The Hacker News

TeamPCP Hacks Checkmarx GitHub Actions Using Stolen CI Credentials

Two more GitHub Actions workflows have become the latest to be compromised by credential-stealing malware by a threat actor known as TeamPCP, the cloud-native cybercriminal operation also behind the ...
Opinion
Cloud Security AllianceOpinion

The Agentic Trust Deficit: Why MCP's Authentication Vacuum Demands a New Security Paradigm

Enterprises have tethered their most consequential operations to AI agents & neglected to secure the ingress. This article explains the gravity of this threat.

Popular LiteLLM PyPI package backdoored to steal credentials, auth tokens

The TeamPCP hacking group continues its supply-chain rampage, now compromising the massively popular "LiteLLM" Python package on PyPI and claiming to have stolen data from hundreds of thousands of ...
The Hacker News

Ghost Campaign Uses 7 npm Packages to Steal Crypto Wallets and Credentials

Cybersecurity researchers have uncovered a new set of malicious npm packages that are designed to steal cryptocurrency wallets and sensitive data. The activity is being tracked by ReversingLabs as the ...
Signal Cleveland

Up in smoke: Ohio rolls back some weed and hemp laws and adds new restrictions

Ohio’s new law on marijuana and intoxicating hemp took effect March 20, 2026. Here’s what changed, what’s legal now and possible penalties.