On March 31, 2026, the popular HTTP client Axios experienced a supply chain attack, causing two newly published npm packages ...

Security teams are scrambling after two malicious releases of the Telnyx Python SDK were uploaded to PyPI on March 27, turning a widely used developer tool into a credential-stealing backdoor that ...

Turn Excel into a lightweight data-science tool for cleaning datasets, standardizing dates, visualizing clusters, and ...

Overview Recently, NSFOCUS Technology CERT detected that the GitHub community disclosed that there was a credential stealing program in the new version of LiteLLM. Analysis confirmed that it had ...

Malicious LiteLLM 1.82.7–1.82.8 via Trivy compromise deploys backdoor and steals credentials, enabling Kubernetes-wide ...

LiteLLM, a massively popular Python library, was compromised via a supply chain attack, resulting in the delivery of ...

No more waiting on slow-loading modules or wasting time on ad hoc workarounds: Python 3.15’s new ‘lazy imports’ mechanism has ...

The TeamPCP hacking group continues its supply-chain rampage, now compromising the massively popular "LiteLLM" Python package ...

Supply chain attacks feel like they're becoming more and more common.

Espressif Systems released the ESP-IDF v6.0 framework a few days ago with stable support for ESP32-C5 and ESP32-C61 SoCs, as ...

You don't need to be a developer to build your own crypto bot. Here's how traders are doing it in 30 minutes, for free.

CanisterWorm infects 28 npm packages via ICP-based C2, enabling self-propagation and persistent backdoor access across ...