Security Boulevard

AI Infrastructure LiteLLM Supply Chain Poisoning Alert

Overview Recently, NSFOCUS Technology CERT detected that the GitHub community disclosed that there was a credential stealing program in the new version of LiteLLM. Analysis confirmed that it had ...

Tesla's former VP Andrej Karpathy shares AI coding 'horror', 'Python supply chain attack' that could have wiped millions of SSL private keys, database passwords, mor…

Andrej Karpathy, the former Tesla AI director and OpenAI cofounder, is calling a recent Python package attack \"software ...
Cybernews

Critical Python supply chain compromise: how library used by millions of AI developers got infected with malware

LiteLLM, a massively popular Python library, was compromised via a supply chain attack, resulting in the delivery of ...
Infosecurity Magazine

TeamPCP Expands Supply Chain Campaign With LiteLLM PyPI Compromise

A widely used Python package with more than 95 million monthly downloads has been compromised with credential-stealing ...
XDA Developers on MSN

A popular Python library just became a backdoor to your entire machine

Supply chain attacks feel like they're becoming more and more common.
Dark Reading

Iranian State Hackers Use SSL.com Certificates to Sign Malware

Novel malware is hard enough to detect these days, but malicious code signed with valid digital certificates is even harder to stop. Sporting SSL.com certificates made the malicious code look like ...
InfoWorld

Get started with the new Python Installation Manager

Soon to be the official tool for managing Python installations on Windows, the new Python Installation Manager picks up where the ‘py’ launcher left off. Python is a first-class citizen on Microsoft ...
Phys.org

Battle to eradicate invasive pythons in Florida achieves stunning milestone

A startling milestone has been reached in Florida's war against the invasive Burmese pythons eating their way across the Everglades. The Conservancy of Southwest Florida reports it has captured and ...
CSOonline

Attackers abused a bug within SSL.com to authorize fake certificates

SSL.com was mis-issuing SSL certificates by wrongly interpreting email addresses submitted for verification, allowing attackers to potentially impersonate brands and conduct data theft. A flaw in ...
Infosecurity-magazine.com

Digital Certificate Lifespans to Fall to 47 Days by 2029

Technology industry players have voted to reduce the maximum validity term of SSL/TLS certificates to 47 days by 2029, in a bid to enhance digital security. The CA/Browser Forum ballot result will ...