Open-source artificial intelligence compute framework Ray has been found to be impacted by a critical vulnerability, tracked as CVE-2023-48023, which could be exploited to facilitate unauthorized node access, according to SecurityWeek.
Exposed Kubernetes secrets pose significant supply chain threat Numerous organizations and open-source projects could be impacted by a supply chain attack stemming from publicly exposed Kubernetes secrets enabling access to sensitive Software Development Life Cycle environments, according to SecurityWeek.
Publicly exposed GitHub repositories have been cloned by threat actors looking to exfiltrate Amazon Web Services credentials as part of the EleKtra-Leak cryptojacking operation that commenced in 2020, reports The Register.
Major U.S. pipeline system Colonial Pipeline has denied having its systems or operations affected by a ransomware attack claimed by the RansomedVC operation, saying that stolen files exposed by the ransomware group were from an unrelated third-party data breach, according to The Record, a news site by cybersecurity firm Recorded Future.
Fast Five
Selected by the SC Media Editorial team every Tuesday.
Sign up now for the top five issues cybersecurity pros need to know this week.