The compromised packages, linked to the Trivy breach, executed a three‑stage payload targeting AWS, GCP, Azure, Kubernetes ...
Malicious telnyx 4.87.1/4.87.2 on PyPI used audio steganography March 27, 2026, enabling cross-platform credential theft.
Socket and Endor Labs discovered a new TeamPCP campaign leading to the delivery of credential-stealing malware ...
慢雾首席信息安全官 23pds 发推表示,月下载量高达 9700 万次的 Python AI 网关库 LiteLLM 遭遇 PyPI 供应链攻击,攻击者通过 pip install litellm 指令即可在用户设备上窃取敏感信息。可窃取的敏感数据包括:SSH 密钥、云服务凭据(AWS / GCP / Azure)、Kubernetes 配置文件、Git ...
Over 1,700 malicious packages since Jan 2025 fuel cross-ecosystem supply chain attacks, enabling espionage and financial ...
Andrej Karpathy, the former Tesla AI director and OpenAI cofounder, is calling a recent Python package attack \"software horror\"—and the details are ge.
A cyber attack hit LiteLLM, an open-source library used in many AI systems, carrying malicious code that stole credentials ...
编辑|冷猫这是一件极其严肃的软件安全事件。今天,Karpathy 发长推文警告全部开发者注意,GitHub 超过 4 万星,月下载量达 9700 万次的 Python 库 LiteLLM 在 PyPI 上被投毒。首先提请各位开发者检查自己的 LiteLLM 版本 ,含有恶意代码的版本号为 1.82.7 和 ...
2 小时Opinion
Two different attackers poisoned popular open source tools - and showed us the future of ...
Although executed by different attackers – Axios by North Korean-linked goons, and Trivy et al. by a loosely knit band of ...
最新上传的LiteLLM Python 版本1.82.7和1.82.8,已被人为恶意植入信息窃取程序。 一旦安装,SSH密钥、AWS凭证和API密钥等数据均会立即泄漏。 目前LiteLLM的维护者Krrish Dholakia,已经公开证实此事。 在恶意版本存在三小时后,PyPI迅速发现了这一漏洞,并将软件包隔离。
Language package managers like pip, npm, and others pose a high risk during active supply chain attacks. However, OS updates ...
一些您可能无法访问的结果已被隐去。
显示无法访问的结果