Hugging Face hosts 352,000 unsafe model issues. ClawHub's registry contains 341 malicious AI agent skills. The AI supply chain is now the most attractive target in software security.
The PCPJack worm targets cloud environments and vulnerable web applications to remove TeamPCP infections and steal ...
Named PCPJack, the framework was discovered on April 28 by a hunting rule on Google's VirusTotal malware scanning service ...
A new malware framework called PCPJack is stealing credentials from exposed cloud infrastructure while actively removing ...
ZiChatBot malware spread via 3 PyPI packages in July 2025 uses Zulip APIs as C2, enabling stealthy attacks across systems ...
Threat actors are targeting macOS users with fake utility fixes that trick them into running malicious Terminal commands.
A previously undocumented .NET trojan and its companion Pheno plugin allow attackers to capture mobile authentication codes ...
Morning Overview on MSN
PyTorch Lightning versions 2.6.2 and 2.6.3 were compromised on April 30 — check your installs
On April 30, 2026, someone slipped credential-stealing malware into two freshly published versions of PyTorch Lightning, one ...
Malicious Lightning 2.6.2/2.6.3 released April 30 enable credential theft via hidden payload, leading to PyPI quarantine and ...
Publicly released exploit code for an effectively unpatched vulnerability that gives root access to virtually all releases of ...
A stealthy Python-based backdoor framework capable of long-term surveillance and credential theft has been identified ...
Multiple official SAP npm packages were compromised in what is believed to be a TeamPCP supply-chain attack to steal ...
Some results have been hidden because they may be inaccessible to you
Show inaccessible results