TeamPCP strikes again, with almost identical code to LiteLLM.

The cybercrime crew linked to the Trivy supply-chain attack has struck again, this time pushing malicious Telnyx package versions to PyPI in an effort to plant credential-stealing malware on ...

Over 1,700 malicious packages since Jan 2025 fuel cross-ecosystem supply chain attacks, enabling espionage and financial ...

TeamPCP is exploring ways to monetize the secrets harvested during supply chain attacks, with identified ties to the Lapsus$ ...

The threat group's shift to speedy attacks on AWS, Azure, and SaaS instances shows organizations need to respond quickly to ...

AI recruiting startup Mercor confirms supply chain attack via LiteLLM library compromise. Hackers claim 4TB of data including ...

FEATURE Two supply chain attacks in March infected open source tools with malware and used this access to steal secrets from ...

OpenAI revoked its macOS signing certificate after a malicious Axios dependency incident on March 31, 2026, preventing ...

Independent researcher Simon Willison raises questions about hidden Series A and B rounds, investor windfalls, and whether a key piece of Python infrastructure just became a competitive weapon in the ...

With almost 175,000 npm projects listing the library as a dependency, the attack had a huge cascade effect and shows how ...

The Pi Launchpad arrives to streamline app creation, helping developers scale and integrate within the Pi Network ecosystem.