Advertisement
North Korean Hackers Distribute 1,700 Malicious Packages via npm and PyPI
North Korean threat actors expand the Contagious Interview campaign, deploying 1,700 malicious packages across npm, PyPI, Go, and Rust ecosystems.
TeamPCP Supply Chain Campaign: Weaponized Scanners and PyPI Compromise
Analysis of the TeamPCP campaign transition to monetization following the Telnyx PyPI compromise and Vect ransomware partnership affecting security tools.
TeamPCP Supply Chain Attack: Telnyx PyPI Compromise and Vect Ransomware
TeamPCP campaign escalates with Telnyx PyPI compromise and Vect Ransomware mass affiliate program. Critical update for software developers and SOC teams.
TeamPCP Supply Chain: Checkmarx Wider Scope & LiteLLM PyPI Compromise
An update on the TeamPCP supply chain campaign details wider Checkmarx impact, LiteLLM PyPI compromise, and a CISA KEV entry.
LiteLLM PyPI Supply Chain Attack: TeamPCP Steals Credentials
TeamPCP compromised the LiteLLM PyPI package, backdooring it to steal credentials and auth tokens from hundreds of thousands of devices.
GlassWorm: Stolen GitHub Tokens Fuel Python Malware Injection
The GlassWorm campaign uses stolen GitHub tokens to inject malicious code into Python repositories, including Django and machine learning projects.