Malware in an Open-Source Project Could Have Infected Thousands. The Twist? It Was Certified by Delve

For a short window on Tuesday, two versions of a popular open-source project from LiteLLM contained malware, designed to steal all sorts of login credentials. A researcher discovered it after it ...
SecurityWeek

From Trivy to Broad OSS Compromise: TeamPCP Hits Docker Hub, VS Code, PyPI

After hacking Trivy, TeamPCP moved to compromise repositories across NPM, Docker Hub, VS Code, and PyPI, stealing over 300GB ...