近日,人工智能领域发生了一起震动全球开发者的安全事件。作为AI开发核心枢纽的LiteLLM网关遭遇供应链投毒攻击,大量使用者的密钥与敏感信息被窃取。这一事件被业界称为“教科书级别的供应链攻击”,其影响范围之广、危害程度之深,再次暴露出当前AI供应链体系的安全隐患。 LiteLLM作为AI网关,能够代理100多种大语言模型(LLM)的API,被广泛应用于AI编程与服务编排场景。目前其在GitHub上 ...
Malicious LiteLLM 1.82.7–1.82.8 via Trivy compromise deploys backdoor and steals credentials, enabling Kubernetes-wide ...
两个版本的LiteLLM因遭受供应链攻击而被从Python包索引(PyPI)中移除。LiteLLM是一个开源接口,用于访问多个大语言模型。 具体来说,LiteLLM ...
Peppermint OS moves away from restrictive Debian livebuild tools. Discover how their new custom "spin tools" provide more ...
虎嗅网 on MSN
担心的事还是发生了,真有人给龙虾“投毒”
本文来自微信公众号:字母AI,作者:刘奕君 如果你最近在用OpenClaw跑Agent、装Skill,或者即便只是正常装了几个常见依赖,那你可得好好注意了! 今日,资深开发者Daniel ...
最新上传的LiteLLM Python 版本1.82.7和1.82.8,已被人为恶意植入信息窃取程序。 一旦安装,SSH密钥、AWS凭证和API密钥等数据均会立即泄漏。 目前LiteLLM的维护者Krrish Dholakia,已经公开证实此事。 在恶意版本存在三小时后,PyPI迅速发现了这一漏洞,并将软件包隔离。但LiteLLM每天下载量约为340万次,许多自动安装新版本的程序员已经遭殃。 社区 ...
The TeamPCP hacking group continues its supply-chain rampage, now compromising the massively popular "LiteLLM" Python package ...
Two versions of LiteLLM, an open source interface for accessing multiple large language models, have been removed from the ...
XDA Developers on MSN
A popular Python library just became a backdoor to your entire machine
Supply chain attacks feel like they're becoming more and more common.
Deer-Flow2超级智能体管理框架。 开源发布后迅速登上了GitHub Trending榜首,已经收获了35.3k Star。 Deer-Flow2采用模块化多智能体架构,这些智能体通过LangGraph实现协同合作。 主打开箱即用,内置了Tavily、Brave Search、DuckDuckGo等多种搜索引擎,还集成了Jina等爬虫工具,基本把信息收集的十八般兵器都给配齐了。 当然,扩展性 ...
OpenAI announced Thursday that it has entered into an agreement to acquire Astral, the company behind popular open source Python development tools such as uv, Ruff, and ty, and integrate the company ...
The GlassWorm malware made news when it pivoted from exclusively targeting Windows users to also targeting Mac OS users in January, and in the time since, the malware campaign has spread across at ...
一些您可能无法访问的结果已被隐去。
显示无法访问的结果