Risky Business #830 -- LiteLLM and security scanner supply chains compromised

On this week’s show, Patrick Gray, Adam Boileau and James WIlson discuss the week’s cybersecurity news. They talk through:

TeamPCP’s supply chain attack on Github, and they threw in an anti-Iran wiper, because why not?!
Anthropic hooks up its models to just… use your whole computer
After Stryker’s Very Bad Day, CISA says maybe add some more controls around your Intune?
Another iOS exploit kit shows up in the cyber bargain-bin
The FTC decides to ban… all new home routers?! U wot m8?!
Supermicro founder was personally sanction-busting Nvidia GPUs into China?!

This week’s episode is sponsored by enterprise browser maker, Island. Chief Customer Officer Bradon Rogers joins Pat to explain how its customers are using Island to control the use of personal AI services in regulated industries.

This episode is also available on Youtube.

Show notes

‘CanisterWorm’ Springs Wiper Attack Targeting Iran

TeamPCP deploys CanisterWorm on NPM following Trivy compromise

Andrej Karpathy on X: "Software horror: litellm PyPI supply chain" attack

Checkmarx KICS GitHub Action Compromised: Malware Injected in All Git Tags

Felix Rieseberg on X: "Today, we’re releasing a feature that allows Claude to control your computer"

A Top Google Search Result for Claude Plugins Was Planted by Hackers

Lockheed Martin targeted in alleged breach by pro-Iran hacktivist

CISA urges companies to secure Microsoft Intune systems after hackers mass-wipe Stryker devices

FBI seems to seize website tied to Iranian cyberattack on Stryker

Stryker confirms cyberattack is contained and restoration underway

Hundreds of Millions of iPhones Can Be Hacked With a New Tool Found in the Wild

Someone has publicly leaked an exploit kit that can hack millions of iPhones

Russia-linked hackers use advanced iPhone exploit to target Ukrainians

Apple rolls out first 'background security' update for iPhones, iPads, and Macs to fix Safari bug

Post by @wartranslated.bsky.social — Bluesky

Signal’s Creator Is Helping Encrypt Meta AI

Hacker says they compromised millions of confidential police tips held by US company

Millions of 'anonymous' crime tips exposed in massive Crime Stoppers hack

Feds Disrupt IoT Botnets Behind Huge DDoS Attacks

FCC bans import of consumer-grade routers amid national security concerns

White House pours cold water on cyber ‘letters of marque’ speculation

Google launches threat disruption unit, stops short of calling it ‘offensive'

Supermicro’s cofounder was just arrested for allegedly smuggling $2.5 billion in GPUs to China

Cyberattack on vehicle breathalyzer company leaves drivers stranded across the US

Man pleads guilty to $8 million AI-generated music scheme

Two Israelis AI generated "intelligence" and sold it to Iran