Supply chain attacks feel like they're becoming more and more common.

After hacking Trivy, TeamPCP moved to compromise repositories across NPM, Docker Hub, VS Code, and PyPI, stealing over 300GB of data.

Chainguard is racing to fix trust in AI-built software - here's how ...

The compromised packages, linked to the Trivy breach, executed a three‑stage payload targeting AWS, GCP, Azure, Kubernetes configs, SSH keys, and automation pipelines before being removed.

Independent researcher Simon Willison raises questions about hidden Series A and B rounds, investor windfalls, and whether a key piece of Python infrastructure just became a competitive weapon in the ...

LiteLLM, a massively popular Python library, was compromised via a supply chain attack, resulting in the delivery of credential-harvesting malware to thousands of AI developers.

On the morning of March 24, 2026, tens of thousands of software developers working on AI applications were unknowingly exposed to malware.

OpenAI has acquired Astral, the company behind Python tools uv and Ruff, to integrate them into its Codex platform as it competes with Anthropic's Claude Code.

With the release of iOS 26.4, Apple Music's Playlist Playground can now generate playlists with the help of AI. Best of all, you don't need an Apple Intelligence-capable iPhone to take advantage of ...

No more waiting on slow-loading modules or wasting time on ad hoc workarounds: Python 3.15’s new ‘lazy imports’ mechanism has ...

ChatGPT just got a library for all your files - how it works ...

Researchers attributed the compromise to TeamPCP, the same threat group linked to the aforementioned Trivy compromise and subsequent malicious Docker images. The group has been observed running a ...