OpenAI revoked its macOS signing certificate after a malicious Axios dependency incident on March 31, 2026, preventing ...

The IT security company NetKnights has released version 3.13 of its multi-factor authentication software, privacyIDEA ...

A Python package presented as a privacy-first shortcut to AI models has been unmasked as a supply-chain threat that quietly captures user prompts, leans on a private university service without ...

Meta pauses Mercor partnership after a major data breach raises concerns over exposure of sensitive AI training data.

JFrog reports Telnyx PyPI package was poisoned with malware by TeamPCP Malicious update delivered hidden .wav payload that deployed infostealer and persistence mechanisms Users advised to downgrade, ...

The TeamPCP hacking group has hacked the Telnyx PyPI package as part of a supply chain campaign targeting the broad OSS ecosystem.

TeamPCP hackers compromised the Telnyx package on the Python Package Index today, uploading malicious versions that deliver credential-stealing malware hidden inside a WAV file. Earlier today, the ...

Andrej Karpathy, the former Tesla AI director and OpenAI cofounder, is calling a recent Python package attack \"software horror\"—and the details are ge.

I noticed some time ago that the releases of datafusion-python and the core/rust project are no longer in sync. Pypi version is at v48.0.0, while Rust/crates version is at v49.0.1. Is this a planned ...

Cybersecurity researchers have found harmful software in the official Python Package Index (PyPI) and npm package repositories, putting software supply chains at risk. The packages, called termncolor ...