Tencent Cloud releases Xinference Supply Chain Poisoning Risk Notification

On April 23, Tencent Cloud released a Xinference supply chain poisoning risk advisory: Tencent Cloud Security Center has detected that Xinference has been disclosed to have a supply chain poisoning risk. This can lead to attackers stealing highly sensitive information such as cloud credentials, API keys, SSH keys, encrypted wallets, database credentials, and environment variables when users install or import affected versions of the package, and send them to remote command and control servers. To prevent the impact on users' businesses, Tencent Cloud Security recommends that users conduct security self-inspections in a timely manner, and if within the affected scope, users should promptly update and repair to avoid being invaded by external attackers.