OpenAI revoked its macOS signing certificate after a malicious Axios dependency incident on March 31, 2026, preventing potential software misuse.

Meta has indefinitely paused work with $10B AI data startup Mercor after a LiteLLM supply chain attack exposed training ...

A North Korea-nexus threat actor compromised the widely used axios npm package, delivering a cross-platform remote access ...

The TeamPCP hacking group has hacked the Telnyx PyPI package as part of a supply chain campaign targeting the broad OSS ecosystem.

A new info-stealing malware named Infinity Stealer is targeting macOS systems with a Python payload packaged as an executable using the open-source Nuitka compiler.

Malicious telnyx 4.87.1/4.87.2 on PyPI used audio steganography March 27, 2026, enabling cross-platform credential theft.

The compromised packages, linked to the Trivy breach, executed a three‑stage payload targeting AWS, GCP, Azure, Kubernetes configs, SSH keys, and automation pipelines before being removed.

UTC, Aikido Security detected an unusual pattern across the npm registry: dozens of packages from multiple organizations were receiving unauthorized patch updates, all containing the same hidden ...

Send a note to Doug Wintemute, Kara Coleman Fields and our other editors. We read every email. By submitting this form, you agree to allow us to collect, store, and potentially publish your provided ...

Soon to be the official tool for managing Python installations on Windows, the new Python Installation Manager picks up where the ‘py’ launcher left off. Python is a first-class citizen on Microsoft ...