CSO Online

PyPI warns developers after LiteLLM malware found stealing cloud and CI/CD credentials

The compromised packages, linked to the Trivy breach, executed a three‑stage payload targeting AWS, GCP, Azure, Kubernetes ...

Zama integrates with Apex-backed T-REX for private tokenized assets

Cryptography firm Zama is integrating with Apex‑backed T-REX Ledger to add confidential settlement for ERC‑3643 tokenized assets on public chains.
Decrypt

'All to Play For': Walrus Hits 450TB of Data Stored Amid Renewed AI Push

The verifiable data platform is marking its one-year anniversary, with plans to double down on AI and onchain finance.

Popular LiteLLM PyPI package backdoored to steal credentials, auth tokens

The TeamPCP hacking group continues its supply-chain rampage, now compromising the massively popular "LiteLLM" Python package ...
The Hacker News

TeamPCP Pushes Malicious Telnyx Versions to PyPI, Hides Stealer in WAV Files

Malicious telnyx 4.87.1/4.87.2 on PyPI used audio steganography March 27, 2026, enabling cross-platform credential theft.
Microsoft

Guidance for detecting, investigating, and defending against the Trivy supply chain compromise

Threat actors abused trusted Trivy distribution channels to inject credential‑stealing malware into CI/CD pipelines worldwide ...