Microsoft recently suffered a supply chain attack by hackers who injected malicious software into at least 70 open source projects, and urgently cut access to its repositories on GitHub. Hackers aimed to steal passwords and credentials when users used AI coding tools (such as Claude Code, Gemini CLI, and VS Code). A Microsoft spokesperson confirmed that the affected repositories have been deleted, with some restored after review. This is another recent security incident that Microsoft's open source projects have faced.
Welcome to the [AI Daily] column! This is your guide to exploring the world of artificial intelligence every day. Every day, we present you with the latest content in the AI field, focusing on developers, helping you understand technology trends and innovative AI product applications. Click to learn more about new AI products: https://app.aibase.com/zh1. GPT-5.5 was released just three weeks ago, and 5.6 is already in internal testing! 8. OpenAI responds to TanStack supply chain attack: No user data breaches found. OpenAI addressed the recent M
OpenAI issued a statement regarding the recent 'Mini Shai-Hulud' supply chain attack on multiple npm packages. Their security team quickly investigated internal systems, confirming no user data breach or unauthorized access, and core services remain unaffected. As a precaution, OpenAI advises users to stay vigilant when using official applications.....
OpenAI issued a statement regarding the 'Mini Shai-Hulud' supply chain attack on May 14. After monitoring malicious attacks on open-source libraries like TanStack and npm packages, internal investigation found no user data leaks or unauthorized access. Core services were unaffected, but macOS users were advised to update by a deadline for local security.....
AI package security scanning tool, offering two modes: CLI and MCP server. It can quickly detect vulnerabilities, prompt injection, and supply chain attacks in MCP servers, AI skills, and software packages.
BoostSecurity MCP is a security tool for protecting the AI agent development workflow. It prevents supply chain attacks by verifying the security of third - party software packages and supports multiple programming languages and package ecosystems.