![AI vulnerability](png/lazy_image.png)
Hundreds of Clusters Attacked Due to Unpatched Flaw in Ray AI Framework
Thousands of servers running AI workloads are under attack by threat actors exploiting an unpatched vulnerability in the open-source Ray AI framework – widely used by such companies as OpenAI, Uber, Amazon, Netflix, and Cohere – giving hackers entrée to huge amounts of data and compute power. The campaign has ... Read More
![Smokey Bear / This-is-fine crossover](png/lazy_image.png)
Revealed: Facebook’s “Incredibly Aggressive” Alleged Theft of Snapchat App Data
Meta MITM IAAP SSL bump: Zuck ordered “Project Ghostbusters”—with criminal consequences, says class action lawsuit ... Read More
![supply chain, SBOM, cybersecurity, SLSA organizations third party attacks supply chain supply chain ransomware The Kill Chain Model](png/lazy_image.png)
Complex Supply Chain Attack Targets GitHub Developers
Unidentified threat actors used multiple tactics to launch a sophisticated software supply-chain campaign targeting developers on the GitHub platform, including members of the popular Top.gg community that includes more than 170,000 members. The attackers used a range of tactics and techniques, from leveraging stolen browser cookies to take over accounts ... Read More
![Scary skeletons](png/lazy_image.png)
Telegram Privacy Nightmare: Don’t Opt In to P2PL
Scary SMS shenanigans: Avoid Telegram’s new “Peer-To-Peer Login” program if you value your privacy or your cellular service ... Read More
![a PRC flag flies in a stiff breeze](png/lazy_image.png)
China Steals Defense Secrets ‘on Industrial Scale’
UNC5174 ❤ UNC302: CVSS 10 and 9.8 vulnerabilities exploited by Chinese threat actor for People’s Republic ... Read More
![Tax season scams](png/lazy_image.png)
Tax Scams Ramping Up as the April 15 Deadline Approaches
With the IRS deadline only weeks away, businesses and individuals are racing to get their taxes filed, and bad actors are doing what they can to keep pace with them. Both Microsoft and Malwarebytes in recent days have outlined various scams being used to steal sensitive information, drop malicious payloads, ... Read More
![A green worm on a juicy red apple](png/lazy_image.png)
Apple M-Series FAIL: GoFetch Flaw Finds Crypto Keys
GoFAIL: Researchers worm their way into broken cache-filling microcode in most Macs and iPads ... Read More
![CISA China Volt Typhoon](png/lazy_image.png)
CISA, NSA, Others Outline Security Steps Against Volt Typhoon
Top cybersecurity agencies in the United States and other countries are again warning critical infrastructure companies about the “urgent risk” posed by Chinese state-sponsored threat group Volt Typhoon and are recommending steps to harden their protections. The Cybersecurity and Infrastructure Security Agency (CISA), National Security Agency (NSA), and the FBI ... Read More
![AI code fixing](png/lazy_image.png)
Sentry, GitHub Use AI to Help Fix Coding Errors
Developers are getting more help detecting and addressing bugs in their code through new AI-based tools that Sentry.io and GitHub each introduced this week. Sentry unveiled the beta of Autofix, a feature that uses company’s machine learning and AI capabilities and is aimed at debugging errors in production by leveraging ... Read More
![Public washroom faucets](png/lazy_image.png)
EPA and White House Raise Alarm on Water Cybersecurity
Iran and China fingered: Biden admin. chides governors: Water infra. lacks “even basic cybersecurity precautions.” ... Read More