Beep, Beep - I am your friendly #Snakemake release announcement bot.

There is a new release of the 𝐒𝐧𝐚𝐤𝐞𝐦𝐚𝐤𝐞 𝐄𝐱𝐞𝐜𝐮𝐭𝐨𝐫 𝐏𝐥𝐮𝐠𝐢𝐧 𝐟𝐨𝐫 𝐒𝐋𝐔𝐑𝐌 systems. Its version now is 2.6.0!

Give us some time, and you will automatically find the plugin on #Bioconda and #Pypi.

This plugin is relevant for #HPC users using the #SLURM batch system.
The maintainers are here on Mastodon -
@rupdecat and @johanneskoester.

If you discover any issues, please report them on https://github.com/snakemake/snakemake-executor-plugin-slurm/issues.

See https://github.com/snakemake/snakemake-executor-plugin-slurm/releases/tag/v2.6.0 for details. Here is the header of the changelog:
𝑅𝑒𝑙𝑒𝑎𝑠𝑒 𝑁𝑜𝑡𝑒𝑠 (𝑝𝑜𝑠𝑠𝑖𝑏𝑙𝑦 𝑎𝑏𝑏𝑟𝑖𝑔𝑒𝑑):
𝐅𝐞𝐚𝐭𝐮𝐫𝐞𝐬

* job arrays: https://github.com/snakemake/snakemake-executor-plugin-slurm/issues/174
* Set tmpspace with help of gres="tmpspace:10G" syntax: https://github.com/snakemake/snakemake-executor-plugin-slurm/issues/444

𝐁𝐮𝐠 𝐅𝐢𝐱𝐞𝐬

* logo: https://github.com/snakemake/snakemake-executor-plugin-slurm/issues/439

𝐃𝐨𝐜𝐮𝐦𝐞𝐧𝐭𝐚𝐭𝐢𝐨𝐧

* add admin documentation: https://github.com/snakemake/snakemake-executor-plugin-slurm/issues/436

BEEP, BEEP - I am your friendly #Snakemake release announcement bot.

There is a new release of Snakemake. Its version now is 9.18.2!

Give us some time, and you will automatically find it on #Bioconda and #Pypi.

The maintainer is here on Mastodon -
@johanneskoester .

If you discover any issues, please report them on https://github.com/snakemake/snakemake/issues.

See https://github.com/snakemake/snakemake/releases/tag/v9.18.2 for details. Here is the header of the changelog:
𝑅𝑒𝑙𝑒𝑎𝑠𝑒 𝑁𝑜𝑡𝑒𝑠 (𝑝𝑜𝑠𝑠𝑖𝑏𝑙𝑦 𝑎𝑏𝑏𝑟𝑖𝑔𝑒𝑑):
𝐁𝐮𝐠 𝐅𝐢𝐱𝐞𝐬

* remove debug code ([ac5ad20](https://github.com/snakemake/snakemake/commit/ac5ad209e00aeca2d38e5e5d6ac7f930d2c6a93e))

Popular #LiteLLM #PyPI package backdoored to steal credentials, auth tokens

https://www.bleepingcomputer.com/news/security/popular-litellm-pypi-package-compromised-in-teampcp-supply-chain-attack/

#cybersecurity #TeamPCP

litellm supply chain compromise (95M+ downloads) tied to TeamPCP.
• Import-time + .pth execution
• Full credential harvesting
• K8s lateral movement
• Persistent systemd backdoor
Security tools are now prime targets.
Are defenses keeping up?
Source: https://www.endorlabs.com/learn/teampcp-isnt-done
Follow TechNadu for more.

#Infosec #SupplyChainSecurity #PyPI #ThreatIntel

Malicious PyPI Package - LiteLLM Supply Chain Compromise

Pulse ID: 69c460f229588f3179126c1d
Pulse Link: https://otx.alienvault.com/pulse/69c460f229588f3179126c1d
Pulse Author: Tr1sa111
Created: 2026-03-25 22:25:54

Be advised, this data is unverified and should be considered preliminary. Always do further verification.

