With over 2.2 billion installs, the flawed Python package offers attackers a huge blast radius, including silent access to ...

Attackers compromised the official Mistral AI Python package on PyPI along with hundreds of other widely-used developer packages, exposing GitHub tokens, cloud credentials, and password vaults across ...

A new report out today from cybersecurity company Forcepoint LLC’s X-Labs research team details a supply chain attack that compromised LiteLLM, a widely used open-source Python ...

The popular Ultralytics YOLO11 AI model was compromised in a supply chain attack to deploy cryptominers on devices running versions 8.3.41 and 8.3.42 from the Python Package Index (PyPI) Ultralytics ...

Syed Quiser Ahmed is AVP, Global Head of Responsible AI at Infosys, a global leader in next-generation digital services and consulting. Between December 25 and 30, 2022, we ran pip install torchtriton ...

Attackers continue to create fake Python packages and use rudimentary obfuscation techniques in an attempt to infect developers' systems with the W4SP Stealer, a Trojan designed to steal ...

The Python Software Foundation team has invalidated all PyPI tokens stolen in the GhostAction supply chain attack in early September, confirming that the threat actors didn't abuse them to publish ...

Cisco’s open-source Model Provenance Kit helps organizations verify AI model origins, trace lineage, and reduce AI supply chain security risks. Organizations are rapidly adopting AI models, but many ...