Forcepoint details TeamPCP supply chain attack that turned LiteLLM into a credential stealer

A new report out today from cybersecurity company Forcepoint LLC’s X-Labs research team details a supply chain attack that ...

Max-severity flaw in ChromaDB for AI apps allows server hijacking

A max-severity vulnerability in the latest Python FastAPI version of the ChromaDB project allows unauthenticated attackers to ...

OpenAI's new image watermarks make it easier to spot AI fakes - here's how

Today, OpenAI announced what it calls content provenance signals across its image ecosystem. In other words, it's tagging its ...

OpenAI And 1Password Bring Password Security To Codex

OpenAI and 1Password unveil a partnership that will provide Codex with secure access to credentials as part of new approach ...
Morning Overview on MSN

Three separate supply-chain attacks hit npm, PyPI, and Docker Hub within 48 hours — all three targeted developer cloud credentials and SSH keys

Sometime around the last week of May 2026, attackers uploaded poisoned packages to three of the most widely used software ...