COMMENTARY: Microsoft Security’s artificial intelligence (AI) security team recently shared its findings from a multi-year study that involved red teaming 100 generative AI (GenAI) products.The findings from their report are telling. The most important lesson comes in the form of consensus that GenAI systems create and amplify security risks – and that humans, not machines, are … Read more
EncryptHub, an emerging malware threat actor that has compromised more than 600 organizations, had details about its operations and attack chain exposed by researchers.In a Thursday blog post, Outpost24’s KrakenLabs Threat Intelligence Team outlined the inner workings of the malware operation, including its structure and techniques for infecting and managing infected systems.The new information about … Read more
South Korean pharmaceutical supply chain company M2Cloud has partnered with Thales Korea to develop the next-generation bio-cold chain systems based on IoT. Moving forward, the two companies will strengthen cooperation for product development optimised for bio-cold chains and global expansion, such as technology cooperation to develop bio-medicine monitoring IoT devices and to ensure a stable … Read more
In a supply chain attack that was first detected on Dec. 25, several Chrome extensions were compromised after a Cyberhaven employee was tricked by a phishing email that stole the worker’s credentials to the Google Chrome Web Store. A Dec. 27 blog post by Cyberhaven explained the attacker used these credentials on Dec. 24 to … Read more
Dec 20, 2024Ravie LakshmananMalware / Supply Chain Attack The developers of Rspack have revealed that two of their npm packages, @rspack/core and @rspack/cli, were compromised in a software supply chain attack that allowed a malicious actor to publish malicious versions to the official package registry with cryptocurrency mining malware. Following the discovery, versions 1.1.7 of … Read more
