ShellTorch Flaw Affecting Open Source AI Servers

Oct 9, 2023 | Podcast

Multiple critical vulnerabilities in the open-source TorchServe AI model-serving tool, potentially exposes tens of thousands of internet-exposed servers to remote code execution. Security researchers have disclosed multiple critical vulnerabilities in the TorchServe...

First Malicious Open Source Component Discovered to Deploy RootKits

Oct 6, 2023 | Podcast

A malicious component in the npm package registry has been found to be deploying an open-source rootkit. The package is called node-hide-console-windows, which looks to be a typo-squat of the legitimate npm package node-hide-console-window. There is an additional s at...

Guest on KBKast – Navigating the Wild West

Oct 6, 2023 | Podcast, Posts, Speaking

Navigating the Wild West I had the privilege of being on episode 215 of Karissa’s KBKast podcast where we chatted about tools and techniques to assess the security and integrity of Open Source software. The conversation started out with me highlighting the...

Mass Active Exploitation of WS_FTP Vulnerability

Oct 5, 2023 | Podcast

Security Researchers have spotted evidence of mass exploitation of vulnerabilities in Progress Software’s WS_FTP Server file sharing Platform. The server file sharing platform has a maximum severity remote code execution vulnerability which attackers can exploit...

Critical Vulnerability in Popular Image Rendering Library Under Active Exploitation

Oct 4, 2023 | Podcast

A popular library for rendering images in the WebP format has a critical vulnerability that is under active exploitation. The vulnerability is with the libwebp library and it suffers from a heap buffer overflow which allows a remote attacker to perform an out of...

Microsoft’s AI Chat Serving Up Malware

Oct 3, 2023 | Podcast

Microsoft’s Bing Chat AI search assistant has been discovered to be serving up malicious ads to users. Bing Chat was first introduced in February this year and began serving ads a month later to help cover costs. However, incorporating ads into the platform has...