Tag: package vulnerability

2 articles

Dimly lit software development workspace with cluttered desk and turned-off laptop and monitor.

Malicious Node-IPC Versions Expose Developer Secrets to Stealer Backdoor

Three versions of the popular Node IPC package have been compromised with a stealthy backdoor that can steal sensitive developer secrets, sparking urgent concerns about supply-chain security. The malicious versions, published under a fake account, contain heavily obfuscated code that springs into action when the package is loaded at runtime.

Analyst 207May 14, 2026

Snake slithers through crowded, dimly lit library, symbolizing malicious code infiltration.

Malicious Code Infiltrates Python Package Index

A recent supply-chain attack on a popular Python package has raised a critical question: how much trust do you really have in the software that quietly powers your work? A malicious .pth file hidden in the litellm package version 1.82.8 can automatically execute malicious code on every Python startup.

Analyst 207Apr 9, 2026