North Korea’s hijack of one of the web’s most used open source projects was likely weeks in the making

North Korean hackers pushed out malicious updates to a popular open source project by hacking a top developer's computer in a ...

New VENOM phishing attacks steal senior executives' Microsoft logins

Threat actors using a previously undocumented phishing-as-a-service (PhaaS) platform called "VENOM" are targeting credentials ...
Financial News

Google Fixes Fourth Actively Exploited Chrome Zero-Day in a Single Month

Security researchers have discovered a specific type of alert that they can decipher from a Google advisory. The language is ...

Analysis of one billion CISA KEV remediation records exposes limits of human-scale security

Analysis of 1 billion CISA KEV remediation records reveal a breaking point for human-scale security. Qualys shows most ...

How AI is getting better at finding security holes

Anthropic announced this week that its new model found security flaws in "every major operating system and web browser." Even ...
CSO Online

Supply chain security is now a board-level issue: Here’s what CSOs need to know

Security isn't just your problem anymore — it's the board's. With 97% of apps using open-source, CSOs need to ditch the false ...

About town

About Town ...

OpenAI identifies security issue involving third-party tool, says user data was not accessed

The ChatGPT maker said it found no evidence that its user data was accessed or that its systems or intellectual property were ...

OpenAI says to update Mac apps including ChatGPT and Codex as security precaution

OpenAI is asking users of its Mac software to update to the latest releases from today “out of an abundance of caution.” This is due to a security issue with a third-party developer tool, Axios, that ...
SecurityWeek

Data Leakage Vulnerability Patched in OpenSSL

Seven vulnerabilities have been patched with the latest OpenSSL updates, including a flaw that can allow an attacker to ...

OpenAI responds to Axios HTTP hack by updating security certificates.

When hackers got access to an account belonging to the maintainer of Axios they inserted a script that granted remote access to users’ Windows, macOS, and Linux devices. This malicious version ...
Frontiers

Software security in the era of autonomous and generative AI

The field of software security has become increasingly intertwined with advances in artificial intelligence (AI), especially as generative and autonomous AI ...