Recent Security News
-
Hugging Face AI Platform Riddled With 100 Malicious Code-Execution Models
February 29, 2024 at 11:35AM Approximately 100 machine learning models were discovered on the Hugging Face platform, posing a risk of allowing attackers to inject malicious code onto user machines. JFrog’s ongoing research found malicious PyTorch models with potentially harmful payloads, highlighting the need for constant vigilance and proactive security measures to safeguard AI/ML engineers…
-
New Silver SAML Attack Evades Golden SAML Defenses in Identity Systems
February 29, 2024 at 11:27AM Cybersecurity researchers have unveiled a new attack technique called Silver SAML, a variant of the Golden SAML attack that exploits SAML for unauthorized access to applications like Salesforce. While real-world attacks are rare, the method poses a moderate-severity threat, impacting organizations using identity providers like Microsoft Entra ID. Responsible disclosure…
-
20 million Cutout.Pro user records leaked on data breach forum
February 29, 2024 at 10:59AM AI service Cutout.Pro experienced a data breach exposing personal data of 20 million members, including email addresses, passwords, and other sensitive information. The breach was shared by a hacker on a hacking forum and data monitoring service Have I Been Pwned confirmed the leaked dataset. Cutout.Pro has not officially acknowledged…
-
Discount Retail Giant Pepco Loses €15 Million to Cybercriminals
February 29, 2024 at 10:45AM European discount retailer Pepco Group reported a significant loss of €15.5 million to cybercriminals in a fraudulent phishing attack. An investigation is underway, but the company is unsure if the funds can be recovered. Pepco assured that no customer, supplier, or colleague information was compromised and is committed to enhancing…
-
#StopRansomware: Phobos Ransomware
February 29, 2024 at 10:42AM The joint Cybersecurity Advisory (CSA) highlights the Phobos ransomware threat, observed as recently as February 2024. It describes the ransomware’s tactics, techniques, and procedures (TTPs), indicators of compromise (IOCs), and provides recommendations from the Federal Bureau of Investigation (FBI), the Cybersecurity and Infrastructure Security Agency (CISA), and the Multi-State Information…