SecurityWeek

From Trivy to Broad OSS Compromise: TeamPCP Hits Docker Hub, VS Code, PyPI

After hacking Trivy, TeamPCP moved to compromise repositories across NPM, Docker Hub, VS Code, and PyPI, stealing over 300GB ...
InfoWorld

Speed boost your Python programs with new lazy imports

No more waiting on slow-loading modules or wasting time on ad hoc workarounds: Python 3.15’s new ‘lazy imports’ mechanism has ...
Microsoft

Guidance for detecting, investigating, and defending against the Trivy supply chain compromise

Threat actors abused trusted Trivy distribution channels to inject credential‑stealing malware into CI/CD pipelines worldwide ...

Popular LiteLLM PyPI package backdoored to steal credentials, auth tokens

The TeamPCP hacking group continues its supply-chain rampage, now compromising the massively popular "LiteLLM" Python package ...
The Hacker News

GlassWorm Attack Uses Stolen GitHub Tokens to Force-Push Malware Into Python Repos

GlassWorm campaign injects malware into GitHub Python repos using stolen tokens since March 8, 2026, exposing developers to ...
CNBC

Figma partners with Anthropic to turn AI-generated code into editable designs

Figma and Anthropic are partnering on AI coding tools that integrate Claude Code. Software stocks have sold off as AI tools threaten to upend the industry. Figma reports earnings Wednesday. The stock ...
Gizmodo

Mint Mobile Extends Its Holiday Offer Into the New Year With 50% Off Unlimited Plans, Plus an Extra Stackable Discount Code

All products featured here are independently selected by our editors and writers. If you buy something through links on our site, Gizmodo may earn an affiliate commission. Reading time 3 minutes The ...
CSOonline

Contagious Interview turns VS Code into an attack vector

Threat actors behind the campaign are abusing Microsoft Visual Studio Code’s trusted workflows to execute and persist malicious code. Threat actors behind the long-running Contagious Interview ...
GitHub

wareflowx/excel-to-sql

Excel to SQLite simplifies the process of importing Excel data into SQLite databases. It provides automatic schema detection, data transformations, validation rules, and includes an intelligent ...
Wall Street Journal

The Row Over South Korea’s Push for a Native AI Model: Chinese Code

SEOUL—Last June, the South Korean government launched a competition to create a new independent AI model developed with Korean technology. A homegrown tool like that was critical to ensuring Korea’s ...