python

TeamPCP Is Back. Now It's Deploying Ransomware Through Your AI Libraries.

John Z Black Mar 30, 2026

AI Security #supply-chain #teampcp #litellm #telnyx #ransomware #python #steganography #ai-security

The supply-chain group that poisoned Trivy last week just hit LiteLLM and the Telnyx SDK, hid their payload in WAV audio files, and announced a ransomware affiliate partnership.

GlassWorm Is Hiding Malware in Invisible Code and Pushing It Into Your Python Repos

John Z Black Mar 17, 2026

Supply Chain & Software Security #supply-chain #glassworm #github #python #malware #unicode #developer-security

GlassWorm steals GitHub tokens, then injects malicious code written in invisible Unicode characters into repos developers already trust. 151 packages hit in one week.