Over 170 TanStack, Mistral AI, OpenSearch, UiPath, and other packages were affected in a new Mini Shai-Hulud supply chain ...

The new Hugging Face Reachy Mini App Store already hosts a library of over 200 community-built applications, and Reachy Mini ...

OpenAI said it found no evidence that user data was accessed after a supply-chain attack involving the TanStack npm library.

Threat actors are publishing RubyGems packages that include scrapers targeting public-facing UK government servers, but with ...

Hundreds of packages across npm and PyPI have been compromised in a new Shai-Hulud supply-chain campaign delivering ...

There's a certain comfort in selecting the most powerful model. When you're building an AI-powered product, it feels responsible (almost logical) to pick the most powerful model available. GPT-4o.

Cybersecurity researchers are sounding the alarm about a new supply chain attack campaign targeting SAP-related npm Packages ...

Hugging Face hosts 352,000 unsafe model issues. ClawHub's registry contains 341 malicious AI agent skills. The AI supply chain is now the most attractive target in software security.

On April 30, two releases of one of the most popular machine learning libraries on the Python Package Index were caught ...

Attackers compromised the official Mistral AI Python package on PyPI along with hundreds of other widely-used developer packages, exposing GitHub tokens, cloud credentials, and password vaults across ...

On April 29, 2026, someone hijacked four widely used SAP packages on the npm registry, slipped credential-stealing malware ...

By putting the weights of a highly capable, 33B-parameter agentic model in the hands of researchers and startups, Poolside is ...