Malicious telnyx 4.87.1/4.87.2 on PyPI used audio steganography March 27, 2026, enabling cross-platform credential theft.
Socket and Endor Labs discovered a new TeamPCP campaign leading to the delivery of credential-stealing malware ...
A cyber attack hit LiteLLM, an open-source library used in many AI systems, carrying malicious code that stole credentials ...
TeamPCP is exploring ways to monetize the secrets harvested during supply chain attacks, with identified ties to the Lapsus$ ...
Overview Recently, NSFOCUS Technology CERT detected that the GitHub community disclosed that there was a credential stealing program in the new version of LiteLLM. Analysis confirmed that it had ...
Language package managers like pip, npm, and others pose a high risk during active supply chain attacks. However, OS updates ...
A North Korea-nexus threat actor compromised the widely used axios npm package, delivering a cross-platform remote access ...
With almost 175,000 npm projects listing the library as a dependency, the attack had a huge cascade effect and shows how ...
With more and more AI services available globally, it's getting hard to keep them all straight, which is why an app like Noi ...
Active exploits, nation-state campaigns, fresh arrests, and critical CVEs — this week's cybersecurity recap has it all.
Some results have been hidden because they may be inaccessible to you
Show inaccessible results