A max-severity vulnerability in the latest Python FastAPI version of the ChromaDB project allows unauthenticated attackers to ...

Microsoft Threat Intelligence said attackers placed malicious code inside a Mistral AI download distributed through a Python ...

The ChromaToast vulnerability can be exploited by forcing the ChromaDB API server to fetch and load maliciously crafted AI ...

Open source software with more than 1 million monthly downloads was compromised after a threat actor exploited a vulnerability in the developers’ account workflow that gave access to its signing keys ...

The world’s largest open-source registry, node package manager (npm), has been hit by another fast-moving malware attack, ...

The repository reached the #1 trending position on Hugging Face within 18 hours, highlighting how public AI repositories are ...

The Shai-Hulud supply-chain malware campaign is exploiting the automated systems developers trust to publish software safely.

CNCF graduation, Microsoft tooling updates and cloud-provider support show broader OpenTelemetry adoption across developer platforms.

10 trillion downloads are crushing open-source repositories - here's what they're doing about it ...

GitHub CISO Alexis Wales confirmed Thursday that a poisoned build of the Nx Console Visual Studio Code extension — live on ...

Microsoft flagged a Mistral AI hack as a supply-chain attack that hid malware in a fake AI library on PyPI. Here's what ...

May the best coding AI win!