PyPI 库中的 LiteLLM 遭到入侵植入恶意代码
LiteLLM 项目维护者账号被盗,黑客向 PyPI 软件库发布了两个嵌入恶意代码的版本 v1.82.7 和 v1.82.8。恶意代码旨在窃取凭证,包括 SSH 密钥、云服务凭证、加密钱包等。任何安装了恶意版本的用户需要立即检查是否遭到入侵。恶意文件 litellm_init.pth 会在每次 Python 进程启动时自动执行。项目维护者称账号被盗源于刚刚爆出的 trivy 漏洞,恶意版本都已从 PyPI 上移除,所有维护者帐户都已更改。
Aggregator
The Bot Numerology: How “stager_51_bot” Unmasked MuddyWater’s Global LampoRAT Campaign
4 weeks 1 day ago
Occasionally, a malicious campaign is betrayed not by labyrinthine code, but by a minuscule detail. Within the nascent
The post The Bot Numerology: How “stager_51_bot” Unmasked MuddyWater’s Global LampoRAT Campaign appeared first on Penetration Testing Tools.
ddos
The Gateway Lockdown: FCC Bans New Foreign Routers as Texas Declares War on TP-Link
4 weeks 1 day ago
The United States has resolved to exert vastly more stringent dominion over one of the most ubiquitous elements
The post The Gateway Lockdown: FCC Bans New Foreign Routers as Texas Declares War on TP-Link appeared first on Penetration Testing Tools.
ddos
The Performance Lockdown: Microsoft Blocks the Registry Hack for Faster Windows 11 SSDs
4 weeks 1 day ago
Microsoft has definitively shuttered a straightforward avenue for awakening a clandestine feature within Windows 11 that substantially accelerated
The post The Performance Lockdown: Microsoft Blocks the Registry Hack for Faster Windows 11 SSDs appeared first on Penetration Testing Tools.
ddos
The “DarkSword” Leak: How a State-Grade iPhone Cyberweapon Ended Up on GitHub for Anyone to Use
4 weeks 1 day ago
An unidentified entity has unleashed upon GitHub a nascent iteration of DarkSword—a formidable cybernetic armament that, merely a
The post The “DarkSword” Leak: How a State-Grade iPhone Cyberweapon Ended Up on GitHub for Anyone to Use appeared first on Penetration Testing Tools.
ddos
FCC Bans New Foreign-Made Routers Over Supply Chain and Cyber Risk Concerns
4 weeks 1 day ago
The U.S. Federal Communications Commission (FCC) said on Monday that it was banning the import of new, foreign-made consumer routers, citing "unacceptable" risks to cyber and national security.
The action was designed to safeguard Americans and the underlying communications networks the country relies on, FCC Chairman Brendan Carr said in a post on X. The development means that new models of
The Hacker News
Claudy Day: The Invisible Chain That Turned Claude.ai into a Silent Data Harvester
4 weeks 1 day ago
An ordinary hyperlink to an AI chat may easily masquerade as a treacherous snare. The vanguard at Oasis
The post Claudy Day: The Invisible Chain That Turned Claude.ai into a Silent Data Harvester appeared first on Penetration Testing Tools.
ddos
The Gaddafi Lure: How a “Leaked Video” Led to the Clandestine Hijacking of Libya’s Oil Giant
4 weeks 1 day ago
The kinetic strike commenced with a sensational headline heralding a “leaked video” and culminated in clandestine dominion over
The post The Gaddafi Lure: How a “Leaked Video” Led to the Clandestine Hijacking of Libya’s Oil Giant appeared first on Penetration Testing Tools.
ddos
安全工具被入侵,引发大规模AI供应链投毒
4 weeks 1 day ago
数千个AI项目、数十万台设备受影响
Диктатура логики: физики доказали, что теория струн — единственный способ избежать краха законов Вселенной
4 weeks 1 day ago
Новые формулы 2026 года превратили «изящную гипотезу» в чертеж реальности.
The Silent Siege: How MuddyWater’s “Dindoor” Backdoor Infiltrated Critical Western Infrastructure
4 weeks 1 day ago
In the nascent days of February, several institutions across the United States, Israel, and Canada imperceptibly surrendered dominion
The post The Silent Siege: How MuddyWater’s “Dindoor” Backdoor Infiltrated Critical Western Infrastructure appeared first on Penetration Testing Tools.
ddos
今日(2026年3月25日)OpenClaw 最新安全动态总结
4 weeks 1 day ago
12 терабит ярости. Рекорды, которые мы заслужили (но совсем не хотели)
4 weeks 1 day ago
Пароли больше никого не волнуют. Теперь злоумышленников интересует лишь объём трафика.
