An agentic coding tool tasked with cloning and setting up a seemingly benign GitHub repository could execute a malicious ...

VS Code can use LLM models other than GitHub Copilot’s built-in providers for AI-assisted development, including local and ...

Monday opens with a trust problem. A mail server flaw is under active use. A network control system was targeted. Trusted packages were poisoned. A fake model page pushed a stealer. Then came the ...

The repository reached the #1 trending position on Hugging Face within 18 hours, highlighting how public AI repositories are becoming a new software supply chain attack vector. A malicious Hugging ...

If you work with AI APIs and local LLMs, there's a good chance you've at least heard of LiteLLM. It's one of the most popular Python libraries for interacting with large language models, offering a ...

LiteLLM, a massively popular Python library used by AI developers, was compromised to deliver a mass credential harvesting malware, sending shockwaves across the industry. The “software horror” spread ...

The TeamPCP supply chain attack compromised LiteLLM packages 1.82.7 and 1.82.8, stealing SSH keys, cloud credentials, API tokens, and more from developer machines, where secrets live, breathe, and ...

In a recent engagement I found a GitLab instance on the target, I found a PoC on Exploit-DB but it uses LDAP for authentication and it was disabled in this case, so I created this python script which ...

A set of command line tools and Python library for working with SARIF files. Read more about the SARIF format here: sarifweb.azurewebsites.net. You need Python 3.8 or ...

Fake Alibaba Labs AI SDKs hosted on PyPI included PyTorch models with infostealer code inside. With support for detecting malicious code inside ML models lacking, expect the technique to spread.

Cybercriminals have been known to approach their targets under the guise of company recruiters, enticing them with fake employment offers. After all, what better time to strike than when the potential ...