@ctietze store the secret in a safe place (derived from TPM2, /var/lib/systemd/credential.secret, …) and pass it along to the service using systemd's credentials capabilities:
https://systemd.io/CREDENTIALS/
Paul Couvert (@itsPaulAi)
에이전트가 외부 도구와 안전하게 연결될 수 있다는 점을 강조한다. 한 부분이 침해돼도 자격 증명이 안전하게 분리되어 있어 OpenClaw, Codex 등은 접근할 수 없고 유출 위험이 줄어든다고 설명한다.
Lightweight, cross-platform process sandboxing powered by OpenAI Codex's runtime. Sandbox any command with file, network, and credential controls. - afshinm/zerobox
Popular #LiteLLM #PyPI package #backdoored to steal #credentials , auth #tokens
The #TeamPCP #hacking group continues its supply-chain rampage, now compromising the massively popular "LiteLLM" Python package on PyPI & claiming to have stolen data from hundreds of thousands of devices during the attack.
LiteLLM is an open-source #Python library that serves as a gateway to multiple large language model ( #LLM ) providers via a single #API.
#privacy #security #supplychain
The TeamPCP hacking group continues its supply-chain rampage, now compromising the massively popular "LiteLLM" Python package on PyPI and claiming to have stolen data from hundreds of thousands of devices during the attack.
Lukasz Olejnik (@lukOlejnik)
AI 소프트웨어 인프라에서 중요한 도구인 LiteLLM이 침해된 것으로 보이며, 환경변수와 SSH 키, AWS/GCP/Azure 자격증명 등 민감 정보가 유출된 악성 페이로드가 포함됐다. AI 개발 인프라 보안상 매우 중요한 사건이다.
https://x.com/lukOlejnik/status/2036719952384622705
#litellm #security #aiinfrastructure #credentials #opensource
LiteLLM, an important part of AI software infrastructure, has just been compromised. The payload was a credential stealer that grabbed environment variables, SSH keys, AWS/GCP/Azure credentials, Kubernetes configs, shell history, crypto wallets, and more, then exfiltrated
#ICE #Phishing : #Scammers Are Sending 'Support ICE' Emails to Steal #Credentials
Clients of a long-running #email #marketing platform are getting targeted with a #phishing campaign telling them that their emails would begin automatically inserting a “‘Support ICE’ donation button” into every email they send. The strategy suggests that scammers are trying to capitalize on people’s revulsion to ICE by coming up with strategies that would cause users to quickly log into…
https://www.404media.co/ice-phishing-scammers-are-sending-support-ice-emails-to-steal-credentials/
Fake Spotify podcast vote phishing targets user login credentials
https://misryoum.com/us/technology-ai/fake-spotify-podcast-vote-phishing-targets-user-login/
NEWYou can now listen to US News Hub MISRYOUM News articles! It started with a simple favor. A friend asked for help voting so he could co-host a major podcast event with Spotify and Google. The first message looked...
#Fake #Spotify #podcast #vote #phishing #targets #user #login #credentials #US_News_Hub #misryoum_com
Ars Technica News
Elias Probst
sayzard
N-gated Hacker News
PrivacyDigest
misryoum global news network
Linux Tunisia