Malware hidden in WordPress mu-plugins grants attackers full access and admin control, putting websites and users at serious risk.
Get the latest international news and world events from around the world.
New Koske Linux malware hides in cute panda images
A new Linux malware named Koske may have been developed with artificial intelligence and is using seemingly benign JPEG images of panda bears to deploy malware directly into system memory.
Researchers from cybersecurity company AquaSec analyzed Koske and described it as “a sophhisticated Linux threat.” Based on the observed adaptive behavior, the researchers believe that the malware was developed using large language models (LLMs) or automation frameworks.
Koske’s purpose is to deploy CPU and GPU-optimized cryptocurrency miners that use the host’s computational resources to mine over 18 distinct coins.
Hacker sneaks infostealer malware into early access Steam game
A threat actor called EncryptHub has compromised a game on Steam to distribute info-stealing malware to unsuspecting users downloading the title.
A few days ago, the hacker (also tracked as Larva-208), injected malicious binaries into the Chemia game files hosted on Steam.
Chemia is a survival crafting game from developer ‘Aether Forge Studios,’ which is currently offered as early access on Steam but has no public release date.
Hackers breach Toptal GitHub account, publish malicious npm packages
Hackers compromised Toptal’s GitHub organization account and used their access to publish ten malicious packages on the Node Package Manager (NPM) index.
The packages included data-stealing code that collected GitHub authentication tokens and then wiped the victims’ systems.
Toptal is a freelance talent marketplace that connects companies with software developers, designers, and finance experts. The company also maintains internal developer tools and design systems, most notably Picasso, which they make available through GitHub and NPM.
Microsoft: SharePoint flaws exploited in Warlock ransomware attacks
A China-based hacking group is deploying Warlock ransomware on Microsoft SharePoint servers vulnerable to widespread attacks targeting the recently patched ToolShell zero-day exploit chain.
Non-profit security organization Shadowserver is currently tracking over 420 SharePoint servers that are exposed online and remain vulnerable to these ongoing attacks.
“Although Microsoft has observed this threat actor deploying Warlock and Lockbit ransomware in the past, Microsoft is currently unable to confidently assess the threat actor’s objectives,” the company said in a Wednesday report.
Brave blocks Windows Recall from screenshotting your browsing activity
Brave Software says its privacy-focused browser will block Microsoft’s Windows Recall from capturing screenshots of Brave windows by default to protect users’ privacy.
Windows Recall is an opt-in Windows feature that takes screenshots of active windows every few seconds, analyzes them, and enables Windows 11 users to search for text within the snapshots using natural language. The goal is to make it easy for users to quickly find information about past activities in Windows.
However, the feature has sparked widespread criticism for potentially exposing sensitive data of Windows users, including passwords, emails, health records, and financial information.
OpenAI CEO Sam Altman warns of an AI ‘fraud crisis’
OpenAI CEO Sam Altman says the world may be on the precipice of a “fraud crisis” because of how artificial intelligence could enable bad actors to impersonate other people.
“A thing that terrifies me is apparently there are still some financial institutions that will accept a voice print as authentication for you to move a lot of money or do something else — you say a challenge phrase, and they just do it,” Altman said. “That is a crazy thing to still be doing… AI has fully defeated most of the ways that people authenticate currently, other than passwords.”
The comments were part of his wide-ranging interview about the economic and societal impacts of AI at the Federal Reserve on Tuesday. He also told the audience, which included, representatives of large US financial institutions, about the role he expects AI to play in the economy.
Cost Effective way of Converting Hemp Waste into Ethanol Fuel
Breaking the cellulose and hemicellulose chain has for a long time been a very expensive process. Now with research and this new system it can be done in a rather simple and cost effective manner.
For long, the most expensive part of making cellulosic ethanol has been to be able to break this molecule chain, making it non-competitive with corn ethanol. With this new technology, cellulosic ethanol can compete with corn ethanol as cellulosic ethanol is more environmentally friendly alternative.
To learn more about the basics of cellulosic ethanol and starch ethanol, see the article linked below.
This is the latest and greatest innovation in the world of cellulosic ethanol production. It shows potential for significant cost savings and proving to be even more profitable than corn ethanol.
Stowaways in the cargo: Contaminating nucleic acids in rAAV preparations for gene therapy
A useful review on the nucleic acid contaminants found in AAVs, how to detect such contaminants, their biological implications, and how we can minimize nucleic acid contaminants in the future through new manufacturing innovations! #biotech #genetherapy
Brimble and colleagues review nucleic acid heterogeneity of rAAV for gene therapy. Alongside the intended expression cassette, non-therapeutic DNA is present within rAAV preparations. These contaminants can be transferred and can even expressed after delivery. They discuss sources of DNA contamination in rAAV and highlight existing strategies to improve vector purity.