Malware in an Open-Source Project Could Have Infected Thousands. The Twist? It Was Certified by Delve

For a short window on Tuesday, two versions of a popular open-source project from LiteLLM contained malware, designed to steal all sorts of login credentials. A researcher discovered it after it ...

Chrome encryption bypass discovered: New malware steals passwords and cookies

The infostealer uses a first‑seen‑in‑the‑wild debugging method to extract Chrome’s decryption key without privilege ...

Silicon Valley’s two biggest dramas have intersected: LiteLLM and Delve

LiteLLM offers an AI open source project used by millions that was infected by credential harvesting malware.

Self-propagating malware poisons open source software and wipes Iran-based machines

A new hacking group has been rampaging the Internet in a persistent campaign that spreads a self-propagating and never-before ...
SecurityWeek

From Trivy to Broad OSS Compromise: TeamPCP Hits Docker Hub, VS Code, PyPI

After hacking Trivy, TeamPCP moved to compromise repositories across NPM, Docker Hub, VS Code, and PyPI, stealing over 300GB ...
Microsoft

Guidance for detecting, investigating, and defending against the Trivy supply chain compromise

Threat actors abused trusted Trivy distribution channels to inject credential‑stealing malware into CI/CD pipelines worldwide ...