SecurityWeek

Telnyx Targeted in Growing TeamPCP Supply Chain Attack

The TeamPCP hacking group has hacked the Telnyx PyPI package as part of a supply chain campaign targeting the broad OSS ecosystem.

Malicious campaign targets popular OpenWebUI AI interface to mine crypty and steal credentials

Cybernews researchers uncovered numerous OpenWebUI instances that were silently running malware.
InfoWorld

PyPI warns developers after LiteLLM malware found stealing cloud and CI/CD credentials

The compromised packages, linked to the Trivy breach, executed a three‑stage payload targeting AWS, GCP, Azure, Kubernetes ...
The Hacker News

TeamPCP Backdoors LiteLLM Versions 1.82.7–1.82.8 via Trivy CI/CD Compromise

Malicious LiteLLM 1.82.7–1.82.8 via Trivy compromise deploys backdoor and steals credentials, enabling Kubernetes-wide ...
Security Boulevard

Frequently Asked Questions About the Axios npm Supply Chain Attack by North Korea-Nexus Threat Actor UNC1069

A North Korea-nexus threat actor compromised the widely used axios npm package, delivering a cross-platform remote access ...
Arabian Post

BlankGrabber cloaks theft with fake certificate

A newly documented BlankGrabber infection chain is using a bogus “certificate” loader to disguise a multi-stage Windows compromise, adding another layer of deception to a commodity stealer already ...
GitHub

Tiny and fast ASN.1 decoder in Python

asn1tinydecoder.py is a simple and fast ASN.1 decoder without external libraries designed to parse large files. A widely used library for encoding and decoding ASN1 in python is Pyasn1. The ...
GitHub

DCC MicroPython Decoder for Pico RP2040

This is software decodes DCC model train serial communication to obtain the state of function buttons F1-F12, which can be utilized for layout automation. The intent is to use this software with a ...