The Sysdig Threat Research Team (TRT) recently observed a new attack that leveraged stolen cloud credentials in order to target ten cloud-hosted large language model (LLM) services, known as LLMjacking. The credentials were obtained from a popular target, a system running a vulnerable version of Laravel (CVE-2021-3129). Attacks against LLM-based Artificial Intelligence (AI) systems have been discussed often, but mostly around prompt abuse and altering training data.
Cybersecurity researchers have shed more light on a remote access trojan (RAT) known as Deuterbear used by the China-linkedBlackTech hacking group as part of a cyber espionage campaign targeting the Asia-Pacific region this year.
Cyble Research and Intelligence Labs (CRIL) researchers have uncovered a new SideCopy campaign. The threat actor group has previously been observed targeting South Asian nations with a particular focus on government and military targets in India and Afghanistan.
New versions of Git are out, with fixes for five vulnerabilities, the most critical (CVE-2024-32002) of which can be used by attackers to remotely execute code during a “clone” operation.
Microsoft's scheduled Patch Tuesday security update for February includes fixes for two zero-day security vulnerabilities under active attack, plus 71 other flaws across a wide range of its products.
Security researchers have identified nearly a dozen vulnerabilities in certain GE HealthCare ultrasound products that could allow malicious actors with physical access to the devices to implant ransomware or access and manipulate patient data stored on the affected devices, says a new report published Tuesday by Nozomi Networks.
Cybersecurity researchers have recently uncovered a sophisticated cyber campaign targeting organizations involved in artificial intelligence endeavors in the United States.
Rapid7 has observed an ongoing campaign to distribute trojanized installers for WinSCP and PuTTY via malicious ads on commonly used search engines, where clicking on the ad leads to typo squatted domains. In at least one observed case, the infection has led to the attempted deployment of ransomware.
The patchy service was a result of faults in the under-sea cables that connect the region to the rest of the world through South Africa, industry expert Ben Roberts told the BBC.
The Qualcomm Snapdragon X Elite chips include a so-called neural processing unit that is designed to accelerate AI-focused applications, such as Microsoft's Copilot software.Microsoft's product event, a day before the start of its annual developer conference, is open to journalists and industry analysts who attend in person. It will not be live-streamed.