The cybercrime crew linked to the Trivy supply-chain attack has struck again, this time pushing malicious Telnyx package ...

TeamPCP strikes again, with almost identical code to LiteLLM.

PyPI对可能从AI应用和开发者管道中窃取凭证的行为发出警告。此前，广泛使用的大语言模型Python中间件LiteLLM的两个恶意版本曾短暂发布。 "任何安装并运行该项目的人都应假设LiteLLM环境中的任何凭证可能已被泄露，并应相应地撤销/轮换这些凭证，"PyPI在公告中表示，该事件与正在进行的TeamPCP供应链攻击中被利用的Trivy依赖项有关。

Security teams are scrambling after two malicious releases of the Telnyx Python SDK were uploaded to PyPI on March 27, turning a widely used developer tool into a credential-stealing backdoor that ...

The TeamPCP hacking group has hacked the Telnyx PyPI package as part of a supply chain campaign targeting the broad OSS ecosystem.

2025年6月，Meta以143亿美元入股竞争对手Scale AI，引发OpenAI、谷歌终止与Scale ...

Strapi plugins exploit Redis and PostgreSQL via postinstall scripts, enabling persistent access and data theft.

AI hiring startup Mercor confirmed it was "one of thousands of companies" affected by the LiteLLM supply-chain attack as the ...

TeamPCP is exploring ways to monetize the secrets harvested during supply chain attacks, with identified ties to the Lapsus$ ...

Language package managers like pip, npm, and others pose a high risk during active supply chain attacks. However, OS updates ...

AIPress.com.cn报道4月5日消息，一次针对开源软件库的供应链攻击正在引发人工智能行业的安全担忧。Meta已暂停与AI数据公司 Mercor 的合作项目，此前该公司在网络攻击中发生数据泄露，可能暴露了包括AI训练方法在内的敏感信息。Mercor总部位于旧金山，是一家为多家AI公司提供训练数据的供应商，其客户包括 ...

APERION (formerly LangSmart), the enterprise AI governance company, today announced the launch of the SmartFlow SDK, ...