Summary: This content discusses the proactive approach taken by Protect AI to identify and address security risks in AI systems, specifically focusing on vulnerabilities in the tools used to build machine learning models in the OSS AI/ML supply chain.

Threat Actor: N/A

Victim: N/A

Key Point :

Protect AI’s huntr is the world’s first AI/ML bug bounty program, where a community of 15,000+ members hunts for vulnerabilities in the OSS AI/ML supply chain.…
Read More

Summary: This article discusses a potential breach at AI company Hugging Face, where attackers may have gained unauthorized access to secrets stored in their Spaces platform.

Threat Actor: Unknown | Hugging Face Victim: Hugging Face | Hugging Face

Key Points:

Hugging Face disclosed a potential breach where attackers may have accessed secrets stored in their Spaces platform.…
Read More

Summary: Researchers have discovered a new method of manipulating machine learning models by injecting malicious code into the serialization process, specifically targeting the “pickling” process used to store Python objects in bytecode.

Threat Actor: Unknown | Unknown Victim: Machine learning models | Machine learning models

Key Point :

Researchers have found that Pickle files, which are commonly used to package and distribute machine learning models, can be exploited by attackers to inject malicious bytecode into ML programs.…
Read More
Introduction

The Hi-Tech Crime Trends report by Group-IB highlights a growing cybercriminal focus on Apple devices due to their increasing popularity. This shift has led to a rise in malware targeting iOS and macOS, with the App Store becoming a frequent target for distributing malware. The introduction of third-party app stores under the EU’s Digital Markets Act is expected to further exploit this trend.…

Read More

Hackers often attack online banking platforms, e-commerce portals, and payment systems for illicit purposes.

Resecurity researchers have recently revealed that the Smishing Triad group has launched a fresh smishing campaign targeting Pakistani mobile users.

The gang members send harmful messages pretending to be Pakistan Post via iMessage and SMS in an attempt to steal personal and financial information.…

Read More

Summary: The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added three known exploited vulnerabilities to its catalog, including an Android Pixel Privilege Escalation Vulnerability, a Microsoft Windows Error Reporting Service Improper Privilege Management Vulnerability, and a Progress Telerik Report Server Authentication Bypass by Spoofing Vulnerability.…

Read More

Summary: A proof-of-concept exploit has been released for a critical Veeam Recovery Orchestrator authentication bypass vulnerability, increasing the risk of exploitation in attacks.

Threat Actor: Sina Kheirkha | Sina Kheirkha Victim: Veeam Recovery Orchestrator | Veeam Recovery Orchestrator

Key Point :

A proof-of-concept exploit has been developed by security researcher Sina Kheirkha for the CVE-2024-29855 vulnerability in Veeam Recovery Orchestrator.…
Read More

This blog entry provides an analysis of the Noodle RAT backdoor, which is likely being used by multiple Chinese-speaking groups engaged in espionage and other types of cybercrime.

This blog is based on our presentation at Botconf 2024. It can be viewed here.

Introduction

Since 2022, we have been investigating numerous targeted attacks in the Asia-Pacific region that used the same ELF backdoor.…

Read More

Devcore announced a critical remote code execution (RCE) vulnerability in PHP, designated CVE-2024-4577. This flaw affects all PHP versions from 5.x onward running on Windows servers, making it a significant concern due to PHP’s widespread use. This vulnerability stems from mishandling character encoding conversions, particularly affecting systems using certain code pages for languages like Chinese or Japanese.…

Read More

Summary: This article discusses the discovery of 24 vulnerabilities in a biometric access system manufactured by a Chinese company, highlighting the potential security risks associated with biometrics.

Threat Actor: N/A Victim: N/A

Key Point :

A biometric access system manufactured by a Chinese company was found to have 24 vulnerabilities, raising concerns about the security of biometric authentication.…
Read More