Karma-X Blog
Subscribe via RSS
LiteLLM Supply-Chain Attack: How Trojanized PyPI Packages Turned an AI Gateway Into a Data Exfiltration Tool
LiteLLM Supply-Chain Attack: How Trojanized PyPI Packages Turned an AI Gateway Into a Data Exfiltration Tool

Trojanized LiteLLM releases on PyPI enabled data exfiltration with Kubernetes persistence—here’s the full attack chain and how to check if you’re affected.

Read More
Axios npm Package Compromised: Supply Chain Attack via Phantom Dependency Drops Cross-Platform RAT
Axios npm Package Compromised: Supply Chain Attack via Phantom Dependency Drops Cross-Platform RAT

Axios npm package compromised—attackers hijacked the maintainer’s account and injected a phantom dependency that dropped a cross-platform RAT. Here’s the full attack chain.

Read More
💬 Ask our AI Assistant Kali