Researchers have uncovered a supply-chain attack that hides in Python packages, propagates like a worm, and tricks LLM-based ...

Dozens of cryptographically verified open source packages from Microsoft were compromised late last week to add advanced credential-stealing code that was triggered when developers opened them in AI ...

Threat actors have struck the software supply chain yet again, this time hitting the Python Package Index (PyPI) with Mini Shai-Hulud in an attempt to spread poisoned code. In the latest campaign, ...

GitHub disabled 73 Microsoft repos after the Miasma worm exploited previously compromised credentials to plant malware targeting AI coding agents.

A Chinese espionage group tracked as UNC5221 has been accessing Microsoft 365 environments using the Brickstorm backdoor and ...

With over 2.2 billion installs, the flawed Python package offers attackers a huge blast radius, including silent access to ...

The codexui-android npm package silently exfiltrated OpenAI Codex auth tokens to an attacker server for a month, affecting 29,000 weekly downloads.

Sometime around the last week of May 2026, attackers uploaded poisoned packages to three of the most widely used software ...

Add Decrypt as your preferred source to see more of our stories on Google. Anthropic accidentally exposed 512,000 lines of Claude Code via a source map leak. DMCA takedowns failed as mirrors and clean ...