Aggregator

Пароли больше никого не волнуют. Теперь злоумышленников интересует лишь объём трафика.

HackerNews 编译，转载请注明出处： TeamPCP黑客组织持续发动供应链攻击，现已入侵广受欢迎的Python库”LiteLLM”，并声称在攻击期间从数十万台设备窃取数据。 LiteLLM是一款开源Python库，作为统一API网关对接多个大语言模型（LLM）提供商。该包极为热门，日均下载量超340万次，过去一个月下载量超9500万次。 据Endor Labs研究，威胁行为体入侵该项目后，今日向PyPI发布了LiteLLM 1.82.7和1.82.8的恶意版本，部署信息窃取程序收集各类敏感数据。 此次攻击由TeamPCP认领，该组织此前高调入侵了Aqua Security的Trivy漏洞扫描器。那次入侵引发连锁反应，波及Aqua Security Docker镜像、Checkmarx KICS项目，如今又轮到LiteLLM。 该组织还被发现利用恶意脚本攻击Kubernetes集群——当检测到伊朗配置的系统时擦除所有机器，在其他地区设备上则安装新型CanisterWorm后门。 消息人士告诉BleepingComputer，数据外泄数量约50万条，其中大量为重复记录。VX-Underground报告的”感染设备”数量相近。但BleepingComputer未能独立核实这些数字。 LiteLLM供应链攻击详情 Endor Labs报告称，威胁行为体今日推送了两个恶意版本，均在包导入时执行隐藏载荷。 恶意代码以base64编码形式注入’litellm/proxy/proxy_server.py’文件，模块导入时即解码执行。1.82.8版本更进一步，向Python环境安装名为’litellm_init.pth’的.pth文件。由于Python解释器启动时会自动处理所有.pth文件，即使不专门使用LiteLLM，恶意代码也会在Python运行时执行。 执行后，载荷最终部署”TeamPCP Cloud Stealer”变种及持久化脚本。BleepingComputer分析显示，该载荷与Trivy供应链攻击中使用的凭证窃取逻辑几乎相同。 Endor Labs解释：”载荷触发后执行三阶段攻击：收集凭证（SSH密钥、云令牌、Kubernetes密钥、加密钱包和.env文件），尝试通过向每个节点部署特权Pod在Kubernetes集群内横向移动，并安装持久化systemd后门以轮询额外二进制文件。外泄数据经加密后发送至攻击者控制的域名。” 窃取范围 该窃取程序收集广泛的凭证和认证密钥，包括： 系统侦察：运行hostname、pwd、whoami、uname -a、ip addr、printenv命令 SSH密钥和配置文件 AWS、GCP、Azure云凭证 Kubernetes服务账户令牌和集群密钥 .env等环境文件 数据库凭证和配置文件 TLS私钥和CI/CD密钥 加密货币钱包数据 云窃取载荷还包含额外的base64编码脚本，伪装为”System Telemetry Service”安装为systemd用户服务，定期连接checkmarx[.]zone远程服务器下载执行额外载荷。 窃取数据打包为名为tpcp.tar.gz的加密档案，发送至攻击者控制的infrastructure models.litellm[.]cloud。 如怀疑已遭入侵，应将受影响系统上的所有凭证视为已暴露并立即轮换。 BleepingComputer多次报道过因企业未及时轮换先前泄露中发现的凭证、密钥和认证令牌而引发的入侵事件。研究人员和威胁行为体均告诉BleepingComputer，虽然轮换密钥困难，但这是防止连锁供应链攻击的最佳手段之一。   消息来源：bleepingcomputer.com； 本文由 HackerNews.cc 翻译整理，封面来源于网络； 转载请注明“转自 HackerNews.cc”并附上原文

Единственный способ увидеть тёмную материю: по изгибам светящихся цепочек астрономы читают карту невидимого.

