Major Security Breach Of Critical AI Dependency Exposes Cloud Secrets

A cyber attack hit LiteLLM, an open-source library used in many AI systems, carrying malicious code that stole credentials ...

Malware in an Open-Source Project Could Have Infected Thousands. The Twist? It Was Certified by Delve

McMahon wrote that the malware was likely vibe coded, and sloppily at that, leading to the so-called “fork bomb” that crashed ...
The Hacker News

Open VSX Bug Let Malicious VS Code Extensions Bypass Pre-Publish Security Checks

Open VSX bug misread scanner failures as clean results, letting malicious VS Code extensions go live before patch in v0.32.0.

Silicon Valley’s two biggest dramas have intersected: LiteLLM and Delve

LiteLLM offers an AI open source project used by millions that was infected by credential harvesting malware.

Hackers are exploiting a vulnerability in lots of e-commerce sites

Magento and Adobe Commerce sites are affected, but a fix is in the works.