ZiChatBot malware spread via 3 PyPI packages in July 2025 uses Zulip APIs as C2, enabling stealthy attacks across systems ...

A malicious version of the PyTorch Lightning package published on the Python Package Index (PyPI) delivers a ...

On April 30, two releases of one of the most popular machine learning libraries on the Python Package Index were caught ...

AI developer cloud company Runpod has announced Flash, an open source Python software development kit (SDK) designed to ...

TL;DR Two malicious versions of the popular PyTorch Lightning package have been uploaded to PyPI following the publisher ...

Runpod, the AI developer cloud, today announced the general availability of Runpod Flash, an open-source Python SDK that removes the infrastructure overhead between writing AI code and running it in ...

The popular Python package for monitoring data quality was briefly available as a malicious version. Provider Elementary ...

监测发现，近期AI模型部署工具Xinference遭供应链投毒攻击。攻击者向Python官方软件包仓库PyPI（Python Package Index）上传了包含恶意代码的Xinference软件包，用户安装受影响的软件包或者在代码文件中引入Xinference时，恶意代码将自动执行。攻击者可窃取云平台凭据、API密钥、数据库密码、加密货币钱包和 环境变量 ...

This was not a case of stolen credentials, but rather of vulnerability exploitation.

The open-source package elementary-data, with over a million downloads per month, has been compromised. Attackers exploited a vulnerability in a GitHub ...

Open source software with more than 1 million monthly downloads was compromised after a threat actor exploited a ...