The Hacker News

TeamPCP Pushes Malicious Telnyx Versions to PyPI, Hides Stealer in WAV Files

Malicious telnyx 4.87.1/4.87.2 on PyPI used audio steganography March 27, 2026, enabling cross-platform credential theft.
Infosecurity Magazine

TeamPCP Targets Telnyx Package in Latest PyPI Software Supply Chain Attack

Socket and Endor Labs discovered a new TeamPCP campaign leading to the delivery of credential-stealing malware ...

LiteLLM loses game of Trivy pursuit, gets compromised

Two versions of LiteLLM, an open source interface for accessing multiple large language models, have been removed from the ...
HealthcareInfoSecurity

LiteLLM Hit in Cascading Supply-Chain Attack

Threat group TeamPCP exploited credentials stolen in the Trivy breach to push malicious versions of LiteLLM to PyPI, exposing ...

New Infinity Stealer malware grabs macOS data via ClickFix lures

A new info-stealing malware named Infinity Stealer is targeting macOS systems with a Python payload packaged as an executable using the open-source Nuitka compiler.
XDA Developers on MSN

A popular Python library just became a backdoor to your entire machine

Supply chain attacks feel like they're becoming more and more common.
SecurityWeek

Cloudflare-Themed ClickFix Attack Drops Infiniti Stealer on Macs

A new ClickFix attack that leverages a Nuitka loader targets macOS users with the Python-based Infiniti Stealer malware.
WSFA

Cop Saves Pet Store Owner from Attacking Python

As he finished his day at work at the Eugene, Oregon Police Department, Sergeant Ryan Nelson couldn't have known that he'd soon be wrestling a 12-foot Burmese python. Last Thursday afternoon towards ...