InfoWorld

PyPI warns developers after LiteLLM malware found stealing cloud and CI/CD credentials

The compromised packages, linked to the Trivy breach, executed a three‑stage payload targeting AWS, GCP, Azure, Kubernetes ...

Popular LiteLLM PyPI package backdoored to steal credentials, auth tokens

The TeamPCP hacking group continues its supply-chain rampage, now compromising the massively popular "LiteLLM" Python package ...
Microsoft

Guidance for detecting, investigating, and defending against the Trivy supply chain compromise

Threat actors abused trusted Trivy distribution channels to inject credential‑stealing malware into CI/CD pipelines worldwide ...

Widely used Trivy scanner compromised in ongoing supply-chain attack

Hackers have compromised virtually all versions of Aqua Security’s widely used Trivy vulnerability scanner in an ongoing ...
TMCnet

Opal Security Declares the End of Access Sprawl - Launches Industry's First Platform to See, Encode, and Enforce Governance with AI

Opal Security, the modern identity security and access governance company, today announced three new AI-native capabilities ...
InfoWorld

The ‘toggle-away’ efficiencies: Cutting AI costs inside the training loop

You don't need the newest GPUs to save money on AI; simple tweaks like "smoke tests" and fixing data bottlenecks can slash ...
TechJuice

GlassWorm Malware Silently Infects Hundreds of Python Projects

GlassWorm attack uses stolen GitHub tokens to inject malware into Python repositories, exposing developers to supply chain ...
Security Boulevard

CanisterWorm: The Self-Spreading npm Attack That Uses a Decentralized Server to Stay Alive

UTC, Aikido Security detected an unusual pattern across the npm registry: dozens of packages from multiple organizations were ...
Security Boulevard

Which Came First: The System Prompt, or the RCE?

During a recent penetration test, we came across an AI-powered desktop application that acted as a bridge between Claude ...
eWeek

New 3D Vision System Lets Humanoid Robots Navigate Without Human Help

RealSense and LimX Dynamics unveiled autonomous humanoid navigation at Nvidia GTC, highlighting 3D perception, Visual SLAM, ...
The Hacker News

AI Flaws in Amazon Bedrock, LangSmith, and SGLang Enable Data Exfiltration and RCE

DNS flaw in Amazon Bedrock and critical AI vulnerabilities expose data and enable RCE, risking breaches and infrastructure ...

Black Forest Labs' new Self-Flow technique makes training multimodal AI models 2.8x more efficient

This efficiency makes it viable for enterprises to move beyond generic off-the-shelf solutions and develop specialized models that are deeply aligned with their specific data domains ...