Three-Quarters of Firms Knowingly Ship Vulnerable Code
AI risks threaten to permeate supply chains through unvetted code and unaudited suppliers
Yasna brings together recent headlines from selected sources and makes them easier to sort with tags, filters, and search.
Search across headline titles and summaries.
Weekly headline count for the current query.
AI risks threaten to permeate supply chains through unvetted code and unaudited suppliers
Cybersecurity researchers have discovered a critical "by design" weakness in the Model Context Protocol's (MCP) architecture that could pave the way for remote code execution and have a cascading effect on the artificial intelligence (AI) supply chain
A proof-of-concept attack on Context Hub suggests there's not much content santization A new service that helps coding agents stay up to date on their API calls could be dialing in a massive supply chain vulnerability.…
The vulnerabilities highlight a big drawback to integrating AI into software development workflows and the potential impact on supply chains.
Pillar Security discovered two new critical vulnerabilities in n8n that could lead to supply chain compromise, credential harvesting and complete takeover attacks
DockerDash vulnerability allows RCE and data exfiltration via unverified metadata in Ask Gordon
3 critical zero-day flaws in PickleScan, affecting Python and PyTorch, allowed undetected attacks
Cybersecurity researchers have disclosed two security flaws in Wondershare RepairIt that exposed private user data and potentially exposed the system to artificial intelligence (AI) model tampering and supply chain risks
Persistent Security's Marcus Vervier on Microsoft Flaws, Pitfalls of AI CodingA newly discovered vulnerability present in Microsoft's Copilot and Visual Studio has brought a fresh batch of concerns around the security of artificial intelligence-powered coding tools to the forefront. It has the potential to turn AI models into a new attack vector.
A critical vulnerability in the trust model of Cursor, a fast-growing tool for LLM-assisted development, allows for silent and persistent remote code execution.
Analyzing binary code helps vendors and organizations detect security threats and zero-day vulnerabilities in the software supply chain, but it doesn't come without challenges. It looks like AI has come to the rescue.
Companies pursing internal AI development using models from Hugging Face and other open source repositories need to focus on supply chain security and checking for vulnerabilities.
A high-severity security flaw has been disclosed in Meta's Llama large language model (LLM) framework that, if successfully exploited, could allow an attacker to execute arbitrary code on the llama-stack inference server. The vulnerability, tracked as CVE-2024-50050, has been assigned a CVSS score of 6.3 out of 10.0. Supply chain security firm Snyk, on the other hand, has assigned it a
Deal Targets Open Source Library Risks in Software Supply Chain, Boosts DevSecOpsThe integration of Tidelift into Sonar's ecosystem will enhance software supply chain security by leveraging human-verified insights from maintainers of popular open source libraries. Developers can expect comprehensive tools to address vulnerabilities in first-party, AI-generated, and third-party code.
DHS Calls for Public-Private Collaboration on Critical Infrastructure SecurityCritical infrastructure sectors face many potentially disruptive threats such as supply chain vulnerabilities and the growing dependency on space-based systems. But the top cyberthreats facing the U.S. are the People's Republic of China and emerging risks associated with AI and quantum computing.
Guidance Is First Step to Global Standard, Says Minister for AIThe U.K. government released voluntary guidance intended to help artificial intelligence developers and vendors protect models from hacking and potential sabotage. Companies should strengthen supply chain security and decrease risks from vulnerable AI systems to customers, such as data loss.
A security vulnerability has been discovered in the R programming language that could be exploited by a threat actor to create a malicious RDS (R Data Serialization) file such that it results in code execution when loaded and referenced
Cybersecurity researchers have found that it's possible to compromise the Hugging Face Safetensors conversion service to ultimately hijack the models submitted by users and result in supply chain attacks
OX-GPT is designed to help quickly remediate security vulnerabilities during software development
RSA's Innovation Sandbox 2023 focused on the software supply chain, as well as attack surfaces exposed by generative AI, ML systems, and APIs.