LiteLLM Attack: How a Hacked Security Tool Became a Master Key to Thousands of AI Developer Machines
On the morning of March 24, 2026, tens of thousands of software developers working on AI applications were unknowingly exposed to malware.
The hackers compromised GitHub Action tags, then shifted to NPM, Docker Hub, VS Code, and PyPI, and teamed with Lapsus$.
Threat actors abused trusted Trivy distribution channels to inject credential‑stealing malware into CI/CD pipelines worldwide ...
Two versions of LiteLLM, an open source interface for accessing multiple large language models, have been removed from the ...
XDA Developers on MSN
A popular Python library just became a backdoor to your entire machine
Supply chain attacks feel like they're becoming more and more common.
North Korean hackers exploit VS Code tasks.json auto-run since Dec 2025 to deploy StoatWaffle malware, stealing data and ...
If you suspect you were running a compromised version, treat all pipeline secrets as compromised and rotate immediately,’ ...
The Hacker News is the top cybersecurity news platform, delivering real-time updates, threat intelligence, data breach ...
WASHINGTON, DC – The acting head of the nation’s cyber defense agency, Madhu Gottumukkala, uploaded sensitive government contracting material into a publicly accessible version of ChatGPT last summer, ...
To prepare AI agents for office work, the company is asking contractors to upload projects from past jobs, leaving it to them to strip out confidential and personally identifiable information. OpenAI ...
roboflow upload val_000000.jpg loading Roboflow workspace... loading Roboflow project... Traceback (most recent call last): File "/home/matej/.local/bin/roboflow ...
Some results have been hidden because they may be inaccessible to you
Show inaccessible results