Threat actors are weaponizing leaked Anthropic Claude AI source code by embedding malware, disguised as legitimate repositories, and distributing it to develope...
Read Analysis βAI training startup Mercor experienced a data breach resulting from a supply chain attack that leveraged the open-source project LiteLLM, impacting potentially ...
Read Analysis βAttackers executed a supply-chain attack on the open-source library LiteLLM by exploiting stolen credentials to inject malicious code into its PyPI distribution...
Read Analysis βAI firm Mercor confirmed a breach stemming from a supply chain attack involving the open-source LiteLLM PyPI package, where attackers published malicious versio...
Read Analysis βMercor was reportedly impacted by a supply chain attack involving the LiteLLM component, suggesting a potential compromise of software integrity or introduction...
Read Analysis βAn extortion group executed a supply chain attack by compromising the open-source LiteLLM project, which serves as a widely-used AI model API proxy. This breach...
Read Analysis βThe incident stems from a supply chain attack targeting the open-source LiteLLM project, where malicious code was injected. This compromise led to thousands of ...
Read Analysis βMercor, an AI recruiting startup, experienced a data breach following a supply chain attack on the open-source LiteLLM project, which involved the injection of ...
Read Analysis βA sophisticated multi-stage supply chain attack, initiated by compromising open-source security scanner Trivy to steal LiteLLM PyPI credentials, injected malici...
Read Analysis βThe OpenClaw AI assistant, an autonomous open-source agent, poses significant security risks due to its privileged access to system tools and sensitive data. It...
Read Analysis βAn OpenAI security incident occurred due to a vulnerability in its third-party data analytics provider, Mixpanel. This breach exposed general user information, ...
Read Analysis βAI-enabled supply chain attacks are rapidly escalating, demonstrated by the NullBulge group weaponizing open-source repositories for data exfiltration and LockB...
Read Analysis βThreat actors (UNC6395) initiated a supply chain attack by compromising a Salesloft GitHub repository to exfiltrate a sensitive OAuth token. This token granted ...
Read Analysis βA supply chain attack originating from a Salesloft GitHub repository led to the theft of an OAuth token, granting privileged access to their Drift account. This...
Read Analysis βAn OAuth token stolen from a compromised GitHub repository of AI chatbot vendor Salesloft-Drift was leveraged to access their high-privilege Drift account. This...
Read Analysis βHackers exploited a vulnerable workflow in the Nx build system to achieve code injection and GITHUB_TOKEN theft, enabling the publication of malicious package v...
Read Analysis βA hacker injected destructive system commands into Amazon's Visual Studio Code extension for Amazon Q via a compromised GitHub repository, distributing it ...
Read Analysis β