In an alarming development, Kaspersky’s Global Research and Analysis Team (GReAT) has uncovered a sophisticated supply chain attack that specifically targeted the Python Package Index (PyPI). This attack cleverly used malicious packages named ‘gptplus’ and ‘claudeai-eng’, which were designed to be mistaken for legitimate tools related to popular AI chatbot models like ChatGPT and Claude. By posing as useful utilities
In the ever-evolving world of Web3 gaming, Hamster Kombat has seen highs and lows in its journey to maintain a robust user base and drive growth. After experiencing a significant drop in monthly active users, the game still retains a core group of loyal players and aims to re-engage with its audience through strategic efforts and future planning. The challenge
In a recent development that has left the tech world in shock, Aqua Security researchers uncovered a new tactic used by hackers to hijack Jupyter servers for illegal sports streaming. These malicious actors have found a way to exploit misconfigured Jupyter Lab and Jupyter Notebook environments, which are prevalent in the field of data science. These environments, when connected to
The rapid adoption of artificial intelligence (AI) technologies has brought about significant advancements and conveniences. However, it has also introduced a myriad of security risks that developers and organizations must address. The Open Worldwide Application Security Project (OWASP) has recently updated its Top 10 list for large language models (LLMs) and generative artificial intelligence (GenAI) to reflect these evolving threats.
PayPal’s subsidiary, Xoom, has begun leveraging its stablecoin, PayPal USD (PYUSD), to streamline cross-border payments, especially targeting efficiency improvements in Asian and African markets. Introduced in 2023, PYUSD is an Ethereum-compatible ERC-20 token backed 1:1 by US dollars and issued by Paxos Trust Company. This initiative allows PayPal to conduct transactions outside traditional banking hours, offering increased flexibility and accessibility
In a significant cybersecurity revelation, Zoho Corp’s ManageEngine has disclosed a severe vulnerability in its ADAudit Plus software that could expose organizations to dangerous SQL injection attacks. Those utilizing ADAudit Plus as a critical tool for Active Directory auditing and reporting must pay close attention. Identified as CVE-2024-49574, this vulnerability targets versions of ADAudit Plus released prior to build 8123,
Recent bullish activity and increased interest in Solana’s blockchain have led to speculation that Solana (SOL) could surpass Bitcoin (BTC) in the realm of decentralized applications (DApps). The energy backing Solana has become impossible to ignore, fueled by its recent price rally and remarkable trading volumes. According to recent data, Solana’s DApps have significantly contributed to its higher overall fee
In the ever-evolving landscape of cybercrime, the recent arrests of key members of the notorious Scattered Spider group highlight the persistent challenges for cybersecurity defenses around the globe. This loosely affiliated cybercriminal syndicate has earned infamy for its phishing and SIM-swap attacks, targeting at least 130 organizations, including high-profile names like MGM Resorts and Clorox. The U.S. Department of Justice
The ever-evolving landscape of cybersecurity continuously presents new threats and challenges, forcing organizations to constantly stay on high alert and adapt their defenses. Recent developments have brought Palo Alto Networks’ Expedition migration tool into the spotlight, as the Cybersecurity and Infrastructure Security Agency (CISA) has raised alarm over the active exploitation of multiple critical vulnerabilities discovered within the tool. These
In a rapid move to safeguard its users from potential cyber threats, Apple recently issued an emergency security update that addresses two actively exploited vulnerabilities on its devices. The update includes new versions of iOS 18.1.1, iPadOS 18.1.1, Safari 18.1.1, visionOS 2.1.1, and macOS Sequoia 15.1.1, covering a comprehensive selection of Apple devices, such as iPhones, iPads, and Macs. Furthermore,
With the rapid advancement of technology, the process of identifying vulnerabilities in software systems has become increasingly crucial for maintaining cybersecurity. In a significant leap forward, Google’s AI-powered tool, OSS-Fuzz, has successfully pointed out 26 vulnerabilities in various open-source projects, including a medium-severity flaw in the widely-used OpenSSL cryptographic library. This achievement showcases the growing efficiency of AI in automated
Ransomware continues to be one of the most significant threats to data security in today’s digital landscape. As these attacks become more sophisticated and frequent, businesses must adopt advanced Business Continuity and Disaster Recovery (BCDR) strategies to mitigate the risks effectively. This article delves into common oversights in BCDR strategies and offers actionable recommendations to enhance resilience against ransomware threats.
