Fake OpenAI Privacy Filter hit #1 on Hugging Face with 244,000 downloads, spreading infostealer malware to Windows users.

The ChromaToast vulnerability can be exploited by forcing the ChromaDB API server to fetch and load maliciously crafted AI ...

A 6MB editor quietly replacing tools that cost ten times more.

TanStack had 2FA, OIDC publishing, and Sigstore provenance on every release. The Mini Shai-Hulud worm published 84 malicious ...

I started this as a side project, but my Windows Command Center suddenly became useful.

TeamPCP’s Mini Shai-Hulud campaign used hijacked GitHub OIDC tokens to spread a credential-stealing worm through TanStack npm ...

A fake repository mimicking OpenAI’s Privacy Filter on Hugging Face accumulated ~244,000 downloads before being removed. It delivered a multi-stage Rust infostealer ...

The world’s largest open-source registry, node package manager (npm), has been hit by another fast-moving malware attack, ...

Hulud payload to steal CI/CD secrets from Linux-based automation environments. The malware executes during npm install and ...

A malicious repository on Hugging Face impersonated OpenAI’s “Privacy Filter” project and briefly reached the platform’s top trending position before removal ...

Fox Tempest is a financially motivated threat actor operating a malware‑signing‑as‑a‑service (MSaaS) used by other ...

If you are building a simple dashboard or a form-based application, the traditional JSON API (REST or GraphQL) approach is ...