PYPI

30 days · UTC

LIVE_DATA_STREAM // APRIL_14_2026

Synchronizing with global intelligence nodes...

DENSITY_RATIO: MAX

AI AGENTS HIT BY REAL SUPPLY‑CHAIN AND TOOL‑USE RCE WARNINGS; LOCK DOWN MCP AND DOC FEEDS NOW

AI coding agents faced fresh, concrete security hits this week across supply chain and tool-use layers, while one vendor shipped new runtime guardrail...

PYPI

MAR_26 // 07:25

LiteLLM PyPI compromise exfiltrated cloud and CI/CD secrets; pin and rotate now

The popular LiteLLM PyPI package was briefly compromised, exfiltrating cloud and CI/CD secrets with links to a broader Trivy supply‑chain attack. PyP...

PYPI

MAR_25 // 07:31

LiteLLM PyPI compromise shows why to turn on dependency cooldowns now

A malicious LiteLLM 1.82.7/1.82.8 PyPI release briefly stole developer creds on install, highlighting the value of package “cooldown” age gates. Simo...

CLAUDE-CODE

MAR_19 // 08:24

AI dev tools became an attack surface: live prompt-injection, fake packages, and record secret leaks

AI developer tools are being actively attacked through prompt injection, malicious packages, and secrets sprawl, while early defenses start to appear....

CODEBASE-MD

MAR_06 // 10:27

One-scan repo context generation with codebase-md

Codebase-md scans your repo and auto-generates consistent AI coding context files for popular tools, reducing manual drift and improving prompt qualit...