Alert: The Telnyx Python SDK on PyPI has been compromised in a major supply chain attack by TeamPCP. Developers, update immediately and rotate credentials! #CyberSecurity #SupplyChainAttack #PyPI Link: thedailytechfeed.com/telnyx-pypi-...
The LiteLLM Supply Chain Attack: How a Security Scanner Became a Backdoor
techlife.blog/posts/litell...
#LiteLLM #SupplyChainAttack #PyPI #Security #Malware #Python #TeamPCP #AISecurity
Ossprey has detected a new wave of #TeamPCP malware embedded in #telnyx versions 4.87.1 and 4.87.2 on #PyPI.
Full analysis is on our blog.
If telnyx is in your dependency tree, check your installed version now.
ossprey.com/blog/telnyx-...
#SupplyChainSecurity #PyPI #OpenSource #Malware #AppSec
Another supply chain attack hits home: LiteLLM was compromised by TeamPCP. Learn how a stolen token led to a massive infostealer deployment and what it means for your software.
thepixelspulse.com/posts/litellm-malware-at...
#litellm #teampcp #pypi
Popular #LiteLLM #PyPI package backdoored to steal credentials, auth tokens
www.bleepingcomputer.com/news/security/popular-li...
#cybersecurity #TeamPCP
LiteLLM Python library was poisoned via PyPI on March 24 — check if you have version 1.82.8 installed and rotate all credentials immediately
#LiteLLM #Python #PyPI
open.substack.com/pub/pythonli...
Supply chain attack hits litellm (95M downloads).
Backdoor runs on import + every Python startup.
Steals creds, spreads via Kubernetes, persists silently.
Same campaign hitting multiple ecosystems.
Dev tools = new attack surface?
Follow us for more updates.
#CyberSecurity #Infosec #OpenSource #PyPI
TeamPCP Backdoors LiteLLM via Trivy
Read More: buff.ly/9DwmFvk
#TeamPCP #LiteLLM #Trivy #PyPI #SupplyChainSecurity #KubernetesSecurity #CredentialTheft #DevSecOps
A new supply chain attack has compromised #LiteLLM on #PyPI with credential-stealing #malware in a library with 95 million monthly downloads.
cyberinsider.com/new-supply-c...
#apisecurity #supplychain #python
LiteLLM on PyPI was trojaned via a hidden .pth that stole credentials. Installed 1.82.7/1.82.8? Assume your keys are gone — audit now. #PyPI #SoftwareSupplyChain #Cybersecurity
LiteLLM's latest versions were compromised via its CEO's GitHub, unleashing infostealer malware. This isn't just another supply chain attack; it reveals deeper issues.
thepixelspulse.com/posts/litellm-supply-cha...
#litellm #pypi #teampcp
The AI Tool You Just Downloaded Might Be Stealing Your Passwords: Inside the Infostealer Campaign Targeting Developers Kaspersky researchers uncovered malicious Python packages impersonating AI dev...
#AISecurityPro #AI #developer #tools #Claude #Code […]
[Original post on webpronews.com]
Half the ecosystem. Done.
180 of the top 360 PyPI packages now ship free-threaded wheels, a milestone the whole Python community helped reach.
The next 50% needs you. 🙌
See how to help in our latest blog by Nathan Goldbaum: buff.ly/GzMmtfy
#Python #PyPI #FreethreadedPython #Quansight
🌊🔍 Dive into recent discoveries of PyPI package vulnerabilities! Stay informed and secure your projects. Read more here: innovirtuoso.com/cybersecurity/a-deep-div... #Cybersecurity #Python #PyPI #Vulnerabilities
This cannot be:
I am trying to compile a few stats for the #Snakemake executor plugin for #SLURM on #HPC systems. Preparing for a lighting talk at the #SnakemakeHackathon2026
PyPi: 20,000 downloads last month
BioConda: > 60,000 total (aggregated over all versions)
Impressive as it might be […]
I got too excited about "set-and-forget" relative dependency cooldowns coming to #pip that I hacked them together using cron and a script that calculates uploaded-prior-to in pip.conf 👀
sethmlarson.dev/pip-relative...
#python #pypi #dependencycooldowns #security
Huge thanks to @fastly.com for 10+ years of keeping #PyPI up and running! PyPI serves 800K+ users at ~100K requests/sec. With a small team behind the service, that kind of scale is only possible because of infrastructure partners who invest in the sustainability of the #Python ecosystem.
I did an open source. Meet nuv github.com/stevencarpen.... I often like spinning small, utility cli tools. Sometimes they are for a larger project's administration, or just a one off thing. Now I can spin a new UV project with one command and it comes with the basic cli setup I like. #foss #pypi #uv
The new iRODS HTTP API Python Wrapper Library v0.1.0 is released!
github.com/irods/irods_...
Via PyPI:
pip install irods-http
#python #irods #http #pypi
The Underfunded Gatekeepers: How Open-Source Registries Became Critical Infrastructure Without the Budget to Match Open-source package registries like npm and PyPI distribute billions of software p...
#CybersecurityUpdate #npm #open-source #funding […]
[Original post on webpronews.com]
Wow, I've just learned that GStreamer is now publishing bundles including all dependencies for Python on PyPI:
https://pypi.org/project/gstreamer-bundle/
gitlab.freedesktop.org/gstreamer/gstreamer/-/is...
Unfortunately, not yet for GNU/Linux (understandable seeing the complexity […]
Humpf. Was on a good roll this evening, just updated BlogMore again, and while I can see the latest version (0.6.0) on PyPI nothing seems to want to convince uv that there's anything later than 0.5.0. 🙃
#Python #PyPI
Hi there👋 I've publicated my onlyone #python app on #PyPI
If you need a tool to find and move to trash #duplicates of your files, feel free to use it and write me a feedback.
Here is link to #onlyone on pypi:
pypi.org/project/only...
It requires python >= 3.9
It has both cli and gui
thanks
Maybe not worth it for #pypi to implement, but I wonder if there are any projects that look at #python packages, and map the connection between projects and entrypoints. For example, if my project loads an `example.foo` entrypoint, then how would I search all projects that implement an ` […]
📰 Perekrut Palsu Sembunyikan Malware dalam Tes Coding untuk Developer Kripto
👉 Baca artikel lengkap di sini: ahmandonk.com/2026/02/15/fake-recruite...
#cryptocurrency #cybersecurity #lazarus #group #malware #npm #pypi #supply #chain #attack
Lazarus Campaign Plants Malicious Packages in npm and PyPI Ecosystems reconbee.com/lazarus-camp...
#Lazarus #Lazaruscampaign #malicious #packages #PyPI #npm #cybersecurity #cyberattack
OpenClaw Scanner: Open-source tool detects autonomous AI agents A new free, open source tool is available to help organizations detect where autonomous AI agents are operating across corporate envi...
#Don't #miss #News #agentic #AI #Astrix #Security […]
[Original post on helpnetsecurity.com]
🌊🔍 Dive into recent discoveries of PyPI package vulnerabilities! Stay informed and secure your projects. Read more here: innovirtuoso.com/cybersecurity/a-deep-div... #Cybersecurity #Python #PyPI #Vulnerabilities
~Socket~
Malicious dYdX packages on npm and PyPI steal crypto wallet credentials and deploy a Remote Access Trojan (RAT).
-
IOCs: dydx. priceoracle. site
-
#PyPI #SupplyChain #ThreatIntel #npm
