SecurityWeek

From Trivy to Broad OSS Compromise: TeamPCP Hits Docker Hub, VS Code, PyPI

The hackers compromised GitHub Action tags, then shifted to NPM, Docker Hub, VS Code, and PyPI, and teamed with Lapsus$.
InfoWorld

PyPI warns developers after LiteLLM malware found stealing cloud and CI/CD credentials

The compromised packages, linked to the Trivy breach, executed a three‑stage payload targeting AWS, GCP, Azure, Kubernetes ...
MUO on MSN

Your spare laptop is about to become the cheapest NAS alternative you'll find

Your old laptop is about to outwork that overpriced NAS box ...
The Hacker News

GlassWorm Malware Uses Solana Dead Drops to Deliver RAT and Steal Browser, Crypto Data

GlassWorm uses Solana and Google Calendar dead drops to deliver RAT stealing browser data and crypto wallets, impacting ...

Tech stocks today: Meta, Google stocks little changed after social media verdict, OpenAI shuts down Sora

Tech stocks rose on Wednesday amid cautious hopes for US-Iran talks and as a jury reached a highly anticipated decision in a ...
WinBuzzer

Mozilla Launches Cq as ‘Stack Overflow for AI Agents’

Mozilla AI has launched cq, an open-source platform described as Stack Overflow for AI agents, sparking immediate security ...

Anthropic releases safer Claude Code 'auto mode' to avoid mass file deletions and other AI snafus

Anthropic has begun previewing "auto mode" inside of Claude Code. The company describes the new feature as a middle path ...

Delve did the security compliance on LiteLLM, an AI project hit by malware

Delve is the Y-Combinator AI-powered compliance startup that’s been accused of misleading its customers about their true ...
Infosecurity Magazine

TeamPCP Expands Supply Chain Campaign With LiteLLM PyPI Compromise

Researchers attributed the compromise to TeamPCP, the same threat group linked to the aforementioned Trivy compromise and ...
CNET

OpenAI Gives Users a Long-Term Storage Option With ChatGPT Library

ChatGPT users can now store, browse and retrieve the files they upload and create with the AI tool, OpenAI announced this ...
Cybernews

Critical Python supply chain compromise: how library used by millions of AI developers got infected with malware

LiteLLM, a massively popular Python library, was compromised via a supply chain attack, resulting in the delivery of ...