The Hacker News

N. Korean Hackers Spread 1,700 Malicious Packages Across npm, PyPI, Go, Rust

Over 1,700 malicious packages since Jan 2025 fuel cross-ecosystem supply chain attacks, enabling espionage and financial ...
eWeek

Samsung Hits Send on Goodbye to Messages

Samsung is sunsetting its own chat app while Apple adds end-to-end encryption to its already-live RCS, hinting that the final texting firewall might soon drop. Meanwhile, Cloudflare drafts a ...
Arabian Post

PyPI proxy trap siphons AI prompts

A Python package presented as a privacy-first shortcut to AI models has been unmasked as a supply-chain threat that quietly captures user prompts, leans on a private university service without ...
Dark Reading

TeamPCP Breaches Cloud, SaaS Instances With Stolen Credentials

The threat group's shift to speedy attacks on AWS, Azure, and SaaS instances shows organizations need to respond quickly to compromised credentials.

Telnyx joins LiteLLM in latest PyPI package poisoning tied to Trivy breach

The cybercrime crew linked to the Trivy supply-chain attack has struck again, this time pushing malicious Telnyx package versions to PyPI in an effort to plant credential-stealing malware on ...
The Hacker News

TeamPCP Pushes Malicious Telnyx Versions to PyPI, Hides Stealer in WAV Files

Malicious telnyx 4.87.1/4.87.2 on PyPI used audio steganography March 27, 2026, enabling cross-platform credential theft.
Security Boulevard

Trivy’s March Supply Chain Attack Shows Where Secret Exposure Hurts Most

The Trivy story is moving quickly, and the latest reporting makes one thing clear: this is no longer just a GitHub Actions tag hijack. What started as a compromise of trivy-action, setup-trivy, and ...