The Hacker News

Hades PyPI Attack: 19 Packages Poisoned to Auto-Run Bun Credential Stealer

The Miasma supply chain campaign has sparked a fresh attack wave called Hades, this time involving 37 malicious wheel ...
InfoWorld

LiteLLM: An open-source gateway for unified LLM access

LiteLLM allows developers to integrate a diverse range of LLM models as if they were calling OpenAI’s API, with support for fallbacks, budgets, rate limits, and real-time monitoring of API calls. The ...
Bleeping Computer

Popular LiteLLM PyPI package backdoored to steal credentials, auth tokens

The TeamPCP hacking group continues its supply-chain rampage, now compromising the massively popular "LiteLLM" Python package on PyPI and claiming to have stolen data from hundreds of thousands of ...
InfoWorld

Portkey: An open-source AI gateway for easy LLM orchestration

The explosion of open-source AI frameworks has given developers unprecedented flexibility in deploying AI models. Portkey, an open-source AI gateway, simplifies AI model orchestration by providing a ...

Concentrate AI Launches Free LLM Gateway as Companies Race to Control AI Spend

Backed by more than $5M+ from True Ventures and RRE Ventures, Concentrate gives every company one API for every major model ...
TechRadar

Mitigating the risks of package hallucination and 'slopsquatting'

In 2024, cybersecurity experts started to warn of a new threat to the software supply chain. Named 'slopsquatting', it is a type of cyber attack where bad actors create fake packages containing ...
CSOonline

Dependencies in LLM packages open apps to vulnerabilities: Report

Open-source packages with large language model (LLM) capabilities have many dependencies that make calls to security-sensitive APIs, according to a new Endor Labs report. As applications increasingly ...