Open Source AI Models: Perfect Storm for Malicious Code, Vulnerabilities
Companies pursing internal AI development using models from Hugging Face and other open source repositories need to focus on supply…
Going Beyond Secure by Demand
Secure by Demand offers a starting point for third-party risk management teams, but they need to take the essential step…
Fake password manager coding test used to hack Python developers
Members of the North Korean hacker group Lazarus posing as recruiters are baiting Python developers with coding test project for…
Dazz Unveils AI-Powered Automated Remediation for Application Security Posture Management
PRESS RELEASE Dazz, the leader in security remediation, today announced new capabilities in the Dazz...
Unsung GitHub Features Anchor Novel Hacker C2 Infrastructure
More and more hackers are choosing to host their malicious campaigns from public services, and they're pioneering new ways of…
North Korean hackers behind malicious VMConnect PyPI campaign
North Korean state-sponsored hackers are behind the VMConnect campaign that uploaded to the PyPI (Python Package Index) repository malicious packages,…
Lazarus hackers deploy fake VMware PyPI packages in VMConnect attacks
North Korean state-sponsored hackers have uploaded malicious packages to the PyPI (Python Package Index) repository, camouflaging one of them as…
Luna Grabber Malware Targets Roblox Gaming Devs
Roblox gaming developers are lured in by a package that claims to create useful scripts to interact with the Roblox…
Banks In Attackers’ Crosshairs, Via Open Source Software Supply Chain
In separate targeted incidents, threat actors tried to upload malware into the Node Package Manager registry to gain access and…
SBOMs Still More Mandate Than Security
A software bills of materials standard gets an update, but the driver is compliance rather than security.