10 trillion downloads are crushing open-source repositories - here's what they're doing about it

Companies are treating these repositories like content delivery networks - now the Linux Foundation and colleagues are saying ...

One tool call to rule them all? New open source Python tool Runpod Flash eliminates containers for faster AI dev

With Flash GA, the company is attempting to transition from being a provider of raw compute to becoming the essential ...

Open source package with 1 million monthly downloads stole user credentials

Open source software with more than 1 million monthly downloads was compromised after a threat actor exploited a ...
The Hacker News

PyTorch Lightning and Intercom-client Hit in Supply Chain Attacks to Steal Credentials

Malicious Lightning 2.6.2/2.6.3 released April 30 enable credential theft via hidden payload, leading to PyPI quarantine and ...
The Next Web

The AI industry’s model and agent skill repositories are full of malware. The infrastructure built to accelerate development is now the vector for compromising it.

Hugging Face hosts 352,000 unsafe model issues. ClawHub's registry contains 341 malicious AI agent skills. The AI supply chain is now the most attractive target in software security.
Microsoft

When prompts become shells: RCE vulnerabilities in AI agent frameworks

New research exposes how prompt injection in AI agent frameworks can lead to remote code execution. Learn how these ...
SecurityWeek

‘PCPJack’ Worm Removes TeamPCP Infections, Steals Credentials

The PCPJack worm targets cloud environments and vulnerable web applications to remove TeamPCP infections and steal ...

US CISA adds ‘insane’ Linux Copy Fail flaw to watch list

Malicious actors with code execution capability may gain root access on Linux systems using as few as 10 lines of Python, according to a researcher.
Dark Reading

After Replacing TeamPCP Malware, 'PCPJack' Steals Cloud Secrets

PCPJack makes innovative use of parquet files for stealthy, pre-validated target discovery as it canvasses multiple cloud ...

Claude Becomes Creative with Adobe Integration; Blender, SketchUp & Others Also on the List

The post Claude Becomes Creative with Adobe Integration; Blender, SketchUp & Others Also on the List appeared first on ...