Researchers have uncovered a supply-chain attack that hides in Python packages, propagates like a worm, and tricks LLM-based ...

CISA added CVE-2026-42271, a high-severity LiteLLM command injection flaw, to its KEV catalog after evidence of active ...

2026年6月5日、MicrosoftのGitHubリポジトリ73件が、GitHubの不正利用対策システムによって無効化されました。これらのリポジトリは、開発者がAIコーディングツールでパッケージを開いた際に認証情報を盗むマルウェアに侵害されていたと ...

With over 2.2 billion installs, the flawed Python package offers attackers a huge blast radius, including silent access to ...

GlassWorm poisoned 300 GitHub repositories since 2025, enabling supply chain attacks against developers and organizations.

A flaw in Hugging Face Transformers could allow malicious AI models to execute code, exposing credentials and highlighting AI ...

GitHub disabled 73 Microsoft repositories on June 5 after a malicious commit landed in an Azure project, in what researchers described as a supply chain attack aimed at developer workstations and AI ...

Microsoft has had a VS Code extension for a long time, and it finally came back to bite them.

Dozens of cryptographically verified open source packages from Microsoft were compromised late last week to add advanced credential-stealing code that was triggered when developers opened them in AI ...

CrowdStrike, Google, and the Shadowserver Foundation dismantled the GlassWorm malware operation, but experts say the broader ...

For more than a year, a self-propagating worm rode VS Code extensions, npm packages, and stolen developer credentials through ...

A frightening discovery as a large python is found inside a home, sparking safety concerns ...