Security Boulevard: The Latest Shai-Hulud Malware is Faster and More Dangerous
Bleeping Computer: Malicious VSCode Marketplace extensions hid trojan in fake PNG file
Forbes: Microsoft Worm Attack Warning — Act Rapidly And Change Passwords Now
Energy Pipeline Podcast: Software Supply Chain Security | EP 105
Supply Chain and Energy/Utilities
SecurityWeek: Should cybersecurity leadership finally be professionalized?
The majority opinion is that a cybersecurity professional body is long overdue and would benefit cybersecurity and cybersecurity practitioners.
CyberScoop: The dual reality of AI-augmented development: innovation and risk
AI coding is a big security problem when most security teams are still relying on tools designed for a world where human-written code remains prevalent.
ReversingLabs CEO provides insights into DNC Hacks
Multi-layered payloads can yield clues to hacker identity and intentions when successfully unpacked and analyzed.
Information Security Buzz: Commercial Software’s Seven Deadly Sins
At ReversingLabs, we’ve identified seven critical risks that plague commercial software, or what we call Commercial Software’s Seven Deadly Sins.
Dark Reading: Hackers Post Dozens of Malicious Copycat Repos to GitHub
As package registries find better ways to combat cyberattacks, threat actors are finding other methods for spreading their malware to developers.
The Hacker News: Malicious npm Package Modifies Local 'ethers' Library to Launch Reverse Shell Attacks
ReversingLabs' analysis of ethers-provider2 has revealed that it's nothing but a trojanized version of the widely-used ssh2 npm package.
SC Media: AI has become the supply chain
Microsoft Security’s artificial intelligence (AI) security team recently shared its findings from a multi-year study that involved red teaming 100 generative AI (GenAI) products.
HelpNetSecurity: Malicious ML models found on Hugging Face Hub
Researchers have spotted two machine learning (ML) models containing malicious code on Hugging Face Hub, the popular online repository for datasets and pre-trained models.
Dark Reading: Open Source AI Models: Perfect Storm for Malicious Code, Vulnerabilities
Companies pursing internal AI development using models from Hugging Face and other open source repositories need to focus on supply chain security and checking for vulnerabilities.
CSO Online: Attackers hide malicious code in Hugging Face AI model Pickle files
The popular Python Pickle serialization format offers ways for attackers to inject malicious code that will be executed on computers when loading models with PyTorch.
Infosecurity: Malicious AI Models on Hugging Face Exploit Novel Attack Technique
Researchers at Reversing Labs have discovered two malicious machine learning (ML) models available on Hugging Face, the leading hub for sharing AI models and applications.