SecurityWeek

From Trivy to Broad OSS Compromise: TeamPCP Hits Docker Hub, VS Code, PyPI

After hacking Trivy, TeamPCP moved to compromise repositories across NPM, Docker Hub, VS Code, and PyPI, stealing over 300GB ...
Microsoft

Guidance for detecting, investigating, and defending against the Trivy supply chain compromise

Threat actors abused trusted Trivy distribution channels to inject credential‑stealing malware into CI/CD pipelines worldwide ...
Visual Studio Magazine

Getting My OpenClaw Around VS Code

A hands-on test found that OpenClaw can work with VS Code for file-based drafting and source-driven synthesis, but the current experience is still centered on a local gateway and workspace model rathe ...

Popular LiteLLM PyPI package backdoored to steal credentials, auth tokens

The TeamPCP hacking group continues its supply-chain rampage, now compromising the massively popular "LiteLLM" Python package ...
GitHub

ACPMS - Agentic Coding Project Management System

A platform that integrates Project Management (Requirements, Tasks, Bugs) with AI Agents (Claude Code / Codex / Gemini / Cursor AI) to automate the software development lifecycle. Inspired by Vibe ...
GitHub

xhorizont/ai-coding-template

This repository is a drop-in starter for any project that wants to use AI assistants (Claude, OpenAI / ChatGPT, Gemini, Local models) in a consistent, safe and reproducible way. It ships with: ...