Four vulnerabilities in CrewAI could be chained together via prompt injection for sandbox escape, remote code execution, and ...

The TeamPCP hacking group continues its supply-chain rampage, now compromising the massively popular "LiteLLM" Python package on PyPI and claiming to have stolen data from hundreds of thousands of ...

The incident has been described as one of the most significant code leaks in recent times, involving the exposure of Claude ...

Over 1,700 malicious packages since Jan 2025 fuel cross-ecosystem supply chain attacks, enabling espionage and financial ...

M stolen after six-month DPRK social engineering campaign began fall 2025, exposing Drift’s contributors and cloud assets.

The TeamPCP hacking group has been using credentials stolen in the recent OSS campaign to enumerate and compromise AWS ...

You’ve seen it. Rigid hierarchies that move like glaciers, micromanagement that suffocates any spark of creativity, and a burnout culture that treats high ...

TeamPCP strikes again, with almost identical code to LiteLLM.

AI recruiting startup Mercor confirms supply chain attack via LiteLLM library compromise. Hackers claim 4TB of data including ...

On X, Shou linked to a zip file with the leaked code. He is the CTO of Fuzzland and a dropout of the UC Berkeley Ph.D.

Language package managers like pip, npm, and others pose a high risk during active supply chain attacks. However, OS updates ...

Meta pauses Mercor partnership after a major data breach raises concerns over exposure of sensitive AI training data.