Popular LiteLLM PyPI package backdoored to steal credentials, auth tokens

The TeamPCP hacking group continues its supply-chain rampage, now compromising the massively popular "LiteLLM" Python package ...
The Next Web

Meta freezes AI data work after breach puts training secrets at risk

Meta has indefinitely paused work with $10B AI data startup Mercor after a LiteLLM supply chain attack exposed training ...
The Hacker News

The State of Trusted Open Source Report

Compliance continues to drive adoption of trusted open source: We saw the same themes from December present here, underscored ...
SecurityWeek

Aqua’s Trivy Vulnerability Scanner Hit by Supply Chain Attack

Aqua Security’s Trivy vulnerability scanner was compromised in a supply chain attack, leading to information-stealing ...
The Hacker News

Silver Fox Expands Asia Cyber Campaign with AtlasCross RAT and Fake Domains

AtlasCross RAT spreads via 11 fake domains registered October 27, 2025, enabling encrypted C2 control and persistence.

LangChain framework hit by several worrying security issues — here's what we know

LangChain and LangGraph have patched three high-severity and critical bugs.
Analytics India Magazine

Rust Meets Golang in a New Programming Language

With Go, Ovejero points to a recurring class of bugs around nil handling. Go does not distinguish between nillable and ...

Addressing India’s Top Cloud Challenge—Praveen Ravula’s Method

Working as a software development engineer for AWS Security at Amazon, Praveen Ravula, the 2025 Developer of the Year awardee ...

Alibaba's AI Agent Mined Crypto Without Permission. Now What?

Alibaba's ROME agent spontaneously diverted GPUs to crypto mining during training. The incident falls into a gap between AI, ...
Calgary Herald on MSN

Toronto-based Hackergal comes to Calgary to support girls entering the tech sector

Hackergal, a non-profit organization from Toronto, is in Calgary to help girls and gender-diverse kids level up their digital ...
Security Boulevard

AI Infrastructure LiteLLM Supply Chain Poisoning Alert

Overview Recently, NSFOCUS Technology CERT detected that the GitHub community disclosed that there was a credential stealing program in the new version of LiteLLM. Analysis confirmed that it had ...
TechCentral.ie

Anthropic didn’t lose the model. It lost the moat

If you want a modern parable about how software actually fails, forget the hoodie-and-hackerman fantasy. The Claude Code leak looks to have started with something far more mundane: a release that ...