Week 46 in Review: Molerats Change Tactics, Flaws in AI Tools, Developers Under Attack
This week I covered the Molerats group’s adoption of a more advanced payload for its espionage campaign, more than dozen vulnerabilities found in an handful of popular AI tools, and a README feature on the targeting of developers through the software supply chain.
Unpatched Critical Vulnerabilities Open AI Models to Takeover | Dark Reading
The security holes can allow server takeover, information theft, model poisoning, and more. (16 November 2023)
Attackers see developers as low-hanging fruit | README.security
Developers must be increasingly wary of actively malicious code that makes its way into their software supply chains. (15 November 2023)
Molerats Group Wields Custom Cybertool to Steal Secrets in the Middle East | Dark Reading
The so-called TA402 group continues to focus on cyber espionage against government agencies with the “IronWInd” malware. (14 November 2023)