Browsing Tag
Supply Chain
12 posts
Duo Wins $50K Bug Bounty for Supply Chain Flaw in Newly Acquired Firm
Researchers earned a $50,500 Bug Bounty after uncovering a critical supply chain flaw in a newly acquired firm,…
AI’s Role in Cutting Costs and Cybersecurity Threats in Logistics
Supply chains are under immense pressure. Fuel costs are skyrocketing, delays are becoming the norm, and cybersecurity threats…
AI Python Package Flaw ‘Llama Drama’ Threatens Software Supply Chain
The Llama Drama vulnerability in the Llama-cpp-Python package exposes AI models to remote code execution (RCE) attacks, enabling attackers to steal data. Currently, over 6,000 models are affected by this vulnerability.
NIST Releases Cybersecurity Framework 2.0: Guide for All Organizations
The first Cybersecurity Framework (CSF) was released in 2014.
Supply Chain Attack Targeting Telegram, AWS and Alibaba Cloud Users
KEY FINDINGS Cybersecurity firm Checkmarx has discovered a new wave of supply chain attacks exploiting bugs in popular…
Malware Concealed as Dependabot Contributions Strikes GitHub Projects
Malicious code disguised as Dependabot contributions hits hundreds of GitHub repositories.
JetBrains Patches Severe TeamCity Flaw Allowing RCE and Server Hijacking
JetBrains has fixed this flaw in version 2023.05.4 of the product released on September 18. It also released a security advisory but didn't disclose technical details of the vulnerability for now.
Supply Chain Attack: Abandoned S3 Buckets Used for Malicious Payloads
Threat actors have been taking over abandoned S3 buckets to launch malicious binaries, steal login credentials and more.
Warning: Fake GitHub Repos Delivering Malware as PoCs
According to researchers, these fake accounts on GitHub and Twitter are spreading malware that infects both Windows- and Linux-based systems.
Malicious PyPI Packages Drop Malware in New Supply Chain Attack
These packages were uploaded between the 7th and 12th of January 2023 with the names “colorslib,” “httpslib,” and “libhttps.”