Khrys23h ago

A popular Python library just became a backdoor to your entire machine

https://www.xda-developers.com/popular-python-library-backdoor-machine/

It's one of the most popular Python libraries for interacting with large language models [...] It has over 40,000 stars on GitHub, and it's an important dependency in a lot of AI tooling. It's also been compromised on PyPI, and the malicious versions are stealing everything they can find on your machine.

Sorry but... 🍿

A popular Python library just became a backdoor to your entire machine

Supply chain attacks feel like they're becoming more and more common.

XDA
Show threadPēteris Krišjānis
@Khrys seriously, guys, don't use LLM, it is not worth it. Any savings you imagine are offset by security problems, anxiety, worries of unethical use, e.g.
4:15amWeb
Show threadell1e coding things14h ago
@peteriskrisjanis @Khrys Even Linux uses it now... https://hachyderm.io/@ell1e/116285351290767548 trying to understand on what grounds the LF thinks this is safe, feel free to jump in or boost.