Credential-Stealer

3 reports

All LLM Security Industry News Agentic AI Research Supply Chain Prompt Injection Regulatory Adversarial ML Jailbreaks First Look: Security Model Theft Data Poisoning

ATLAS OWASP CRITICAL Ars Technica Security Jun 09, 2026 ▲ 8.5

Miasma Worm Targets AI Coding Agents via Poisoned Microsoft Packages

Seventy-three Microsoft-hosted open source packages were compromised with the Miasma credential-stealing worm, which activates specifically when developers open packages inside AI coding agents. The …

AML.T0010 - ML Supply Chain Compromise AML.T0012 - Valid Accounts AML.T0047 - ML-Enabled Product or Service

ATLAS OWASP CRITICAL The Hacker News May 13, 2026 ▲ 9.2

Mini Shai-Hulud Supply Chain Worm Compromises Mistral AI, Guardrails AI and TanStack Packages

The TeamPCP threat actor has executed a broad supply chain campaign dubbed Mini Shai-Hulud, injecting credential-stealing malware into npm and PyPI packages from major AI and developer tooling …

AML.T0010 - ML Supply Chain Compromise AML.T0047 - ML-Enabled Product or Service AML.T0018 - Backdoor ML Model

ATLAS OWASP HIGH BleepingComputer May 05, 2026 ▲ 8.5

Backdoored PyTorch Lightning Package Steals Cloud Credentials from AI Developers

A malicious version of PyTorch Lightning (v2.6.3) was published to PyPI, embedding a hidden execution chain that silently downloads a JavaScript runtime and executes a heavily obfuscated …

AML.T0010 - ML Supply Chain Compromise AML.T0018 - Backdoor ML Model AML.T0012 - Valid Accounts