OpenAI confirms threat actors use ChatGPT to write malware
OpenAI has disrupted over 20 malicious cyber operations abusing its AI-powered chatbot, ChatGPT, for debugging and developing malware, spreading misinformation,…
Feds Warn of North Korean Cyberattacks on US Critical Infrastructure
The Andariel group is targeting critical defense, aerospace, nuclear, and engineering companies for data theft, the FBI, NSA, and others…
XZ Utils Backdoor Implanted in Carefully Executed, Multiyear Supply Chain Attack
Had a Microsoft developer not spotted the malware when he did, the outcome could have been much worse.
Lazarus hackers drop new RAT malware using 2-year-old Log4j bug
The notorious North Korean hacking group known as Lazarus continues to exploit CVE-2021-44228, aka "Log4Shell," this time to deploy three…
Lazarus Group Is Still Juicing Log4Shell, Using RATs Written in ‘D’
The infamous vulnerability may be on the older side at this point, but North Korea's primo APT Lazarus is creating…
Over 30% of Log4J apps use a vulnerable version of the library
Roughly 38% of applications using the Apache Log4j library are using a version vulnerable to security issues, including Log4Shell, a…
‘Gold Melody’ Access Broker Plays on Unpatched Servers’ Strings
A financially motivated threat actor uses known vulnerabilities, ordinary TTPs, and off-the-shelf tools to exploit the unprepared, highlighting the fact…
Security Conferences Keep Us Honest
Conferences are where vendors and security researchers meet face to face to address problems and discuss solutions — in public.
Despite Post-Log4J Security Gains, Developers Can Still Improve
Developers need more software security safeguards earlier in the process, especially as AI becomes more common.
SBOMs Still More Mandate Than Security
A software bills of materials standard gets an update, but the driver is compliance rather than security.