Supply chain attacks feel like they're becoming more and more common.

Two versions of LiteLLM, an open source interface for accessing multiple large language models, have been removed from the ...

The TeamPCP hacking group continues its supply-chain rampage, now compromising the massively popular "LiteLLM" Python package ...

Threat actors abused trusted Trivy distribution channels to inject credential‑stealing malware into CI/CD pipelines worldwide ...

The Trivy story is moving quickly, and the latest reporting makes one thing clear: this is no longer just a GitHub Actions ...

The open-source tool promises hands-free automation, but users may find it costly, complex, and less practical than expected.

The newly observed malware abuses VS Code’s “runOn:folderOpen” feature to execute automatically from trusted projects, ...

A new hacking group has been rampaging the Internet in a persistent campaign that spreads a self-propagating and never-before ...

Malicious LiteLLM 1.82.7–1.82.8 via Trivy compromise deploys backdoor and steals credentials, enabling Kubernetes-wide ...

An AI-assisted campaign is spreading more than 300 poisoned packages for diverse assets ranging from developer tools to game ...