NVIDIA has patched a high-severity flaw impacting its Jetson series computing boards. The exploitation of this vulnerability could enable Denial-of-Service (DoS), code execution, and privilege escalation in Artificial Intelligence (AI)-powered systems. This article continues to discuss the potential exploitation and impact of the flaw in Jetson software used in AI-powered systems, as well as other NVIDIA vulnerabilities that pose risks to networking and data center solutions.

The Spanish-speaking cybercrime group "GXC Team" bundles phishing kits with malicious Android apps, advancing Malware-as-a-Service (MaaS) offerings. Group-IB, which has tracked the threat actor since January 2023, called the crimeware solution a "sophisticated AI-powered phishing-as-a-service platform." This article continues to discuss findings regarding GXC Team's bundling of phishing kits with malicious Android apps.

The US Department of State is offering $10 million for information on Rim Jong Hyok, an alleged member of the hacking group "APT45," which operates on behalf of a North Korean military intelligence agency, the Reconnaissance General Bureau. The group has targeted foreign businesses, government entities, and the defense industry. This article continues to discuss the US offering a reward of up to $10 million for information on a member of APT45.

A new Checkmarx report highlights that organizations are concerned about security threats posed by developers' use of Artificial Intelligence (AI). The company discovered that 15 percent of organizations explicitly ban AI tool usage for code generation, but 99 percent use them anyway. This article continues to discuss key findings from the "Seven Steps to Safely Use Generative AI in Application Security" report.

Infosecurity Magazine reports "Despite Bans, AI Code Tools Widespread in Organizations"

The National Security Agency (NSA), the Federal Bureau of Investigation (FBI), and others have released a joint Cybersecurity Advisory (CSA) titled "North Korea Cyber Group Conducts Global Espionage Campaign to Advance Regime's Military and Nuclear Programs." The CSA includes methods for detecting and mitigating the malicious activities of the Democratic People's Republic of Korea (DPRK) Reconnaissance General Bureau (RGB) 3rd Bureau.

The threat actor "Stargazer Goblin" has found a new way to use GitHub to spread malware and malicious links. Instead of hosting malware on GitHub and luring users to download an infected code package by clicking on a malicious link in a phishing email, the new tactic involves tricking victims into thinking that malicious repositories are legitimate through an operation involving thousands of fake accounts.