The TeamPCP hacking group continues its supply-chain rampage, now compromising the massively popular "LiteLLM" Python package on PyPI and claiming to have stolen data from hundreds of thousands of ...

Malicious LiteLLM 1.82.7–1.82.8 via Trivy compromise deploys backdoor and steals credentials, enabling Kubernetes-wide persistence and lateral spread.

Researchers attributed the compromise to TeamPCP, the same threat group linked to the aforementioned Trivy compromise and subsequent malicious Docker images. The group has been observed running a ...

Supply chain attacks feel like they're becoming more and more common.

A malicious Python package named 'fabrice' has been present in the Python Package Index (PyPI) since 2021, stealing Amazon Web Services credentials from unsuspecting developers. According to ...

According to cybersecurity firm Hacken, financial losses from crypto hacks topped $440 million in the third quarter of 2024. Researchers at the Checkmarx cybersecurity firm sounded the alarm on a ...

OpenAI Group PBC today announced plans to acquire Astral Software Inc., a startup with a set of widely used Python development tools.  The terms of the deal were not disclosed. Astral’s development ...

The uv utility lets you run Python packages and libraries with one command and no setup. Here's the quick guide to running Python packages without installing them. Astral’s uv tool makes setting up ...

Python enhancement proposal would incorporate SBOM documents in Python packages as a way to improve dependency tracking and vulnerability analysis. Software bill-of-materials (SBOM) documents would be ...