Browsing Tag
Supply Chain
10 posts
AI Python Package Flaw ‘Llama Drama’ Threatens Software Supply Chain
The Llama Drama vulnerability in the Llama-cpp-Python package exposes AI models to remote code execution (RCE) attacks, enabling attackers to steal data. Currently, over 6,000 models are affected by this vulnerability.
NIST Releases Cybersecurity Framework 2.0: Guide for All Organizations
The first Cybersecurity Framework (CSF) was released in 2014.
Supply Chain Attack Targeting Telegram, AWS and Alibaba Cloud Users
KEY FINDINGS Cybersecurity firm Checkmarx has discovered a new wave of supply chain attacks exploiting bugs in popular…
Malware Concealed as Dependabot Contributions Strikes GitHub Projects
Malicious code disguised as Dependabot contributions hits hundreds of GitHub repositories.
JetBrains Patches Severe TeamCity Flaw Allowing RCE and Server Hijacking
JetBrains has fixed this flaw in version 2023.05.4 of the product released on September 18. It also released a security advisory but didn't disclose technical details of the vulnerability for now.
Supply Chain Attack: Abandoned S3 Buckets Used for Malicious Payloads
Threat actors have been taking over abandoned S3 buckets to launch malicious binaries, steal login credentials and more.
Warning: Fake GitHub Repos Delivering Malware as PoCs
According to researchers, these fake accounts on GitHub and Twitter are spreading malware that infects both Windows- and Linux-based systems.
Malicious PyPI Packages Drop Malware in New Supply Chain Attack
These packages were uploaded between the 7th and 12th of January 2023 with the names “colorslib,” “httpslib,” and “libhttps.”
The Best Ways to Automate SBOM Creation
SBOM or Software Bill of Materials implies a comprehensive inventory of all the constituent elements or components of the software.
Thousands of GitHub Repositories Cloned in Supply Chain Attack
This hasn’t been a great week for the crypto community. On Monday, the Nomad bridge got exploited and…