A Python package presented as a privacy-first shortcut to AI models has been unmasked as a supply-chain threat that quietly captures user prompts, leans on a private university service without ...

Meta pauses Mercor partnership after a major data breach raises concerns over exposure of sensitive AI training data.

Security teams are scrambling after two malicious releases of the Telnyx Python SDK were uploaded to PyPI on March 27, turning a widely used developer tool into a credential-stealing backdoor that ...

TeamPCP is exploring ways to monetize the secrets harvested during supply chain attacks, with identified ties to the Lapsus$ ...

Language package managers like pip, npm, and others pose a high risk during active supply chain attacks. However, OS updates ...

AI hiring startup Mercor confirmed it was "one of thousands of companies" affected by the LiteLLM supply-chain attack as the ...

The threat group's shift to speedy attacks on AWS, Azure, and SaaS instances shows organizations need to respond quickly to ...

CERT-EU attributed a 92 GB data breach at the European Commission to TeamPCP, which compromised the Trivy security scanner in ...

Strapi plugins exploit Redis and PostgreSQL via postinstall scripts, enabling persistent access and data theft.

4月5日消息，一次针对开源软件库的供应链攻击正在引发人工智能行业的安全担忧。me ta已暂停与AI数据公司 Mercor 的合作项目，此前该公司在网络攻击中发生数据泄露，可能暴露了包括AI训练方法在内的敏感信息。 Mercor总部位于旧金山，是一家为多家AI公司提供训练数据的供应商，其客户包括 me ta、OpenAI、Anthropic和Google ...

APERION (formerly LangSmart), the enterprise AI governance company, today announced the launch of the SmartFlow SDK, ...

After the supply chain attack on LiteLLM, attackers were able to access internal Cisco data, it is said. Source code from ...