Malicious telnyx 4.87.1/4.87.2 on PyPI used audio steganography March 27, 2026, enabling cross-platform credential theft.

Supply chain attacks feel like they're becoming more and more common.

Overview NumPy and Pandas form the core of data science workflows. Matplotlib and Seaborn allow users to turn raw data into ...

Malicious LiteLLM 1.82.7–1.82.8 via Trivy compromise deploys backdoor and steals credentials, enabling Kubernetes-wide ...

OpenAI has agreed to acquire Astral, a startup behind widely used Python development tools, in a deal designed to sharpen its ...

Anthropic is scrambling to contain the leak, but the AI coding agent is spreading far and wide and being picked apart.

TeamPCP is exploring ways to monetize the secrets harvested during supply chain attacks, with identified ties to the Lapsus$ ...

A new GitHub project is trying to retrofit Apple's discontinued Time Capsule with modern SMB support. If this works, Time ...

Meanwhile, techies are spreading their copies in private Discord servers, weeding through newly discovered features like spinner verbs, coding pets, and the "fucks" chart — so dubbed by Claude Code ...

Threat actors abused trusted Trivy distribution channels to inject credential‑stealing malware into CI/CD pipelines worldwide ...

Socket and Endor Labs discovered a new TeamPCP campaign leading to the delivery of credential-stealing malware ...

Qualys reports the discovery by their threat research unit of vulnerabilities in the Linux AppArmor system used by SUSE, Debian, Ubuntu, and ...