An attacker pushed a malicious version of the popular elementary-data package Python Package Index (PyPI) to steal sensitive developer data and cryptocurrency wallets. The dangerous release is 0.23.3, ...

CRPx0 is a complex, stealthy malware campaign that targets macOS and Windows systems, and appears to have Linux capabilities in development.

Attackers compromised the official Mistral AI Python package on PyPI along with hundreds of other widely-used developer packages, exposing GitHub tokens, cloud credentials, and password vaults across ...

The world’s largest open-source registry, node package manager (npm), has been hit by another fast-moving malware attack, ...

GitHub CISO Alexis Wales confirmed Thursday that a poisoned build of the Nx Console Visual Studio Code extension — live on ...

Fake OpenAI Privacy Filter repo hits #1 on Hugging Face with 244K downloads deploying Sefirah infostealer malware.

Open source software with more than 1 million monthly downloads was compromised after a threat actor exploited a vulnerability in the developers’ account workflow that gave access to its signing keys ...

A Virginia software contractor deleted nearly 100 US government databases within minutes of being fired, with his twin ...

At a Hamburg tech summit, a hacker in a Pink Power Ranger costume launched a digital scorched-earth campaign against white supremacist platforms. YouTube Screenshot / Martha Root While the biggest ...

Sometime around the last week of May 2026, attackers uploaded poisoned packages to three of the most widely used software ...

TanStack had 2FA, OIDC publishing, and Sigstore provenance on every release. The Mini Shai-Hulud worm published 84 malicious versions anyway. The CI/CD Trust-Chain Audit Grid maps the six gaps it ...

Microsoft says attackers compromised the mistralai PyPI package with malware that executed on import, while researchers link ...