#CyberSecurity #InfoSec #OTX #OpenThreatExchange #PyPI #SupplyChain #bot #Tr1sa111

Malicious PyPI Package - LiteLLM Supply Chain Compromise

Pulse ID: 69c46104e1660babf17e92f8
Pulse Link: https://otx.alienvault.com/pulse/69c46104e1660babf17e92f8
Pulse Author: Tr1sa111
Created: 2026-03-25 22:26:12

Be advised, this data is unverified and should be considered preliminary. Always do further verification.

#CyberSecurity #InfoSec #OTX #OpenThreatExchange #PyPI #SupplyChain #bot #Tr1sa111

- Google Research: TurboQuant KV cache and vector search compression algorithm: https://research.google/blog/turboquant-redefining-ai-efficiency-with-extreme-compression/

- Serious supply chain attack in litellm package on PyPI: https://futuresearch.ai/blog/litellm-pypi-supply-chain-attack/ https://futuresearch.ai/blog/no-prompt-injection-required/

#AI #AInews #googleresearch #google #turboquant #security #pypi #python

Malicious PyPI Package - LiteLLM Supply Chain Compromise

A malicious supply chain attack has been discovered in the Python Package Index package litellm version 1.82.8. The compromised package contains a malicious .pth file that executes automatically when the Python interpreter starts, without requiring explicit import. This file, located in site-packages/, exfiltrates sensitive information including environment variables, SSH keys, and cloud credentials to an attacker-controlled server. The payload is double base64-encoded to evade basic static analysis. PyPI administrators have quarantined the project to limit its spread. Users are advised to check for the malicious file, rotate all potentially exposed credentials, and audit their PyPI publishing process. The attack is attributed to TeamPCP and is actively exploited in the wild.

Pulse ID: 69c3bb2520934c9e0b4e5dca
Pulse Link: https://otx.alienvault.com/pulse/69c3bb2520934c9e0b4e5dca
Pulse Author: AlienVault
Created: 2026-03-25 10:38:29

Be advised, this data is unverified and should be considered preliminary. Always do further verification.

#Cloud #CyberSecurity #InfoSec #OTX #OpenThreatExchange #PyPI #Python #RAT #SSH #SupplyChain #Troll #bot #AlienVault

Supply Chain Attack: Malicious PyPI Packages

TeamPCP has launched a supply chain attack targeting LiteLLM, an open-source Python library used in 36% of cloud environments. Malicious versions 1.82.7 and 1.82.8 were published on PyPI, employing sophisticated techniques for payload delivery and persistence. The compromised packages exploit Python's .pth mechanism for stealthy execution across any Python process. The malware collects sensitive data including API keys, cloud credentials, and CI/CD secrets, encrypting and exfiltrating them to attacker-controlled domains. This attack follows TeamPCP's previous compromises of Aqua Security's Trivy and Checkmarx tools, highlighting an ongoing campaign against the open-source ecosystem. The incident underscores the potential for widespread impact and the need for vigilance in software supply chain security.

Pulse ID: 69c3bb29c62248c6ffd0b50c
Pulse Link: https://otx.alienvault.com/pulse/69c3bb29c62248c6ffd0b50c
Pulse Author: AlienVault
Created: 2026-03-25 10:38:33

Be advised, this data is unverified and should be considered preliminary. Always do further verification.

#Cloud #CyberSecurity #InfoSec #Malware #OTX #OpenThreatExchange #PyPI #Python #RAT #RCE #SupplyChain #Troll #bot #AlienVault

BEEP, BEEP - I am your friendly #Snakemake release announcement bot.

There is a new release of Snakemake. Its version now is 9.18.1!

Give us some time, and you will automatically find it on #Bioconda and #Pypi.

The maintainer is here on Mastodon -
@johanneskoester .

If you discover any issues, please report them on https://github.com/snakemake/snakemake/issues.

See https://github.com/snakemake/snakemake/releases/tag/v9.18.1 for details. Here is the header of the changelog:
𝑅𝑒𝑙𝑒𝑎𝑠𝑒 𝑁𝑜𝑡𝑒𝑠 (𝑝𝑜𝑠𝑠𝑖𝑏𝑙𝑦 𝑎𝑏𝑏𝑟𝑖𝑔𝑒𝑑):
𝐁𝐮𝐠 𝐅𝐢𝐱𝐞𝐬

* add pip dependency to publish task ([ea2b5c9](https://github.com/snakemake/snakemake/commit/ea2b5c9708792c9261ded758cc859ce8e18e956b))