SecurityWeek

From Trivy to Broad OSS Compromise: TeamPCP Hits Docker Hub, VS Code, PyPI

The hackers compromised GitHub Action tags, then shifted to NPM, Docker Hub, VS Code, and PyPI, and teamed with Lapsus$.

Supply chain attack on LiteLLM: Affected parties should change credentials

An attack on the open-source library for connecting to LLMs has apparently occurred, allowing two compromised packages to ...

AI & Tech Brief: The cybersecurity gold rush

Cybersecurity and tech firms are positioning themselves to capture the exploding market for AI “governance.” Why leading ...

UChicago students use historic maps, state-of-the-art technology to bring Chicago neighborhood history to life

The Chicago Urban Heritage Project​ is filling in blanks for the history of entire neighborhoods and Chicago as a whole, ...
Security Boulevard

Which Came First: The System Prompt, or the RCE?

During a recent penetration test, we came across an AI-powered desktop application that acted as a bridge between Claude ...
Developer Tech

Isolating dynamic AI agent code execution with Cloudflare’s API

Securing dynamic AI agent code execution requires true workload isolation—a challenge Cloudflare’s new API was built to solve ...

Cloudflare’s new Dynamic Workers ditch containers to run AI agent code 100x faster

Cloudflare says dynamically loaded Workers are priced at $0.002 per unique Worker loaded per day, in addition to standard CPU ...
Cybernews

Critical Python supply chain compromise: how library used by millions of AI developers got infected with malware

LiteLLM, a massively popular Python library, was compromised via a supply chain attack, resulting in the delivery of ...
CNET

OpenAI Gives Users a Long-Term Storage Option With ChatGPT Library

ChatGPT users can now store, browse and retrieve the files they upload and create with the AI tool, OpenAI announced this ...
Infosecurity Magazine

TeamPCP Expands Supply Chain Campaign With LiteLLM PyPI Compromise

Researchers attributed the compromise to TeamPCP, the same threat group linked to the aforementioned Trivy compromise and ...
InfoWorld

PyPI warns developers after LiteLLM malware found stealing cloud and CI/CD credentials

The compromised packages, linked to the Trivy breach, executed a three‑stage payload targeting AWS, GCP, Azure, Kubernetes ...
NatureOpinion

AI scientists are changing research — institutions, funders and publishers must respond

The ability to automate the discovery process in some areas of scientific inquiry raises unanswered questions about how ...