腾讯网

AI模型部署工具Xinference遭供应链投毒攻击

监测发现,近期AI模型部署工具Xinference遭供应链投毒攻击。攻击者向Python官方软件包仓库PyPI(Python Package Index)上传了包含恶意代码的Xinference软件包,用户安装受影响的软件包或者在代码文件中引入Xinference时,恶意代码将自动执行。攻击者可窃取云平台凭据、API密钥、数据库密码、加密货币钱包和 环境变量 ...

Backdoored PyTorch Lightning package drops credential stealer

A malicious version of the PyTorch Lightning package published on the Python Package Index (PyPI) delivers a ...

PyPI package with 1.1M monthly downloads hacked to push infostealer

An attacker pushed a malicious version of the popular elementary-data package Python Package Index (PyPI) to steal sensitive ...
Techzine Europe

Malicious Python package poses new supply chain threat

The open-source package elementary-data, with over a million downloads per month, has been compromised. Attackers exploited a vulnerability in a GitHub ...
InfoWorld

Why it’s so hard to create stand-alone Python apps

Ever wonder why packaging a Python app and its dependencies as a single executable is such a pain? Blame it on the dynamism ...