LiteLLM, a massively popular Python library, was compromised via a supply chain attack, resulting in the delivery of ...

Language package managers like pip, npm, and others pose a high risk during active supply chain attacks. However, OS updates ...

An attacker compromised the npm account of a lead Axios maintainer on March 30, and used it to publish two malicious versions ...

With almost 175,000 npm projects listing the library as a dependency, the attack had a huge cascade effect and shows how ...

Hackers hijacked the npm account of the Axios package, a JavaScript HTTP client with 100M+ weekly downloads, to deliver ...

TeamPCP strikes again, with almost identical code to LiteLLM.

After hacking Trivy, TeamPCP moved to compromise repositories across NPM, Docker Hub, VS Code, and PyPI, stealing over 300GB ...

The TeamPCP hacking group has hacked the Telnyx PyPI package as part of a supply chain campaign targeting the broad OSS ecosystem.

A cyber attack hit LiteLLM, an open-source library used in many AI systems, carrying malicious code that stole credentials ...

Malicious telnyx 4.87.1/4.87.2 on PyPI used audio steganography March 27, 2026, enabling cross-platform credential theft.

Free cryptographically verified code quality scoring for software procurement. The best software wins. Not the best ...