Overview Recently, NSFOCUS CERT detected that Xinference had suffered supply chain poisoning in its PyPI warehouse. The attacker stole the PyPI release permission credentials of Xinference maintainers and released three consecutive malicious versions implanted with Trojans on April 22, GMT+8. When triggered by the user, it will collect cloud credentials, SSH keys, API tokens, Sensitive […]

The post Xinference PyPI Supply Chain Poisoning Warning appeared first on NSFOCUS.

The post Xinference PyPI Supply Chain Poisoning Warning appeared first on Security Boulevard.

Overview On April 15, NSFOCUS CERT detected that Microsoft released the April Security Update patch, fixing 165 security issues involving Windows, Microsoft Office, Microsoft SQL Server, Microsoft Visual Studio, Microsoft .NET Framework, Widely used products such as Azure, including high-risk vulnerability types such as privilege escalation and remote code execution. Among the vulnerabilities fixed by […]

The post Microsoft’s April Security Update of High-Risk Vulnerability Notice for Multiple Products appeared first on NSFOCUS.

The post Microsoft’s April Security Update of High-Risk Vulnerability Notice for Multiple Products appeared first on Security Boulevard.

Overview On March 11, NSFOCUS CERT detected that Microsoft released the March Security Update patch, which fixed 83 security issues involving widely used products such as Windows, Microsoft Office, Microsoft SQL Server, Azure, etc., including high-risk vulnerability types such as privilege escalation and remote code execution. Among the vulnerabilities fixed by Microsoft’s monthly update this […]

The post Microsoft’s March Security Update of High-Risk Vulnerability Notice for Multiple Products appeared first on NSFOCUS, Inc., a global network and cyber security leader, protects enterprises and carriers from advanced cyber attacks..

The post Microsoft’s March Security Update of High-Risk Vulnerability Notice for Multiple Products appeared first on Security Boulevard.

Overview Recently, NSFOCUS Technology CERT detected that the GitHub community disclosed that there was a credential stealing program in the new version of LiteLLM. Analysis confirmed that it had suffered supply chain poisoning by the TeamPCP group on PyPI. It stole the publishing permission credentials by hacking into the security scanning tool Trivy used in […]

The post AI Infrastructure LiteLLM Supply Chain Poisoning Alert appeared first on NSFOCUS, Inc., a global network and cyber security leader, protects enterprises and carriers from advanced cyber attacks..

The post AI Infrastructure LiteLLM Supply Chain Poisoning Alert appeared first on Security Boulevard.