English(EN) # Opensource package with 1 million monthly downloads stole user credentials … # compromised after a threat actor # exploited a # vulnerability in the developer

开源机器学习工具elementData被攻破，窃取用户凭证

作者 PulseAugur 编辑部 · [1 个来源] · 2026-04-27 23:53

一个名为elementData的开源包，月下载量达100万次，已被攻破。威胁行为者利用开发者账户工作流程中的漏洞，获取了签名密钥和敏感信息。这使得他们能够推送一个恶意版本的包，该版本被用来窃取用户凭证。 AI

影响机器学习工具的攻破可能会影响运营商的数据完整性和系统安全。

排序理由机器学习系统使用的开源包存在安全漏洞。

在 Mastodon — sigmoid.social 阅读 →

AI 生成摘要 · Google Gemini · 来自 1 个来源。我们如何撰写摘要 →

报道来源 [1]

Mastodon — sigmoid.social TIER_1 English(EN) · [email protected] · 2026-04-27 23:53

# Opensource package with 1 million monthly downloads stole user credentials … # compromised after a threat actor # exploited a # vulnerability in the developer

# Opensource package with 1 million monthly downloads stole user credentials … # compromised after a threat actor # exploited a # vulnerability in the developers’ account workflow that gave access to its signing keys and other sensitive information On Friday, unknown attackers ex…

链接 arstechnica.com/…/2026

报道来源 [1]

# Opensource package with 1 million monthly downloads stole user credentials … # compromised after a threat actor # exploited a # vulnerability in the developer

相关实体

相关话题