Popular LiteLLM PyPI package backdoored to steal credentials, auth tokens

The TeamPCP hacking group continues its supply-chain rampage, now compromising the massively popular "LiteLLM" Python package ...
SecurityWeek

From Trivy to Broad OSS Compromise: TeamPCP Hits Docker Hub, VS Code, PyPI

The hackers compromised GitHub Action tags, then shifted to NPM, Docker Hub, VS Code, and PyPI, and teamed with Lapsus$.
Microsoft

Guidance for detecting, investigating, and defending against the Trivy supply chain compromise

Threat actors abused trusted Trivy distribution channels to inject credential‑stealing malware into CI/CD pipelines worldwide ...
Detroit Free Press

SafePrompt Launches Prompt Injection Protection API for AI Developers

Our goal was to make prompt security as simple as Stripe made payments: one API call, transparent pricing, no sales calls.” — Ian Ho, Founder, SafePrompt SAN ...
The Indianapolis Star

SafePrompt Launches Prompt Injection Protection API for AI Developers

Developer-first security tool blocks AI manipulation attacks in under 100 milliseconds with a single API call Our goal was to make prompt security as simple as Stripe made payments: one API call, ...