The Hacker News

TeamPCP Backdoors LiteLLM Versions 1.82.7–1.82.8 via Trivy CI/CD Compromise

Malicious LiteLLM 1.82.7–1.82.8 via Trivy compromise deploys backdoor and steals credentials, enabling Kubernetes-wide persistence and lateral spread.

UChicago students use historic maps, state-of-the-art technology to bring Chicago neighborhood history to life

The Chicago Urban Heritage Project​ is filling in blanks for the history of entire neighborhoods and Chicago as a whole, through cycles of demolition and rebuilding, disinvestment and gentrification.

With Sift, two ex-SpaceX engineers are bringing the software that helped launch rockets to the factory floor

It increasingly depends on sophisticated software and AI tools, and that shift is reshaping the companies building the infrastructure of the physical manufacturing world. Karthik Gollapudi, the CEO of ...
SecurityWeek

From Trivy to Broad OSS Compromise: TeamPCP Hits Docker Hub, VS Code, PyPI

After hacking Trivy, TeamPCP moved to compromise repositories across NPM, Docker Hub, VS Code, and PyPI, stealing over 300GB of data.
Cybernews

Critical Python supply chain compromise: how library used by millions of AI developers got infected with malware

LiteLLM, a massively popular Python library, was compromised via a supply chain attack, resulting in the delivery of credential-harvesting malware to thousands of AI developers.
InfoWorld

PyPI warns developers after LiteLLM malware found stealing cloud and CI/CD credentials

The compromised packages, linked to the Trivy breach, executed a three‑stage payload targeting AWS, GCP, Azure, Kubernetes configs, SSH keys, and automation pipelines before being removed.
InfoWorld

Speed boost your Python programs with new lazy imports

No more waiting on slow-loading modules or wasting time on ad hoc workarounds: Python 3.15’s new ‘lazy imports’ mechanism has ...

GenAI in Business: Leveraging the Existing .NET Foundation

Generative AI with .NET from SDKs and streaming to tools and agents: an overview of OpenAI, Azure, and the new Microsoft Agent Framework.
Visual Studio Magazine

Getting My OpenClaw Around VS Code

A hands-on test found that OpenClaw can work with VS Code for file-based drafting and source-driven synthesis, but the current experience is still centered on a local gateway and workspace model rathe ...

Popular LiteLLM PyPI package backdoored to steal credentials, auth tokens

The TeamPCP hacking group continues its supply-chain rampage, now compromising the massively popular "LiteLLM" Python package on PyPI and claiming to have stolen data from hundreds of thousands of ...

Self-propagating malware poisons open source software and wipes Iran-based machines

A new hacking group has been rampaging the Internet in a persistent campaign that spreads a self-propagating and never-before-seen backdoor—and curiously a data wiper that targets Iranian machines.
Circuit Digest

Hand Gesture Control Robot Using OpenCV

Gesture control robotics replaces traditional buttons and joysticks with natural hand movements. This approach improves user ...