The compromised packages, linked to the Trivy breach, executed a three‑stage payload targeting AWS, GCP, Azure, Kubernetes configs, SSH keys, and automation pipelines before being removed.
Malicious telnyx 4.87.1/4.87.2 on PyPI used audio steganography March 27, 2026, enabling cross-platform credential theft.
Socket and Endor Labs discovered a new TeamPCP campaign leading to the delivery of credential-stealing malware ...
Andrej Karpathy, the former Tesla AI director and OpenAI cofounder, is calling a recent Python package attack \"software horror\"—and the details are ge.
TeamPCP is exploring ways to monetize the secrets harvested during supply chain attacks, with identified ties to the Lapsus$ ...
FEATURE Two supply chain attacks in March infected open source tools with malware and used this access to steal secrets from ...
LiteLLM, a widely used AI developer tool, was hit by a supply chain attack through a malicious PyPI release. The malware ...
The 2024 XZ incident illustrates how open-source software (OSS) has become strategic infrastructure in the global economy, ...
Language package managers like pip, npm, and others pose a high risk during active supply chain attacks. However, OS updates ...
Over 1,700 malicious packages since Jan 2025 fuel cross-ecosystem supply chain attacks, enabling espionage and financial ...
Some results have been hidden because they may be inaccessible to you
Show inaccessible results