A Python package presented as a privacy-first shortcut to AI models has been unmasked as a supply-chain threat that quietly captures user prompts, leans on a private university service without ...

Security teams are scrambling after two malicious releases of the Telnyx Python SDK were uploaded to PyPI on March 27, turning a widely used developer tool into a credential-stealing backdoor that ...

Language package managers like pip, npm, and others pose a high risk during active supply chain attacks. However, OS updates ...

The cybercrime crew linked to the Trivy supply-chain attack has struck again, this time pushing malicious Telnyx package ...

TeamPCP strikes again, with almost identical code to LiteLLM.

PyPI对可能从AI应用和开发者管道中窃取凭证的行为发出警告。此前，广泛使用的大语言模型Python中间件LiteLLM的两个恶意版本曾短暂发布。

Socket and Endor Labs discovered a new TeamPCP campaign leading to the delivery of credential-stealing malware ...

A cyber attack hit LiteLLM, an open-source library used in many AI systems, carrying malicious code that stole credentials ...

Threat group TeamPCP exploited credentials stolen in the Trivy breach to push malicious versions of LiteLLM to PyPI, exposing ...

This library is an implementation detail within the reference implementation of PEP 740. Most users should not need to interact with it directly; see the PyPI documentation for full details. Use these ...

After hacking Trivy, TeamPCP moved to compromise repositories across NPM, Docker Hub, VS Code, and PyPI, stealing over 300GB ...

The compromised packages, linked to the Trivy breach, executed a three‑stage payload targeting AWS, GCP, Azure, Kubernetes ...