Fake OpenAI Privacy Filter hit #1 on Hugging Face with 244,000 downloads, spreading infostealer malware to Windows users.

The post Attackers replaced JDownloader installer downloads with malware appeared first on . If you downloaded the JDownloader installer during the compromise window ( ...

The repository reached the #1 trending position on Hugging Face within 18 hours, highlighting how public AI repositories are ...

Attackers are increasingly abusing Microsoft’s legacy MSHTA utility to silently deliver malware, stealers, and persistent ...

In early May, the JDownloader website delivered malware. This is reminiscent of Daemon Tools, which have since reacted.

TanStack had 2FA, OIDC publishing, and Sigstore provenance on every release. The Mini Shai-Hulud worm published 84 malicious ...

The ChromaToast vulnerability can be exploited by forcing the ChromaDB API server to fetch and load maliciously crafted AI ...

A legacy Windows scripting utility tied to Internet Explorer is still being used in modern malware campaigns, researchers say ...

Between May 6 and 7, it was dangerous to install JDownloader from alternative links on the site.

Storm-2949 turned stolen credentials into a cloud-wide breach, moving from identity compromise to large-scale data theft ...

TeamPCP’s Mini Shai-Hulud campaign used hijacked GitHub OIDC tokens to spread a credential-stealing worm through TanStack npm ...

GitHub CISO Alexis Wales confirmed Thursday that a poisoned build of the Nx Console Visual Studio Code extension — live on ...