Since July 2022, Bitsight has been tracking PrivateLoader, the widespread malware downloader behind the Russian Pay-Per-Install (PPI) service called InstallsKey. At the time, this malware was powering the now decommissioned ruzki PPI service. Figure 1 presents a brief description of the service, which was found in their sales telegram channel. Fig. 1 - Service description on telegram channel profile (Russian and English).

Now in its ninth edition, the 2024 “Open Source Security and Risk Analysis” (OSSRA) report delivers an in-depth look at the current state of open source security, compliance, licensing, and code quality risks in commercial software.

More often, spam emails are similar to an unwelcome houseguest who wouldn’t go away. Opening your inbox to discover it filled with unwanted messages is a common and frustrating experience for many. Some are merely annoying advertisements vying for attention, while others take a more sinister approach, aiming to extort individuals from scams or infect gadgets with viruses. Therefore, being alert and discerning while navigating the internet is essential for avoiding threats.

Defeat the scammers by educating yourself and your employees about these increasingly common tax-related scams.

Avast researchers have discovered cybercriminals using an old medium (PDFs) in a new--and dangerous--way.

The realm of artificial intelligence (AI) unfolds like a captivating story, constantly introducing groundbreaking tools and methods that redefine possibilities. Retrieval-augmented generation (RAG), a technology that empowers applications to glean relevant information from vast datasets and utilize it for various tasks, is a prime example of this advancement.

In the realm of AI collaboration, Hugging Face reigns supreme. But could it be the target of model-based attacks? Recent JFrog findings suggest a concerning possibility, prompting a closer look at the platform’s security and signaling a new era of caution in AI research. The discussion on AI Machine Language (ML) models security is still not widespread enough, and this blog post aims to broaden the conversation around the topic.

Read highlights from Civo Navigate 2024's community event, featuring insights on scaling containers, cloud-native security challenges, and high-availability practices.

A few years ago, REI embarked on its digital transformation and cloud migration journey, moving on-prem development environments to AWS. But, as REI’s development teams began this transition, their security counterparts noticed that application security just wasn’t keeping up. As a result, REI began another journey: identifying the right security tooling and cultural shifts for AppSec success.

Have you ever considered that even before you enjoy the first sip of your favorite morning beverage, you have probably interacted with at least half of the 16 critical infrastructure sectors that keep a nation running? In one way or another, the simple act of brewing a cup of tea would probably not be possible without interacting with water, energy, manufacturing, food and agriculture, waste, transportation, and financial sectors.