Tag: security

Top open source PyPI package with over 1 million downloads each month hacked to send out malware

A widely used PyPI package was recently compromised through a malicious update The attack leveraged a GitHub Actions workflow to push infostealer code into a release Maintainers quickly issued a clean version, rotated credentials, and began an external investigation A popular Python Package Index (PyPI) package has been compromised and…

Read More

‘Human lives are already being lost’: Open letter signed by hundreds of Google employees requests CEO reject ‘unethical and dangerous’ US military AI use

Google employees sign open letter to CEO over concerns of military AI use AI developers do not want their technology used for ‘classified purposes’ Google is currently negotiating a contract with the Pengaton Over 600 Google employees have signed a letter calling on CEO Sundar Pichai to reject any uses…

Read More

‘This was not an isolated incident’: Chinese national exposed by NASA investigation in serial defense software theft phishing campaign that lasted years

Chinese national indicted in a huge phishing campaign NASA, the military, universities and private companies were targeted The perpetrator stole restricted defense software NASA’s Office of Inspector General (OIG) has released a report detailing an intricate campaign to steal export-restricted software, orchestrated by a Chinese national. The campaign targeted engineers…

Read More

Utility giant Itron confirms cyberattack, says internal systems were accessed

Itron reports cyberattack which briefly affected parts of its IT network but caused no material disruption The company activated its response plan, blocked the intrusion, and said sensitive data and customers were not impacted With the investigation ongoing, Itron expects any costs to be covered by insurance, and no hacking…

Read More

‘We will be taking action to protect American innovation’: White House accuses China of ‘systematically’ extracting American AI technologies

The US has accused China of stealing American AI models Chinese actors allegedly used a proxy network and jailbreaking techniques The accusation will likely strain US-China relations after a period of recompense The White House has accused China of orchestrating a campaign to steal AI models from American developers on…

Read More

CISA puts US government agencies on two-week deadline to patch Microsoft Defender BlueHammer zero-day exploit

CISA added BlueHammer, a Microsoft Defender privilege escalation flaw, to its Known Exploited Vulnerabilities catalog. Federal agencies have until May 6 to patch or discontinue use, as researchers confirmed active exploitation in the wild. The disclosure came from “Chaotic Eclipse,” who also revealed two other Defender zero‑days, with Huntress Labs…

Read More