Your tooling got more dangerous this month: popular Python and JS packages were briefly hijacked to steal SSH and cloud creds, and even Trivy’s own CI was used as a stepping stone.
At the same time, Linux kernel updates are quietly breaking PostgreSQL performance and crashing MongoDB, while AI coding stacks like Claude Code and OpenClaw are leaking, getting banned, or just making senior devs slower instead of faster.
Key Events
/PyPI's LiteLLM 1.82.7–1.82.8 shipped malware that exfiltrated SSH keys and AWS credentials via a compromised Trivy CI pipeline, impacting tens of thousands of users.
/Malicious axios 1.14.1 and 0.30.4 builds on npm ran for ~2–3 hours, installing a cross‑platform RAT through a new dependency added with a stolen maintainer account.
/Linux 7.0 reportedly halves PostgreSQL performance on AWS, while Linux 6.19 causes MongoDB to crash about every 30 seconds.
/OpenAI is acquiring Astral, creator of Python tools uv, ruff, and ty, to fold them into the Codex ecosystem.
/Anthropic accidentally leaked roughly 512,000 lines of Claude Code source from its npm registry and later banned third‑party tools like OpenClaw from using Claude subscriptions.
Report
The two things that changed your risk profile this period are: your dependency tree is now an attack surface in itself, and OS updates are quietly kneecapping core databases.
On top of that, AI tooling around your editor and infra is more volatile than the marketing suggests.
supply‑chain attacks are walking through your ci and top deps
LiteLLM 1.82.7/1.82.8 on PyPI shipped a backdoor that, on install, grabbed SSH keys, AWS credentials, and database passwords without even being imported, in a package with ~97M monthly downloads.
TeamPCP got in by backdooring Trivy 0.69.4’s CI, then used those credentials to push the poisoned LiteLLM builds and compromise over 1,000 cloud environments.
On the JS side, malicious axios 1.14.1/0.30.4 added a `plain-crypto-js` dependency that executed shell commands and dropped a RAT, hitting a library with 100M+ weekly downloads.
Telnyx 4.87.1/4.87.2 on PyPI pulled a similar trick using steganography in WAV files to smuggle its payload. The common pattern is compromised maintainer or CI tokens plus blind `pip`/`npm` upgrades pulling code that immediately reads `.env` and other secrets.
kernel upgrades are destabilizing postgres and mongodb
An AWS engineer reports PostgreSQL throughput is roughly halved under Linux 7.0 compared to prior kernels, unless you tweak low‑level settings.
Separately, a regression in Linux 6.19 causes MongoDB to crash approximately every 30 seconds, which obviously makes that kernel unusable for Mongo-backed services.
Linux 7.0 is also pulling in build and tooling changes to better support Rust in-kernel and improve reproducibility, so it’s not a trivial revert for some distros.
The net effect is that what used to be a routine OS upgrade is now capable of cutting your database performance in half or outright taking it down.
ai coding stacks are leaky, brittle, and burning a lot of tokens
Anthropic leaked the entire Claude Code CLI (~512k LOC) via a stray source map in their npm package, exposing internal implementation details including silent profanity logging and telemetry hooks.
A Bun bug is suspected as a contributing factor to that leak, tying a hot new JS runtime directly into a very public security faceplant.
Claude Code itself is being reported as unusable for complex engineering tasks after recent updates, with users hitting usage limits far faster than expected and getting locked out for hours.
OpenClaw, a massively popular automation agent, was used via prompt injection to compromise about 4,000 machines before Anthropic banned it from Claude subscriptions and ended the "unlimited Claude for $20" era.
Meanwhile 93% of developers now use AI tools, but a controlled study found experienced devs were about 19% slower with them, which matches anecdotal complaints about a "velocity tax" from reviewing agent‑authored code.
local llms are now credible alternatives for some workloads
Google’s Gemma 4 family (5.1B–31B, Apache‑2.0) is explicitly designed for local hardware; the E2B variant targets ~6 GB RAM devices and has been benchmarked at ~40 tok/s on an iPhone 17 Pro.
Qwen 3.5 models are running locally on Apple Silicon through MLX with reported 93% MMLU scores, giving laptop‑class machines fairly serious reasoning capability.
TurboQuant‑style KV cache compression is landing in runtimes like llama.cpp and MLX, with claims of ~6x memory reduction and up to 8x speedups while preserving output quality, primarily by shrinking KV cache rather than weights. vLLM is increasingly the default for multi‑user inference, with evidence it handles long contexts more efficiently than llama.cpp on models like Qwen3.5‑4B AWQ.
