TanStack had 2FA, OIDC publishing, and Sigstore provenance on every release. The Mini Shai-Hulud worm published 84 malicious ...
A fake repo impersonating the OpenAI Privacy Filter model racked up 244,000 downloads in under 18 hours before Hugging Face ...
TeamPCP’s Mini Shai-Hulud campaign used hijacked GitHub OIDC tokens to spread a credential-stealing worm through TanStack npm ...
Whether you want simple fire-and-forget alerts or full two-way control, here's how to securely wire your AI agent into Slack.
The repository reached the #1 trending position on Hugging Face within 18 hours, highlighting how public AI repositories are ...
Fake OpenAI Privacy Filter hit #1 on Hugging Face with 244,000 downloads, spreading infostealer malware to Windows users.
A malicious Hugging Face repository that reached the platform's trending list impersonated OpenAI's "Privacy Filter" project ...
Open-source i18n is not blocked by goodwill; it’s blocked by missing maintainer-safe infrastructure. Language contributors ...
Today's applications require monitoring, logging, configuration, etc. Each of these concerns can be implemented as a ...
The TrustFall proof-of-concept attack demonstrates how a cloned code repository can include two JSON files (.mcp.json and ...
MegaConvert.io is a free online file converter that supports 500+ format pairs in 47 languages — convert ...
Researchers demonstrate how attackers can weaponize trusted repositories to hijack AI coding assistants and compromise ...
Some results have been hidden because they may be inaccessible to you
Show inaccessible results