Major Security Breach Of Critical AI Dependency Exposes Cloud Secrets

A cyber attack hit LiteLLM, an open-source library used in many AI systems, carrying malicious code that stole credentials ...
CSO Online

Attackers exploit critical Langflow RCE within hours as CISA sounds alarm

Attackers weaponized critical RCE within hours, prompting CISA to add the flaw to its KEV catalog and set an urgent patch ...
HealthcareInfoSecurity

LiteLLM Hit in Cascading Supply-Chain Attack

Threat group TeamPCP exploited credentials stolen in the Trivy breach to push malicious versions of LiteLLM to PyPI, exposing ...

Malware in an open-source project could have infected thousands. The twist? It was certified by Delve

The malware from a LiteLLM project was bad, but the optics stemming from Delve’s involvement are worse.
Decrypt

XRP Falls to 2-Week Low as Ripple Deploys AI to Boost Ledger Security

Ripple is rolling out AI-driven security testing across the XRP Ledger, with an AI-assisted red team that has already ...

CISA: New Langflow flaw actively exploited to hijack AI workflows

The Cybersecurity and Infrastructure Security Agency (CISA) is warning that hackers are actively exploiting a critical ...
Infosecurity Magazine

Security Researchers Sound the Alarm on Vulnerabilities in AI-Generated Code

Security researchers from Georgia Tech have observed a surge in reported CVEs for which the flaw was introduced by ...

A major hacking tool has leaked online, putting millions of iPhones at risk. Here’s what you need to know.

Here’s what we know, and what you need to know, about Coruna and DarkSword, two advanced iPhone hacking tools discovered by ...

Silicon Valley’s two biggest dramas have intersected: LiteLLM and Delve

Delve is the Y-Combinator AI-powered compliance startup that’s been accused of misleading its customers about their true ...

GitHub adds AI-powered bug detection to expand security coverage

GitHub is adopting AI-based scanning for its Code Security tool to expand vulnerability detections beyond the CodeQL static ...
SecurityWeek

From Trivy to Broad OSS Compromise: TeamPCP Hits Docker Hub, VS Code, PyPI

After hacking Trivy, TeamPCP moved to compromise repositories across NPM, Docker Hub, VS Code, and PyPI, stealing over 300GB ...
WinBuzzer

Anthropic’s Claude Code Gets Auto Mode, Cowork Gains Desktop Control

Anthropic has launched auto mode for Claude Code and computer use for Cowork, expanding AI agent autonomy as revenue ...