Tencent Cloud issued a risk notice regarding poisoning in the Xinference supply chain.

CoinFeed reported on April 23 that, according to First Financial Daily, Tencent Cloud issued an announcement stating that its security center detected a supply chain poisoning risk in Xinference. This risk could allow attackers to steal highly sensitive information such as cloud credentials, API keys, SSH keys, encrypted wallets, database credentials, and environment variables when users install or import affected versions of packages, and then send this information to remote command and control (C2) servers. To avoid business disruption, Tencent Cloud security recommends conducting timely security self-checks. If affected, users should promptly update and patch the vulnerabilities to prevent external attackers from gaining access.