SecurityWeek

Telnyx Targeted in Growing TeamPCP Supply Chain Attack

The TeamPCP hacking group has hacked the Telnyx PyPI package as part of a supply chain campaign targeting the broad OSS ecosystem.
CSO Online

PyPI warns developers after LiteLLM malware found stealing cloud and CI/CD credentials

The compromised packages, linked to the Trivy breach, executed a three‑stage payload targeting AWS, GCP, Azure, Kubernetes configs, SSH keys, and automation pipelines before being removed.
Security Boulevard

Frequently Asked Questions About the Axios npm Supply Chain Attack by North Korea-Nexus Threat Actor UNC1069

A North Korea-nexus threat actor compromised the widely used axios npm package, delivering a cross-platform remote access ...
GitHub

matrix-org/python-unpaddedbase64

Encode and decode Base64 without "=" padding. RFC 4648 specifies that Base64 should be padded to a multiple of 4 bytes using "=" characters. However many protocols choose to omit the "=" padding.
the-decoder

OpenAI acquires Astral to bring Python's most popular dev tools into its Codex AI coding platform

OpenAI is acquiring Astral, the company behind the widely used Python tools Ruff, uv, and ty. Astral founder Charlie Marsh announced that his team is joining OpenAI's Codex team, the company's ...
GitHub

DCC MicroPython Decoder for Pico RP2040

This is software decodes DCC model train serial communication to obtain the state of function buttons F1-F12, which can be utilized for layout automation. The intent is to use this software with a ...