Energy Pipeline Podcast: Software Supply Chain Security | EP 105
Supply Chain and Energy/Utilities
Learn More about Energy Pipeline Podcast: Software Supply Chain Security | EP 105Energy Pipeline Podcast: Software Supply Chain Security | EP 105
SecurityWeek: Should cybersecurity leadership finally be professionalized?
The majority opinion is that a cybersecurity professional body is long overdue and would benefit cybersecurity and cybersecurity practitioners.
Learn More about SecurityWeek: Should cybersecurity leadership finally be professionalized?
CyberScoop: The dual reality of AI-augmented development: innovation and risk
AI coding is a big security problem when most security teams are still relying on tools designed for a world where human-written code remains prevalent.
Learn More about CyberScoop: The dual reality of AI-augmented development: innovation and risk
ReversingLabs CEO provides insights into DNC Hacks
Multi-layered payloads can yield clues to hacker identity and intentions when successfully unpacked and analyzed.
Learn More about ReversingLabs CEO provides insights into DNC Hacks
Information Security Buzz: Commercial Software’s Seven Deadly Sins
At ReversingLabs, we’ve identified seven critical risks that plague commercial software, or what we call Commercial Software’s Seven Deadly Sins.
Learn More about Information Security Buzz: Commercial Software’s Seven Deadly Sins
Dark Reading: Hackers Post Dozens of Malicious Copycat Repos to GitHub
As package registries find better ways to combat cyberattacks, threat actors are finding other methods for spreading their malware to developers.
Learn More about Dark Reading: Hackers Post Dozens of Malicious Copycat Repos to GitHub
The Hacker News: Malicious npm Package Modifies Local 'ethers' Library to Launch Reverse Shell Attacks
ReversingLabs' analysis of ethers-provider2 has revealed that it's nothing but a trojanized version of the widely-used ssh2 npm package.
Learn More about The Hacker News: Malicious npm Package Modifies Local 'ethers' Library to Launch Reverse Shell Attacks
SC Media: AI has become the supply chain
Microsoft Security’s artificial intelligence (AI) security team recently shared its findings from a multi-year study that involved red teaming 100 generative AI (GenAI) products.
Learn More about SC Media: AI has become the supply chain
HelpNetSecurity: Malicious ML models found on Hugging Face Hub
Researchers have spotted two machine learning (ML) models containing malicious code on Hugging Face Hub, the popular online repository for datasets and pre-trained models.
Learn More about HelpNetSecurity: Malicious ML models found on Hugging Face Hub
Dark Reading: Open Source AI Models: Perfect Storm for Malicious Code, Vulnerabilities
Companies pursing internal AI development using models from Hugging Face and other open source repositories need to focus on supply chain security and checking for vulnerabilities.
Learn More about Dark Reading: Open Source AI Models: Perfect Storm for Malicious Code, Vulnerabilities
CSO Online: Attackers hide malicious code in Hugging Face AI model Pickle files
The popular Python Pickle serialization format offers ways for attackers to inject malicious code that will be executed on computers when loading models with PyTorch.
Learn More about CSO Online: Attackers hide malicious code in Hugging Face AI model Pickle files
Infosecurity: Malicious AI Models on Hugging Face Exploit Novel Attack Technique
Researchers at Reversing Labs have discovered two malicious machine learning (ML) models available on Hugging Face, the leading hub for sharing AI models and applications.
Learn More about Infosecurity: Malicious AI Models on Hugging Face Exploit Novel Attack Technique
Cyberscoop: Hugging Face platform continues to be plagued by vulnerable ‘pickles’
A widely used python module for machine-learning developers can be loaded with malware and bypass detection measures.
Learn More about Cyberscoop: Hugging Face platform continues to be plagued by vulnerable ‘pickles’
CyberWire Daily: Crypto client or cyber trap?
Olympic scammers go for gold.
Learn More about CyberWire Daily: Crypto client or cyber trap?
TechRadar: New attacks exploit VSCode extensions and npm packages
Developers targeted by malicious Microsoft VSCode extensions
Learn More about TechRadar: New attacks exploit VSCode extensions and npm packages