Wow, TeamPCP is hacking open-source developers faster than we can report on them. The latest (that I'm aware of, anyway) is LiteLLM. They worked with Trivy but didn't bother to change their credentials after Trivy was hacked, despite an ample amount of advice to do so.

Folks, if any of you used LiteLLM, now is the time to change your credentials, in an atomic way. Now, as in immediately.

https://news.ycombinator.com/item?id=47501729

New by me: As a Cybersecurity Professional, I Think Proton’s Born Private Campaign is a Smart Move

We talk a lot about keeping kids safe online, but not enough about protecting their privacy before platforms start building a profile around them.

I wrote about why @protonprivacy Born Private campaign stood out to me from a cybersecurity perspective, and why a child’s future digital identity deserves more care from the start.

https://www.kylereddoch.me/blog/as-a-cybersecurity-professional-i-think-protons-born-private-campaign-is-a-smart-move/

#Cybersecurity #Privacy #InfoSec #ProtonMail #DigitalPrivacy #OnlineSafety

👋 Writing this from San Diego 🇺🇸 — about as far from my Swiss desk as a timezone can stretch. But the news didn't care about my travel schedule.

If there's one thread running through this week, it's Iran: Boggy Serpens refining its AI-enhanced espionage playbook, an attempted intrusion at Poland's nuclear research center with Iranian fingerprints, the EU hitting Iranian entities with fresh sanctions — and Iran's own population cut off from the internet for over two weeks now. Stryker is still cleaning up from last week's Handala attack too. A lot of activity from a lot of pro-Iran actors in one week.

→ Week #12/2026 also covers:

🪱 GlassWorm escalates its supply chain campaign,

🇪🇺 🗳️ EU votes to ban mass message scanning,

🤓 🇬🇧 A witness blamed ChatGPT for his smartglasses

Full issue 👉 https://infosec-mashup.santolaria.net/p/infosec-mashup-12-2026-iran-is-everywhere-this-week

If you find it useful, subscribe to get it in your inbox every weekend 📨

#infosecMASHUP #cybersecurity #infosec #threatintel

The Quarkus team recently published new performance benchmarks.

The interesting part isn’t just the results.
It’s the engineering work that went into making them reproducible and transparent.

• why benchmarking Java frameworks is harder than it looks
• why laptop benchmarks often mislead developers
• what these results actually mean

https://www.the-main-thread.com/p/quarkus-performance-benchmarks-java-developers

#Java #Quarkus #Benchmarking #Performance