GoKawiil - Tech News

1.

Shai Hulud attack ships signed malicious TanStack, Mistral npm packages (bleepingcomputer.com)

2026-05-12 | tags: shai hulud, tanstack, mistral

2.

PySimpleGUI 6 (news.ycombinator.com)

2026-05-05 | get PySimpleGUI Cookbook → | tags: pysimplegui, pypi, github

3.

PyPI package with 1.1M monthly downloads hacked to push infostealer (bleepingcomputer.com)

2026-04-27 | get Cybersecurity Software Suite → | tags: pypi, elementary-data, github actions

4.

PyPI package telnyx has been compromised in yet another supply chain attack (news.ycombinator.com)

2026-03-27 | by Start Today | get Telnyx API SDK → | tags: pypi, telnyx, supply chain

5.

Popular LiteLLM PyPI Package Backdoored To Steal Credentials, Auth Tokens (slashdot.org)

2026-03-27 | get Secure Python Coding Book → | tags: litellm, pypi, teampcp

6.

Backdoored Telnyx PyPI package pushes malware hidden in WAV audio (bleepingcomputer.com)

2026-03-27 | get Secure Python Package Scanner → | tags: telnyx, pypi, teampcp

7.

Telnyx package compromised on PyPI (news.ycombinator.com)

2026-03-27 | get PyPI Security Audit Tool → | tags: telnyx, pypi, python sdk

8.

My minute-by-minute response to the LiteLLM malware attack (news.ycombinator.com)

2026-03-26 | get LiteLLM Malware Response Kit → | tags: litellm, pypi, malware

9.

Popular LiteLLM PyPI package backdoored to steal credentials, auth tokens (bleepingcomputer.com)

2026-03-24 | tags: litellm, pypi, teampcp

10.

Popular LiteLLM PyPI package compromised in TeamPCP supply chain attack (bleepingcomputer.com)

2026-03-24 | get LiteLLM Development Kit → | tags: litellm, pypi, teampcp

11.

Tell HN: Litellm 1.82.7 and 1.82.8 on PyPI are compromised (news.ycombinator.com)

2026-03-24 | get Python Package Security Kit → | tags: litellm, pypi, credential stealer

12.

Pyodide: a Python distribution based on WebAssembly (news.ycombinator.com)

2026-03-13 | get Pyodide WebAssembly Package → | tags: pyodide, cpython, webassembly

13.

Okmain: How to pick an OK main colour of an image (news.ycombinator.com)

2026-03-09 | get Color Palette Generator Tool → | tags: oklab, colour clustering, k-means

14.

PyPI in 2025: A Year in Review (news.ycombinator.com)

2025-12-31 | get Python Package Index → | tags: organizations, publishing, pypi

15.

Blog: PyPI in 2025: A Year in Review (news.ycombinator.com)

2025-12-31 | get Python Package Index → | tags: organizations, publishing, pypi

16.

Python Foundation Donations Surge After Rejecting Grant - But Sponsorships Still Needed (slashdot.org)

2025-11-09 | by Posted | get Open Source → | tags: community, pycon, pypi

17.

PyPI urges users to reset credentials after new phishing attacks (bleepingcomputer.com)

2025-10-31 | get Meta Quest → | tags: credentials, org, phishing

18.

PyPI Blog: Token Exfiltration Campaign via GitHub Actions Workflows (news.ycombinator.com)

2025-10-31 | get science reference book → | tags: actions, gitguardian, github

19.

PyPI invalidates tokens stolen in GhostAction supply chain attack (bleepingcomputer.com)

2025-10-31 | get Microsoft Surface Laptop → | tags: gitguardian, github, pypi

20.

PyPI now blocks domain resurrection attacks used for hijacking accounts (bleepingcomputer.com)

2025-10-31 | get Amazon Echo Dot → | tags: account, addresses, domain

21.

PyPI Preventing Domain Resurrection Attacks (news.ycombinator.com)

2025-10-31 | get Chromebook → | tags: account, domain, email

22.

Preventing ZIP parser confusion attacks on Python package installers (news.ycombinator.com)

2025-10-31 | get Roku Streaming Stick → | tags: file, pypi, python

23.

PyPI: Preventing ZIP parser confusion attacks on Python package installers (news.ycombinator.com)

2025-10-31 | get Roku Streaming Stick → | tags: file, pypi, python

24.

Hackers target Python devs in phishing attacks using fake PyPI site (bleepingcomputer.com)

2025-10-31 | get Meta Quest → | tags: email, phishing, pypi

25.

PyPI Prohibits inbox.ru email domain registrations (news.ycombinator.com)

2025-10-31 | get art supplies → | tags: 06, 2025, email