Budget Android Phones Are Shipping Straight from Factories with Firmware Malware
We all knew cut-rate Android phones cut corners on specs. But shipping them infected with firmware-level malware? That's a supply chain gut-punch that exposes millions.
#supply-chain-compromise
LiteLLM's PyPI Poison: How Hackers Turned an AI Gateway into a Secret-Scavenger
Two PyPI uploads in March 2026 transformed LiteLLM – your go-to AI proxy – into a data vacuum. It rifled through servers for AWS creds, DB configs, even crypto wallets, all while you imported it blindly.
North Korea's UNC1069 Turns Axios into a Global Backdoor Dropper
Imagine installing a routine NPM update—and unwittingly inviting North Korean hackers into your machine. That's exactly what UNC1069 did to Axios, the HTTP kingpin with 100M+ weekly downloads.
LiteLLM's Sneaky Supply-Chain Hack Just Bitten Its First Big AI Victim: Mercor
What if the very libraries powering your AI dreams were secretly phoning home to hackers? Mercor, the hot AI recruiting firm, just admitted it's among thousands snared in the LiteLLM supply-chain nightmare.
LiteLLM's Poisoned PyPI Packages Turned Dev Laptops Into Open Credential Safes
One pip install, and your AWS keys were gone. The LiteLLM attack shows developer laptops aren't just tools—they're attacker playgrounds loaded with plaintext secrets.
North Korea's UNC1069 Turns Axios NPM into Cross-Platform Trapdoor
Google's just named North Korea's UNC1069 as the crew behind the Axios npm hijack. It's a slick supply chain play, dropping cross-platform backdoors on devs worldwide.