Max-severity flaw in ChromaDB for AI apps allows server hijacking

A max-severity vulnerability in the latest Python FastAPI version of the ChromaDB project allows unauthenticated attackers to ...

JDownloader site hacked to replace installers with Python RAT malware

The website for the popular JDownloader download manager was compromised earlier this week to distribute malicious Windows ...
SecurityWeek

Over 320 NPM Packages Hit by Fresh Mini Shai-Hulud Supply Chain Attack

A fresh Mini Shai-Hulud supply chain attack has hit over 320 NPM packages, along with GitHub Actions and a VS Code extension, ...
Decrypt

Hackers Insert Malware Into Mistral AI Software Download

Microsoft Threat Intelligence said attackers placed malicious code inside a Mistral AI download distributed through a Python ...

GitHub investigating cyberattack linked to malicious VS Code extension and leaked internal repositories

GitHub is investigating a cyberattack linked to a malicious VS Code extension after hackers allegedly accessed thousands of ...
Microsoft

When prompts become shells: RCE vulnerabilities in AI agent frameworks

New research exposes how prompt injection in AI agent frameworks can lead to remote code execution. Learn how these ...

Shai-Hulud keeps burrowing: 314 npm packages infected after another account compromise

Popular JavaScript modules including size-sensor and echarts-for-react hit as hijacked account closed GitHub warnings ...
InfoWorld

AntV data visualization tool the latest to be hit by ongoing npm supply chain attacks

The world’s largest open-source registry, node package manager (npm), has been hit by another fast-moving malware attack, ...
Electronics360

A simple tool to build and deploy AI on microcontrollers

Semiconductor provider Nuvoton Technology has launched a graphical user interface (UI) tool designed specifically for machine ...
Memeburn

Microsoft Flagged Mistral AI Hack in PyPI Malware Supply Attack

Microsoft flagged a Mistral AI hack as a supply-chain attack that hid malware in a fake AI library on PyPI. Here's what ...
The Next Web

The AI industry’s model and agent skill repositories are full of malware. The infrastructure built to accelerate development is now the vector for compromising it.

Hugging Face hosts 352,000 unsafe model issues. ClawHub's registry contains 341 malicious AI agent skills. The AI supply chain is now the most attractive target in software security.
SecurityWeek

Legacy Windows Tool MSHTA Fuels Surge in Silent Malware Attacks

Attackers are increasingly abusing Microsoft’s legacy MSHTA utility to silently deliver malware, stealers, and persistent ...