This repository is a read-only mirror, published from Databricks' internal repository with each release. Pull requests are reviewed here but merged internally (see CONTRIBUTING.md). The Databricks SDK ...
Dozens of cryptographically verified open source packages from Microsoft were compromised late last week to add advanced credential-stealing code that was triggered when developers opened them in AI ...
Microsoft Threat Intelligence identified a large-scale npm supply chain attack affecting 32 maliciously modified packages across more than 90 versions under the @redhat-cloud-services npm scope. The ...
Cybersecurity researchers have disclosed details of a new credential theft framework dubbed PCPJack that targets exposed cloud infrastructure and ousts any artifacts linked to TeamPCP from the ...
OpenClaw, an open source AI agent, offers users the ability to automate tasks and integrate AI-driven solutions into their workflows. However, setting it up securely in a cloud-based environment can ...
The TeamPCP supply chain attack compromised LiteLLM packages 1.82.7 and 1.82.8, stealing SSH keys, cloud credentials, API tokens, and more from developer machines, where secrets live, breathe, and ...
LiteLLM, a massively popular Python library used by AI developers, was compromised to deliver a mass credential harvesting malware, sending shockwaves across the industry. The “software horror” spread ...
If you work with AI APIs and local LLMs, there's a good chance you've at least heard of LiteLLM. It's one of the most popular Python libraries for interacting with large language models, offering a ...
The Trivy vulnerability scanner was compromised in a supply-chain attack by threat actors known as TeamPCP, which distributed credential-stealing malware through official releases and GitHub Actions.
The conversation around AI compute often begins with shortages. GPUs are expensive, cloud capacity is limited, and smaller teams struggle to compete with companies that can reserve massive amounts of ...