techtimes

500 Poisoned Packages, Hundreds of Companies: TeamPCP’s Worm Just Reached GitHub

A GitHub employee installed a routine VS Code extension update on the morning of May 18, 2026. That single action handed cybercrime group TeamPCP enough access to exfiltrate approximately 3,800 of ...
GitHub

Azure Cosmos DB SQL API client library for Python

Azure SDK Python packages support for Python 2.7 has ended 01 January 2022. For more information and questions, please refer to #20691 Azure Cosmos DB is a globally distributed, multi-model database ...
CSO Online

Google’s Vertex AI SDK could allow RCE through bucket squatting

Google reportedly patched a flaw in the Vertex AI SDK for Python that could allow attackers to hijack model uploads and ...
The Hacker News

Google Vertex AI SDK Flaw Let Attackers Hijack Model Uploads via Bucket Squatting

Google fixed a Vertex AI SDK flaw in v1.148.0 after Unit 42 showed bucket squatting could enable model hijacking and code ...
Network World

Tether is shipping TurboQuant KV-cache quantization with Vulkan support into its QVAC SDK

Tether successfully integrated Google’s TurboQuant into the inference engine of its local AI framework, QVAC. It is the ...
CSOonline

GlassWorm falls, but the repo problem is far from solved

CrowdStrike, Google, and the Shadowserver Foundation dismantled the GlassWorm malware operation, but experts say the broader chaos unfolding across open-source ecosystems is making isolated takedowns ...
Hosted on MSN

JINX-0164 hijacks crypto developer machines through phony meeting links

A group of hackers, known as JINX-0164, has been contacting crypto developers via LinkedIn and inviting them to fake meetings that lead to the infection of their machines with custom macOS malware.