Popular LiteLLM PyPI package backdoored to steal credentials, auth tokens

The TeamPCP hacking group continues its supply-chain rampage, now compromising the massively popular "LiteLLM" Python package ...
The Hacker News

Ghost Campaign Uses 7 npm Packages to Steal Crypto Wallets and Credentials

Cybersecurity researchers have uncovered a new set of malicious npm packages that are designed to steal cryptocurrency ...

A New DarkSword Version Just Leaked Online & Millions of iPhones Are Now at Risk

The post A New DarkSword Version Just Leaked Online & Millions of iPhones Are Now at Risk appeared first on Android Headlines ...
Dark Reading

Checkmarx KICS Code Scanner Targeted in Widening Supply Chain Hit

TeamPCP is the likely cyber threat actor behind attacks on Trivy, Checkmarx, and the LiteLLM AI library — and all signs point ...
Morning Overview on MSN

Leaked iPhone exploit kit on GitHub targets older iOS versions

An exploit kit known as Coruna has appeared on GitHub, bundling working attack code for several Apple iOS vulnerabilities ...
InfoWorld

New ‘StoatWaffle’ malware auto‑executes attacks on developers

The newly observed malware abuses VS Code’s “runOn:folderOpen” feature to execute automatically from trusted projects, ...
Dark Reading

GitHub 'OpenClaw Deployer' Repo Delivers Trojan Instead

An AI-assisted campaign is spreading more than 300 poisoned packages for diverse assets ranging from developer tools to game ...