ZiChatBot malware spread via 3 PyPI packages in July 2025 uses Zulip APIs as C2, enabling stealthy attacks across systems ...

Malicious Lightning 2.6.2/2.6.3 released April 30 enable credential theft via hidden payload, leading to PyPI quarantine and ...

A malicious version of the PyTorch Lightning package published on the Python Package Index (PyPI) delivers a ...

An attacker pushed a malicious version of the popular elementary-data package Python Package Index (PyPI) to steal sensitive developer data and cryptocurrency wallets. The dangerous release is 0.23.3, ...

The repository reached the #1 trending position on Hugging Face within 18 hours, highlighting how public AI repositories are ...

This was not a case of stolen credentials, but rather of vulnerability exploitation.

The popular Python package for monitoring data quality was briefly available as a malicious version. Provider Elementary ...

Criminal hackers have used artificial intelligence to develop a working zero-day exploit, the first confirmed case of its ...

A widely used open-source PyPI package, elementary-data, was compromised in a targeted attack that inserted infostealer malware via a GitHub Actions vulnerability. The malicious update, version 0.23.3 ...

Quasar Linux (QLNX) is not an operating system, but a supply chain attack tool that is difficult to detect and remove.

Open source software with more than 1 million monthly downloads was compromised after a threat actor exploited a ...

Runpod, the AI developer cloud, today announced the general availability of Runpod Flash, an open-source Python SDK that removes the infrastructure overhead between writing AI code and running it in ...