"Hackers Exploit Ray Framework Flaw to Breach Servers, Hijack Resources"

A new hacking campaign called "ShadowRay" exploits an unpatched vulnerability in Ray, a popular open source Artificial Intelligence (AI) framework, to hijack computing power and leak sensitive data. Oligo reported that these attacks have been ongoing since at least September 5, 2023, with targets including education, cryptocurrency, biopharma, and others. Ray is a framework developed by Anyscale that allows users to scale AI and Python applications across a cluster of machines for distributed computing workloads. The framework has over 30,500 stars on GitHub and is used by many organizations worldwide, including Amazon, Spotify, LinkedIn, Instacart, Netflix, Uber, and OpenAI. This article continues to discuss findings regarding the ShadowRay hacking campaign.

Bleeping Computer reports "Hackers Exploit Ray Framework Flaw to Breach Servers, Hijack Resources"

Submitted by grigby1