Millions of AI agents imperiled by critical vulnerability in open source package

Millions of AI agents and tools around the world have been imperiled by a critical vulnerability that can allow hackers to ...
heise online

Google's vulnerability scanner checks container layers and Maven projects

Google has released the second version of its vulnerability scanner for open-source projects, which now performs in-depth analyses in complex projects and containers. It also supports Java projects ...
TechRepublic

350,000 open source projects at risk from Python vulnerability

Fifteen-year-old N-day Python tarfile module vulnerability puts software supply chain under the microscope. Cybersecurity company Trellix announced Wednesday that a known Python vulnerability puts 350 ...
livedoor ニュース

Google、オープンソースプロジェクト向けに脆弱性スキャナ「OSV ...

Googleは12月13日(米国時間)、「Google Online Security Blog: Announcing OSV-Scanner: Vulnerability Scanner for Open Source」において、オープンソースプロジェクトのための脆弱性スキャナ「OSV-Scanner」を発表した。これは、オープンソース開発者が、自身のプロジェクトに関連する ...
Yahoo Finance

Point Wild Releases Free LiteLLM Vulnerability Scanner Within 24 Hours of Supply Chain Attack

BOSTON, March 26, 2026 /PRNewswire/ -- Point Wild, a leading global provider of AI-powered cybersecurity, today announced the immediate release of a free security tool, who-touched-my-packages (wtmp) ...
techzine

TeamPCP compromises Python libraries via supply chain attack

The hacker group TeamPCP uploaded two malicious versions of the popular Python library LiteLLM to PyPI. Using a previously compromised version of the vulnerability scanner Trivy, the attackers stole ...