Forbes

Major Security Breach Of Critical AI Dependency Exposes Cloud Secrets

This voice experience is generated by AI. Learn more. This voice experience is generated by AI. Learn more. AI and data interface, representing system warning alert, cybersecurity threat, data error, ...
Mathrubhumi English

Mercor breach claims: What happened with the AI recruiting platform data leak

AI startup Mercor has confirmed a security breach amid claims by Lapsus$ of stealing 4TB of data, including source code and user information, linked to a wider LiteLLM supply chain attack affecting ...
Yahoo News Canada

Major Security Breach Of Critical AI Dependency Exposes Cloud Secrets

Add Yahoo as a preferred source to see more of our stories on Google. AI and data interface, representing system warning alert, cybersecurity threat, data error, and artificial intelligence risk.
Arabian Post

PyPI proxy trap siphons AI prompts

A Python package presented as a privacy-first shortcut to AI models has been unmasked as a supply-chain threat that quietly captures user prompts, leans on a private university service without ...
TechJuice

Meta Suspends Work With $10 Billion AI Startup Mercor After Cyberattack

Meta pauses Mercor partnership after a major data breach raises concerns over exposure of sensitive AI training data.
CSOonline

PyPI warns developers after LiteLLM malware found stealing cloud and CI/CD credentials

The compromised packages, linked to the Trivy breach, executed a three‑stage payload targeting AWS, GCP, Azure, Kubernetes configs, SSH keys, and automation pipelines before being removed. PyPI is ...
Bleeping Computer

Popular LiteLLM PyPI package backdoored to steal credentials, auth tokens

The TeamPCP hacking group continues its supply-chain rampage, now compromising the massively popular "LiteLLM" Python package on PyPI and claiming to have stolen data from hundreds of thousands of ...

Sonatype Releases Q1 2026 Open Source Malware Index: Trust Abuse Most Successful Attack Vector

Backed by Sonatype's industry-leading security research team, Sonatype Repository Firewall helped customers prevent 136,107 open source malware attacks in Q1. To explore the full findings from the Q1 ...
The Hacker News

36 Malicious npm Packages Exploited Redis, PostgreSQL to Deploy Persistent Implants

Strapi plugins exploit Redis and PostgreSQL via postinstall scripts, enabling persistent access and data theft.
The Next Web

Meta freezes AI data work after breach puts training secrets at risk

Meta has indefinitely paused work with $10B AI data startup Mercor after a LiteLLM supply chain attack exposed training ...
Geopolitical Monitor

Distributed Risk: Open-Source Software as Strategic Infrastructure

The 2024 XZ incident illustrates how open-source software (OSS) has become strategic infrastructure in the global economy, ...
CSO Online

Attackers trojanize Axios HTTP library in highest-impact npm supply chain attack

With almost 175,000 npm projects listing the library as a dependency, the attack had a huge cascade effect and shows how quickly a compromised package can propagate through the ecosystem.