The TeamPCP hacking group continues its supply-chain rampage, now compromising the massively popular "LiteLLM" Python package on PyPI and claiming to have stolen data from hundreds of thousands of ...
Two versions of LiteLLM, an open source interface for accessing multiple large language models, have been removed from the Python Package Index (PyPI) following a supply chain attack that injected ...
Malicious LiteLLM 1.82.7–1.82.8 via Trivy compromise deploys backdoor and steals credentials, enabling Kubernetes-wide persistence and lateral spread.
XDA Developers on MSN
A popular Python library just became a backdoor to your entire machine
Supply chain attacks feel like they're becoming more and more common.
OpenAI has acquired Astral, the company behind Python tools uv and Ruff, to integrate them into its Codex platform as it competes with Anthropic's Claude Code.
Independent researcher Simon Willison raises questions about hidden Series A and B rounds, investor windfalls, and whether a key piece of Python infrastructure just became a competitive weapon in the ...
Arabian Post on MSN
Pyronut malware targets Telegram bot developers
A malicious Python package masquerading as a legitimate Telegram development tool has been identified as a vehicle for remote code execution attacks, raising concerns about supply chain security ...
GlassWorm attack uses stolen GitHub tokens to inject malware into Python repositories, exposing developers to supply chain risks.
GlassWorm campaign injects malware into GitHub Python repos using stolen tokens since March 8, 2026, exposing developers to ...
Hackers use credentials stolen in the GlassWorm campaign to access GitHub accounts and inject malware into Python repositories.
Some results have been hidden because they may be inaccessible to you
Show inaccessible results