Popular LiteLLM PyPI package backdoored to steal credentials, auth tokens

The TeamPCP hacking group continues its supply-chain rampage, now compromising the massively popular "LiteLLM" Python package ...
SecurityWeek

From Trivy to Broad OSS Compromise: TeamPCP Hits Docker Hub, VS Code, PyPI

After hacking Trivy, TeamPCP moved to compromise repositories across NPM, Docker Hub, VS Code, and PyPI, stealing over 300GB ...
The Hacker News

Critical Langflow Flaw CVE-2026-33017 Triggers Attacks within 20 Hours of Disclosure

Langflow CVE-2026-33017 exploited in 20 hours after disclosure, enabling RCE via exec(), exposing systems before patching ...
The Hacker News

GlassWorm Attack Uses Stolen GitHub Tokens to Force-Push Malware Into Python Repos

GlassWorm campaign injects malware into GitHub Python repos using stolen tokens since March 8, 2026, exposing developers to ...
Hip-Hop Wired

'GTA 6' Python Code & More Leak On The Web

HHW Gaming: ‘GTA V’ Source Code, ‘GTA 6’ Python Code, ‘Bully 2’ Files The Latest Stolen Data To Leak From Rockstar Games Hack The leaks of GTA V's source code are concerning because they could lead to ...
Threat Post

Supply-Chain Hack Breaches 35 Companies, Including PayPal, Microsoft, Apple

Ethical hacker Alex Birsan developed a way to inject malicious code into open-source developer tools to exploit dependencies in organizations internal applications. An ethical hacker has demonstrated ...
Bleeping Computer

Plone Developers Call "Hoax" on Alleged FBI Hack

The Plone security team has debunked claims made by a hacker, who said he used a zero-day in the Plone CMS to hack into the FBI's website, which uses the aforementioned CMS. Plone developers felt they ...