腾讯网

AI模型部署工具Xinference遭供应链投毒攻击

监测发现,近期AI模型部署工具Xinference遭供应链投毒攻击。攻击者向Python官方软件包仓库PyPI(Python Package Index)上传了包含恶意代码的Xinference软件包,用户安装受影响的软件包或者在代码文件中引入Xinference时,恶意代码将自动执行。攻击者可窃取云平台凭据、API密钥、数据库密码、加密货币钱包和 环境变量 ...
Techzine Europe

Malicious Python package poses new supply chain threat

The open-source package elementary-data, with over a million downloads per month, has been compromised. Attackers exploited a vulnerability in a GitHub ...
Bleeping Computer

Hackers target Python devs in phishing attacks using fake PyPI site

The Python Software Foundation warned users this week that threat actors are trying to steal their credentials in phishing attacks using a fake Python Package Index (PyPI) website. PyPI is a ...