Malicious LiteLLM versions linked to TeamPCP supply chain attack
Malicious LiteLLM versions linked to TeamPCP supply chain attack Pierluigi Paganini March 25, 2026 TeamPCP backdoored LiteLLM v1.82.7–1.82.8, likely via...
AndyC
Andy Curtis is an award-winning security consultant, researcher and public speaker. He has been working in the computer security industry since the early 1990s, having been employed by state and federal government, leading healthcare and banking providers across three continents. He has given talks about computer security for some of the world’s largest companies, worked with law enforcement agencies on investigations into hacking groups, and is a regular voice on TV and radio explaining IT security threats.
How one man used 10,000 bots to steal $8,000,000 from music artists
A 54-year-old man has pleaded guilty to defrauding online music streaming platforms out of more than US $8 million, after...
Why AI Is Increasing Demand for Software Engineers (Not Replacing Them)
AI Is Not Replacing Engineers. It’s Raising the Stakes Every few years, a new technology triggers the same question...
Try our new dimensional analysis Claude plugin
We’re releasing a new Claude plugin for developing and auditing code that implements dimensional analysis, a technique we explored...
Meet Khaled Mohamed: the bug hunter who found a Microsoft flaw
It’s only on rare occasions that anyone pays attention to the acknowledgment section of a vulnerability disclosure. But for...
OpenAI’s Sora exit signals enterprise-first AI shift
“There is an increased focus on securing enterprise clients by OpenAI,” said Anushree Verma, senior director analyst at Gartner. “The...
The Kill Chain Is Obsolete When Your AI Agent Is the Threat
In September 2025, Anthropic disclosed that a state-sponsored threat actor used an AI coding agent to execute an autonomous cyber...
Russian Hacker Sentenced to 2 Years for TA551 Botnet-Driven Ransomware Attacks
The Hacker NewsMar 25, 2026Cybercrime / Ransomware The U.S. Department of Justice (DoJ) said a Russian national has been sentenced...
Device Code Phishing Hits 340+ Microsoft 365 Orgs Across Five Countries via OAuth Abuse
Cybersecurity researchers are calling attention to an active device code phishing campaign that's targeting Microsoft 365 identities across more than...
FCC Bans New Foreign-Made Routers Over Supply Chain and Cyber Risk Concerns
Ravie LakshmananMar 25, 2026Network Security / Data Protection The U.S. Federal Communications Commission (FCC) said on Monday that it was...
4 Best Free VPNs
In a world of targeted ads and intrusive malware, virtual private networks (VPNs) are one of the best ways to...
Coding Agents Widen Your Supply Chain Attack Surface
The software supply chain attack has been one of the most studied threat vectors in enterprise security. However, most of the defensive architecture built around it was designed with a specific attacker model in mind — one where, for instance, the entity making decisions inside the build pipeline was an actual engineer following a process. Think of a malicious actor looking for a weak point in the dependency chain such as a compromised package,...
Which Came First: The System Prompt, or the RCE?
During a recent penetration test, we came across an AI-powered desktop application that acted as a bridge between Claude...
Cloud workload security: Mind the gaps
Business Security As IT infrastructure expands, visibility and control often lag behind – until an incident forces a reckoning Tomáš...
Quantum-Hardened Granular Resource Authorization Policies
The big shift from Apple ID to Apple Account Ever wonder why that little button on your screen suddenly...