Forcepoint details TeamPCP supply chain attack that turned LiteLLM into a credential stealer

A new report out today from cybersecurity company Forcepoint LLC’s X-Labs research team details a supply chain attack that compromised LiteLLM, a widely used open-source Python ...
Hosted on MSN

732 bytes of Python just borked every Linux machine on earth

A tiny Python script triggered a major Linux failure in a way that few users would expect. The incident shows how even small pieces of code can expose deep problems inside complex systems. For ...
heise online

"Copy Fail": Linux root in all major distributions with 732 bytes of Python

IT researchers have discovered a vulnerability in the Linux kernel that attackers can exploit to gain root privileges. The discoverers have named the vulnerability “Copy Fail.” Virtually all Linux ...
The Hacker News

New Linux 'Copy Fail' Vulnerability Enables Root Access on Major Distributions

Cybersecurity researchers have disclosed details of a Linux local privilege escalation (LPE) flaw that could allow an unprivileged local user to obtain root. The high-severity vulnerability tracked as ...
GitHub

Decompyle-Python-Byte-code-Disassembler-Decompiler /scripts /python-builds

- os.path.join(sqlite_incdir, '..', 'lib64'), + os.path.join(sqlite_incdir, '..', 'lib', 'x86_64-linux-gnu'), os.path.join(sqlite_incdir, '..', 'lib'), - os.path.join ...
marktechpost

Andrej Karpathy Open-Sources ‘Autoresearch’: A 630-Line Python Tool Letting AI Agents Run Autonomous ML Experiments on Single GPUs

The framework establishes a specific division of labor between the human researcher and the AI agent. The system operates on a continuous feedback loop where progress is tracked via git commits on a ...
InfoWorld

PythoC: A new way to generate C code from Python

PythoC lets you use Python as a C code generator, but with more features and flexibility than Cython provides. Here’s a first look at the new C code generator for Python. Python and C share more than ...
CSOonline

Poisoned models in fake Alibaba SDKs show challenges of securing AI supply chains

Fake Alibaba Labs AI SDKs hosted on PyPI included PyTorch models with infostealer code inside. With support for detecting malicious code inside ML models lacking, expect the technique to spread.
marktechpost

A Step-by-Step Guide to Setting Up a Custom BPE Tokenizer with Tiktoken for Advanced NLP Applications in Python

In this tutorial, we’ll learn how to create a custom tokenizer using the tiktoken library. The process involves loading a pre-trained tokenizer model, defining both base and special tokens, ...
CSOonline

Attackers hide malicious code in Hugging Face AI model Pickle files

The popular Python Pickle serialization format, which is common for distributing AI models, offers ways for attackers to inject malicious code that will be executed on computers when loading models ...
theregister

Google's AI bug hunters sniff out two dozen-plus code gremlins that humans missed

Google's OSS-Fuzz project, which uses large language models (LLMs) to help find bugs in code repositories, has now helped identify 26 vulnerabilities, including a critical flaw in the widely used ...