HIGHSupply Chain
Verified
Global

Supply Chain Attack Compromises Python AI/ML Libraries — 45M Downloads

·Source: JFrog Security Research

Updated:

Executive Summary

Three popular Python AI/ML packages on PyPI compromised. Credential-stealing code targets AWS, GCP, Azure, and AI API keys.

Analysis

JFrog uncovered compromised maintainer accounts on three AI/ML packages with 45M combined weekly downloads. Malicious versions exfiltrate cloud credentials and AI service API keys (OpenAI, Anthropic, Hugging Face). Live for 72 hours before detection.

Timeline

Discovered
Mar 25, 2026
Published
Mar 25, 2026

Indicators of Compromise (3)

CVE (3)
CVE-2026-31001
NVDMITRE CVE
CVE-2026-31002
NVDMITRE CVE
CVE-2026-31003
NVDMITRE CVE
Source Attribution

Originally published by JFrog Security Research on Mar 25, 2026. Verified by: JFrog, PyPI Security, CISA.

Related Threats

LOWSupply Chain

GitHub Actions Supply Chain Attack Redirects Tags to Steal CI/CD Credentials

In yet another software supply chain attack, threat actors have compromised the popular GitHub Actions workflow, actions-cool/issues-helper, to run malicious code that harvests sensitive credentials and exfiltrates them to an attacker-controlled server. "Every existing tag in the repository has been moved to point to an imposter commit that does not appear in the action's normal commit history,

The Hacker News
LOWSupply Chain

Popular GitHub Action Tags Redirected to Imposter Commit to Steal CI/CD Credentials

In yet another software supply chain attack, threat actors have compromised the popular GitHub Actions workflow, actions-cool/issues-helper, to run malicious code that harvests sensitive credentials and exfiltrates them to an attacker-controlled server. "Every existing tag in the repository has been moved to point to an imposter commit that does not appear in the action's normal commit history,

The Hacker News
MEDIUMSupply Chain

Mini Shai-Hulud Pushes Malicious AntV npm Packages via Compromised Maintainer Account

Cybersecurity researchers have discovered a fresh software supply chain attack campaign that has compromised various npm packages associated with the @antv ecosystem as part of the ongoing Mini Shai-Hulud attack wave. "The attack affects packages tied to the npm maintainer account atool, including echarts-for-react, a widely used React wrapper for Apache ECharts with roughly 1.1 million weekly

The Hacker News