At the same time, LM Studio is under investigation for a possible GlassWorm‑type malware infection, reminding people that desktop wrappers around local models can carry the same compromise risks as any other binary.
platforms are taking tighter control of your code and tooling
GitHub will start training its models on your repositories and Copilot interaction data by default from April 24 unless you explicitly opt out, extending to private repos.
They’ve already admitted to injecting Copilot "ads" into 1.5M pull requests before walking it back under backlash, and their 90‑day uptime is sitting under three nines at 89.91%.
In parallel, OpenAI is buying Astral, so tools like uv and ruff that many Python shops are standardizing on will now live inside an AI vendor’s ecosystem.
Projects that rub up against platform policies, like gallery‑dl, are shifting primary hosting from GitHub to Codeberg after DMCA takedowns, but even Codeberg’s German jurisdiction does not fully insulate them from legal pressure.
The net result is that core parts of a typical dev workflow—git hosting, linting, dependency management, and code search—are increasingly owned or steered by large AI platforms and their policies.
What This Means
The supposedly boring layers of your stack—package managers, kernels, git hosting, and editor plugins—are now where the sharpest risks and fastest changes are, while AI tooling is adding volatility instead of stability.
On Watch
/LM Studio is being investigated for a possible GlassWorm‑style malware infection, which, if confirmed, would turn a popular local LLM UI into a major compromise vector.
/Microsoft terminating the VeraCrypt developer’s signing account means Secure Boot will start refusing VeraCrypt‑encrypted system drives from June 2026 onward unless workarounds appear, putting existing encrypted fleets at risk.
/Anthropic’s Claude Mythos, which is already finding 16–27‑year‑old zero‑days and scoring 93.9% on SWE‑bench Verified, is in limited release, and broader access could rapidly accelerate both defensive and offensive vuln discovery.
Interesting
/26 LLM routers have been found injecting malicious tool calls, leading to significant financial losses for affected organizations.
/A drop-in npm install replacement called safenpm was developed to sandbox postinstall scripts after the Axios compromise.
/Kumo, an open-source AWS service emulator, supports 73 services and requires no AWS credentials.
/GitHub Copilot CLI now supports local and BYOK models across various platforms.
/Arachne claims to achieve 98.5% token savings by indexing codebases locally for AI access.
We processed 10,000+ comments and posts to generate this report.
AI-generated content. Verify critical information independently.
/PyPI's LiteLLM 1.82.7–1.82.8 shipped malware that exfiltrated SSH keys and AWS credentials via a compromised Trivy CI pipeline, impacting tens of thousands of users.
/Malicious axios 1.14.1 and 0.30.4 builds on npm ran for ~2–3 hours, installing a cross‑platform RAT through a new dependency added with a stolen maintainer account.
/Linux 7.0 reportedly halves PostgreSQL performance on AWS, while Linux 6.19 causes MongoDB to crash about every 30 seconds.
/OpenAI is acquiring Astral, creator of Python tools uv, ruff, and ty, to fold them into the Codex ecosystem.
/Anthropic accidentally leaked roughly 512,000 lines of Claude Code source from its npm registry and later banned third‑party tools like OpenClaw from using Claude subscriptions.
On Watch
/LM Studio is being investigated for a possible GlassWorm‑style malware infection, which, if confirmed, would turn a popular local LLM UI into a major compromise vector.
/Microsoft terminating the VeraCrypt developer’s signing account means Secure Boot will start refusing VeraCrypt‑encrypted system drives from June 2026 onward unless workarounds appear, putting existing encrypted fleets at risk.
/Anthropic’s Claude Mythos, which is already finding 16–27‑year‑old zero‑days and scoring 93.9% on SWE‑bench Verified, is in limited release, and broader access could rapidly accelerate both defensive and offensive vuln discovery.
Interesting
/26 LLM routers have been found injecting malicious tool calls, leading to significant financial losses for affected organizations.
/A drop-in npm install replacement called safenpm was developed to sandbox postinstall scripts after the Axios compromise.
/Kumo, an open-source AWS service emulator, supports 73 services and requires no AWS credentials.
/GitHub Copilot CLI now supports local and BYOK models across various platforms.
/Arachne claims to achieve 98.5% token savings by indexing codebases locally for AI access.