CSO Online

PyPI warns developers after LiteLLM malware found stealing cloud and CI/CD credentials

The compromised packages, linked to the Trivy breach, executed a three‑stage payload targeting AWS, GCP, Azure, Kubernetes ...
The Hacker News

TeamPCP Pushes Malicious Telnyx Versions to PyPI, Hides Stealer in WAV Files

Malicious telnyx 4.87.1/4.87.2 on PyPI used audio steganography March 27, 2026, enabling cross-platform credential theft.
CoinTelegraph

Crypto-stealing malware discovered in Python Package Index — Checkmarx

According to cybersecurity firm Hacken, financial losses from crypto hacks topped $440 million in the third quarter of 2024. Researchers at the Checkmarx cybersecurity firm sounded the alarm on a ...
CoinDesk

朝鲜黑客利用隐藏在求职申请中的恶意软件,针对顶级加密公司发动 ...

一个与朝鲜民主主义人民共和国相关的组织正在利用假冒招聘网站和 Python 恶意软件渗透区块链专业人士的 Windows 系统——最终目标是凭证窃取和远程访问。 据思科Talos研究人员称,朝鲜黑客组织正在利用以Python为基础的恶意软件,伪装成假招聘流程的一部分 ...

Telnyx joins LiteLLM in latest PyPI package poisoning tied to Trivy breach

The cybercrime crew linked to the Trivy supply-chain attack has struck again, this time pushing malicious Telnyx package ...
CoinDesk

North Korean Hackers Are Targeting Top Crypto Firms With Malware Hidden in Job Applications

A North Korean hacking group is targeting crypto workers with a Python-based malware disguised as part of a fake job application process, researchers at Cisco Talos said earlier this week. Most ...

New Infinity Stealer malware grabs macOS data via ClickFix lures

A new info-stealing malware named Infinity Stealer is targeting macOS systems with a Python payload packaged as an executable using the open-source Nuitka compiler.