Decrypt

OpenAI Confirms Security Breach Linked to AI Malware Campaign

OpenAI says malware tied to the Shai-Hulud supply chain attack accessed internal repositories after infecting two employee ...

Forcepoint details TeamPCP supply chain attack that turned LiteLLM into a credential stealer

A new report out today from cybersecurity company Forcepoint LLC’s X-Labs research team details a supply chain attack that ...

Anthropic Just Bought a Developer Tool Used by OpenAI, Google

Anthropic acquired SDK startup Stainless, signaling a deeper push into developer tooling as AI labs compete beyond model ...

A Hacker Group Is Poisoning Open Source Code at an Unprecedented Scale

GitHub is just the latest victim of TeamPCP, a gang that has carried out a spree of software supply chain attacks that has ...
The Hacker News

Fake OpenAI Privacy Filter Repo Hits #1 on Hugging Face, Draws 244K Downloads

Fake OpenAI Privacy Filter hit #1 on Hugging Face with 244,000 downloads, spreading infostealer malware to Windows users.
The Hacker News

TanStack Supply Chain Attack Hits Two OpenAI Employee Devices, Forces macOS Updates

Mini Shai-Hulud hit 2 OpenAI devices via TanStack, exposing limited credentials and forcing macOS certificate updates by June ...
Decrypt

Shai-Hulud: What to Know About the Malware Spreading Through Software Pipelines

The Shai-Hulud supply-chain malware campaign is exploiting the automated systems developers trust to publish software safely.

GitHub investigates internal repositories breach claimed by TeamPCP

GitHub is investigating a breach of its internal repositories after the TeamPCP hacker group claimed to have accessed ...

One tool call to rule them all? New open source Python tool Runpod Flash eliminates containers for faster AI dev

With Flash GA, the company is attempting to transition from being a provider of raw compute to becoming the essential orchestration layer for the AI-first cloud.

GitHub Investigates Major Hack Claim as TeamPCP Offers 4,000 Private Code Repositories for Sale

GitHub is investigating an alleged breach after TeamPCP claimed access to nearly 4,000 private repositories, though no impact ...

Perceptron Mk1 shocks with highly performant video analysis AI model 80-90% cheaper than Anthropic, OpenAI & Google

Early adopters are using the model for diverse applications, such as auto-clipping highlights from live sports, which ...
The Next Web

The AI industry’s model and agent skill repositories are full of malware. The infrastructure built to accelerate development is now the vector for compromising it.

Hugging Face hosts 352,000 unsafe model issues. ClawHub's registry contains 341 malicious AI agent skills. The AI supply chain is now the most attractive target in software security.