Popular LiteLLM PyPI package backdoored to steal credentials, auth tokens

The TeamPCP hacking group continues its supply-chain rampage, now compromising the massively popular "LiteLLM" Python package ...

YouTube killed my comment alerts, so I vibe-coded a fix to get them back - in just 1 hour

YouTube killed my comment alerts, so I vibe-coded a fix to get them back - in just 1 hour ...

Hackers compromise Axios npm package to drop cross-platform malware

Hackers hijacked the npm account of the Axios package, a JavaScript HTTP client with 100M+ weekly downloads, to deliver ...
SecurityWeek

From Trivy to Broad OSS Compromise: TeamPCP Hits Docker Hub, VS Code, PyPI

After hacking Trivy, TeamPCP moved to compromise repositories across NPM, Docker Hub, VS Code, and PyPI, stealing over 300GB ...
GovInfoSecurity

Backdooring of JavaScript Library Axios Tied to North Korea

A supply-chain attack backdoored versions of Axios, a popular JavaScript library that's present in many different software ...
SecurityWeek

CrewAI Vulnerabilities Expose Devices to Hacking

Four vulnerabilities in CrewAI could be chained together via prompt injection for sandbox escape, remote code execution, and ...

‘Hack Yourself’ Apple Attack Steals Mac Passwords

A newly discovered attack sandbags Apple users into hacking themselves. Here’s what all Mac users need to know.

Suspect in Hacking of Climate Activists Is Extradited to New York

Prosecutors say Amit Forlit ran a global hacking operation on behalf of a Washington lobbying group that aimed to thwart ...