The hacker group TeamPCP uploaded two malicious versions of the popular Python library LiteLLM to PyPI. Using a previously compromised version of the vulnerability scanner Trivy, the attackers stole ...

Sometime around the last week of May 2026, attackers uploaded poisoned packages to three of the most widely used software ...

A new report out today from cybersecurity company Forcepoint LLC’s X-Labs research team details a supply chain attack that ...

GitHub is investigating a breach of its internal repositories after the TeamPCP hacker group claimed to have accessed ...

The world’s largest open-source registry, node package manager (npm), has been hit by another fast-moving malware attack, ...

The website for the popular JDownloader download manager was compromised earlier this week to distribute malicious Windows ...

The exploit code was almost too neat. When Google’s Threat Intelligence Group flagged a previously unknown software ...

Mini Shai-Hulud hit 2 OpenAI devices via TanStack, exposing limited credentials and forcing macOS certificate updates by June ...

Attackers are increasingly abusing Microsoft’s legacy MSHTA utility to silently deliver malware, stealers, and persistent ...

Highlights of Python 3.15, now available in beta, include lazy imports, faster JITs, better error messages, and smarter ...

The software supply chain is the new ground zero for enterprise cyber risk. Don't get caught short - SiliconANGLE ...

ZiChatBot malware spread via 3 PyPI packages in July 2025 uses Zulip APIs as C2, enabling stealthy attacks across systems ...