Backdoored Telnyx PyPI package pushes malware hidden in WAV audio

TeamPCP hackers compromised the Telnyx package on the Python Package Index today, uploading malicious versions that deliver ...

Supply chain attack on LiteLLM: Affected parties should change credentials

An attack on the open-source library for connecting to LLMs has apparently occurred, allowing two compromised packages to ...
腾讯网

Karpathy紧急警告:月下载近亿的LiteLLM被投毒!已有开发者因Cursor MCP ...

但是也有人质疑卡帕西的“利用LLM提取功能”的这一措施,表示“只是把一个未经审查的代码库换成了一个LLM输出的而已”。这个就比较见仁见智了,使用LLM过滤一遍对提高代码安全性是否存在帮助依然非常依赖提示词。
GitHub

Alma — Time-Travel Variable Framework

"What if every variable remembered where it came from?" Alma is a lightweight, thread-safe Python framework that wraps ordinary values in observable, auditable containers — giving you a complete ...