A new coordinated cross-ecosystem software supply chain attack campaign has targeted npm, PyPI, and Crates.io to distribute credential-stealing malware. The...
The post Malicious PyTorch Lightning Packages Found on PyPI appeared first on 2024 Sonatype Blog. TL;DR Two malicious versions of...
Overview Recently, NSFOCUS CERT detected that Xinference had suffered supply chain poisoning in its PyPI warehouse. The attacker stole the...
This morning, the widely used Python package litellm, a popular abstraction layer for interacting with large language models (LLMs),...
Malicious npm and PyPI packages Llinked to Lazarus APT fake recruiter campaign Pierluigi Paganini February 15, 2026 Researchers found malicious...
