Vendor
critical
advisory
Malicious guardrails-ai 0.10.1 Package Published to PyPI
2 rules 1 TTPA malicious version of the guardrails-ai package (0.10.1) was published to PyPI on May 11, 2026, advising users who installed this version to downgrade and treat the host as potentially compromised, rotating credentials and auditing GitHub accounts, with Snowglobe and Guardrails Hub API keys being invalidated on May 13, 2026.
guardrails-ai
supply-chain
pypi
malicious-package
2r
1t
critical
threat
Shai-Hulud Malware Used in Supply Chain Attack via Compromised npm Packages
3 rules 7 TTPs 3 IOCsThe Shai-Hulud malware was used in a large-scale software supply-chain attack compromising hundreds of packages across open-source software ecosystems by compromising developer secrets and CI/CD pipelines.
router +11
TeamPCP
supply-chain
supply-chain-attack
npm
pypi
credential-theft
shai-hulud
3r
7t
3i