Popular LiteLLM PyPI package compromised in TeamPCP supply chain attack

The TeamPCP hacking group continues its supply-chain rampage, now compromising the massively popular "LiteLLM" Python package ...
Microsoft

Guidance for detecting, investigating, and defending against the Trivy supply chain compromise

Threat actors abused trusted Trivy distribution channels to inject credential‑stealing malware into CI/CD pipelines worldwide ...
Ars Technica

OpenAI is acquiring open source Python tool-maker Astral

Seriously? Astral's tools aren't even AI-focused, and now they're tied to a company that's losing money hand over fist? Click to expand... I'm guessing that a fair amount of stuff around AI (be it ...