techtimes

500 Poisoned Packages, Hundreds of Companies: TeamPCP’s Worm Just Reached GitHub

A GitHub employee installed a routine VS Code extension update on the morning of May 18, 2026. That single action handed cybercrime group TeamPCP enough access to exfiltrate approximately 3,800 of ...
SiliconANGLE

GitHub confirms breach of 3,800 internal repos after employee installs poisoned VS Code ...

Hackers exfiltrated roughly 3,800 of GitHub Inc.’s internal code repositories after one of its employees installed a poisoned Visual Studio Code extension, the Microsoft Corp.-owned developer platform ...
VentureBeat

Four AI supply-chain attacks in 50 days exposed the release pipeline red teams aren't covering

Four supply-chain incidents hit OpenAI, Anthropic and Meta in 50 days: three adversary-driven attacks and one self-inflicted packaging failure. None targeted the model, and all four exposed the same ...
CSOonline

ClickFix finds a backup plan in PySoxy proxy chains

ReliaQuest observed attackers pairing ClickFix with the PySoxy proxy tool to establish redundant encrypted access paths and persistence on compromised systems. ClickFix, a one-shot social engineering ...
Security

Why Point-in-Time Assessments Fail and What Must Replace Them

Annual security assessments and SOC 2 reports often fail to capture real-time changes in modern SaaS and AI environments. The article argues that runtime evidence and continuous monitoring are ...
SecurityWeek

Critical cPanel & WHM Vulnerability Exploited as Zero-Day for Months

Hackers have been exploiting a critical-severity authentication bypass vulnerability in the cPanel & WHM (WebHost Manager) server and site management platform for months. Tracked as CVE-2026-41940 ...
The Hacker News

LiteLLM CVE-2026-42208 SQL Injection Exploited within 36 Hours of Disclosure

In yet another instance of threat actors quickly jumping on the exploitation bandwagon, a newly disclosed critical security flaw in BerriAI's LiteLLM Python package has come under active exploitation ...
GitHub

LiteLLM Proxy Client

A Python client library for interacting with the LiteLLM proxy server. This client provides a clean, typed interface for managing models, keys, credentials, and making chat completions. The client ...
techannouncer

Master Python: A Comprehensive Tutorial for Beginners on YouTube

So, you want to learn Python, and you’re thinking YouTube is the place to do it. Smart move! The internet is packed with video lessons that can take you from zero to coding hero. But with so many ...
Dark Reading

Claude Source Code Leak Highlights Big Supply Chain Missteps

Sophisticated cyberattacks targeting a variety of open source projects, including the Trivy security-scanner project, the widely used Axios Javascript package, and now Anthropic's accidental ...
SecurityWeek

Mercor Hit by LiteLLM Supply Chain Attack

The AI recruiting firm is investigating the incident as Lapsus$ claimed the theft of 4TB of Mercor data. AI recruiting firm Mercor has disclosed impact from the recent LiteLLM supply chain attack, ...