Malicious telnyx 4.87.1/4.87.2 on PyPI used audio steganography March 27, 2026, enabling cross-platform credential theft.

Andrej Karpathy, the former Tesla AI director and OpenAI cofounder, is calling a recent Python package attack \"software horror\"—and the details are ge.

Socket and Endor Labs discovered a new TeamPCP campaign leading to the delivery of credential-stealing malware ...

Anthropic exposed Claude Code source on npm, revealing internal architecture, hidden features, model codenames, and fresh ...

A cyber attack hit LiteLLM, an open-source library used in many AI systems, carrying malicious code that stole credentials such as environment variables, SSH keys, and passwords.

UNC1069 compromised Axios 1.14.1 and 0.30.4 via social engineering, impacting 100M weekly downloads and exposing supply ...

Up to four npm packages on Axios were replaced with malicious versions, in one of the most sophisticated supply chain attacks ...

For radical, picture me skateboarding ungainly while installing Linux - or, to be more precise CachyOS - on my PC. Windows 11 ...

A critical pre-authentication remote code execution (RCE) vulnerability in Marimo is now under active exploitation, leveraged ...

Shadow AI 2.0 isn’t a hypothetical future, it’s a predictable consequence of fast hardware, easy distribution, and developer ...

A supply-chain attack backdoored versions of Axios, a popular JavaScript library that's present in many different software ...

Although executed by different attackers – Axios by North Korean-linked goons, and Trivy et al. by a loosely knit band of ...