Better way to master Python.

Malicious telnyx 4.87.1/4.87.2 on PyPI used audio steganography March 27, 2026, enabling cross-platform credential theft.

TeamPCP strikes again, with almost identical code to LiteLLM.

Mark Collier briefed me on two updates under embargo at KubeCon Europe 2026 last month: Helion, which opens up GPU kernel ...

Meta pauses Mercor partnership after a major data breach raises concerns over exposure of sensitive AI training data.

Meta has indefinitely paused work with $10B AI data startup Mercor after a LiteLLM supply chain attack exposed training ...

Engineers from OLX reported that a single-line modification to dependency requirements allows developers to exclude unnecessary GPU libraries, shrinking contain ...

The widely used Axios HTTP client library, a JavaScript component used by developers, was recently hacked to distribute ...

North Korean hackers used an updated version of a known backdoor to target a popular npm package.

The TeamPCP hacking group has hacked the Telnyx PyPI package as part of a supply chain campaign targeting the broad OSS ecosystem.

TeamPCP is exploring ways to monetize the secrets harvested during supply chain attacks, with identified ties to the Lapsus$ ...

On March 31, 2026, the popular HTTP client Axios experienced a supply chain attack, causing two newly published npm packages ...