RSS Reader for Computer Security Articles
Credit to Author: BrianKrebs| Date: Fri, 02 May 2025 00:52:00 +0000
A employee at Elon Musk’s artificial intelligence company xAI leaked a private key on GitHub that for the past two months could have allowed anyone to query private xAI large language models (LLMs) which appear to have been custom made for working with internal data from Musk’s companies, including SpaceX, Tesla and Twitter/X, KrebsOnSecurity has learned.
Read More
Credit to Author: BrianKrebs| Date: Wed, 23 Apr 2025 20:45:04 +0000
A whistleblower at the National Labor Relations Board (NLRB) alleged last week that denizens of Elon Musk’s Department of Government Efficiency (DOGE) siphoned gigabytes of data from the agency’s sensitive case files in early March. The whistleblower said accounts created for DOGE at the NLRB downloaded three code repositories from GitHub. Further investigation into one of those code bundles shows it is remarkably similar to a program published in January 2025 by Marko Elez, a 25-year-old DOGE employee who has worked at a number of Musk’s companies.
Read More
Credit to Author: BrianKrebs| Date: Tue, 22 Apr 2025 01:48:27 +0000
A security architect with the National Labor Relations Board (NLRB) alleges that employees from Elon Musk’s Department of Government Efficiency (DOGE) transferred gigabytes of sensitive data from agency case files in early March, using short-lived accounts configured to leave few traces of network activity. The NLRB whistleblower said the unusual large data outflows coincided with multiple blocked login attempts from an Internet address in Russia that tried to use valid credentials for a newly-created DOGE user account.
Read MoreCredit to Author: Steve Faehl| Date: Thu, 19 Dec 2024 17:00:00 +0000
New Microsoft guidance is now available for United States government agencies and their industry partners to help implement Zero Trust strategies and meet CISA Zero Trust requirements.
The post New Microsoft guidance for the CISA Zero Trust Maturity Model appeared first on Microsoft Security Blog.
Read More
Credit to Author: BrianKrebs| Date: Thu, 03 Oct 2024 13:05:52 +0000
Organizations that get relieved of credentials to their cloud environments can quickly find themselves part of a disturbing new trend: Cybercriminals using stolen cloud credentials to operate and resell sexualized AI-powered chat services. Researchers say these illicit chat bots, which use custom jailbreaks to bypass content filtering, often veer into darker role-playing scenarios, including child sexual exploitation and rape.
Read More
Credit to Author: BrianKrebs| Date: Thu, 19 Sep 2024 19:39:09 +0000
Many GitHub users this week received a novel phishing email warning of critical security holes in their code. Those who clicked the link for details were asked to distinguish themselves from bots by pressing a combination of keyboard keys that causes Microsoft Windows to download password-stealing malware. While it’s unlikely that many programmers fell for this scam, it’s notable because less targeted versions of it are likely to be far more successful against the average Windows user.
Read More
Credit to Author: Alanna Titterington| Date: Fri, 28 Jun 2024 12:20:54 +0000
How developers' GitHub accounts are being hijacked using the service's notification system to deliver phishing emails with fake job offers.
Read More