§ safety · storyline

Microsoft investigates compromised Mistral AI PyPI package

Microsoft investigates a compromised Mistral AI PyPI package (v2.4.6) linked to the Mini Shai-Hulud supply chain attack, which carries a destructive payload that skips Russian-language systems.

May 12 · 15:20:02 · primary fetch1 sourceupdated May 12 · 15:20:02

Etiido Uko / Tom's Hardware: Microsoft says it is investigating a Mistral AI PyPI package v2.4.6 compromise; researchers say it is likely part of the Mini Shai-Hulud supply chain attack — The malware reportedly refused to run on Russian-language systems but could execute a destructive payload under certain geographic conditions.

read full article on techmeme.com ↗

§ sources1 publication · timeline below

techmeme.comMicrosoft says it is investigating a Mistral AI PyPI package v2.4.6 compromise; researchers say it is likely part of the Mini Shai-Hulud supply chain attack (Etiido Uko/Tom's Hardware)primary15:20:02