Your AI Gateway Was a Backdoor: Inside the LiteLLM Supply Chain Compromise

TeamPCP orchestrated one of the most sophisticated multi-ecosystem supply chain campaigns publicly documented to date that cascaded through developer tooling and compromised LiteLLM, exposing how AI proxy services that concentrate API keys and cloud credentials become high-value collateral when...

Flowise 代码问题漏洞

Flowise is a FlowiseAI open source tool for easily building LLM applications. A code issue vulnerability exists in Flowise version 3.0.5, which stems from a server-side request forgery in the /api/v1/fetch-links endpoint that could allow an attacker to use the server as a proxy to access internal...

Microsoft Warns of Widescale Credential Stealing Attacks by Russian Hackers

Microsoft has disclosed that it's detected a spike in credential-stealing attacks conducted by the Russian state-affiliated hacker group known as Midnight Blizzard. The intrusions, which make use of residential proxy services to obfuscate the source IP address of the attacks, target governments, ...

FortiWeb - Uncontrolled resource consumption

An uncontrolled resource consumption vulnerability CWE-400 in FortiWeb may allow an unauthenticated attacker to cause a denial of service via crafted HTTP requests to proxy services...

Newsmaker Interview: Troy Mursch on Top Botnet Trends

Botnet activity saw a healthy amount of dynamism in 2018. There were new types of devices being targeted, such as carrier-grade MikroTik hardware; and, there was also a host of new types of criminal activity surfacing making the point that botnets aren’t just for DDoS anymore. New types of...

The Nature of Mass Exploitation Campaigns

We’ve all seen the movies where there’s a dark hooded figure sitting behind a keyboard entering a 3D virtualized representation of the internet. Focusing in on their target, the figure sees various bits of information about that person, from their birth date, to headshot of them stepping out of a...

Russia Bans Proxy Services And VPNs To Purge Extremist Content

Earlier this year, China announced a crackdown on VPNs and proxy services in the country and made it mandatory for all VPN providers and leased cable lines operators to have a license from the government in order to use such services. Now, Russia is also considering to follow a similar path. The...

Proposed Change to ICANN Domain Anonymity Rule Worries Privacy Advocates

A proposed change to the way that registrars treat the private contact details for domain owners could make it easier for anyone to get information on people who use proxy services. The potential change comes in the form of a document from a working group of the Generic Names Supporting...

IP and MAC bundle cracked-vulnerability warning-the black bar safety net

Our school recently the MAC and IP for the bundle, but also in Server 2K on the Internet time restrictions, really annoying dead, I think I'm the one never subject to the limit of the people Ah, how can like this without a fight! The ancient saying goes,“there policies, under the measures”, then...

Hacker teach you the inner web of the broiler made the Socks5 server-the vulnerabilities and early warning-the black bar safety net

Other words in the hung it to get a large number of broiler later, all the Black friends may have wondered how to use the hands of these spoils. Someone who likes peeping other people's privacy, some people might use a Trojan Keylogger to steal People's QQ password, as well as people may want to...