SecurityWeek

From Trivy to Broad OSS Compromise: TeamPCP Hits Docker Hub, VS Code, PyPI

After hacking Trivy, TeamPCP moved to compromise repositories across NPM, Docker Hub, VS Code, and PyPI, stealing over 300GB ...

Popular LiteLLM PyPI package backdoored to steal credentials, auth tokens

The TeamPCP hacking group continues its supply-chain rampage, now compromising the massively popular "LiteLLM" Python package ...
The Hacker News

Ghost Campaign Uses 7 npm Packages to Steal Crypto Wallets and Credentials

Valentić told The Hacker News that the use of fake progress indicators mimicking legitimate installation progress and the ...
Infosecurity Magazine

New Npm 'Ghost Campaign' Uses Fake Install Logs to Hide Malware

A new malicious npm campaign using fake installation logs to hide malware activity has been identified by security ...
InfoWorld

Software Development

Electron lets you build desktop web-UI apps, but requires embedding an entire browser. Electrobun lets you do the same, but by way of the Bun runtime and without ...
Science Daily

Marijuana News

Jan. 19, 2026 Cannabis-based medicines have been widely promoted as a potential answer for people living with chronic nerve pain—but a major new review finds the evidence just isn’t there yet. After ...