Bleeping Computer

Popular LiteLLM PyPI package backdoored to steal credentials, auth tokens

The TeamPCP hacking group continues its supply-chain rampage, now compromising the massively popular "LiteLLM" Python package on PyPI and claiming to have stolen data from hundreds of thousands of ...
Decrypt

Polkadot-Ethereum Bridge Hack Losses Were 10x Worse Than Reported, Team Admits

Polkadot bridge protocol Hyperbridge said losses from this week's hack were 10x worse than originally reported, tallying ...
Hosted on MSN

Target hack claims surface as source code allegedly listed for sale online

A reported target hack involving stolen source code has drawn attention after cybercriminals claimed that they have stolen data linked to the US retailer. The incident surfaced when a previously ...
InfoQ

Anthropic Accidentally Exposes Claude Code Source via npm Source Map File

Anthropic's Claude Code CLI had its full TypeScript source exposed after a source map file was accidentally included in ...
Ars Technica

Here’s what that Claude Code source leak reveals about Anthropic’s plans

Yesterday’s surprise leak of the source code for Anthropic’s Claude Code revealed a lot about the vibe-coding scaffolding the company has built around its proprietary Claude model. But observers ...
InfoWorld

Critical flaw in Marimo Python notebook exploited within 10 hours of disclosure

The CVSS‑9.3 vulnerability allows unauthenticated remote code execution on exposed Marimo servers and was exploited in the wild shortly after disclosure, Sysdig says.
TechCrunch

North Korean hackers blamed for hijacking popular Axios open source project to spread malware

A suspected North Korean hacker has hijacked and modified a popular open source software development tool to deliver malware that could put millions of developers at risk of being compromised. On ...
TechCrunch

De-fi platform Drift suspends deposits and withdrawals after millions in crypto stolen in hack

Decentralized finance company Drift says it has suspended withdrawals and deposits after confirming a security incident. The crypto platform said in a post on X that it was “experiencing an active ...
AppleInsider

You are out of time to update: Severe iOS hack code leaks to everyone

The DarkSword exploit, which primarily targets devices running older iOS versions, has unfortunately made its way to GitHub. It has been patched, so update now. After Coruna, an exploit tool ...
The Droid Guy

FCC Bans Foreign Wi-Fi Routers Over Chinese Hacking Concerns — What Router Owners Need to Know

Your Wi-Fi router has been sending data somewhere — and the FCC just confirmed it. Late Monday, the Federal Communications Commission dropped a bombshell: all foreign-made Wi-Fi routers are now banned ...
Bleeping Computer

Ajax football club hack exposed fan data, enabled ticket hijack

Dutch professional football club Ajax Amsterdam (AFC Ajax) disclosed that a hacker exploited vulnerabilities in its IT systems and accessed data belonging to a few hundred people. The security issues ...
NBC News

FBI labels suspected China hack of law enforcement data 'a major cyber incident'

The FBI has labeled a suspected Chinese cyber intrusion into a government surveillance system a “major incident” that poses risks to U.S. national security, according to a senior law enforcement ...