Open source package with 1 million monthly downloads stole user credentials

Open source software with more than 1 million monthly downloads was compromised after a threat actor exploited a ...
The Hacker News

Self-Propagating Supply Chain Worm Hijacks npm Packages to Steal Developer Tokens

Self-propagating npm worm steals tokens via postinstall hooks, impacting six packages and expanding supply chain attacks.

New npm supply-chain attack self-spreads to steal auth tokens

A new supply chain attack targeting the Node Package Manager (npm) ecosystem is stealing developer credentials and attempting to spread through packages published from compromised accounts.

PyPI package with 1.1M monthly downloads hacked to push infostealer

An attacker pushed a malicious version of the popular elementary-data package Python Package Index (PyPI) to steal sensitive ...

Vintage chatbot lives in the past like an elderly relative

Talkie's training data stops at the end of 1930, and its creators hope it'll help us better understand how AI thinks ...

Tenstorrent’s Galaxy Blackhole AI servers escape the event horizon

Tenstorrent on Tuesday announced the general availability of its Galaxy Blackhole AI compute platform. Each of the startup's ...

Mistral AI launches Workflows, a Temporal-powered orchestration engine already running millions of daily executions

Mistral AI launches Workflows, a Temporal-powered orchestration platform for enterprise AI that automates mission-critical ...

Top open source PyPI package with over 1 million downloads each month hacked to send out malware

This was not a case of stolen credentials, but rather of vulnerability exploitation.
i-SCOOP

DeepSeek V4 puts 1M context and low cost at the center of the open model race

DeepSeek V4 arrives in Pro and Flash variants with a 1M token context window, lower inference costs, and a stronger push into ...
Infosecurity Magazine

Npm Supply Chain Malware Attack Targets Developers With Worm-Like Propagation

Malicious npm packages have been identified distributing malware that steals credentials and attempts to spread across ...

There’s no rogue McDonald’s AI bot, but ‘prompt injection’ is still a risk for companies

People hacking branded AI bots can result in significant reputational, financial, and legal consequences. There appears to be ...

Talking to AI agents is one thing — what about when they talk to each other? New startup Band debuts 'universal orchestrator'

Already, BAND's early users — and enterprises more broadly — are mixing and matching AI agents powered by models from various ...