too neat. When Google’s Threat Intelligence Group flagged a previously unknown software ...

ReliaQuest observed attackers pairing ClickFix with the PySoxy proxy tool to establish redundant encrypted access paths and ...

TanStack had 2FA, OIDC publishing, and Sigstore provenance on every release. The Mini Shai-Hulud worm published 84 malicious ...

According to @DeepLearningAI, researchers introduced SWE-smith, a pipeline that automatically builds realistic training data to fine-tune software engineering agents, highlighting a tooling advance in ...

Over 170 TanStack, Mistral AI, OpenSearch, UiPath, and other packages were affected in a new Mini Shai-Hulud supply chain ...

Google says attackers are using AI for zero-day research, malware development, reconnaissance, and access to premium AI tools ...

Popular GitHub repos like Microsoft’s “Generative AI for Beginners” and “LLMs from Scratch” teach modern AI concepts step by ...

Security researchers have uncovered covert infostealer malware hidden in one of the top-ranking repositories on Hugging Face, ...

The repository reached the #1 trending position on Hugging Face within 18 hours, highlighting how public AI repositories are ...

Fake OpenAI Privacy Filter hit #1 on Hugging Face with 244,000 downloads, spreading infostealer malware to Windows users.

A malicious repository on Hugging Face impersonated OpenAI’s “Privacy Filter” project and briefly reached the platform’s top trending position before removal ...

A malicious Hugging Face repository that reached the platform's trending list impersonated OpenAI's "Privacy Filter" project ...