LiteLLM loses game of Trivy pursuit, gets compromised

Two versions of LiteLLM, an open source interface for accessing multiple large language models, have been removed from the ...
BeInCrypto

How to Build Your First Crypto Bot For Free — No Coding Required

You don't need to be a developer to build your own crypto bot. Here's how traders are doing it in 30 minutes, for free.
VnExpress International on MSN

Vietnamese teen accused of creating malware that infected 94,000 computers worldwide

A 12th-grade student in Thanh Hoa Province has been accused of developing malicious software and selling it to cybercrime ...

AI bots could outnumber humans online by 2027, warns Cloudflare CEO

As AI agents scour thousands of websites in seconds, bot traffic could soon dominate the internet, raising concerns over ...

Popular LiteLLM PyPI package backdoored to steal credentials, auth tokens

The TeamPCP hacking group continues its supply-chain rampage, now compromising the massively popular "LiteLLM" Python package ...
SecurityWeek

From Trivy to Broad OSS Compromise: TeamPCP Hits Docker Hub, VS Code, PyPI

After hacking Trivy, TeamPCP moved to compromise repositories across NPM, Docker Hub, VS Code, and PyPI, stealing over 300GB ...
The Hacker News

ThreatsDay Bulletin: PQC Push, AI Vuln Hunting, Pirated Traps, Phishing Kits & 20 More Stories

ThreatsDay Bulletin covers stealthy attack trends, evolving phishing tactics, supply chain risks, and how familiar tools are ...
Tom's Hardware on MSN

Rogue OpenClaw AI agent wrote and published 'hit piece' on a Python developer who rejected its code

An OpenClaw autonomous AI agent has hit back at a volunteer maintainer of a Python library who rejected its code by posting a ...
Microsoft

Guidance for detecting, investigating, and defending against the Trivy supply chain compromise

Threat actors abused trusted Trivy distribution channels to inject credential‑stealing malware into CI/CD pipelines worldwide ...
diginomica

Open source maintainers are drowning in AI-generated security noise - $12.5 million is being deployed to throw them a lifeline

AI is burying open source maintainers under a flood of automated security reports they don't have the time or tools to ...

Bubble AI app builder abused to steal Microsoft account credentials

Threat actors are evading phishing detection in campaigns targeting Microsoft accounts by abusing the no-code app-building ...
Hackaday

This Week In Security: Linux Flaws, Python Ownage, And A Botnet Shutdown

Qualys reports the discovery by their threat research unit of vulnerabilities in the Linux AppArmor system used by SUSE, Debian, Ubuntu, and ...