SecurityWeek

From Trivy to Broad OSS Compromise: TeamPCP Hits Docker Hub, VS Code, PyPI

The hackers compromised GitHub Action tags, then shifted to NPM, Docker Hub, VS Code, and PyPI, and teamed with Lapsus$.
Cybernews

Critical Python supply chain compromise: how library used by millions of AI developers got infected with malware

LiteLLM, a massively popular Python library, was compromised via a supply chain attack, resulting in the delivery of ...
Digital Production

Handy RefTool 3.0 speeds Maya ref matching

RefTool brings reference camera controls into one Maya UI, with free and paid versions plus JSON export for reusable setups.

Popular LiteLLM PyPI package backdoored to steal credentials, auth tokens

The TeamPCP hacking group continues its supply-chain rampage, now compromising the massively popular "LiteLLM" Python package ...
Denver Westword

Denver Museum of Nature & Science

Last summer, the Denver Museum of Nature & Science announced that it had found a dinosaur fossil … 763 feet below the surface ...