LiteLLM loses game of Trivy pursuit, gets compromised

Two versions of LiteLLM, an open source interface for accessing multiple large language models, have been removed from the Python Package Index (PyPI) following a supply chain attack that injected ...

Anthropic Claude source code leak explained: Techie reveals how a 4 am update exposed ...

A routine software update for Anthropic's Claude Code tool accidentally leaked its entire source code, sparking rapid ...
Visual Studio Magazine

Hands On with New GitHub Agents Tab for Repo-Level Copilot Coding Agent Workflows

GitHub has introduced an Agents tab that provides a repository-level view of Copilot coding agent tasks and sessions. The Agents workflow produces normal pull requests, enabling review and validation ...
SecurityWeek

From Trivy to Broad OSS Compromise: TeamPCP Hits Docker Hub, VS Code, PyPI

After hacking Trivy, TeamPCP moved to compromise repositories across NPM, Docker Hub, VS Code, and PyPI, stealing over 300GB ...
Dark Reading

Supply Chain Attacks Targeting GitHub Actions Increased in 2025

Some of the most significant software supply chain incidents over the past year were carried out by threat actors who exploited vulnerabilities in GitHub, the global repository widely used by software ...
InfoWorld

Thousands of open source projects at risk from hack of GitHub Actions tool

App development teams who use a popular utility in the GitHub Actions continuous integration and continuous delivery/deployment (CI/CD) platform need to scrub their code because the tool was ...
TheServerSide

Full GitHub Actions environment variables list for YAML build workflow scripts example

Community driven content discussing all aspects of software development from DevOps to design patterns. If a developer wants to build a workflow, shell script or build job of any merit, they’ll need ...