OpenAI 宣布将关闭其视频生成应用 Sora，终止与迪士尼的内容合作。OpenAI 的聊天机器人 ChatGPT 也将关闭视频生成功能，但图像生成不受影响。Sora 于 2024 年推出，一度引发广泛关注，但过去几个月它的热度下滑显著，而竞争对手如字节跳动的 SeeDance 2.0 在生成视频方面比 OpenAI 甚至更出色。迪士尼在 2025 年 12 月宣布与 OpenAI 展开合作，允许 Sora 使用其版权角色生成视频。随着 Sora 的关闭，双方的内容合作也宣告终止。OpenAI 在几天前举行的一次全体员工大会上表示将重新专注于商业和生产力应用，避免被琐事分散注意力。

Momentum Cyber CEO Eric McAlpine on the Funding Velocity of AI-Native Startups
Large funding rounds are concentrating on fewer cybersecurity startups as artificial intelligence accelerates product development. Momentum Cyber CEO Eric McAlpine shares why investors are backing AI-native startups earlier and how it is reshaping growth and competition in cybersecurity M&A.

Arctic Wolf CEO Nick Schneider on How Visibility, Human Oversight Shape AI Adoption
AI adoption is accelerating, but security leaders now demand proof of effectiveness and trust. Arctic Wolf CEO Nick Schneider explains why visibility, data evidence and human oversight are critical to ensure AI delivers reliable outcomes in cybersecurity operations.

Cisco's Jeetu Patel: Everyone Will Be a 'Manager of Agents'
Coding agents that once struggled below the surface level of basic web development can now refactor decades-old enterprise code at a speed and scale far beyond traditional teams, says Cisco's Jeetu Patel. He explains how AI-built software and machine-scale defense redefine competitive advantage.

Google Threat Intelligence's Sandra Joyce on AI Threats and Active Defense
Sharing threat intelligence is no longer enough - the cybersecurity industry must operationalize it through coordinated takedowns and active disruption, says Sandra Joyce, vice president at Google Threat Intelligence.

到今年3月，我国日均Token的调用量，已经超过了140万亿。

Trivy 0.69.4版本已被植入后门，带有恶意程序的容器镜像与GitHub官方安装包已推送至普通用户端。

虚假AI监管政策事件标志着网络谣言已发生本质性跃迁，从传统的“信息失真”升级为“认知层攻击”。

Hello, this is Shihono from the Global Coordination Division. In early March, we traveled to Baku, the capital of Azerbaijan, and had the opportunity to visit five organizations, including CSIRTs and facilities involved in cyber security workforce development. In this...

There’s a debate making the rounds in security circles that sounds reasonable on the surface but falls apart under operational scrutiny: Which is better, breach and attack simulation (BAS) or automated penetration testing (APT)? Security vendors have stoked this debate for obvious reasons, with some even explicitly arguing that automated pentesting should replace BAS entirely. But for practitioners responsible for defending an organization, this framing is the problem. It represents a coverage regression disguised as … More →

The post You don’t have to choose between BAS or automated pentesting, you shouldn’t appeared first on Help Net Security.

Epic Games 宣布裁员逾千人，原因是其主要收入来源《堡垒之夜（Fortnite）》的玩家减少收入下滑，为维持公司运营而不得不裁员。《堡垒之夜》曾风靡一时，为 Epic Games 带来了上百亿美元的收入，以至于 Epic 推出了一个游戏商店，为吸引玩家每周都提供免费游戏，但最近几年其流行度在衰退。Epic 强调裁员与 AI 无关，而是为了减少支出控制成本。Epic Games 有逾四千名雇员，裁掉的人数占到了总人数的四分之一。腾讯是 Epic Games 的大股东。

Кости 60 бизонов в Гран-Долина выдали секрет древних охотников.

Security culture isn’t built by phishing simulations. In this Help Net Security video, Dan Potter, VP of Cyber Resilience at Immersive, argues that annual training videos and quarterly phishing tests happen in calm, controlled settings that tell us nothing about how people perform when a real incident hits. Real attacks trigger anxiety, cognitive narrowing, and hesitation. People fixate on the loudest problem in the room, lose sight of the bigger picture, and slow down when … More →

The post Why your phishing simulations aren’t building a security culture appeared first on Help Net Security.

Currently trending CVE - Hype Score: 1 - The issue was addressed with improved memory handling. This issue is fixed in Safari 18.6, watchOS 11.6, visionOS 2.6, iOS 18.6 and iPadOS 18.6, macOS Sequoia 15.6, tvOS 18.6. Processing maliciously crafted web content may lead to memory corruption.