Major compromise of the telnyx PyPI library could put millions of users at risk

TeamPCP strikes again, with almost identical code to LiteLLM.

Two different attackers poisoned popular open source tools - and showed us the future of supply chain compromise

Although executed by different attackers – Axios by North Korean-linked goons, and Trivy et al. by a loosely knit band of ...
Dark Reading

TeamPCP Breaches Cloud, SaaS Instances With Stolen Credentials

The threat group's shift to speedy attacks on AWS, Azure, and SaaS instances shows organizations need to respond quickly to ...

LangChain framework hit by several worrying security issues — here's what we know

LangChain and LangGraph have patched three high-severity and critical bugs.
Bleeping Computer

Backdoored Telnyx PyPI package pushes malware hidden in WAV audio

TeamPCP hackers compromised the Telnyx package on the Python Package Index today, uploading malicious versions that deliver credential-stealing malware hidden inside a WAV file. Earlier today, the ...
Bleeping Computer

Popular LiteLLM PyPI package backdoored to steal credentials, auth tokens

The TeamPCP hacking group continues its supply-chain rampage, now compromising the massively popular "LiteLLM" Python package on PyPI and claiming to have stolen data from hundreds of thousands of ...
Infosecurity-magazine.com

TeamPCP Expands Supply Chain Campaign With LiteLLM PyPI Compromise

A widely used Python package with more than 95 million monthly downloads has been compromised with credential-stealing malware, expanding the ongoing supply chain campaign linked to the TeamPCP threat ...
The Hacker News

N. Korean Hackers Spread 1,700 Malicious Packages Across npm, PyPI, Go, Rust

Over 1,700 malicious packages since Jan 2025 fuel cross-ecosystem supply chain attacks, enabling espionage and financial ...
Houston Chronicle

How to Make Folders & Subfolders in Python

The Python programming language serves as a scripting language suited for quick programming tasks. It's more accessible to small business owners and others who are casual programmers than other ...
GIGAZINE

The AI library 'LiteLLM,' which has over 40,000 GitHub stars, was subjected to a supply chain attack, resulting in the distribution of a malware version. Users' SSH keys and ...

LiteLLM ' was subjected to a supply chain attack, and it has been discovered that a malware version containing malicious modifications was temporarily distributed. It has also been found that the ...