Tag: software development

  • Blind Trust in LLMs: How Hallucinated Packages Can Compromise Open-Source Projects

    Blind Trust in LLMs: How Hallucinated Packages Can Compromise Open-Source Projects

    kr1pt7c

    Large Language Models(LLMs) have become essential tools for software developers, helping them solve complex problems and even implement entire functionalities in some cases. However, while these models can accelerate development and streamline workflows, over-reliance on them comes with its own set of risks. A well-known flaw of LLMs is their…

  • Revival Hijack: A PyPI Supply Chain Attack Technique.

    Revival Hijack: A PyPI Supply Chain Attack Technique.

    kr1pt7c

    Researchers at JFrog have recently discovered a PyPI supply chain attack technique being exploited in the wild, dubbed “Revival Hijack”. This technique can be used to hijack Python packages hosted on PyPI by manipulating the option to re-register(revive) their names once the owner takes them down. A package repository is a centralized…