攻撃を受けたLiteLLMについて

最近相次いで人気ライブラリがサプライチェーン攻撃の被害を受けている。3月24日には、人気のPythonパッケージ「LiteLLM」も被害を受けた。LiteLLMは、ChatGPTやGemini、Claudeなど人気のAPIを手軽に切り替えて使えるとい ...
InfoQ

OpenTelemetry Declarative Configuration Reaches Stability Milestone

The OpenTelemetry project has announced that key portions of its declarative configuration specification have reached stable ...
XDA Developers on MSN

After two months of Open WebUI updates, I'd pick it over ChatGPT's interface for local LLMs

Open WebUI has been getting some great updates, and it's a lot better than ChatGPT's web interface at this point.

MicrosoftがローカルAI同梱アプリを簡単に作れるSDK「Foundry Local」を ...

MicrosoftがAI搭載アプリを開発するためのSDK「Foundry Local」を公開しました。Foundry ...
Digital Production

dy Install Libs adds Library Manager to Houdini

Library Manager lands in dy Install Libs with one-click library install, enable, and disable for Houdini packages.

How I vibe-coded a web tool in three days with no programming experience

AI chatbots make it possible for people who can’t code to build apps, sites and tools. But it’s decidedly problematic.
The Hacker News

36 Malicious npm Packages Exploited Redis, PostgreSQL to Deploy Persistent Implants

Strapi plugins exploit Redis and PostgreSQL via postinstall scripts, enabling persistent access and data theft.
CSO Online

Attackers trojanize Axios HTTP library in highest-impact npm supply chain attack

With almost 175,000 npm projects listing the library as a dependency, the attack had a huge cascade effect and shows how quickly a compromised package can propagate through the ecosystem.