Popular LiteLLM PyPI package backdoored to steal credentials, auth tokens

The TeamPCP hacking group continues its supply-chain rampage, now compromising the massively popular "LiteLLM" Python package ...
XDA Developers on MSN

I used Claude Code, Google Antigravity and OpenAI Codex to develop an app, and found only one worth using

Vibe coding is here to stay, and it has only one champion ...
XDA Developers on MSN

A popular Python library just became a backdoor to your entire machine

Supply chain attacks feel like they're becoming more and more common.
InfoWorld

VS Code now updates weekly

Agents, browser debugging, and deprecation of Edit Mode are all highlighted in the latest versions of the popular code editor ...
WinBuzzer

OpenAI Acquires Python Toolmaker Astral to Boost Codex AI Agent

OpenAI has acquired Astral, the company behind Python tools uv and Ruff, to integrate them into its Codex platform as it ...
TechAnnouncer

Reddit’s Top Picks: Discover the Best Free Python Course Options

Dave Gray offers a solid, free Python tutorial that runs for about 9 hours. It’s a pretty methodical course, starting with the basics and moving into more complex stuff like closures and recursion. He ...

Widely used Trivy scanner compromised in ongoing supply-chain attack

Hackers have compromised virtually all versions of Aqua Security’s widely used Trivy vulnerability scanner in an ongoing ...

Panther Launches the Complete AI SOC Platform, Closing the Loop on Security Operations

Panther today announced the general availability of its complete AI SOC Platform, a new category of security operations built around a closed loop. AI agents don't just investigate alerts. They ...
InfoWorld

OpenAI buys Python tools builder Astral

Astral tools and expertise will be leveraged in OpenAI Codex agentic coding app to expand AI capabilities across the software ...

GlassWorm malware hits 400+ code repos on GitHub, npm, VSCode, OpenVSX

The GlassWorm supply-chain campaign has returned with a new, coordinated attack that targeted hundreds of packages, ...
The Hacker News

GlassWorm Attack Uses Stolen GitHub Tokens to Force-Push Malware Into Python Repos

GlassWorm campaign injects malware into GitHub Python repos using stolen tokens since March 8, 2026, exposing developers to ...
Security Boulevard

Fake Temu Coin airdrop uses ClickFix trick to install stealthy malware

A fake $TEMU crypto airdrop uses the ClickFix trick to make victims run malware themselves and quietly installs a ...