近日，人工智能领域发生了一起震动全球开发者的安全事件。作为AI开发核心枢纽的LiteLLM网关遭遇供应链投毒攻击，大量使用者的密钥与敏感信息被窃取。这一事件被业界称为“教科书级别的供应链攻击”，其影响范围之广、危害程度之深，再次暴露出当前AI供应链体系的安全隐患。 LiteLLM作为AI网关，能够代理100多种大语言模型（LLM）的API，被广泛应用于AI编程与服务编排场景。目前其在GitHub上 ...

Datadog 安全团队还原了完整攻击链。3 月 19 日 Trivy 沦陷，20 日 npm 66 个包被感染，23 日 KICS 35 个标签被劫持，24 日 LiteLLM 中招。 攻击者还用 LiteLLM CEO Krrish ...

Overview Recently, NSFOCUS Technology CERT detected that the GitHub community disclosed that there was a credential stealing program in the new version of LiteLLM. Analysis confirmed that it had ...

编辑｜冷猫这是一件极其严肃的软件安全事件。今天，Karpathy 发长推文警告全部开发者注意，GitHub 超过 4 万星，月下载量达 9700 万次的 Python 库 LiteLLM 在 PyPI 上被投毒。首先提请各位开发者检查自己的 LiteLLM 版本 ，含有恶意代码的版本号为 1.82.7 和 ...

Use Playerctl, Python, and Conky timer to create a 'now playing' Spotify desktop widget.

Not everyone can declare themselves “benevolent dictator for life” of a company, but such was the nature of Guido van Rossum, the Dutch programmer who invented an entire programming language from ...

Abstract: Conformance checking techniques compare process models of organizational behavior with observed process executions to reveal their deviations. Traditional alignments concern individual ...

Send a note to Doug Wintemute, Kara Coleman Fields and our other editors. We read every email. By submitting this form, you agree to allow us to collect, store, and potentially publish your provided ...

If you have noticed CefSharp.BrowserSubprocess.exe on your Windows 11/10 PC and facing problems with it, this guide will help you. We explain to you what CefSharp ...

There’s more than one way to thread (or not to thread) a Python program. We point you to several threading resources, a fast new static type checker from Astral, a monkey patch for Pandas that adds ...

Abstract: Most companies exploit information systems to manage their business processes. Logs generated by such systems might be used to automatically learn models of such processes, e.g. for analysis ...