Microsoft says attackers compromised the mistralai PyPI package with malware that executed on import, while researchers link ...

Legitimate websites have reportedly been compromised after a once useful polyfill[.]com-hosted Javascript code has been altered by its new owners, leading websites to unintentionally link users to ...

On May 11, 2026, several TanStack packages on npm were briefly replaced with malicious versions, raising fresh concerns about ...

The code that makes up the software now powering U.S. utilities is rife with vulnerabilities, including hundreds that are "highly exploitable," a new research report released by Fortress Information ...

On April 30, two releases of one of the most popular machine learning libraries on the Python Package Index were caught carrying credential-stealing malware. Versions 2.6.2 and 2.6.3 of the lightning ...

A compromised version of the popular ultralytics AI library has been found to deliver a cryptocurrency mining payload. ReversingLabs researchers traced the issue to a breach of the library’s build ...

An unidentified threat actor breached one of application security vendor Xygeni's GitHub Actions this month via tag poisoning. Xygeni, which sells a number of AI-powered AppSec products, said in a ...

Forbes contributors publish independent expert analyses and insights. Davey Winder is a veteran cybersecurity writer, hacker and analyst. Update, May 6, 2025: This story, originally published May 3, ...

There's a new exploit making its way through TikTok and it has already compromised the official accounts of Paris Hilton, CNN and others, as reported by Forbes. It's ...

Facepalm: Microsoft has issued a new update regarding the nation-state attack it uncovered in January. Kremlin-sponsored hackers known as 'Midnight Blizzard' inflicted significant damage, and Redmond ...