TrapDoor spread 34 malicious packages across npm, PyPI, and Crates.io, stealing developer credentials and enabling persistence.

Fake OpenAI Privacy Filter hit #1 on Hugging Face with 244,000 downloads, spreading infostealer malware to Windows users.

Attackers are increasingly abusing Microsoft’s legacy MSHTA utility to silently deliver malware, stealers, and persistent ...

Storm-2949 turned stolen credentials into a cloud-wide breach, moving from identity compromise to large-scale data theft ...

A threat actor targeting Microsoft 365 and Azure production environments is stealing data in attacks that abuse legitimate ...

GitHub confirmed attackers stole 3,800 internal repositories via a poisoned VS Code extension. The same threat group, TeamPCP ...

The repository reached the #1 trending position on Hugging Face within 18 hours, highlighting how public AI repositories are ...

Google says attackers are using AI for zero-day research, malware development, reconnaissance, and access to premium AI tools ...

Open source software with more than 1 million monthly downloads was compromised after a threat actor exploited a vulnerability in the developers’ account workflow that gave access to its signing keys ...

May the best coding AI win!

Security researchers have uncovered covert infostealer malware hidden in one of the top-ranking repositories on Hugging Face, ...

Stolen credentials produced valid Sigstore certificates, clearing 633 malicious npm packages — one of seven developer tool ...