SecurityWeek

From Trivy to Broad OSS Compromise: TeamPCP Hits Docker Hub, VS Code, PyPI

After hacking Trivy, TeamPCP moved to compromise repositories across NPM, Docker Hub, VS Code, and PyPI, stealing over 300GB ...
InfoWorld

PyPI warns developers after LiteLLM malware found stealing cloud and CI/CD credentials

The compromised packages, linked to the Trivy breach, executed a three‑stage payload targeting AWS, GCP, Azure, Kubernetes ...
InfoWorld

Speed boost your Python programs with new lazy imports

No more waiting on slow-loading modules or wasting time on ad hoc workarounds: Python 3.15’s new ‘lazy imports’ mechanism has ...
Microsoft

Guidance for detecting, investigating, and defending against the Trivy supply chain compromise

Threat actors abused trusted Trivy distribution channels to inject credential‑stealing malware into CI/CD pipelines worldwide ...
GitHub

When opening a new terminal, Python venv is activated twice

python-envs.terminal.autoActivationType: "shellStartup" switches the new python-envs extension to inject activation via shell environment (invisible, no duplicate commands) Both settings together: ...
GitHub

matplotlib-3.1.1.dist-info/RECORD,,

matplotlib-3.1.1.dist-info/namespace_packages.txt,sha256=A2PHFg9NKYOU4pEQ1h97U0Qd-rB-65W34XqC-56ZN9g,13 matplotlib-3.1.1.dist-info/top_level.txt,sha256 ...