Forcepoint details TeamPCP supply chain attack that turned LiteLLM into a credential stealer

A new report out today from cybersecurity company Forcepoint LLC’s X-Labs research team details a supply chain attack that ...
MUO on MSN

Claude Code is a shockingly good photo editor if you use it right

Photo editing with AI feels unfair.

Protect your enterprise now from the Shai-Hulud worm and npm vulnerability in 6 actionable steps

TanStack had 2FA, OIDC publishing, and Sigstore provenance on every release. The Mini Shai-Hulud worm published 84 malicious ...
blockchain

List of Flash News about Python repositories

According to @DeepLearningAI, researchers introduced SWE-smith, a pipeline that automatically builds realistic training data to fine-tune software engineering agents, highlighting a tooling advance in ...
Morning Overview on MSN

Hackers poisoned the PyTorch Lightning AI package and it started stealing credentials the moment you imported it

A single line of Python code was all it took. Developers who ran import lightning after installing versions 2.6.2 or 2.6.3 of ...

Open source package with 1 million monthly downloads stole user credentials

Open source software with more than 1 million monthly downloads was compromised after a threat actor exploited a vulnerability in the developers’ account workflow that gave access to its signing keys ...
The Financial Times

European repo is absolutely massive

Roula Khalaf, Editor of the FT, selects her favourite stories in this weekly newsletter. The US repo market is huge and systemic, as a long series of crises and near-crises has shown. And it keeps ...
Scientific American

Open-source software has an invisible vulnerability. Hackers have found it

The danger in the code came from characters that are invisible to the human eye. In early March researchers at several security firms examined what looked like empty space and found hidden Unicode ...
Hackaday

This Week In Security: Linux Flaws, Python Ownage, And A Botnet Shutdown

The ides of security March are upon us — Qualys reports the discovery by their threat research unit of vulnerabilities in the Linux AppArmor system used by SUSE, Debian, Ubuntu, and Kubernetes as an ...
NBC News

Jan. 6 plaque installed at U.S. Capitol following yearslong delay

Staffers from the office of the Architect of the Capitol on Saturday morning installed a plaque honoring the U.S. Capitol Police and other law enforcement agencies that protected the Capitol building ...
Bloomberg L.P.

Bank of Canada Moves to Central Clearing to Curb Repo Risk

The Bank of Canada will begin centrally clearing its repo operations, Governor Tiff Macklem said, as he flagged growing risks from hedge funds’ leveraged bets in government bonds and the rapid ...