Researchers are warning that hackers are actively exploiting a disputed vulnerability in a popular open-source AI framework known as Ray.
This tool is commonly used to develop and deploy large-scale Python applications, particularly for tasks like machine learning, scientific computing and data processing.
Crooks are working overtime to anonymize their illicit online activities using thousands of devices of unsuspecting users, as evidenced by two unrelated reports published Tuesday.
Mozilla has released Firefox browser updates to patch two zero-day vulnerabilities that were exploited at the Pwn2Own Vancouver 2024 hacking contest last week.
The issues, discovered by security researcher Manfred Paul, were chained together to escape the browser’s sandbox and execute code on the system. Tracked as CVE-2024-29943, the first vulnerability is described as an out-of-bounds access flaw that leads to the bypass of range analysis.
n unidentified group of threat actors orchestrated a sophisticated supply chain cyberattack on members of the Top.gg GitHub organization as well as individual developers in order to inject malicious code into the code ecosystem.
The attackers infiltrated trusted software development elements to compromise developers. They hijacked GitHub accounts with stolen cookies, contributed malicious code via verified commits, established a counterfeit Python mirror, and released tainted packages on the PyPi registry.
A newly discovered vulnerability baked into Apple’s M-series of chips allows attackers to extract secret keys from Macs when they perform widely used cryptographic operations, academic researchers have revealed in a paper published Thursday.
An Iran-linked hacking group claims to have breached the computer network of a sensitive Israeli nuclear installation in an incident declared by the ‘Anonymous’ hackers as a protest against the war in Gaza.
The hackers claim to have stolen and published thousands of documents — including PDFs, emails, and PowerPoint slides — from the Shimon Peres Negev Nuclear Research Center. The secretive facility, which houses a nuclear reactor linked to Israel’s unavowed nuclear weapons program, has historically been targeted by Hamas rockets.
At the Billington Cybersecurity State and Local Summit on Tuesday, U.S. government officials warned that the critical infrastructure security threat posed by Chinese state-sponsored actors could potentially have a very real and significant impact on state and local governments.
Researchers have unveiled a new cybersecurity threat that could compromise the integrity of fingerprint authentication systems worldwide.
The method, dubbed “PrintListener,” exploits the sound of fingertip friction on smartphone screens to infer and reconstruct users’ fingerprints, potentially unlocking access to sensitive personal and financial information.
Earlier this month, we looked at the way that Chinese hackers infiltrate critical infrastructures in the U.S. They can preposition code to disable systems such as clean water supply and electrical power grid on command. Because current targets are, among other things, near military bases, intelligence agencies believe that the hacks anticipate a conflict in the South China Sea over Taiwan.
The Biden administration on Tuesday warned the nation’s governors that drinking water and wastewater utilities in their states are facing “disabling cyberattacks” by hostile foreign nations that are targeting mission-critical plant operations.
