ZiChatBot malware spread via 3 PyPI packages in July 2025 uses Zulip APIs as C2, enabling stealthy attacks across systems ...

Malicious Lightning 2.6.2/2.6.3 released April 30 enable credential theft via hidden payload, leading to PyPI quarantine and ...

A malicious version of the PyTorch Lightning package published on the Python Package Index (PyPI) delivers a ...

An attacker pushed a malicious version of the popular elementary-data package Python Package Index (PyPI) to steal sensitive developer data and cryptocurrency wallets. The dangerous release is 0.23.3, ...

Criminal hackers have used artificial intelligence to develop a working zero-day exploit, the first confirmed case of its ...

The repository reached the #1 trending position on Hugging Face within 18 hours, highlighting how public AI repositories are ...

This was not a case of stolen credentials, but rather of vulnerability exploitation.

On April 30, 2026, someone slipped credential-stealing malware into two freshly published versions of PyTorch Lightning, one ...

The popular Python package for monitoring data quality was briefly available as a malicious version. Provider Elementary ...

Quasar Linux (QLNX) is not an operating system, but a supply chain attack tool that is difficult to detect and remove.

Over 1,800 developers were likely infected in the Mini Shai-Hulud supply chain attack that hit SAP, Lightning, and Intercom ...

Open source software with more than 1 million monthly downloads was compromised after a threat actor exploited a ...