Although executed by different attackers – Axios by North Korean-linked goons, and Trivy et al. by a loosely knit band of ...

Samsung is sunsetting its own chat app while Apple adds end-to-end encryption to its already-live RCS, hinting that the final texting firewall might soon drop. Meanwhile, Cloudflare drafts a ...

Language package managers like pip, npm, and others pose a high risk during active supply chain attacks. However, OS updates ...

Socket and Endor Labs discovered a new TeamPCP campaign leading to the delivery of credential-stealing malware ...

A cyber attack hit LiteLLM, an open-source library used in many AI systems, carrying malicious code that stole credentials such as environment variables, SSH keys, and passwords.

Datadog 安全团队还原了完整攻击链。3 月 19 日 Trivy 沦陷，20 日 npm 66 个包被感染，23 日 KICS 35 个标签被劫持，24 日 LiteLLM 中招。 攻击者还用 LiteLLM CEO Krrish ...

【新智元导读】一次只持续了不到1小时的投毒事件，撕开了AI基础设施「信任链」的致命裂缝。更魔幻的是，全行业逃过一劫，居然靠黑客自己写出bug。 刚刚，科技界经历了一场惊心动魄的「供应链投毒」危机。 3月24日上午，一个普通的版本更新LiteLLM 1.82.8，出现在PyPI上。 全球数百万开发者的终端，每天都在自动拉取这类更新，没有人注意到这个版本里藏着一段精心设计的恶意代码： 只要你执行一句p ...

紧急警告：你的 pip install 正全盘失守！ 大神 Karpathy 亲自跳了出来，给这件事定了个性：Software Horror。 LiteLLM，月下载量 9700 万的 Python 库，被黑客组织 TeamPCP 植入了恶意代码。 只要你执行了 pip install litellm，你机器上的 SSH 密钥、AWS/GCP/Azure 凭证、Kubernetes 配置 ...

Andrej Karpathy, the former Tesla AI director and OpenAI cofounder, is calling a recent Python package attack \"software horror\"—and the details are ge.

The compromised packages, linked to the Trivy breach, executed a three‑stage payload targeting AWS, GCP, Azure, Kubernetes configs, SSH keys, and automation pipelines before being removed.

如果你最近在用OpenClaw跑Agent、装Skill，或者即便只是正常装了几个常见依赖，那你可得好好注意了！今日，资深开发者Daniel Hnyk在社交平台X上紧急发文警告称：LiteLLM的PyPI官方发布版本1.82.8已被注入恶意代码，并着重强调“DONOTUPDATE”（请勿更新）。随后OpenAI联合创始人、前特斯拉AI主管Andrej ...