The TeamPCP hacking group continues its supply-chain rampage, now compromising the massively popular "LiteLLM" Python package on PyPI and claiming to have stolen data from hundreds of thousands of ...
TeamPCP has again expanded its supply chain attacks on open-source repositories by targeting Telnyx, according to security researchers. The cyber threat group recently rose to notoriety by uploading ...
Over 1,700 malicious packages since Jan 2025 fuel cross-ecosystem supply chain attacks, enabling espionage and financial ...
Andrej Karpathy, the former Tesla AI director and OpenAI cofounder, is calling a recent Python package attack "software horror"—and the details are genuinely alarming. A compromised version of LiteLLM ...
New AI-powered scanner -- who-touched-my-packages -- detects zero-day malicious packages and credential exfiltration in seconds BOSTON, March 26, 2026 /PRNewswire/ -- Point Wild, a leading global ...
The GlassWorm supply-chain campaign has returned with a new, coordinated attack that targeted hundreds of packages, repositories, and extensions on GitHub, npm, and VSCode/OpenVSX extensions. Evidence ...
UNC1069 compromised Axios 1.14.1 and 0.30.4 via social engineering, impacting 100M weekly downloads and exposing supply ...
Researchers say they’ve discovered a supply-chain attack flooding repositories with malicious packages that contain invisible code, a technique that’s flummoxing traditional defenses designed to ...
As container security matures, many sophisticated organizations are moving beyond off-the-shelf images to continuously rebuilt, maintained underlying packages. These teams often require granular ...
Some results have been hidden because they may be inaccessible to you
Show inaccessible results