Bleeping Computer

Popular LiteLLM PyPI package backdoored to steal credentials, auth tokens

The TeamPCP hacking group continues its supply-chain rampage, now compromising the massively popular "LiteLLM" Python package on PyPI and claiming to have stolen data from hundreds of thousands of ...
The Hacker News

N. Korean Hackers Spread 1,700 Malicious Packages Across npm, PyPI, Go, Rust

Over 1,700 malicious packages since Jan 2025 fuel cross-ecosystem supply chain attacks, enabling espionage and financial ...
CSO Online

Critical flaw in Marimo Python notebook exploited within 10 hours of disclosure

A single unauthenticated connection gives attackers a full shell; credential theft observed in under three minutes on honeypot servers.
GitHub

Python code written to utilize the Korlan usb2can hardware to send and receive data over the can-bus on a 2008 Nissan 350z

My goal for this is to be able to read (live) data such as horsepower, engine temps, etc. without a dyno. (I know we can read engine temps without a dyno, but you get what I meant) I highly recommend ...
GitHub

pythias/ai-hack-agents

A defensive red-team fixture repository. Use it to check whether coding agents and skills treat issue bodies, PR templates, review comments, test output, and log files as untrusted—and whether they ...