SecurityWeek

From Trivy to Broad OSS Compromise: TeamPCP Hits Docker Hub, VS Code, PyPI

After hacking Trivy, TeamPCP moved to compromise repositories across NPM, Docker Hub, VS Code, and PyPI, stealing over 300GB ...
InfoWorld

PyPI warns developers after LiteLLM malware found stealing cloud and CI/CD credentials

The compromised packages, linked to the Trivy breach, executed a three‑stage payload targeting AWS, GCP, Azure, Kubernetes ...

AIツールで「サイバーサイコシス」の状態に陥る

Boston Consulting GroupとUC Riversideの研究者はこのようなAIツールの過剰使用による認知的な疲弊・過負荷現象を「Brain fry (脳の疲弊、脳の焼き切れ)」と呼んでいる。Harvard Business ...

Major Security Breach Of Critical AI Dependency Exposes Cloud Secrets

A cyber attack hit LiteLLM, an open-source library used in many AI systems, carrying malicious code that stole credentials ...
OfficeChai

LiteLLM Attack: How a Hacked Security Tool Became a Master Key to Thousands of AI Developer ...

On the morning of March 24, 2026, tens of thousands of software developers working on AI applications were unknowingly exposed to malware.
The Hacker News

36 Malicious npm Packages Exploited Redis, PostgreSQL to Deploy Persistent Implants

Strapi plugins exploit Redis and PostgreSQL via postinstall scripts, enabling persistent access and data theft.
Infosecurity Magazine

TeamPCP Targets Telnyx Package in Latest PyPI Software Supply Chain Attack

Socket and Endor Labs discovered a new TeamPCP campaign leading to the delivery of credential-stealing malware ...

Claude Codeのソースコード流出によって明らかになったAnthropicの開発プロジェクトとは?

2026年3月31日、AnthropicのコーディングAIエージェント・Claude Codeのソースコードが流出する事件が起きました。このソースコードを解析した結果、Anthroipicが開発中あるいは無効化していた機能の存在が明らかとなりました。

I found 7 open source apps so good I'd actually pay for them

'Open Sesame' goes my wallet ...