An attacker pushed a malicious version of the popular elementary-data package Python Package Index (PyPI) to steal sensitive ...

Open source software with more than 1 million monthly downloads was compromised after a threat actor exploited a ...

This was not a case of stolen credentials, but rather of vulnerability exploitation.

Hackers hijacked the npm account of the Axios package, a JavaScript HTTP client with 100M+ weekly downloads, to deliver remote access trojans to Linux, Windows, and macOS systems. One malicious ...

A widely used open-source PyPI package, elementary-data, was compromised in a targeted attack that inserted infostealer malware via a GitHub Actions vulnerability. The malicious update, version 0.23.3 ...

Claude Opus commit added malicious npm dependency in Feb 2026, enabling crypto theft and persistent RAT access.

AI-native applications are fundamentally different from traditional software: the AI model becomes the core, and everything else built around it is secondary. The result is a new class of software ...

A new report from ReversingLabs identified a new tactic by North Korean hackers: feeding malicious code to the AI systems ...

The new family of AI models can run on a smartphone, a Raspberry Pi, or a data centre, and is free to use commercially.

The open-source package elementary-data, with over a million downloads per month, has been compromised. Attackers exploited a vulnerability in a GitHub ...

CVE-2026-5760 (CVSS 9.8) exposes SGLang via /v1/rerank endpoint, enabling RCE through malicious GGUF models, risking server ...