ZDNet

Python programming language: Google funds projects aimed at supply-chain security

Python is critically important to both Google Cloud and, therefore, to users of Google Cloud, and is also used by the search engine giant internally to power many of its core products and services.
Bleeping Computer

Ultralytics AI model hijacked to infect thousands with cryptominer

The popular Ultralytics YOLO11 AI model was compromised in a supply chain attack to deploy cryptominers on devices running versions 8.3.41 and 8.3.42 from the Python Package Index (PyPI) Ultralytics ...
CSO Online

Meet Hades: The malware that lies to AI security agents

Researchers have uncovered a supply-chain attack that hides in Python packages, propagates like a worm, and tricks LLM-based ...

Exclusive: Chainguard extends Repository scanning and policies to Java, Python and containers

Secure software supply chain solution provider Chainguard Inc. today expanded its Chainguard Repository product with malware ...
Dark Reading

W4SP Stealer Stings Python Developers in Supply Chain Attack

Attackers continue to create fake Python packages and use rudimentary obfuscation techniques in an attempt to infect developers' systems with the W4SP Stealer, a Trojan designed to steal ...
Dark Reading

ML Model Repositories: The Next Big Supply Chain Attack Target

Repositories for machine learning models like Hugging Face give threat actors the same opportunities to sneak malicious code into development environments as open source public repositories like npm ...