1. Half of artificial intelligence open source projects cite vulnerable software packages
According to EndorLabs, open source is playing an increasingly important role in the AI technology stack, yet the majority of projects (52%) cite vulnerable dependencies with known vulnerabilities. EndorLabs claimed in the latest "Software Dependency Management State Report" that just five months after its release, ChatGPT's API was called by more than 900 npm and PyPI packages, 70% of which were brand new packages.
Reference link:
https://www.secrss.com/articles/57396
2. New sophisticated SkidMap variants targeting a wide range of Linux distributions
Trustwave researchers have discovered a new, improved, and dangerous Skidmap variant designed to target a wide range of Linux distributions. Depending on the specific Linux distribution and kernel, the malware downloads the corresponding software package (named gold, stream, or euler) and uses several shell scripts to install kernel modules, including one that clears logs and starts a bot that allows operators to retrieve additional rootkit payloads.
Reference link:
https://securityaffairs.com/149258/malware/skidmap-malware-redis-servers.html
3. Hackers are increasingly abusing Cloudflare Tunnels for invisible connections
The Cloudflare Tunnels feature allows users to create a secure, outbound-only connection to the Cloudflare network for a web server or application. Users only need to install one of the available cloudflared clients for Linux, Windows, macOS and Docker to deploy Tunnels, a legitimate feature hackers are increasingly abusing to create covert HTTPS connections from infected devices to bypass firewalls And maintain long-term persistence, gain covert and persistent access to the victim's network, evade detection and exfiltrate the data of the infected device.
Reference link:
https://www.bleepingcomputer.com/news/security/hackers-increasingly-abuse-cloudflare-tunnels-for-stealthy-connections/
4. The Indian Ministry of Defense is considering replacing the Windows operating system with the native "Maya" operating system
The Ministry of Defense of India is responsible for protecting the national security of the country. In response to changing cyber challenges, the Ministry of Defense is considering replacing the current Microsoft operating system, Maya OS, with a locally developed open-source operating system called Maya on all Internet-connected computers. is a Linux-based distribution that draws inspiration from the popular Ubuntu operating system, with a Windows-like interface and all the features.
Reference link:
https://thecyberexpress.com/india-maya-operating-system-defense-ministry/