GitHub

IndependentKrebs

xAI Dev Leaks API Key for Private SpaceX, Tesla LLMs

Credit to Author: BrianKrebs| Date: Fri, 02 May 2025 00:52:00 +0000

A employee at Elon Musk’s artificial intelligence company xAI leaked a private key on GitHub that for the past two months could have allowed anyone to query private xAI large language models (LLMs) which appear to have been custom made for working with internal data from Musk’s companies, including SpaceX, Tesla and Twitter/X, KrebsOnSecurity has learned.

Read More
IndependentKrebs

DOGE Worker’s Code Supports NLRB Whistleblower

Credit to Author: BrianKrebs| Date: Wed, 23 Apr 2025 20:45:04 +0000

A whistleblower at the National Labor Relations Board (NLRB) alleged last week that denizens of Elon Musk’s Department of Government Efficiency (DOGE) siphoned gigabytes of data from the agency’s sensitive case files in early March. The whistleblower said accounts created for DOGE at the NLRB downloaded three code repositories from GitHub. Further investigation into one of those code bundles shows it is remarkably similar to a program published in January 2025 by Marko Elez, a 25-year-old DOGE employee who has worked at a number of Musk’s companies.

Read More
IndependentKrebs

Whistleblower: DOGE Siphoned NLRB Case Data

Credit to Author: BrianKrebs| Date: Tue, 22 Apr 2025 01:48:27 +0000

A security architect with the National Labor Relations Board (NLRB) alleges that employees from Elon Musk’s Department of Government Efficiency (DOGE) transferred gigabytes of sensitive data from agency case files in early March, using short-lived accounts configured to leave few traces of network activity. The NLRB whistleblower said the unusual large data outflows coincided with multiple blocked login attempts from an Internet address in Russia that tried to use valid credentials for a newly-created DOGE user account.

Read More
IndependentKrebs

A Single Cloud Compromise Can Feed an Army of AI Sex Bots

Credit to Author: BrianKrebs| Date: Thu, 03 Oct 2024 13:05:52 +0000

Organizations that get relieved of credentials to their cloud environments can quickly find themselves part of a disturbing new trend: Cybercriminals using stolen cloud credentials to operate and resell sexualized AI-powered chat services. Researchers say these illicit chat bots, which use custom jailbreaks to bypass content filtering, often veer into darker role-playing scenarios, including child sexual exploitation and rape.

Read More
IndependentKrebs

This Windows PowerShell Phish Has Scary Potential

Credit to Author: BrianKrebs| Date: Thu, 19 Sep 2024 19:39:09 +0000

Many GitHub users this week received a novel phishing email warning of critical security holes in their code. Those who clicked the link for details were asked to distinguish themselves from bots by pressing a combination of keyboard keys that causes Microsoft Windows to download password-stealing malware. While it’s unlikely that many programmers fell for this scam, it’s notable because less targeted versions of it are likely to be far more successful against the average Windows user.

Read More