This post is adapted from a talk I gave at prompted, the AI security practitioner conference. Thanks to Gadi Evron for ...
Anthropic's Claude Code CLI has been found silently running git reset --hard every 10 minutes, destroying uncommitted changes ...
Isn’t there some claim events come in threes? After the extremely rare leak of the iOS Coruna exploit chain recently, now we have details from Google on a second significant exploit in the ...
Overview Recently, NSFOCUS Technology CERT detected that the GitHub community disclosed that there was a credential stealing program in the new version of LiteLLM. Analysis confirmed that it had ...
LiteLLM Attack: How a Hacked Security Tool Became a Master Key to Thousands of AI Developer Machines
On the morning of March 24, 2026, tens of thousands of software developers working on AI applications were unknowingly exposed to malware.
LiteLLM, a massively popular Python library, was compromised via a supply chain attack, resulting in the delivery of ...
Hackers breach Checkmarx developer tools to steal sensitive data, exposing risks in widely used software systems.
Two more GitHub Actions workflows have become the latest to be compromised by credential-stealing malware by a threat actor ...
Andrej Karpathy has argued that human researchers are now the bottleneck in AI, after his open-source autoresearch framework ...
The Trivy vulnerability scanner was compromised in a supply-chain attack by threat actors known as TeamPCP, which distributed ...
Trivy attack force-pushed 75 tags via GitHub Actions, exposing CI/CD secrets, enabling data theft and persistence across ...
Hackers have compromised virtually all versions of Aqua Security’s widely used Trivy vulnerability scanner in an ongoing ...
Some results have been hidden because they may be inaccessible to you
Show inaccessible results