A compromised version of the popular AI library LiteLLM, with 97 million monthly downloads, briefly turned pip installs into a credential theft operation. The malicious package, live for two hours, was only detected due to a bug causing a system crash. This incident highlights the risks of extensive dependency chains in software development. A compromised version of the popular AI library LiteLLM, with 97 million monthly downloads, briefly turned pip installs into a credential theft operation. The malicious package, live for two hours, was only detected due to a bug causing a system crash. This incident highlights the risks of extensive dependency chains in software development.
Trending
- British Airways plans bonus for pilots for cutting fuel use: Report
- 12 engineers suspended, action against 26 in UP over lapses in Jal Jeevan Mission works
- ‘One vengeance for all’: Iran’s AI video targets ‘Statue of Liberty’ in fiery nuclear warning
- US Army raises maximum joining age to 42, opens doors for older recruits
- ‘Keep hating’: Influencer slammed for her ‘disgusting details of a new temple in Frisco’ post
- ‘Desperate to mediate Russia-Ukraine?’ Congress jabs Jaishankar over ‘dalaal’ remark
- ‘May call up national guard’: Trump blames Democrats for immigration, airport chaos
- ‘Cricket is my passion. No one can take this away from me’: Prithvi Shaw
Tesla ex-VP shares AI coding horror that could have wiped sensitive data; Musk agrees
By
Add A Comment