XDA Developers on MSN
A popular Python library just became a backdoor to your entire machine
Supply chain attacks feel like they're becoming more and more common.
The TeamPCP hacking group continues its supply-chain rampage, now compromising the massively popular "LiteLLM" Python package on PyPI and claiming to have stolen data from hundreds of thousands of ...
Malicious LiteLLM 1.82.7–1.82.8 via Trivy compromise deploys backdoor and steals credentials, enabling Kubernetes-wide persistence and lateral spread.
The Trivy vulnerability scanner was compromised in a supply-chain attack by threat actors known as TeamPCP, which distributed ...
GlassWorm campaign injects malware into GitHub Python repos using stolen tokens since March 8, 2026, exposing developers to ...
UTC, Aikido Security detected an unusual pattern across the npm registry: dozens of packages from multiple organizations were receiving unauthorized patch updates, all containing the same hidden ...
A phishing campaign targeting healthcare, government, hospitality, and education sectors uses several evasion techniques to avoid detection.
Learn how to detect compromise, assess your exposure to the LiteLLM supply chain attack, and use GitGuardian to orchestrate rapid incident response and secret remediation.
Aqua Security’s Trivy vulnerability scanner was compromised in a supply chain attack, leading to information-stealing infections.
If you’re wrangling financial data, the choice between PDF and CSV formats can seriously impact your workflow. PDFs look sharp and preserve layouts, but they tr ...
The Contagious Interview campaign weaponizes job recruitment to target developers. Threat actors pose as recruiters from crypto and AI companies and deliver backdoors such as OtterCookie and ...
Aqua Security’s Trivy vulnerability scanner compromise is trickling down ...
Some results have been hidden because they may be inaccessible to you
Show inaccessible results