Microsoft flagged a Mistral AI hack as a supply-chain attack that hid malware in a fake AI library on PyPI. Here's what ...

Microsoft Threat Intelligence said attackers placed malicious code inside a Mistral AI download distributed through a Python ...

TanStack had 2FA, OIDC publishing, and Sigstore provenance on every release. The Mini Shai-Hulud worm published 84 malicious ...

Attackers compromised the official Mistral AI Python package on PyPI along with hundreds of other widely-used developer ...

Over 170 TanStack, Mistral AI, OpenSearch, UiPath, and other packages were affected in a new Mini Shai-Hulud supply chain ...

ZiChatBot malware spread via 3 PyPI packages in July 2025 uses Zulip APIs as C2, enabling stealthy attacks across systems ...

AI developer cloud company Runpod has announced Flash, an open source Python software development kit (SDK) designed to remove the “infrastructure A new SDK from Runpod removes infrastructure ...

Over 1,800 developers were likely infected in the Mini Shai-Hulud supply chain attack that hit SAP, Lightning, and Intercom ...

TL;DR Two malicious versions of the popular PyTorch Lightning package have been uploaded to PyPI following the publisher account’s compromise. Lightning versions 2.6.2 and 2.6.3 (tracked as ...

This was not a case of stolen credentials, but rather of vulnerability exploitation.

The PyPI GUI Package Manager is a simple and user-friendly graphical interface for managing Python packages from the Python Package Index (PyPI). It provides an intuitive way to search for packages, ...