Malicious Lightning 2.6.2/2.6.3 released April 30 enable credential theft via hidden payload, leading to PyPI quarantine and ...

TeamPCP’s Mini Shai-Hulud campaign used hijacked GitHub OIDC tokens to spread a credential-stealing worm through TanStack npm ...

Over 170 TanStack, Mistral AI, OpenSearch, UiPath, and other packages were affected in a new Mini Shai-Hulud supply chain ...

Hugging Face hosts 352,000 unsafe model issues. ClawHub's registry contains 341 malicious AI agent skills. The AI supply chain is now the most attractive target in software security.

A single line of Python code was all it took. Developers who ran import lightning after installing versions 2.6.2 or 2.6.3 of ...

Several npm packages for SAP's cloud application development ecosystem have been compromised as TeamPCP's supply chain ...

Attackers compromised the official Mistral AI Python package on PyPI along with hundreds of other widely-used developer packages, exposing GitHub tokens, cloud credentials, and password vaults across ...

On April 30, two releases of one of the most popular machine learning libraries on the Python Package Index were caught ...

Adithya S Kolavi has worked at Apple, collaborated with Microsoft Research, received funding from Meta, and runs a research ...

Christian Louboutin presents its Fall 2026 collection, featuring women's footwear and bags inspired by nature and men's designs by Jaden Smith.

ProgramBench tests SWE agents' ability to develop complete software projects holistically from scratch. Claude Opus 4.7, Gemini 3.1 Pro, GPT 5.4 and others score 0% on the new benchmark developed by ...

A new supply chain attack has hit the popular Python framework PyTorch Lightning. The attack allowed hackers to publish ...