TeamPCP strikes again, with almost identical code to LiteLLM.

Supply chain attacks feel like they're becoming more and more common.

The TeamPCP hacking group continues its supply-chain rampage, now compromising the massively popular "LiteLLM" Python package on PyPI and claiming to have stolen data from hundreds of thousands of ...

The threat group's shift to speedy attacks on AWS, Azure, and SaaS instances shows organizations need to respond quickly to ...

Flex spaces, those multiuse areas that bend and grow to accommodate the disparate and changing needs of a household, took off during the pandemic. We had to get creative about how we used space when ...

TeamPCP is exploring ways to monetize the secrets harvested during supply chain attacks, with identified ties to the Lapsus$ ...

LangChain and LangGraph have patched three high-severity and critical bugs.

With almost 175,000 npm projects listing the library as a dependency, the attack had a huge cascade effect and shows how ...

最新上传的LiteLLM Python 版本1.82.7和1.82.8，已被人为恶意植入信息窃取程序。 一旦安装，SSH密钥、AWS凭证和API密钥等数据均会立即泄漏。 目前LiteLLM的维护者Krrish Dholakia，已经公开证实此事。 在恶意版本存在三小时后，PyPI迅速发现了这一漏洞，并将软件包隔离。

CNCF launches Dapr Agents v1.0 at KubeCon EU, prioritizing crash recovery and durability over intelligence. Zeiss validates ...