Forcepoint details TeamPCP supply chain attack that turned LiteLLM into a credential stealer

A new report out today from cybersecurity company Forcepoint LLC’s X-Labs research team details a supply chain attack that ...
Memeburn

Microsoft Flagged Mistral AI Hack in PyPI Malware Supply Attack

Microsoft flagged a Mistral AI hack as a supply-chain attack that hid malware in a fake AI library on PyPI. Here's what ...
Decrypt

Hackers Insert Malware Into Mistral AI Software Download

Microsoft Threat Intelligence said attackers placed malicious code inside a Mistral AI download distributed through a Python ...

Protect your enterprise now from the Shai-Hulud worm and npm vulnerability in 6 actionable steps

TanStack had 2FA, OIDC publishing, and Sigstore provenance on every release. The Mini Shai-Hulud worm published 84 malicious ...
Cryptopolitan

Mistral AI and TanStack hit in supply chain attack with SLSA-attested malware

Attackers compromised the official Mistral AI Python package on PyPI along with hundreds of other widely-used developer packages, exposing GitHub tokens, ...
Morning Overview on MSN

Malicious open-source packages have surged 73% in 2026 as attackers poison the software supply chain

In March 2026, someone hijacked a maintainer account for Axios, a JavaScript HTTP library downloaded more than 45 million ...
Morning Overview on MSN

PyTorch Lightning versions 2.6.2 and 2.6.3 were compromised on April 30 — check your installs immediately

On April 30, two releases of one of the most popular machine learning libraries on the Python Package Index were caught ...
Ars Technica

Open source package with 1 million monthly downloads stole user credentials

Open source software with more than 1 million monthly downloads was compromised after a threat actor exploited a vulnerability in the developers’ account workflow that gave access to its signing keys ...
24/7 Wall St

The VIX Dips Below 19. Here’s What That Means for Your Portfolio.

The VIX fell below the 19 line to around 18.82, down 2% on the session, after plunging 28% over the past month as the S&P 500 and SPY hit all-time highs amid cooling fears. CoreWeave (CRWV) ...
The Progress-Index

What redistricting means for Tri-Cities congressional district lines

Virginia's congressional redistricting referendum passed by a narrow margin. The Fourth Congressional District will now include several new counties and cities. Rep. Jennifer McClellan expressed ...
The Conversation

‘Bouncing back’ is a myth – resilience means integrating hard experiences into your life story, not ignoring them

When Maria looked at herself in the mirror for the first time after her mastectomy, she stood very still. One hand rested on the bathroom counter. The other hovered near the flat space where her ...