SecurityWeek

From Trivy to Broad OSS Compromise: TeamPCP Hits Docker Hub, VS Code, PyPI

The hackers compromised GitHub Action tags, then shifted to NPM, Docker Hub, VS Code, and PyPI, and teamed with Lapsus$.

Delve did the security compliance on LiteLLM, an AI project hit by malware

Delve is the Y-Combinator AI-powered compliance startup that’s been accused of misleading its customers about their true ...
InfoWorld

PyPI warns developers after LiteLLM malware found stealing cloud and CI/CD credentials

The compromised packages, linked to the Trivy breach, executed a three‑stage payload targeting AWS, GCP, Azure, Kubernetes configs, SSH keys, and automation pipelines before being removed.
The Hacker News

TeamPCP Backdoors LiteLLM Versions 1.82.7–1.82.8 via Trivy CI/CD Compromise

Malicious LiteLLM 1.82.7–1.82.8 via Trivy compromise deploys backdoor and steals credentials, enabling Kubernetes-wide persistence and lateral spread.
University News & Events

UC Santa Cruz trio takes third at 2026 Mistral AI hackathon with cybersecurity platform

A team of UC Santa Cruz students and an alumnus earned third place at the 2026 Mistral AI Worldwide Hackathon in San ...