XDA Developers on MSN

A popular Python library just became a backdoor to your entire machine

Supply chain attacks feel like they're becoming more and more common.
腾讯网

月下载9700万的Python库被“投毒”!Karpathy紧急警告:一行pip install ...

整理 | 郑丽媛出品 | CSDN(ID:CSDNnews)如果你是一名 Python 开发者,对 pip install 命令肯定很熟悉——这是最常用的套件安装指令,可用来从 PyPI 或其它来源安装、升级与管理套件。但就在 3 月 24 ...

Popular LiteLLM PyPI package backdoored to steal credentials, auth tokens

The TeamPCP hacking group continues its supply-chain rampage, now compromising the massively popular "LiteLLM" Python package ...
Microsoft

Guidance for detecting, investigating, and defending against the Trivy supply chain compromise

Threat actors abused trusted Trivy distribution channels to inject credential‑stealing malware into CI/CD pipelines worldwide ...

告别Docker:北大开源「迷你沙盒」,无容器也能训练SWE Agent

本工作来自北京大学王选所赵东岩、张辉帅老师团队,第一作者为北京大学前沿交叉学院三年级硕士袁旦龙。 AI 编程这么火,想训练个 SWE Agent 却没有资源怎么办? 最近,软件工程智能体(后统称 SWE ...
OfficeChai

LiteLLM Attack: How a Hacked Security Tool Became a Master Key to Thousands of AI Developer ...

On the morning of March 24, 2026, tens of thousands of software developers working on AI applications were unknowingly exposed to malware.

北大开源SWE-MiniSandbox:无容器训练SWE Agent新选择

在人工智能编程的浪潮中,软件工程智能体(SWE Agent)成为了众多开发者和研究者关注的焦点。如何有效且低成本地训练这些智能体,成为了一个亟待解决的问题。最近,北京大学的研究团队推出了SWE-MiniSandbox,这一全新的开源框架为没有容器资源的开发者提供了一个极具吸引力的解决方案。 无容器训练的革命性突破 SWE-MiniSandbox的核心创新在于其无需依赖传统的容器技术(如Docker ...