A Python package presented as a privacy-first shortcut to AI models has been unmasked as a supply-chain threat that quietly captures user prompts, leans on a private university service without ...

Security teams are scrambling after two malicious releases of the Telnyx Python SDK were uploaded to PyPI on March 27, turning a widely used developer tool into a credential-stealing backdoor that ...

Meta pauses Mercor partnership after a major data breach raises concerns over exposure of sensitive AI training data.

AI hiring startup Mercor confirmed it was "one of thousands of companies" affected by the LiteLLM supply-chain attack as the ...

Meta has indefinitely paused work with $10B AI data startup Mercor after a LiteLLM supply chain attack exposed training ...

网络安全研究人员在npm注册表中发现了36个恶意包，这些包伪装成Strapi CMS插件，但携带不同的有效载荷，用于Redis和PostgreSQL利用、部署反向Shell、收集凭据并投放持久化植入程序。

2025年6月，Meta以143亿美元入股竞争对手Scale AI，引发OpenAI、谷歌终止与Scale ...

CERT-EU attributed a 92 GB data breach at the European Commission to TeamPCP, which compromised the Trivy security scanner in ...

Strapi plugins exploit Redis and PostgreSQL via postinstall scripts, enabling persistent access and data theft.

APERION (formerly LangSmart), the enterprise AI governance company, today announced the launch of the SmartFlow SDK, ...

After the supply chain attack on LiteLLM, attackers were able to access internal Cisco data, it is said. Source code from ...

4月5日消息，一次针对开源软件库的供应链攻击正在引发人工智能行业的安全担忧。me ta已暂停与AI数据公司 Mercor 的合作项目，此前该公司在网络攻击中发生数据泄露，可能暴露了包括AI训练方法在内的敏感信息。 Mercor总部位于旧金山，是一家为多家AI公司提供训练数据的供应商，其客户包括 me ta、OpenAI、Anthropic和Google ...