Top open source PyPI package with over 1 million downloads each month hacked to send out malware

This was not a case of stolen credentials, but rather of vulnerability exploitation.

Tenstorrent’s Galaxy Blackhole AI servers escape the event horizon

Tenstorrent on Tuesday announced the general availability of its Galaxy Blackhole AI compute platform. Each of the startup's ...
InfoWorld

GitHub shifts Copilot to usage-based billing, signaling a new cost model for enterprise AI tools

The move reflects rising compute demands and agentic workflows, requiring CIOs to rethink budgeting and governance.
Techzine Europe

Malicious Python package poses new supply chain threat

The open-source package elementary-data, with over a million downloads per month, has been compromised. Attackers exploited a vulnerability in a GitHub ...

Open source package with 1 million monthly downloads stole user credentials

Open source software with more than 1 million monthly downloads was compromised after a threat actor exploited a ...

PyPI package with 1.1M monthly downloads hacked to push infostealer

An attacker pushed a malicious version of the popular elementary-data package Python Package Index (PyPI) to steal sensitive ...
FinanceFeeds

Bybit Opens Institutional Strategy Championship With 1Token

Bybit and 1Token opened registration for an Institutional Strategy Championship offering up to US$10 million in interest-free ...
The Hacker News

Self-Propagating Supply Chain Worm Hijacks npm Packages to Steal Developer Tokens

Self-propagating npm worm steals tokens via postinstall hooks, impacting six packages and expanding supply chain attacks.
Network World

Azure SRE Agent flaw lets outsiders silently eavesdrop on enterprise cloud operations

A multi-tenant authentication gap in Microsoft’s AI operations agent exposed live command streams, internal reasoning, and ...