Andrej Karpathy, the former Tesla AI director and OpenAI cofounder, is calling a recent Python package attack \"software horror\"—and the details are ge.

OpenAI revoked its macOS signing certificate after a malicious Axios dependency incident on March 31, 2026, preventing ...

An attacker purchased 30+ WordPress plugins on Flippa, planted backdoors that lay dormant for eight months, then activated ...

Meta pauses Mercor partnership after a major data breach raises concerns over exposure of sensitive AI training data.

The IT security company NetKnights has released version 3.13 of its multi-factor authentication software, privacyIDEA ...

FEATURE Two supply chain attacks in March infected open source tools with malware and used this access to steal secrets from ...

Meta has indefinitely paused work with $10B AI data startup Mercor after a LiteLLM supply chain attack exposed training ...

When Nandakishore Leburu was building LLM applications at LinkedIn, he learned that the models weren't the problem. The ...

A Python package presented as a privacy-first shortcut to AI models has been unmasked as a supply-chain threat that quietly captures user prompts, leans on a private university service without ...

The 2024 XZ incident illustrates how open-source software (OSS) has become strategic infrastructure in the global economy, ...

Over 1,700 malicious packages since Jan 2025 fuel cross-ecosystem supply chain attacks, enabling espionage and financial ...