lyvd

Software horror: litellm PyPI supply chain attack. Simple `pip install litellm` was enough to exfiltrate SSH keys, AWS/GCP/Azure creds, Kubernetes configs, git credentials, env vars (all your API keys), shell history, crypto wallets, SSL private keys, CI/CD secrets, database passwords. LiteLLM itself has 97 million downloads per month which is already terrible, but much worse, the contagion spreads to any project that depends on litellm. For example, if you did `pip install dspy` (which depended on litellm>=1.64.0), you'd also be pwnd. Same for any other large project that depended on litellm. Afaict the poisoned version was up for only less than ~1 hour. The attack had a bug which led to its discovery - Callum McMahon was using an MCP plugin inside Cursor that pulled in litellm as a transitive dependency. When litellm 1.82.8 installed, their machine ran out of RAM and crashed. So if the attacker didn't vibe code this attack it could have been undetected for many days or weeks. Supply chain attacks like this are basically the scariest thing imaginable in modern software. Every time you install any depedency you could be pulling in a poisoned package anywhere deep inside its entire depedency tree. This is especially risky with large projects that might have lots and lots of dependencies. The credentials that do get stolen in each attack can then be used to take over more accounts and compromise more packages. Classical software engineering would have you believe that dependencies are good (we're building pyramids from bricks), but imo this has to be re-evaluated, and it's why I've been so growingly averse to them, preferring to use LLMs to "yoink" functionality when it's simple enough and possible.

Interested in boosting the performance of LLMs in detecting malicious npm packages, and at the same time, saving the number of tokens. Check out our recent study titled "Taint-Based Code Slicing for LLMs-based Malicious NPM Package Detection" on Arxiv arxiv.org/abs/2512.12313

We will be presenting our poster, "TYPOSQUATTING ATTACKS ON THE RUST ECOSYSTEM," at the AsiaCCS conference in Hanoi this August. We are probably the first to investigate squatting attacks on Rust packages in Crates.io. Please stay tuned for our preprint.

Get into the New Year dance party spirit: PANIC AT THE DISTRO 💃 🕺 🎇 We went on a mission to find out: ⭐ What measures have maintainers at Linux distributions implemented or considered implementing to counter malware? ⭐ How effective are current malware detection tools at identifying malicious Linux packages? Read more on the blog: chainguard.dev/unchained/pani…

Pleased to share our blog post titled: "Panic! at the Distro: A Study of Malware Prevention in Linux Distributions". chainguard.dev/unchained/pani… The paper is available on arXiv: arxiv.org/abs/2411.11017.

PSA: The popular @​solana/web3.js library has been affected by a supply chain attack. Compromised versions contain injected malicious code that steals private keys from unsuspecting developers and users, enabling attackers to drain crypto wallets. ⬇️ This is a developing story

Call for Participation of CCS Doctoral Symposium, this is the first time CCS is organizing a doctoral symposium, please join us! sigsac.org/ccs/CCS2024/ca…

Slides of our @ICSEconf 2023 presentation titled "bad snakes: understanding and improving python package index malware scanning" are available at slideshare.net/LyVu52/icsepre… Thank you for your attention and look forward to the future ICSE conferences.

We are excited to launch Open Source Insights deps.dev API! This makes critical security metadata for 50M pkg versions across 5 major ecosystems (Go,Maven,PyPI,npm & Cargo) universally accessible with a single API call (no signup, keys) security.googleblog.com/2023/04/announ…

Supply Chain Attack Using Identical PyPI Packages, “colorslib”, “httpslib”, and “libhttps” | FortiGuard Labs fortinet.com/blog/threat-re…

Attention developers! Lolip0p, a threat actor, has uploaded rogue packages to the PyPI repository with the goal of dropping #malware on compromised systems. Read: thehackernews.com/2023/01/resear… #infosec #cybersecurity #hacking #programming #coding

PyTorch has identified a malicious dependency with the same name as the framework's 'torchtriton' library. This has led to a successful compromise via the dependency confusion attack vector. bleepingcomputer.com/news/security/… Stay safe. This is why you need different dev environment

The Android team has open sourced our internal Rust Training! It's a four day course covering the full spectrum of Rust, from basic syntax to advanced topics like generics and error handling. It also includes Android-specific content on the last day. google.github.io/comprehensive-…

12 tips for becoming a successful engineer from ChatGPT: 1. Develop a strong foundation in math and science. 2. Learn to think critically and solve problems effectively. 3. Keep up with the latest advances and developments in your field.

Great news! Our Bad snakes paper has just been accepted at @ICSEconf 2023 conference. We will be working on the camera ready version of the paper. Meantime, you can find the preprint here arxiv.org/abs/2209.13288

Securing the Machine Learning Supply Chain! chainguard.dev/unchained/secu…

Listen 👏 to 👏 maintainers. 👏 They understand requirements and priorities, & have a personal stake in preventing attacks. chainguard.dev/unchained/hunt…

My second blog post with Chainguard :) chainguard.dev/unchained/hunt… Full paper: arxiv.org/abs/2209.13288

Scans used by Python Package Index (PyPI) to find malware fail to catch 41% of bad packages, and also triggers many false positives. The details here from @roblemos bit.ly/3R5Ypqs

Using open source benchmark datasets to assess the current PyPI checks, our analysis found false positive rates as high as 33%. 🤯 Read more of our findings: bit.ly/3T8n8w1