Beware: GitHub’s Fake Popularity Scam Tricking Developers into Downloading Malware

April 10, 2024 at 09:15AM Threat actors are leveraging GitHub’s search feature to dupe users into downloading malicious code by creating fake repositories with popular names. The attackers manipulate search rankings and use fake stars to deceive users. Researchers warn of the ongoing threat to the open-source ecosystem and emphasize the need for caution when … Read more

Cybercriminals Weigh Options for Using LLMs: Buy, Build, or Break?

April 1, 2024 at 05:07PM Cybercriminals pose a threat by coercing legitimate AI models to turn malicious, but the greater danger lies in their creation of malicious chatbot platforms and the use of open source models. Based on the meeting notes, it seems that there are concerns about cybercriminals bypassing security measures to manipulate legitimate … Read more

Watch Out: These PyPI Python Packages Can Drain Your Crypto Wallets

March 12, 2024 at 08:27AM Threat hunters have discovered a set of seven malicious packages on PyPI, targeting cryptocurrency wallets by stealing BIP39 mnemonic phrases. The campaign codenamed BIPClip has been active since December 2022 and has raised concerns about supply chain attacks on crypto assets. The attackers have been careful in crafting the packages … Read more