Malicious telnyx 4.87.1/4.87.2 on PyPI used audio steganography March 27, 2026, enabling cross-platform credential theft.

Popular Python package LiteLLM compromised in supply chain attack Malicious updates (v1.82.7, v1.82.8) deployed TeamPCP Cloud Stealer infostealer Attack harvested cloud credentials, Kubernetes secrets ...

Andrej Karpathy, the former Tesla AI director and OpenAI cofounder, is calling a recent Python package attack \"software ...

LiteLLM, a massively popular Python library, was compromised via a supply chain attack, resulting in the delivery of ...

During a recent penetration test, we came across an AI-powered desktop application that acted as a bridge between Claude ...

On March 19, 2026, a threat actor known as TeamPCP compromised Aqua Security’s Trivy vulnerability scanner – the most widely adopted open-source scanner in the cloud-native ecosystem. The attacker ...

A threat actor who stole credentials from a legitimate node package manager (npm) publisher has spread a persistent, ...

The Trivy vulnerability scanner was compromised in a supply-chain attack by threat actors known as TeamPCP, which distributed ...

Langflow CVE-2026-33017 exploited in 20 hours after disclosure, enabling RCE via exec(), exposing systems before patching ...

Tired of Copilot's domineering presence on your Windows 11 PC? Here's how to give the boot to that pesky AI button plastered ...

Chainguard is expanding beyond open-source security to protect open-core software, AI agent skills, and GitHub Actions.

I test-drove both. Here’s what I learned. In early March, OpenAI unleashed a one-two punch, dropping two major frontier ...