SecurityWeek

From Trivy to Broad OSS Compromise: TeamPCP Hits Docker Hub, VS Code, PyPI

After hacking Trivy, TeamPCP moved to compromise repositories across NPM, Docker Hub, VS Code, and PyPI, stealing over 300GB ...

Tesla's former VP Andrej Karpathy shares AI coding 'horror', 'Python supply chain attack' that could have wiped millions of SSL private keys, database passwords, mor…

Andrej Karpathy, the former Tesla AI director and OpenAI cofounder, is calling a recent Python package attack \"software ...

Major Security Breach Of Critical AI Dependency Exposes Cloud Secrets

A cyber attack hit LiteLLM, an open-source library used in many AI systems, carrying malicious code that stole credentials ...
XDA Developers on MSN

A popular Python library just became a backdoor to your entire machine

Supply chain attacks feel like they're becoming more and more common.
eWeek

Gemini 3.1 Flash Live: Google’s AI Voice Assistant Gets a Major Real-Time Upgrade

Google launches Gemini 3.1 Flash Live, a real-time voice AI model with faster responses, natural dialogue, and built-in ...
XDA Developers on MSN

I used Claude Code, Google Antigravity and OpenAI Codex to develop an app, and found only one worth using

Vibe coding is here to stay, and it has only one champion ...
Infosecurity Magazine

TeamPCP Targets Telnyx Package in Latest PyPI Software Supply Chain Attack

Socket and Endor Labs discovered a new TeamPCP campaign leading to the delivery of credential-stealing malware ...

UGA students are changing how Athens gets its weather forecast

UGA's Weather Dawgs use a high-resolution model to create localized forecasts for Athens, improving accuracy for residents.
The Financial Express

Vibe Coding Explained: Why Google CEO Sundar Pichai, Zoho founder Sridhar Vembu and other tech leaders are talking about it

Vibe Coding is gaining attention across the tech world, with leaders like Google CEO Sundar Pichai and Zoho founder Sridhar ...
Developer Tech

Isolating dynamic AI agent code execution with Cloudflare’s API

Securing dynamic AI agent code execution requires true workload isolation—a challenge Cloudflare’s new API was built to solve ...
HealthcareInfoSecurity

LiteLLM Hit in Cascading Supply-Chain Attack

Threat group TeamPCP exploited credentials stolen in the Trivy breach to push malicious versions of LiteLLM to PyPI, exposing ...
The Hacker News

TeamPCP Backdoors LiteLLM Versions 1.82.7–1.82.8 via Trivy CI/CD Compromise

Malicious LiteLLM 1.82.7–1.82.8 via Trivy compromise deploys backdoor and steals credentials, enabling Kubernetes-wide ...