Microsoft

Case study: Securing AI application supply chains

This case study examines how vulnerabilities in AI frameworks and orchestration layers can introduce supply chain risk. Using ...
Microsoft

New Clickfix variant ‘CrashFix’ deploying Python Remote Access Trojan

CrashFix crashes browsers to coerce users into executing commands that deploy a Python RAT, abusing finger.exe and portable Python to evade detection and persist on high‑value systems.
LinuxInsider

Weaponized Python and Linux Malware Target Executives and Cloud Systems

Two malware campaigns weaponize open-source software to target executives and cloud systems, combining social engineering ...

How recruitment fraud turned cloud IAM into a $2 billion attack surface

Adversaries weaponized recruitment fraud to steal cloud credentials, pivot through IAM misconfigurations, and reach AI ...

New sandbox escape flaw exposes n8n instances to RCE attacks

Two vulnerabilities in the n8n workflow automation platform could allow attackers to fully compromise affected instances, access sensitive data, and execute arbitrary code on the underlying host.
Hosted on MSN

Popular Python libraries used in Hugging Face models subject to poisoned metadata attack

Vulnerabilities in popular AI and ML Python libraries used in Hugging Face models with tens of millions of downloads allow remote attackers to hide malicious code in metadata. The code then executes ...