#CVE202348022

‘Thousands’ of businesses at mercy of miscreants thanks to unpatched Ray AI flaw

March 27, 2024 by Xynik

March 27, 2024 at 04:43PM Thousands of companies are at risk due to a critical remote-code-execution bug, named ShadowRay (CVE-2023-48022), in the Ray open-source AI framework. Exploited for seven months, it compromises sensitive data and facilitates cryptocurrency mining. Although fixes for other flaws are available, the vulnerability remains, leading to significant breaches and data leaks. … Read more

Ray AI Framework Vulnerability Exploited to Hack Hundreds of Clusters

March 27, 2024 by Xynik

March 27, 2024 at 08:48AM Attackers have been exploiting a missing authentication vulnerability in the Ray AI framework, allowing them to compromise hundreds of clusters. The issue, identified as CVE-2023-48022, enables the submission of arbitrary system commands and access to sensitive information. Oligo reports numerous compromised clusters, including potential cryptomining and unauthorized access to cloud … Read more