A sophisticated hacker group, TeamPCP, is actively poisoning open-source code repositories at an unprecedented scale, compromising the software supply chain for developers worldwide. This widespread attack involves malicious code injections into popular open-source projects, posing a significant security risk to the AI development ecosystem. Developers relying on these compromised libraries are now vulnerable to hidden backdoors and malicious payloads, necessitating rigorous auditing and enhanced security practices.
Opening Kapyn…