New top story on Hacker News: Tell HN: Litellm 1.82.7 and 1.82.8 on PyPI are compromised

Tell HN: Litellm 1.82.7 and 1.82.8 on PyPI are compromised
11 by dot_treo | 3 comments on Hacker News.
About an hour ago new versions have been deployed to PyPI. I was just setting up a new project, and things behaved weirdly. My laptop ran out of RAM, it looked like a forkbomb was running. I've investigated, and found that a base64 encoded blob has been added to proxy_server.py. It writes and decodes another file which it then runs. I'm in the process of reporting this upstream, but wanted to give everyone here a headsup. It is also reported in this issue: https://ift.tt/8gVKXt1

Watch: Inside the Palestinian home attacked by settlers

Violence began after a teenage settler was killed, reportedly after being hit by a vehicle driven by a Palestinian.

from BBC News https://ift.tt/05zQLU4

New top story on Hacker News: Digs: Offline-first iOS app to browse your Discogs vinyl collection

Digs: Offline-first iOS app to browse your Discogs vinyl collection
13 by rlustin | 2 comments on Hacker News.

Qatari and Turkish citizens die in military helicopter crash

Four Qatari military personnel, one Turkish serviceman and two technicians from a Turkish defence company were on board.

from BBC News https://ift.tt/g3HJXxy

New top story on Hacker News: Ask HN: Apple terminated our dev account over a rogue employee

Ask HN: Apple terminated our dev account over a rogue employee
13 by 0x1f | 0 comments on Hacker News.
I know that HN isn't a customer support forum and it might not be right to post this here, but we are absolutely desperate and hoping someone in this community can point us in the right direction. We are a small software company in Africa. For over two years, we've built and maintained an app. It has become a vital economic engine for our local community, employing a whole fleet of delivery agents and serving as a lifeline for local stores and restaurants. Recently, we discovered that a single employee used a shared company machine to engage in unauthorized activities that violated Apple's Developer Terms of Service. We took immediate action: we fired the employee on the spot and completely overhauled our security. We revoked all individual access and implemented mandatory, peer-reviewed, supervised sessions for any Apple Developer portal access. The problem is the collateral damage. Apple terminated our entire organization's account. We submitted an appeal through App Store Connect, but we feel completely stuck behind automated walls. We have also emailed Apple executives, but are waiting in the dark. Because of this one employee's actions, our app is facing total removal, and families in our community are quite literally losing their daily income. We aren't asking for special treatment, just a chance for a real human at App Review to look at the security steps we've taken and consider a second chance. If anyone here has been through this, has advice, or knows how to get a human at Apple to actually read our appeal, our entire community would be forever grateful. Thank you so much for your time. (For reference if any Apple folks are reading: our Apple Team ID is T35TM9SW45)

New top story on Hacker News: Iran launched unsuccessful attack on UK's Diego Garcia

Iran launched unsuccessful attack on UK's Diego Garcia
76 by alephnerd | 158 comments on Hacker News.

Ukraine-Hungary oil pipeline row threatens EU loan

Kyiv and Budapest disagree on how badly damaged a hub in western Ukraine bombed by Russia really is, as its oil flow remains suspended.

from BBC News https://ift.tt/afMnW6E