AI & Software Supply Chain Compromises
AI & Software Supply Chain Compromises
Articles on malicious packages, dependency hijacking, typosquatting, and other supply chain attacks targeting open-source libraries, package managers (npm, PyPI, RubyGems), CI/CD pipelines, and developer tooling.
ai software supply chain compromises53 minutes ago3 min
Operation Navy Ghost: Trojanized Telegram Bot Libraries Compromise Servers
A newly identified PyPI supply chain attack, Operation Navy Ghost, involves malicious forks of the Pyrogram library designed to gain persistent, remote control of Telegram bot infrastructure used by Python developers.