PyPIで公開されているライブラリー「litellm」の特定版に不正コードが混入した。悪用によって認証情報の窃取やK8sへの横展開、永続的なバックドア設置が可能になるという。利用環境の調査および認証情報の更新が強く推奨される。
AtlasCross RAT spreads via 11 fake domains registered October 27, 2025, enabling encrypted C2 control and persistence.
Before smartphones, spreadsheets, or even written alphabets as we know them, the Inca appear to have managed information in a ...
Scientists used the quipu’s data to build working spreadsheets, file systems, and encryption tools, rivaling conventional ...
The compromised packages, linked to the Trivy breach, executed a three‑stage payload targeting AWS, GCP, Azure, Kubernetes ...
AI管理ライブラリの「LiteLLM」がサプライチェーン攻撃を受け、一時的に悪意ある変更を含んだマルウェア版が配布されていたことが判明しました。LiteLLMのマルウェア版ではユーザーのSSHキーやAPIキーを盗み出すスクリプトが動作していたことも判 ...
Threat actors abused trusted Trivy distribution channels to inject credential‑stealing malware into CI/CD pipelines worldwide ...
On March 19, 2026, a threat actor known as TeamPCP compromised Aqua Security’s Trivy vulnerability scanner – the most widely adopted open-source scanner in the cloud-native ecosystem. The attacker ...
XDA Developers on MSN
A popular Python library just became a backdoor to your entire machine
Supply chain attacks feel like they're becoming more and more common.
The TeamPCP hacking group is targeting Kubernetes clusters with a malicious script that wipes all machines when it detects ...
Hackers have compromised virtually all versions of Aqua Security’s widely used Trivy vulnerability scanner in an ongoing ...
Learn how to protect Model Context Protocol (MCP) from quantum-enabled adversarial attacks using automated threat detection ...
一部の結果でアクセス不可の可能性があるため、非表示になっています。
アクセス不可の結果を表示する