A Python package presented as a privacy-first shortcut to AI models has been unmasked as a supply-chain threat that quietly captures user prompts, leans on a private university service without ...
Security teams are scrambling after two malicious releases of the Telnyx Python SDK were uploaded to PyPI on March 27, turning a widely used developer tool into a credential-stealing backdoor that ...
Meta pauses Mercor partnership after a major data breach raises concerns over exposure of sensitive AI training data.
网络安全研究人员在npm注册表中发现了36个恶意包,这些包伪装成Strapi CMS插件,但携带不同的有效载荷,用于Redis和PostgreSQL利用、部署反向Shell、收集凭据并投放持久化植入程序。
AI招聘初创公司Mercor证实,该公司是受到LiteLLM供应链攻击影响的"数千家公司之一",这起源于Trivy漏洞的攻击影响范围持续扩大。 "我们最近确认,我们是受到涉及LiteLLM供应链攻击影响的数千家公司之一,"Mercor在周二的社交媒体帖子中表示。 "我们的安全团队迅速采取行动遏制并修复了这一事件,"声明继续说道,并补充称正在第三方取证专家的帮助下进行"彻底调查",将"投入必要资源尽 ...
TeamPCP is exploring ways to monetize the secrets harvested during supply chain attacks, with identified ties to the Lapsus$ ...
5 天Opinion
AI recruiting biz Mercor says it was 'one of thousands' hit in LiteLLM supply-chain attack
AI hiring startup Mercor confirmed it was "one of thousands of companies" affected by the LiteLLM supply-chain attack as the ...
The threat group's shift to speedy attacks on AWS, Azure, and SaaS instances shows organizations need to respond quickly to ...
CERT-EU attributed a 92 GB data breach at the European Commission to TeamPCP, which compromised the Trivy security scanner in ...
Strapi plugins exploit Redis and PostgreSQL via postinstall scripts, enabling persistent access and data theft.
APERION (formerly LangSmart), the enterprise AI governance company, today announced the launch of the SmartFlow SDK, ...
4月5日消息,一次针对开源软件库的供应链攻击正在引发人工智能行业的安全担忧。me ta已暂停与AI数据公司 Mercor 的合作项目,此前该公司在网络攻击中发生数据泄露,可能暴露了包括AI训练方法在内的敏感信息。 Mercor总部位于旧金山,是一家为多家AI公司提供训练数据的供应商,其客户包括 me ta、OpenAI、Anthropic和Google ...
一些您可能无法访问的结果已被隐去。
显示无法访问的结果