Popular LiteLLM PyPI package backdoored to steal credentials, auth tokens

The TeamPCP hacking group continues its supply-chain rampage, now compromising the massively popular "LiteLLM" Python package on PyPI and claiming to have stolen data from hundreds of thousands of ...
The Hacker News

TeamPCP Backdoors LiteLLM Versions 1.82.7–1.82.8 Likely via Trivy CI/CD Compromise

Malicious LiteLLM 1.82.7–1.82.8 via Trivy compromise deploys backdoor and steals credentials, enabling Kubernetes-wide persistence and lateral spread.
Developer Tech

Rakuten: Coding agents accelerate developers’ incident response

Rakuten has demonstrated how developers can accelerate their incident response workflows and cut recovery times by integrating coding agents.
Visual Studio Magazine

Threats from the Shadows: Securing the CI/CD Pipeline Against Modern Attacks

Understand how hidden vulnerabilities in CI/CD pipelines and package dependencies can be exploited by attackers. Learn practical, actionable strategies to secure your software supply chain and ...
GitHub

A Python-native CI/CD framework for defining, testing, and transpiling pipelines to GitHub Actions.

Below is an example of a Python-defined pipeline that mirrors what most teams use in production — build, lint, test, coverage, and deploy — all orchestrated through pygha. --src-dir: Source directory ...
Associated Press

New Zealand leads the West Indies by 96 runs after the 2nd day of the 1st test

Copyright 2026 The Associated Press. All Rights Reserved. Copyright 2026 The Associated Press. All Rights Reserved. New Zealand’s Tom Latham kneels while batting ...
InfoQ

Grafana and GitLab Introduce Serverless CI/CD Observability Integration

A monthly overview of things you need to know as an architect or aspiring architect. Unlock the full InfoQ experience by logging in! Stay updated with your favorite authors and topics, engage with ...
Windows Report

Python 3.14 Arrives on Azure App Service for Linux

NOTE: This article was published yesterday (30/10/2025), but due to some technical issues it went offline. Microsoft has officially added Python 3.14 to Azure App Service for Linux. Developers can now ...
adtmag.com

Continuous Integration/Continuous Delivery (CI/CD)

An automated software engineering practice that integrates code changes frequently, tests them continuously, and deploys validated builds to production or staging environments for rapid, reliable ...
GitHub

python uv for CI/CD

We want to test uv for CI/CD and see if CI/CD total time will be better. This issue tracks the migration from pip to uv in our CI/CD pipeline to improve build performance and dependency resolution.
Cloud Security Alliance

Do Your CI/CD Pipelines Need Identities? Yes.

Do Your CI/CD Pipelines Need Identities? Yes. Originally published by Aembit. Written by Apurva Davé. If one principal can do anything, one mistake can undo everything. I’ve read too many incident ...