Major compromise of the telnyx PyPI library could put millions of users at risk

TeamPCP strikes again, with almost identical code to LiteLLM.

'Each vulnerability exposes a different class of enterprise data': LangChain framework hit ...

LangChain and LangGraph, two popular open source frameworks for building AI apps, contained high-severity and critical ...
Security Boulevard

How GitGuardian Enables Rapid Response to the LiteLLM Supply Chain Attack

Learn how to detect compromise, assess your exposure to the LiteLLM supply chain attack, and use GitGuardian to orchestrate ...
OfficeChai

LiteLLM Attack: How a Hacked Security Tool Became a Master Key to Thousands of AI Developer ...

On the morning of March 24, 2026, tens of thousands of software developers working on AI applications were unknowingly exposed to malware.
SecurityWeek

From Trivy to Broad OSS Compromise: TeamPCP Hits Docker Hub, VS Code, PyPI

After hacking Trivy, TeamPCP moved to compromise repositories across NPM, Docker Hub, VS Code, and PyPI, stealing over 300GB ...
CSO Online

PyPI warns developers after LiteLLM malware found stealing cloud and CI/CD credentials

The compromised packages, linked to the Trivy breach, executed a three‑stage payload targeting AWS, GCP, Azure, Kubernetes ...
News9Live on MSN

LiteLLM security alert: AI tool with 97 million downloads faces supply chain hack

LiteLLM, a widely used AI developer tool, was hit by a supply chain attack through a malicious PyPI release. The malware ...
Security Boulevard

Trivy’s March Supply Chain Attack Shows Where Secret Exposure Hurts Most

The Trivy story is moving quickly, and the latest reporting makes one thing clear: this is no longer just a GitHub Actions ...
IEEE

DySec: A Machine Learning-based Dynamic Analysis for Detecting Malicious Packages in PyPI ...

Abstract: Malicious Python packages make software supply chains vulnerable by exploiting trust in open-source repositories like Python Package Index (PyPI). Lack of real-time behavioral monitoring ...
bitnewsbot

PyPI Spellchecker Packages Delivered Python RAT via Payload

Two PyPI packages hid a Base64 downloader in a compressed Basque dictionary, delivering a Python RAT to ~1,000 users via updatenet.work (RouterHosting/Cloudzy). The ...