The Hacker News

TeamPCP Backdoors LiteLLM Versions 1.82.7–1.82.8 via Trivy CI/CD Compromise

Malicious LiteLLM 1.82.7–1.82.8 via Trivy compromise deploys backdoor and steals credentials, enabling Kubernetes-wide ...
SecurityWeek

From Trivy to Broad OSS Compromise: TeamPCP Hits Docker Hub, VS Code, PyPI

After hacking Trivy, TeamPCP moved to compromise repositories across NPM, Docker Hub, VS Code, and PyPI, stealing over 300GB ...
Cybernews

Critical Python supply chain compromise: how library used by millions of AI developers got infected with malware

LiteLLM, a massively popular Python library, was compromised via a supply chain attack, resulting in the delivery of ...

Popular LiteLLM PyPI package backdoored to steal credentials, auth tokens

The TeamPCP hacking group continues its supply-chain rampage, now compromising the massively popular "LiteLLM" Python package ...
XDA Developers on MSN

A popular Python library just became a backdoor to your entire machine

Supply chain attacks feel like they're becoming more and more common.

"CanisterWorm" supply chain malware attacks npm

A threat actor who stole credentials from a legitimate node package manager (npm) publisher has spread a persistent, ...
Security Boulevard

CanisterWorm: The Self-Spreading npm Attack That Uses a Decentralized Server to Stay Alive

UTC, Aikido Security detected an unusual pattern across the npm registry: dozens of packages from multiple organizations were ...
Hackaday

This Week In Security: Linux Flaws, Python Ownage, And A Botnet Shutdown

Qualys reports the discovery by their threat research unit of vulnerabilities in the Linux AppArmor system used by SUSE, Debian, Ubuntu, and ...

I turned a Raspberry Pi 5 into a real SSD-powered PC for less than $200

PCWorld demonstrates building a high-performance Raspberry Pi 5 computer with NVMe SSD storage for under $200, requiring the ...
Digital Trends

Crimson Desert PC requirements are out: Check if your PC can run it

Developer Pearl Abyss has revealed the official PC system requirements for its upcoming open-world action-adventure game Crimson Desert, giving players a clearer idea of what kind of hardware they ...
GitHub

SSH Paste Image for Claude

Paste clipboard images into Claude Code (or any CLI) running over SSH. If you develop on a remote server and use Claude Code via SSH, you've hit this problem: you can't paste images into the CLI ...
PC Magazine

With Nvidia's GB10 Superchip, I’m Running Serious AI Models in My Living Room. You Can, Too

I’m a traditional software engineer. Join me for the first in a series of articles chronicling my hands-on journey into AI development using Dell's Pro Max mini-workstation with Nvidia’s Grace ...