Skip to main content
COSMICBYTEZLABS
NewsSecurityHOWTOsToolsStudyTraining
ProjectsNewsletterHire MeAbout
Subscribe

Press Enter to search or Esc to close

News
Security
HOWTOs
Tools
Study
Training
Projects
Newsletter
Hire Me
About
RSS Feed
Reading List
Subscribe

Stay in the Loop

Get the latest security alerts, tutorials, and tech insights delivered to your inbox.

Subscribe NowFree forever. No spam.
COSMICBYTEZLABS

Your trusted source for IT intelligence, cybersecurity insights, and hands-on technical guides.

1310+ Articles
157+ Guides

CONTENT

  • Latest News
  • Security Alerts
  • HOWTOs
  • Checklists
  • Projects
  • Exam Prep

RESOURCES

  • Search
  • Browse Tags
  • Newsletter Archive
  • Reading List
  • RSS Feed

COMPANY

  • About Us
  • Contact
  • Privacy Policy
  • Terms of Service

© 2026 CosmicBytez Labs. All rights reserved.

System Status: Operational
All tags
10 articles

#PyPI

All CosmicBytez Labs articles tagged #PyPI, across news, security advisories, how-to guides, and projects.

  • NewsMay 18, 2026

    Developer Workstations Are Now Part of the Software Supply

    Supply chain attackers are no longer just targeting repositories and CI/CD pipelines — they're going after the developer workstations that hold the keys...

  • NewsMay 14, 2026

    OpenAI Asks macOS Users to Update After TanStack npm Supply

    OpenAI is urging macOS users to update their software following an expanding supply chain attack that compromised TanStack and additional npm and PyPI...

  • NewsMay 14, 2026

    OpenAI Confirms Security Breach in TanStack Supply Chain

    OpenAI confirmed that two employees' devices were compromised during the TanStack supply chain attack, which hit hundreds of npm and PyPI packages. The...

  • NewsMay 12, 2026

    Mini Shai-Hulud Worm Compromises TanStack, Mistral AI

    TeamPCP has expanded its supply chain attack campaign with a fresh Mini Shai-Hulud worm that compromised npm and PyPI packages from TanStack, UiPath,...

  • NewsApr 30, 2026

    PyTorch Lightning and Intercom-client Hit in Supply Chain

    Threat actors compromised the popular Python PyPI package 'Lightning' — used for PyTorch model training — pushing malicious versions 2.6.2 and onward to...

  • NewsApr 2, 2026

    Mercor Confirms Security Incident Tied to LiteLLM Supply

    AI hiring platform Mercor has confirmed a security incident linked to the LiteLLM PyPI supply chain attack carried out by TeamPCP. Separately, Lapsus$...

  • NewsMar 28, 2026

    Backdoored Telnyx PyPI Package Pushes Malware Hidden in WAV

    Threat actors known as TeamPCP compromised the Telnyx Python package on PyPI, uploading malicious versions that conceal credential-stealing malware inside...

  • NewsMar 28, 2026

    TeamPCP Pushes Malicious Telnyx Versions to PyPI, Hides

    The TeamPCP threat actor — behind previous supply chain attacks on Trivy, KICS, and litellm — has now compromised the telnyx Python package on PyPI,...

  • NewsMar 25, 2026

    Supply Chain Attack Hits Widely-Used AI Package, Risking

    Malicious versions of LiteLLM — a Python package with 3 million daily downloads present in roughly 36% of cloud environments — were quietly pushed to PyPI...

  • NewsFeb 12, 2026

    Lazarus Group Plants 192 Malicious Packages in npm and PyPI

    North Korea's Lazarus Group is running a fake recruitment campaign codenamed Graphalgo, planting 192 malicious packages on npm and PyPI that target...