Over 170 TanStack, Mistral AI, OpenSearch, UiPath, and other packages were affected in a new Mini Shai-Hulud supply chain ...

Hundreds of packages across npm and PyPI have been compromised in a new Shai-Hulud supply-chain campaign delivering ...

On April 29, 2026, someone hijacked four widely used SAP packages on the npm registry, slipped credential-stealing malware ...

Attackers compromised the official Mistral AI Python package on PyPI along with hundreds of other widely-used developer packages, exposing GitHub tokens, cloud credentials, and password vaults across ...

Hugging Face hosts 352,000 unsafe model issues. ClawHub's registry contains 341 malicious AI agent skills. The AI supply chain is now the most attractive target in software security.

By putting the weights of a highly capable, 33B-parameter agentic model in the hands of researchers and startups, Poolside is positioning itself as a cornerstone of the open-AI ecosystem.

On April 30, two releases of one of the most popular machine learning libraries on the Python Package Index were caught ...

WebFX reports that DeepSeek, an AI LLM, enhances marketing tasks, proving effective in content creation, customer support, ...

Multi-die assemblies are facing full system-level challenges, but engineering teams need coordinated and repeatable ways to ...

Google has patched an Android ADB bug in the May security patch set. If you have a Pixel phone you should already have the patches, and most other major manufacturers should be close behind.

Hulud payload to steal CI/CD secrets from Linux-based automation environments. The malware executes during npm install and ...

The attacks are part of a wider campaign known as Mini Shai-Hulud, which has already compromised several open source projects ...