A fake repo impersonating the OpenAI Privacy Filter model racked up 244,000 downloads in under 18 hours before Hugging Face ...

TanStack had 2FA, OIDC publishing, and Sigstore provenance on every release. The Mini Shai-Hulud worm published 84 malicious ...

Fake OpenAI Privacy Filter hit #1 on Hugging Face with 244,000 downloads, spreading infostealer malware to Windows users.

Web scraping is a process that extracts massive amounts of data from websites automatically, with a scraper collecting thousands of data points in a matter of seconds. It grabs the Hypertext Markup ...

Malicious Lightning 2.6.2/2.6.3 released April 30 enable credential theft via hidden payload, leading to PyPI quarantine and ...

The terminal is fine. But if you actually want to live in your Hermes agent, here are the four best GUIs the community has ...

Focus on the code, not the side work.

Four npm packages linked to SAP's Cloud Application Programming Model were hijacked. The hackers added code that steals ...

On April 29, 2026, someone slipped malicious code into four widely used SAP software packages. Within days, the infection had ...

A malicious npm dependency slipped into an AI-assisted crypto trading project has exposed how automated coding tools can be manipulated into importing software that steals credentials, wallet data and ...

Malicious code inserted into four SAP-related npm packages exposed developer workstations and automated build systems to credential theft, marking a sharp escalation in attacks against open-source ...

Fusion Studio adds Krokodove effects, OGraf and Lottie support, USD updates, deep image tools, and Windows ARM64 support.