ZiChatBot malware spread via 3 PyPI packages in July 2025 uses Zulip APIs as C2, enabling stealthy attacks across systems ...

Microsoft flagged a Mistral AI hack as a supply-chain attack that hid malware in a fake AI library on PyPI. Here's what ...

TanStack had 2FA, OIDC publishing, and Sigstore provenance on every release. The Mini Shai-Hulud worm published 84 malicious ...

Hundreds of packages across npm and PyPI have been compromised in a new Shai-Hulud supply-chain campaign delivering ...

Open source software with more than 1 million monthly downloads was compromised after a threat actor exploited a vulnerability in the developers’ account workflow that gave access to its signing keys ...

The repository reached the #1 trending position on Hugging Face within 18 hours, highlighting how public AI repositories are ...

Mini Shai-Hulud hit 2 OpenAI devices via TanStack, exposing limited credentials and forcing macOS certificate updates by June ...

Quasar Linux (QLNX) is not an operating system, but a supply chain attack tool that is difficult to detect and remove.

While previous assessments categorized AI-assisted cyberattacks as experimental, current data suggests generative AI is now a mature, industrialized component of offensive operations.

Google's GTIG identified the first zero-day exploit developed with AI and stopped a mass exploitation event. The report documents state actors using AI for vulnerability research and autonomous ...

On April 30, two releases of one of the most popular machine learning libraries on the Python Package Index were caught ...

Google says attackers are using AI for zero-day research, malware development, reconnaissance, and access to premium AI tools ...