The Hacker News

Axios Supply Chain Attack Pushes Cross-Platform RAT via Compromised npm Account

Axios 1.14.1 and 0.30.4 injected malicious plain-crypto-js@4.2.1 after npm compromise on March 31, 2026, deploying ...
The Hacker News

TeamPCP Pushes Malicious Telnyx Versions to PyPI, Hides Stealer in WAV Files

Malicious telnyx 4.87.1/4.87.2 on PyPI used audio steganography March 27, 2026, enabling cross-platform credential theft.

Tesla's former VP Andrej Karpathy shares AI coding 'horror', 'Python supply chain attack' that could have wiped millions of SSL private keys, database passwords, mor…

Andrej Karpathy, the former Tesla AI director and OpenAI cofounder, is calling a recent Python package attack \"software ...
Cybernews

Critical Python supply chain compromise: how library used by millions of AI developers got infected with malware

LiteLLM, a massively popular Python library, was compromised via a supply chain attack, resulting in the delivery of ...
Security Boulevard

Which Came First: The System Prompt, or the RCE?

During a recent penetration test, we came across an AI-powered desktop application that acted as a bridge between Claude ...
diginomica

Open source maintainers are drowning in AI-generated security noise - $12.5 million is being deployed to throw them a lifeline

AI is burying open source maintainers under a flood of automated security reports they don't have the time or tools to ...

"CanisterWorm" supply chain malware attacks npm

A threat actor who stole credentials from a legitimate node package manager (npm) publisher has spread a persistent, ...

Trivy vulnerability scanner breach pushed infostealer via GitHub Actions

The Trivy vulnerability scanner was compromised in a supply-chain attack by threat actors known as TeamPCP, which distributed ...

Chainguard is racing to fix trust in AI-built software - here's how

Chainguard is expanding beyond open-source security to protect open-core software, AI agent skills, and GitHub Actions.
Security Boulevard

Automated Threat Detection for Quantum-Enabled Adversarial Attacks on AI Context

Learn how to protect Model Context Protocol (MCP) from quantum-enabled adversarial attacks using automated threat detection ...
MUO on MSN

I switched to a local LLM for these 5 tasks and the cloud version hasn't been worth it since

Why send your data to the cloud when your PC can do it better?
eWeek

Nvidia Expands AI Agent Ecosystem With New Toolkit for Adobe, SAP, Salesforce

Nvidia unveiled its open-source Agent Toolkit at GTC 2026, adding OpenShell, AI-Q, and major partners including Adobe, SAP, ...