Microsoft Threat Intelligence said attackers placed malicious code inside a Mistral AI download distributed through a Python ...

In early May, the JDownloader website delivered malware. This is reminiscent of Daemon Tools, which have since reacted.

The Shai-Hulud supply-chain malware campaign is exploiting the automated systems developers trust to publish software safely.

The repository reached the #1 trending position on Hugging Face within 18 hours, highlighting how public AI repositories are ...

Storm-2949 turned stolen credentials into a cloud-wide breach, moving from identity compromise to large-scale data theft ...

A legacy Windows scripting utility tied to Internet Explorer is still being used in modern malware campaigns, researchers say ...

Hugging Face hosts 352,000 unsafe model issues. ClawHub's registry contains 341 malicious AI agent skills. The AI supply chain is now the most attractive target in software security.

Fake OpenAI Privacy Filter hit #1 on Hugging Face with 244,000 downloads, spreading infostealer malware to Windows users.

Etchie builds AI tools to improve students learning of software engineering In the evolving world of software development, ...

OX Security confirmed arbitrary command execution on six live platforms and estimates 200,000 MCP servers are exposed. Here's how to audit your deployments.

TeamPCP’s Mini Shai-Hulud campaign used hijacked GitHub OIDC tokens to spread a credential-stealing worm through TanStack npm ...

A North Korean APT has crafted malicious software packages to appeal to AI coding agents, while ‘slopsquatting’ shows the security risks of hallucinated dependencies.