A supply-chain attack backdoored versions of Axios, a popular JavaScript library that's present in many different software ...

Overview Natural Language Processing (NLP) has evolved into a core component of modern AI, powering applications like chatbots, translation, and generative AI s ...

Security teams are scrambling after two malicious releases of the Telnyx Python SDK were uploaded to PyPI on March 27, turning a widely used developer tool into a credential-stealing backdoor that ...

Language package managers like pip, npm, and others pose a high risk during active supply chain attacks. However, OS updates ...

AI agents can provide enormous benefits, but they can also behave a lot like malware, acting autonomously and causing harm if ...

The threat group's shift to speedy attacks on AWS, Azure, and SaaS instances shows organizations need to respond quickly to ...

TeamPCP strikes again, with almost identical code to LiteLLM.

Engineers from OLX reported that a single-line modification to dependency requirements allows developers to exclude unnecessary GPU libraries, shrinking contain ...

Malicious telnyx 4.87.1/4.87.2 on PyPI used audio steganography March 27, 2026, enabling cross-platform credential theft.

Students graduating in today’s labor market are facing a reality that no previous generation has faced: a job market where ...

This technique can be used out-of-the-box, requiring no model training or special packaging. It is code-execution free, which ...

TeamPCP is exploring ways to monetize the secrets harvested during supply chain attacks, with identified ties to the Lapsus$ ...