An attacker compromised the npm account of a lead Axios maintainer on March 30, and used it to publish two malicious versions ...

A critical supply chain attack has compromised the popular JavaScript library axios, leading to developers unknowingly ...

The TeamPCP hacking group has hacked the Telnyx PyPI package as part of a supply chain campaign targeting the broad OSS ecosystem.

Thinking about getting a Microsoft Python certification? It’s a smart move, honestly. Python is everywhere these days, ...

Malicious telnyx 4.87.1/4.87.2 on PyPI used audio steganography March 27, 2026, enabling cross-platform credential theft.

Socket and Endor Labs discovered a new TeamPCP campaign leading to the delivery of credential-stealing malware ...

A large amount of time and resources have been invested in making Python the most suitable first programming language for ...

After hacking Trivy, TeamPCP moved to compromise repositories across NPM, Docker Hub, VS Code, and PyPI, stealing over 300GB ...

The TeamPCP hacking group continues its supply-chain rampage, now compromising the massively popular "LiteLLM" Python package ...

Supply chain attacks feel like they're becoming more and more common.