Popular LiteLLM PyPI package backdoored to steal credentials, auth tokens

The TeamPCP hacking group continues its supply-chain rampage, now compromising the massively popular "LiteLLM" Python package ...
XDA Developers on MSN

A popular Python library just became a backdoor to your entire machine

Supply chain attacks feel like they're becoming more and more common.
InfoWorld

PEP 816: How Python is getting serious about Wasm

Another big drawback: Any modules not written in pure Python can’t run in Wasm unless a Wasm-specific version of that module ...

Major compromise of the telnyx PyPI library could put millions of users at risk

TeamPCP strikes again, with almost identical code to LiteLLM.
SecurityWeek

From Trivy to Broad OSS Compromise: TeamPCP Hits Docker Hub, VS Code, PyPI

After hacking Trivy, TeamPCP moved to compromise repositories across NPM, Docker Hub, VS Code, and PyPI, stealing over 300GB ...

Chainguard is racing to fix trust in AI-built software - here's how

Chainguard is racing to fix trust in AI-built software - here's how ...
Infosecurity Magazine

TeamPCP Explores Ways to Exploit Stolen Supply Chain Secrets

TeamPCP is exploring ways to monetize the secrets harvested during supply chain attacks, with identified ties to the Lapsus$ ...

LangChain framework hit by several worrying security issues — here's what we know

LangChain and LangGraph have patched three high-severity and critical bugs.
CSO Online

Attackers trojanize Axios HTTP library in highest-impact npm supply chain attack

With almost 175,000 npm projects listing the library as a dependency, the attack had a huge cascade effect and shows how ...

OpenAI's Astral deal reveals hidden funding rounds, investor windfall: AI researcher Simon Willison

Independent researcher Simon Willison raises questions about hidden Series A and B rounds, investor windfalls, and whether a ...