Hosted on MSN

The TanStack supply chain attack poisoned 160 npm and PyPI packages — reaching OpenAI, Mistral AI, and UiPath through compromised build pipelines

On May 11, 2026, a self-replicating worm called Mini Shai-Hulud quietly slipped into 42 widely used TanStack open-source packages, corrupting 84 npm artifacts before anyone noticed. Within hours, the ...
Memeburn

Microsoft Flagged Mistral AI Hack in PyPI Malware Supply Attack

You probably won't run the poisoned package yourself, but the Mistral AI supply chain attack just exposed how fragile the trust chain behind AI tools really is. Over ...
The Hacker News

Legacy Python Bootstrap Scripts Create Domain-Takeover Risk in Multiple PyPI Packages

Cybersecurity researchers have discovered vulnerable code in legacy Python packages that could potentially pave the way for a supply chain compromise on the Python Package Index (PyPI) via a domain ...
Infosecurity-magazine.com

Chinese AI Villager Pen Testing Tool Hits 11,000 PyPI Downloads

A new AI-native penetration testing tool called Villager has reached nearly 11,000 downloads on the Python Package Index (PyPI) just two months after release. The framework, developed by the ...
Bleeping Computer

Hackers target Python devs in phishing attacks using fake PyPI site

The Python Software Foundation warned users this week that threat actors are trying to steal their credentials in phishing attacks using a fake Python Package Index (PyPI) website. PyPI is a ...
Bleeping Computer

DeepSeek AI tools impersonated by infostealer malware on PyPI

Threat actors are taking advantage of the rise in popularity of the DeepSeek to promote two malicious infostealer packages on the Python Package Index (PyPI), where they impersonated developer tools ...
Dark Reading

AI Malware Dressed Up as DeepSeek Packages Lurk in PyPi

Researchers have found malicious DeepSeek-impersonating packages planted in the Python Package Index (PyPi); the code is actually loaded with infostealers. Experts warn that's probably not the only ...
LinkedIn

Publishing a Python Module on PyPI: A Step-by-Step Guide

Publishing your Python module to PyPI (Python Package Index) allows you to share your code with the global Python community. PyPI is the default repository for Python packages, making it the go-to ...
Infosecurity-magazine.com

Compromised AI Library Delivers Cryptocurrency Miner via PyPI

A compromised version of the popular ultralytics AI library has been found to deliver a cryptocurrency mining payload. ReversingLabs researchers traced the issue to a breach of the library’s build ...
The Hacker News

Ultralytics AI Library Compromised: Cryptocurrency Miner Found in PyPI Versions

In yet another software supply chain attack, it has come to light that two versions of a popular Python artificial intelligence (AI) library named ultralytics were compromised to deliver a ...
IEEE

Less is More? An Empirical Study on Configuration Issues in Python PyPI Ecosystem

Abstract: Python is the top popular programming language used in the open-source community, largely owing to the extensive support from diverse third-party libraries within the PyPI ecosystem.