On April 30, 2026, someone slipped credential-stealing malware into two freshly published versions of PyTorch Lightning, one ...

Several npm packages for SAP's cloud application development ecosystem have been compromised as TeamPCP's supply chain ...

Malicious Lightning 2.6.2/2.6.3 released April 30 enable credential theft via hidden payload, leading to PyPI quarantine and ...

This was not a case of stolen credentials, but rather of vulnerability exploitation.

Open source software with more than 1 million monthly downloads was compromised after a threat actor exploited a ...

Self-propagating npm worm steals tokens via postinstall hooks, impacting six packages and expanding supply chain attacks.

LiteLLM, an open-source Python package widely used by artificial intelligence systems, has been compromised by hackers in a supply chain attack that researchers say could impact tens of thousands of ...

OpenAI announced Thursday that it has entered into an agreement to acquire Astral, the company behind popular open source Python development tools such as uv, Ruff, and ty, and integrate the company ...

Abstract: Malicious Python packages make software supply chains vulnerable by exploiting trust in open-source repositories like Python Package Index (PyPI). Lack of real-time behavioral monitoring ...

Credit: Image generated by VentureBeat with FLUX-pro-1.1-ultra A quiet revolution is reshaping enterprise data engineering. Python developers are building production data pipelines in minutes using ...