The Hacker News

TeamPCP Backdoors LiteLLM Versions 1.82.7–1.82.8 via Trivy CI/CD Compromise

Malicious LiteLLM 1.82.7–1.82.8 via Trivy compromise deploys backdoor and steals credentials, enabling Kubernetes-wide persistence and lateral spread.
SecurityWeek

From Trivy to Broad OSS Compromise: TeamPCP Hits Docker Hub, VS Code, PyPI

The hackers compromised GitHub Action tags, then shifted to NPM, Docker Hub, VS Code, and PyPI, and teamed with Lapsus$.
InfoWorld

PyPI warns developers after LiteLLM malware found stealing cloud and CI/CD credentials

The compromised packages, linked to the Trivy breach, executed a three‑stage payload targeting AWS, GCP, Azure, Kubernetes configs, SSH keys, and automation pipelines before being removed.
Microsoft

Guidance for detecting, investigating, and defending against the Trivy supply chain compromise

Threat actors abused trusted Trivy distribution channels to inject credential‑stealing malware into CI/CD pipelines worldwide. This analysis walks through the Trivy supply‑chain compromise, attacker ...

Popular LiteLLM PyPI package backdoored to steal credentials, auth tokens

The TeamPCP hacking group continues its supply-chain rampage, now compromising the massively popular "LiteLLM" Python package on PyPI and claiming to have stolen data from hundreds of thousands of ...
XDA Developers on MSN

A popular Python library just became a backdoor to your entire machine

Supply chain attacks feel like they're becoming more and more common.
Gizmodo

How We Unblock All Streaming Services With this Cheap $2.44/mo VPN

This article features deals sourced directly by Gizmodo and produced independently of the editorial team. We may earn a commission when you buy through links on the site. Reading time 2 minutes We all ...
The Financial Express

Recovery in pricing expected for API companies in FY27: Ind-Ra

The prices for active pharmaceuticals ingredients (API) will recover in FY27 due to the implementation of minimum import price (MIP) starting from 29 January 2026 and China’s withdrawal value-added ...
Hosted on MSN

ExpressVPN just gave AI agents the power to control your connection

ExpressVPN launches industry's first Model Context Protocol (MCP) server The beta allows AI agents to interact directly with its VPN desktop apps The feature is opt-in, runs locally, and operates ...
The Financial Express

Indian API market to grow at 7% through FY28: CareEdge

Supported by favourable policies, rising domestic demand and shift towards complex active pharmaceutical ingredient (API), the Indian API market is projected to grow at a compounded annual growth rate ...
ZDNet

The best Amazon Fire TV Stick VPNs: Expert tested

I wore the world's first HDR10 smart glasses TCL's new E Ink tablet beats the Remarkable and Kindle Anker's new charger is one of the most unique I've ever seen Best laptop cooling pads Best flip ...
ZDNet

Your ExpressVPN is getting three huge upgrades - including a private AI assistant

ExpressVPN launched ExpressKeys and ExpressMailGuard, with ExpressAI soon. ExpressVPN is expanding beyond VPN into a broader security suite. Older ExpressVPN apps retire March 31, 2026, so update soon ...