Open-source ML tool elementData compromised, stole user credentials

By PulseAugur Editorial · Summary by gemini-2.5-flash-lite from 1 source

An open-source package named elementData, which has one million monthly downloads, was compromised. Threat actors exploited a vulnerability in the developer's account workflow to gain access to signing keys and sensitive information. This allowed them to push a malicious version of the package, which was used to steal user credentials. AI

Summary written by gemini-2.5-flash-lite from 1 source. How we write summaries →

IMPACT Compromise of ML tooling could impact data integrity and system security for operators.

RANK_REASON Security vulnerability in an open-source package used for machine learning systems.

Read on Mastodon — sigmoid.social →

COVERAGE [1]

Mastodon — sigmoid.social TIER_1 · [email protected] · 2026-04-27 23:53

# Opensource package with 1 million monthly downloads stole user credentials … # compromised after a threat actor # exploited a # vulnerability in the developer

# Opensource package with 1 million monthly downloads stole user credentials … # compromised after a threat actor # exploited a # vulnerability in the developers’ account workflow that gave access to its signing keys and other sensitive information On Friday, unknown attackers ex…

LINKS arstechnica.com/…/2026

COVERAGE [1]

# Opensource package with 1 million monthly downloads stole user credentials … # compromised after a threat actor # exploited a # vulnerability in the developer

RELATED ENTITIES

RELATED TOPICS