Industry Spotlight

AI vulnerability

Hundreds of Clusters Attacked Due to Unpatched Flaw in Ray AI Framework

Thousands of servers running AI workloads are under attack by threat actors exploiting an unpatched vulnerability in the open-source Ray AI framework – widely used by such companies as OpenAI, Uber, Amazon, Netflix, and Cohere – giving hackers entrée to huge amounts of data and compute power. The campaign has ... Read More
supply chain, SBOM, cybersecurity, SLSA organizations third party attacks supply chain supply chain ransomware The Kill Chain Model

Complex Supply Chain Attack Targets GitHub Developers

Unidentified threat actors used multiple tactics to launch a sophisticated software supply-chain campaign targeting developers on the GitHub platform, including members of the popular community that includes more than 170,000 members. The attackers used a range of tactics and techniques, from leveraging stolen browser cookies to take over accounts ... Read More
Tax season scams

Tax Scams Ramping Up as the April 15 Deadline Approaches

With the IRS deadline only weeks away, businesses and individuals are racing to get their taxes filed, and bad actors are doing what they can to keep pace with them. Both Microsoft and Malwarebytes in recent days have outlined various scams being used to steal sensitive information, drop malicious payloads, ... Read More
A green worm on a juicy red apple

Apple M-Series FAIL: GoFetch Flaw Finds Crypto Keys

GoFAIL: Researchers worm their way into broken cache-filling microcode in most Macs and iPads ... Read More
CISA China Volt Typhoon

CISA, NSA, Others Outline Security Steps Against Volt Typhoon

Top cybersecurity agencies in the United States and other countries are again warning critical infrastructure companies about the “urgent risk” posed by Chinese state-sponsored threat group Volt Typhoon and are recommending steps to harden their protections. The Cybersecurity and Infrastructure Security Agency (CISA), National Security Agency (NSA), and the FBI ... Read More
AI code fixing

Sentry, GitHub Use AI to Help Fix Coding Errors

Developers are getting more help detecting and addressing bugs in their code through new AI-based tools that and GitHub each introduced this week. Sentry unveiled the beta of Autofix, a feature that uses company’s machine learning and AI capabilities and is aimed at debugging errors in production by leveraging ... Read More