InfoWorld

Meet Hades: The malware that lies to AI security agents

Researchers have uncovered a supply-chain attack that hides in Python packages, propagates like a worm, and tricks LLM-based ...
The Hacker News

TrapDoor Supply Chain Attack Spreads Credential-Stealing Malware via npm, PyPI, and CratesIO

TrapDoor spread 34 malicious packages across npm, PyPI, and Crates.io, stealing developer credentials and enabling persistence.
GitHub

Vigolium - High-fidelity vulnerability scanner fusing agentic AI with native speed ...

Vigolium provides two complementary scanning modes: A cloud-based solution for teams that want the power of Vigolium without managing infrastructure. Console is the upgraded, fully-featured version of ...
GitHub

Modern supply chain security for the npm ecosystem. Static + behavioral analysis that ...

The 2025–2026 wave of npm supply chain attacks proved that traditional tooling is no longer enough. Attackers have moved past simple typosquatting. They now ship obfuscated preinstall hooks, ...
InfoWorld

Malicious Hugging Face model masquerading as OpenAI release hits 244K downloads

The repository reached the #1 trending position on Hugging Face within 18 hours, highlighting how public AI repositories are becoming a new software supply chain attack vector. A malicious Hugging ...