A max-severity vulnerability in the latest Python FastAPI version of the ChromaDB project allows unauthenticated attackers to ...

The ChromaToast vulnerability can be exploited by forcing the ChromaDB API server to fetch and load maliciously crafted AI ...

Microsoft Threat Intelligence said attackers placed malicious code inside a Mistral AI download distributed through a Python ...

Open source software with more than 1 million monthly downloads was compromised after a threat actor exploited a vulnerability in the developers’ account workflow that gave access to its signing keys ...

The world’s largest open-source registry, node package manager (npm), has been hit by another fast-moving malware attack, ...

The repository reached the #1 trending position on Hugging Face within 18 hours, highlighting how public AI repositories are ...

CNCF graduation, Microsoft tooling updates and cloud-provider support show broader OpenTelemetry adoption across developer platforms.

The Shai-Hulud supply-chain malware campaign is exploiting the automated systems developers trust to publish software safely.

10 trillion downloads are crushing open-source repositories - here's what they're doing about it ...

Mini Shai-Hulud hit 2 OpenAI devices via TanStack, exposing limited credentials and forcing macOS certificate updates by June ...

Microsoft flagged a Mistral AI hack as a supply-chain attack that hid malware in a fake AI library on PyPI. Here's what ...

May the best coding AI win!