热门 Python 库 LiteLLM 遭供应链攻击,后门窃取凭证和认证令牌
4 weeks 1 day ago
HackerNews 编译,转载请注明出处: TeamPCP黑客组织持续发动供应链攻击,现已入侵广受欢迎的Python库”LiteLLM”,并声称在攻击期间从数十万台设备窃取数据。 LiteLLM是一款开源Python库,作为统一API网关对接多个大语言模型(LLM)提供商。该包极为热门,日均下载量超340万次,过去一个月下载量超9500万次。 据Endor Labs研究,威胁行为体入侵该项目后,今日向PyPI发布了LiteLLM 1.82.7和1.82.8的恶意版本,部署信息窃取程序收集各类敏感数据。 此次攻击由TeamPCP认领,该组织此前高调入侵了Aqua Security的Trivy漏洞扫描器。那次入侵引发连锁反应,波及Aqua Security Docker镜像、Checkmarx KICS项目,如今又轮到LiteLLM。 该组织还被发现利用恶意脚本攻击Kubernetes集群——当检测到伊朗配置的系统时擦除所有机器,在其他地区设备上则安装新型CanisterWorm后门。 消息人士告诉BleepingComputer,数据外泄数量约50万条,其中大量为重复记录。VX-Underground报告的”感染设备”数量相近。但BleepingComputer未能独立核实这些数字。 LiteLLM供应链攻击详情 Endor Labs报告称,威胁行为体今日推送了两个恶意版本,均在包导入时执行隐藏载荷。 恶意代码以base64编码形式注入’litellm/proxy/proxy_server.py’文件,模块导入时即解码执行。1.82.8版本更进一步,向Python环境安装名为’litellm_init.pth’的.pth文件。由于Python解释器启动时会自动处理所有.pth文件,即使不专门使用LiteLLM,恶意代码也会在Python运行时执行。 执行后,载荷最终部署”TeamPCP Cloud Stealer”变种及持久化脚本。BleepingComputer分析显示,该载荷与Trivy供应链攻击中使用的凭证窃取逻辑几乎相同。 Endor Labs解释:”载荷触发后执行三阶段攻击:收集凭证(SSH密钥、云令牌、Kubernetes密钥、加密钱包和.env文件),尝试通过向每个节点部署特权Pod在Kubernetes集群内横向移动,并安装持久化systemd后门以轮询额外二进制文件。外泄数据经加密后发送至攻击者控制的域名。” 窃取范围 该窃取程序收集广泛的凭证和认证密钥,包括: 系统侦察:运行hostname、pwd、whoami、uname -a、ip addr、printenv命令 SSH密钥和配置文件 AWS、GCP、Azure云凭证 Kubernetes服务账户令牌和集群密钥 .env等环境文件 数据库凭证和配置文件 TLS私钥和CI/CD密钥 加密货币钱包数据 云窃取载荷还包含额外的base64编码脚本,伪装为”System Telemetry Service”安装为systemd用户服务,定期连接checkmarx[.]zone远程服务器下载执行额外载荷。 窃取数据打包为名为tpcp.tar.gz的加密档案,发送至攻击者控制的infrastructure models.litellm[.]cloud。 如怀疑已遭入侵,应将受影响系统上的所有凭证视为已暴露并立即轮换。 BleepingComputer多次报道过因企业未及时轮换先前泄露中发现的凭证、密钥和认证令牌而引发的入侵事件。研究人员和威胁行为体均告诉BleepingComputer,虽然轮换密钥困难,但这是防止连锁供应链攻击的最佳手段之一。 消息来源:bleepingcomputer.com; 本文由 HackerNews.cc 翻译整理,封面来源于网络; 转载请注明“转自 HackerNews.cc”并附上原文
hackernews
国家密码管理局关于开展商用密码应用安全性评估从业人员考核的公告
4 weeks 1 day ago
お知らせ:JPCERT/CC Eyes「世界のCSIRTから ~アゼルバイジャン~」
4 weeks 1 day ago
В Млечном Пути нашли 87 следов разрушенных миров — тонкие цепочки звёзд, которые когда-то были целыми скоплениями
4 weeks 1 day ago
Единственный способ увидеть тёмную материю: по изгибам светящихся цепочек астрономы читают карту невидимого.
【全系统加固体验月】Android、iOS、鸿蒙NEXT三端,别让任何一个系统成为安全短板!
4 weeks 1 day ago
您是否也曾遇到这些困扰?
移动应用面临逆向破解、调试篡改、数据泄露等安全风险,同时需满足合规与知识产权保护要求,如何全面保障用户隐私与业务安全?
业务覆盖Android、iOS、鸿蒙NEXT多端应用,如何统一管控安全风险,确保各系统无安全短板?
想尝试多系统加固,却担心成本投入、流程复杂、效果难以验证?
现在,机会来啦!为回馈广大客户长期以来的信任,同时让更多用户体验多系统加固的安全与便捷,梆梆安全重磅推出“全系统加固体验月”免费试用活动!本次活动开放Android应用加固、iOS应用加固、鸿蒙NEXT应用加固三款产品体验,无论您是已合作的老客户,还是初次接触加固的新朋友,均可报名参与。
名额有限,仅限前50位报名者,先到先得! 立即行动,锁定您的专属体验资格!
梆梆安全
OpenAI 宣布关闭 Sora,终止与迪士尼的合作
4 weeks 1 day ago
OpenAI 宣布将关闭其视频生成应用 Sora,终止与迪士尼的内容合作。OpenAI 的聊天机器人 ChatGPT 也将关闭视频生成功能,但图像生成不受影响。Sora 于 2024 年推出,一度引发广泛关注,但过去几个月它的热度下滑显著,而竞争对手如字节跳动的 SeeDance 2.0 在生成视频方面比 OpenAI 甚至更出色。迪士尼在 2025 年 12 月宣布与 OpenAI 展开合作,允许 Sora 使用其版权角色生成视频。随着 Sora 的关闭,双方的内容合作也宣告终止。OpenAI 在几天前举行的一次全体员工大会上表示将重新专注于商业和生产力应用,避免被琐事分散注意力。
Cybersecurity M&A Is Surging as AI Reshapes the Market
4 weeks 1 day ago
Momentum Cyber CEO Eric McAlpine on the Funding Velocity of AI-Native Startups
Large funding rounds are concentrating on fewer cybersecurity startups as artificial intelligence accelerates product development. Momentum Cyber CEO Eric McAlpine shares why investors are backing AI-native startups earlier and how it is reshaping growth and competition in cybersecurity M&A.
Large funding rounds are concentrating on fewer cybersecurity startups as artificial intelligence accelerates product development. Momentum Cyber CEO Eric McAlpine shares why investors are backing AI-native startups earlier and how it is reshaping growth and competition in cybersecurity M&A.