As if the Miasma situation weren't bad enough, now this weapon is spreading like wildfire. Someone open sourced the entire Miasma worm supply-chain attack toolkit, likely using previously compromised ...
The hacker group TeamPCP uploaded two malicious versions of the popular Python library LiteLLM to PyPI. Using a previously compromised version of the vulnerability scanner Trivy, the attackers stole ...
A new report out today from cybersecurity company Forcepoint LLC’s X-Labs research team details a supply chain attack that compromised LiteLLM, a widely used open-source Python library that serves as ...
I'd like to thank my co-author, Martin Zugec, for his valuable contributions to this report. This intrusion adds three dimensions to the public understanding of Chinese APT activity in contested ...
Cybersecurity researchers have disclosed details of a Linux local privilege escalation (LPE) flaw that could allow an unprivileged local user to obtain root. The high-severity vulnerability tracked as ...
这是一件极其严肃的软件安全事件。 今天,Karpathy 发长推文警告全部开发者注意,GitHub 超过 4 万星,月下载量达 9700 万次的 Python 库 LiteLLM 在 PyPI 上被投毒。 首先提请各位开发者检查自己的 LiteLLM 版本 ,含有恶意代码的版本号为 1.82.7 和 1.82.8,如果中招请尽快 ...
If you work with AI APIs and local LLMs, there's a good chance you've at least heard of LiteLLM. It's one of the most popular Python libraries for interacting with large language models, offering a ...
The compromised packages, linked to the Trivy breach, executed a three‑stage payload targeting AWS, GCP, Azure, Kubernetes configs, SSH keys, and automation pipelines before being removed. PyPI is ...
On March 19, 2026, Trivy, Aqua Security’s widely used open-source vulnerability scanner, was reported to have been compromised in a sophisticated CI/CD-focused supply chain attack. Threat actors ...
The report confirms that the system is based on the Raspberry Pi Compute Module 5 Rev 1.0, running Debian GNU/Linux 12 (bookworm) with a 6.12.34+rpt-rpi-2712 kernel on a 64-bit ARM (aarch64) ...