Popular LiteLLM PyPI package backdoored to steal credentials, auth tokens

The TeamPCP hacking group continues its supply-chain rampage, now compromising the massively popular "LiteLLM" Python package ...
The Hacker News

Critical Langflow Flaw CVE-2026-33017 Triggers Attacks within 20 Hours of Disclosure

Langflow CVE-2026-33017 exploited in 20 hours after disclosure, enabling RCE via exec(), exposing systems before patching ...
Threat Post

Supply-Chain Hack Breaches 35 Companies, Including PayPal, Microsoft, Apple

Ethical hacker Alex Birsan developed a way to inject malicious code into open-source developer tools to exploit dependencies in organizations internal applications. An ethical hacker has demonstrated ...
InfoWorld

3 takeaways from the Ultralytics AI Python library hack

When attackers compromised Ultralytics YOLO, a popular real-time object detection machine-learning package for Python, most assumed the Python Package Index, or PyPI, must be the point of failure.
Hackaday

Friday Hack Chat: Circuit Python

Back in the olden days, if you wanted to learn how to program a computer, you used the BASIC interpreter stored in ROM. This is how an entire generation of devs learned how to program. Now, home ...
Dark Reading

School Kid Uploads Ransomware Scripts to PyPI Repository as 'Fun' Project

An apparently school-age hacker based in Verona, Italy, has become the latest to demonstrate why developers need to pay close attention to what they download from public code repositories these days.