The Hacker News

TeamPCP Backdoors LiteLLM Versions 1.82.7–1.82.8 via Trivy CI/CD Compromise

Malicious LiteLLM 1.82.7–1.82.8 via Trivy compromise deploys backdoor and steals credentials, enabling Kubernetes-wide ...
Decrypt

Cipher Digital Stock Pops as Firm Bolsters Shift From Bitcoin Mining With 15-Year Data Center Deal

Cipher Digital revealed a 15-year lease deal and a $200 million revolving credit facility, continuing its shift away from ...
SecurityWeek

From Trivy to Broad OSS Compromise: TeamPCP Hits Docker Hub, VS Code, PyPI

The hackers compromised GitHub Action tags, then shifted to NPM, Docker Hub, VS Code, and PyPI, and teamed with Lapsus$.
CSO Online

Trivy supply chain breach compromises over 1,000 SaaS environments, Lapsus$ joins the extortion wave

Socket and Wiz confirm widespread credential theft and worm‑like propagation, with cached malicious Trivy artifacts still ...
InfoWorld

PyPI warns developers after LiteLLM malware found stealing cloud and CI/CD credentials

The compromised packages, linked to the Trivy breach, executed a three‑stage payload targeting AWS, GCP, Azure, Kubernetes ...

Popular LiteLLM PyPI package backdoored to steal credentials, auth tokens

The TeamPCP hacking group continues its supply-chain rampage, now compromising the massively popular "LiteLLM" Python package ...
XDA Developers on MSN

A popular Python library just became a backdoor to your entire machine

Supply chain attacks feel like they're becoming more and more common.
WinBuzzer

OpenAI Acquires Python Toolmaker Astral to Boost Codex AI Agent

OpenAI has acquired Astral, the company behind Python tools uv and Ruff, to integrate them into its Codex platform as it ...
UC San Diego Today

A UC San Diego Tool Teaching Code to 25 Million is Even More Critical in Age of AI

UC San Diego cognitive scientist Philip Guo created Python Tutor, a free tool that makes code “visible” step by step. The ...

GlassWorm malware hits 400+ code repos on GitHub, npm, VSCode, OpenVSX

The GlassWorm supply-chain campaign has returned with a new, coordinated attack that targeted hundreds of packages, ...
Analytics Insight

Best Python Libraries for Cybersecurity: 2026 Edition

Python libraries for cybersecurity help automate threat detection, network monitoring, and vulnerability analysis. Tools like Scapy, Nmap, and Requests enable penetration testing and network security ...
eWeek

Russian-Linked Phishing Campaign Targets Signal, WhatsApp Users

Dutch intelligence says Russian state hackers are targeting Signal and WhatsApp users through phishing, fake support messages, and device-linking scams.