Cybernews

Critical Python supply chain compromise: how library used by millions of AI developers got ...

LiteLLM, a massively popular Python library, was compromised via a supply chain attack, resulting in the delivery of ...
Security Boulevard

Which Came First: The System Prompt, or the RCE?

During a recent penetration test, we came across an AI-powered desktop application that acted as a bridge between Claude ...

Cloudflare’s new Dynamic Workers ditch containers to run AI agent code 100x faster

Cloudflare says dynamically loaded Workers are priced at $0.002 per unique Worker loaded per day, in addition to standard CPU ...
腾讯网

Karpathy紧急警告:月下载近亿的LiteLLM被投毒!已有开发者因Cursor MCP ...

但是也有人质疑卡帕西的“利用LLM提取功能”的这一措施,表示“只是把一个未经审查的代码库换成了一个LLM输出的而已”。这个就比较见仁见智了,使用LLM过滤一遍对提高代码安全性是否存在帮助依然非常依赖提示词。
The Hacker News

⚡ Weekly Recap: Telecom Sleeper Cells, LLM Jailbreaks, Apple Forces U.K. Age Checks and More

Active exploits, nation-state campaigns, fresh arrests, and critical CVEs — this week's cybersecurity recap has it all.