PyPI

3 minute read

TeamPCP Claims Sale of Mistral AI Repositories Amid Mini Shai-Hulud Attack (Updated)

TeamPCP claims to be selling alleged Mistral AI repositories on a hacker forum after the Mini Shai-Hulud attack targeted npm and PyPI ecosystems.

byWaqas

May 14, 2026

4 minute read

TeamPCP Used Mini Shai-Hulud Worm to Poison Over 400 npm and PyPI Packages

Research reveals that TeamPCP hijacked OIDC tokens to poison hundreds of TanStack, Mistral AI, and UiPath packages with the self-propagating Mini Shai-Hulud worm.

byDeeba Ahmed

May 13, 2026

2 minute read

Google Says Hackers Used AI to Develop a Zero-Day Exploit

Google researchers say hackers used AI to develop zero-day exploits, Android backdoors, and automated supply chain attacks targeting GitHub and PyPI.

byDeeba Ahmed

May 11, 2026

2 minute read

PSF Warns of Fake PyPI Login Site Stealing User Credentials

The Python Software Foundation (PSF) warns developers of phishing emails leading to a fake PyPI login site designed to steal account credentials.

byWaqas

September 24, 2025

China-Linked AI Pentest Tool 'Villager' Raises Concern After 10K Downloads

3 minute read

Security

China-Linked AI Pentest Tool ‘Villager’ Raises Concern After 10K Downloads

China-linked AI tool Villager, published on PyPI, automates cyberattacks and has got experts worried after 10,000 downloads in…

byWaqas

September 15, 2025

GhostAction Attack Steals 3,325 Secrets from GitHub Projects

2 minute read

Security

GhostAction Attack Steals 3,325 Secrets from GitHub Projects

GhostAction supply chain attack hit 817 GitHub repositories, stealing 3,325 secrets including npm, PyPI, and DockerHub tokens.

byWaqas

September 6, 2025

2 minute read

Backdoors in Python and NPM Packages Target Windows and Linux

Checkmarx uncovers cross-ecosystem attack: fake Python and NPM packages plant backdoor on Windows and Linux, enabling data theft plus remote control.

byDeeba Ahmed

June 2, 2025

2 minute read

Malware Hidden in AI Models on PyPI Targets Alibaba AI Labs Users

ReversingLabs discovers new malware hidden inside AI/ML models on PyPI, targeting Alibaba AI Labs users. Learn how attackers…

byDeeba Ahmed

May 28, 2025

2 minute read

Hackers Hide Malware in Fake DeepSeek PyPI Packages

Malicious DeepSeek packages on PyPI spread malware, stealing sensitive data like API keys. Learn how this attack targeted developers and how to protect yourself.

byWaqas

February 4, 2025

3 minute read

Python Malware in Zebo-0.1.0 and Cometlogger-0.1 Found Stealing User Data

Fortinet discovers two malicious Python packages, Zebo-0.1.0 and Cometlogger-0.1, designed to steal data, capture keystrokes, and gain system control. Learn about their malicious behavior and how to protect yourself

byDeeba Ahmed

December 24, 2024

The Latest

Fake Job Interview Apps Drop JobStealer Malware on Windows and macOS

How Fintech APIs Are Modernizing Business Cash Flow Management

FamousSparrow Targeted Oil and Gas Industry via MS Exchange Server Exploit

China-Linked Twill Typhoon Uses Fake Apple and Yahoo Sites for Espionage

PyPI

TeamPCP Claims Sale of Mistral AI Repositories Amid Mini Shai-Hulud Attack (Updated)

TeamPCP Used Mini Shai-Hulud Worm to Poison Over 400 npm and PyPI Packages

Google Says Hackers Used AI to Develop a Zero-Day Exploit

PSF Warns of Fake PyPI Login Site Stealing User Credentials

China-Linked AI Pentest Tool ‘Villager’ Raises Concern After 10K Downloads

GhostAction Attack Steals 3,325 Secrets from GitHub Projects

Backdoors in Python and NPM Packages Target Windows and Linux

Malware Hidden in AI Models on PyPI Targets Alibaba AI Labs Users

Hackers Hide Malware in Fake DeepSeek PyPI Packages

Python Malware in Zebo-0.1.0 and Cometlogger-0.1 Found Stealing User Data

Lyrie.ai Joins First Batch of Anthropic’s Cyber Verification Program

LuxSci Launches Enterprise-Grade HIPAA-Compliant Email Security for Mid-Sized Healthcare Organizations

Criminal IP and Securonix ThreatQ Collaborate to Enhance Threat Intelligence Operations

Brinker Introduces a Novel Approach to Deepfake Detection

BreachLock Named Representative Vendor in the 2026 Gartner Market Guide for Adversarial Exposure Validation