heise online

Script Injection and Data Theft: Python Data Analysis Tool Compromised

The popular Python package for monitoring data quality was briefly available as a malicious version. Provider Elementary advises an immediate update. An attacker uploaded a manipulated version 0.23.3 ...

Four AI supply-chain attacks in 50 days exposed the release pipeline red teams aren't covering

Four supply-chain attacks hit OpenAI, Anthropic, and Meta in 50 days — none inside the model. A 7-row matrix maps what AI ...
Microsoft

Mini Shai Hulud: Compromised @antv npm packages enable CI/CD credential theft

Hulud payload to steal CI/CD secrets from Linux-based automation environments. The malware executes during npm install and ...
IEEE

Common Dependency Injection Errors in C# for .NET: How to avoid them?

Abstract: Dependency Injection (DI) is a great way to reduce tight coupling between software components. In this article, we survey some of the most common mistakes when working with DI in C# .NET and ...
GitHub

indirect-prompt-injection

Automatically generate YARA rules from adversarial and benign text samples. Built for detecting indirect prompt injection attacks on RAG pipelines. Transform any content into 9 platform-native formats ...
GitHub

GitHub - ag2020sa/agentic-hr-compliance-copilot: Arabic-first agentic HR compliance copilot MVP for Saudi HR workflows, featuring FastAPI, multi-agent orchestration, keyword ...

GitHub - ag2020sa/agentic-hr-compliance-copilot: Arabic-first agentic HR compliance copilot MVP for Saudi HR workflows, featuring FastAPI, multi-agent orchestration, keyword-based cited retrieval, ...