Major compromise of the telnyx PyPI library could put millions of users at risk

TeamPCP strikes again, with almost identical code to LiteLLM.
The Hacker News

OpenAI Revokes macOS App Certificate After Malicious Axios Supply Chain Incident

OpenAI revoked its macOS signing certificate after a malicious Axios dependency incident on March 31, 2026, preventing ...

OpenAI's senior exec Srinivas Narayanan announces he is leaving; says: 'Looking forward to spending some time with my aging parents in India before…'

Srinivas Narayanan, OpenAI's CTO for B2B applications, is departing the company next week after nearly three years. He plans to visit his parents in India before considering future professional ...
SecurityWeek

Telnyx Targeted in Growing TeamPCP Supply Chain Attack

The TeamPCP hacking group has hacked the Telnyx PyPI package as part of a supply chain campaign targeting the broad OSS ecosystem.
The Next Web

Someone bought 30 WordPress plugins and planted backdoors in all of them

An attacker purchased 30+ WordPress plugins on Flippa, planted backdoors that lay dormant for eight months, then activated ...
TechJuice

Meta Suspends Work With $10 Billion AI Startup Mercor After Cyberattack

Meta pauses Mercor partnership after a major data breach raises concerns over exposure of sensitive AI training data.

NetKnights releases privacyIDEA 3.13 with enhanced passkey functionality and new web interface

The IT security company NetKnights has released version 3.13 of its multi-factor authentication software, privacyIDEA ...

Two different attackers poisoned popular open source tools - and showed us the future of supply chain compromise

Although executed by different attackers – Axios by North Korean-linked goons, and Trivy et al. by a loosely knit band of ...
Dark Reading

TeamPCP Breaches Cloud, SaaS Instances With Stolen Credentials

The threat group's shift to speedy attacks on AWS, Azure, and SaaS instances shows organizations need to respond quickly to compromised credentials.

What most LLM apps get wrong about security

When Nandakishore Leburu was building LLM applications at LinkedIn, he learned that the models weren't the problem. The ...
The Next Web

Meta freezes AI data work after breach puts training secrets at risk

Meta has indefinitely paused work with $10B AI data startup Mercor after a LiteLLM supply chain attack exposed training ...