ProBackend
AI & Software Supply Chain Compromises

AI & Software Supply Chain Compromises

Articles on malicious packages, dependency hijacking, typosquatting, and other supply chain attacks targeting open-source libraries, package managers (npm, PyPI, RubyGems), CI/CD pipelines, and developer tooling.

ai software supply chain compromises53 minutes ago3 min

Operation Navy Ghost: Trojanized Telegram Bot Libraries Compromise Servers

A newly identified PyPI supply chain attack, Operation Navy Ghost, involves malicious forks of the Pyrogram library designed to gain persistent, remote control of Telegram bot infrastructure used by Python developers.