78 matches found
CVE-2026-54232
vLLM prior to 0.22.1 is affected by a dependency confusion flaw in its Dockerfile. The vulnerability arises from installing flashinfer-jit-cache from a private index (flashinfer.ai/whl/) via --extra-index-url while the package name was not registered on PyPI and UV_INDEX_STRATEGY is set to unsafe...
Patcher: Post-Hoc Patching of Backdoored Large Language Models
Large language models remain vulnerable to jailbreak backdoor attacks, where adversaries poison safety alignment data to embed hidden triggers that bypass safety mechanisms. Existing defenses often require comprehensive attack information or multiple triggered examples, making them impractical wh...
Embedded Malicious Code
Overview Affected versions of this package are vulnerable to Embedded Malicious Code linked to the "Miasma" supply chain attack targeting the @redhat-cloud-services npm namespace. A malicious actor compromised the publication pipeline and published versions containing malicious code that includes...
Embedded Malicious Code
Overview Affected versions of this package are vulnerable to Embedded Malicious Code linked to the "Miasma" supply chain attack targeting the @redhat-cloud-services npm namespace. A malicious actor compromised the publication pipeline and published versions containing malicious code that includes...
Embedded Malicious Code
Overview Affected versions of this package are vulnerable to Embedded Malicious Code linked to the "Miasma" supply chain attack targeting the @redhat-cloud-services npm namespace. A malicious actor compromised the publication pipeline and published versions containing malicious code that includes...
Embedded Malicious Code
Overview Affected versions of this package are vulnerable to Embedded Malicious Code linked to the "Miasma" supply chain attack targeting the @redhat-cloud-services npm namespace. A malicious actor compromised the publication pipeline and published versions containing malicious code that includes...
Embedded Malicious Code
Overview Affected versions of this package are vulnerable to Embedded Malicious Code linked to the "Miasma" supply chain attack targeting the @redhat-cloud-services npm namespace. A malicious actor compromised the publication pipeline and published versions containing malicious code that includes...
Embedded Malicious Code
Overview Affected versions of this package are vulnerable to Embedded Malicious Code linked to the "Miasma" supply chain attack targeting the @redhat-cloud-services npm namespace. A malicious actor compromised the publication pipeline and published versions containing malicious code that includes...
Embedded Malicious Code
Overview Affected versions of this package are vulnerable to Embedded Malicious Code linked to the "Miasma" supply chain attack targeting the @redhat-cloud-services npm namespace. A malicious actor compromised the publication pipeline and published versions containing malicious code that includes...
Embedded Malicious Code
Overview Affected versions of this package are vulnerable to Embedded Malicious Code linked to the "Miasma" supply chain attack targeting the @redhat-cloud-services npm namespace. A malicious actor compromised the publication pipeline and published versions containing malicious code that includes...
Embedded Malicious Code
Overview Affected versions of this package are vulnerable to Embedded Malicious Code linked to the "Miasma" supply chain attack targeting the @redhat-cloud-services npm namespace. A malicious actor compromised the publication pipeline and published versions containing malicious code that includes...
Embedded Malicious Code
Overview Affected versions of this package are vulnerable to Embedded Malicious Code linked to the "Miasma" supply chain attack targeting the @redhat-cloud-services npm namespace. A malicious actor compromised the publication pipeline and published versions containing malicious code that includes...
Embedded Malicious Code
Overview Affected versions of this package are vulnerable to Embedded Malicious Code linked to the "Miasma" supply chain attack targeting the @redhat-cloud-services npm namespace. A malicious actor compromised the publication pipeline and published versions containing malicious code that includes...
Embedded Malicious Code
Overview Affected versions of this package are vulnerable to Embedded Malicious Code linked to the "Miasma" supply chain attack targeting the @redhat-cloud-services npm namespace. A malicious actor compromised the publication pipeline and published versions containing malicious code that includes...
MAL-2026-4773 Malicious code in vlifegram (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 8771013473b84f29159a80ec15ce3e9897bc69908ddfa2438845811dd276d87c VLifeGram is published under its own name on PyPI but installs into the pyrogram/ namespace and ships a Pyrogram fork at version 2.1.2.4. It adds an...
Backdoored Smart Slider 3 Pro Update Distributed via Compromised Nextend Servers
Unknown threat actors have hijacked the update system for the Smart Slider 3 Pro plugin for WordPress and Joomla to push a poisoned version containing a backdoor. The incident impacts Smart Slider 3 Pro version 3.5.1.35 for WordPress, per WordPress security company Patchstack. Smart Slider 3 is a...
SkillTrojan: Backdoor Attacks on Skill-Based Agent Systems
Skill-based agent systems tackle complex tasks by composing reusable skills, improving modularity and scalability while introducing a largely unexamined security attack surface. We propose SkillTrojan, a backdoor attack that targets skill implementations rather than model parameters or training...
Your LLM Agent Can Leak Your Data: Data Exfiltration Via Backdoored Tool Use
Tool-use large language model LLM agents are increasingly deployed to support sensitive workflows, relying on tool calls for retrieval, external API access, and session memory management. While prior research has examined various threats, the risk of systematic data exfiltration by backdoored...
Notepad++ Users, You May Have Been Hacked by China
Suspected Chinese state-backed hackers hijacked the Notepad++ update infrastructure to deliver a backdoored version of the popular free source code editor and note-taking app for Windows...
CoTDeceptor:Adversarial Code Obfuscation against CoT-Enhanced LLM Code Agents
LLM-based code agentse.g., ChatGPT Codex are increasingly deployed as detector for code review and security auditing tasks. Although CoT-enhanced LLM vulnerability detectors are believed to provide improved robustness against obfuscated malicious code, we find that their reasoning chains and...