CERN has released its complete KiCad component library under an open source license, making it available to hardware designers anywhere in the world. The library, maintained by CERN’s Design Office, contains more than 17,000 electronic components in the form of schematic symbols and printed circuit board footprints. Layout of a printed circuit board made using…
Tag: library
AI, Global Security News
Hugging Face Packages Weaponized With a Single File Tweak
A tokenizer library file present in Hugging Face AI models can be manipulated to hijack the model’s outputs and exfiltrate data.
Exploits, Global Security News
vm2 Node.js Library Vulnerabilities Enable Sandbox Escape and Arbitrary Code Execution
A dozen critical security vulnerabilities have been disclosed in the vm2 Node.js library that could be exploited by bad actors to break out of the sandbox and execute arbitrary code on susceptible systems. vm2 is an open-source library used to run untrusted JavaScript code inside a secure sandbox by intercepting and proxying JavaScript objects to…
Global Security News
Critical vm2 sandbox bug lets attackers execute code on hosts
A critical vulnerability in the popular Node.js sandboxing library vm2 allows escaping the sandbox and executing arbitrary code on the host system. […]
Global Security News
Critical flaw in wolfSSL library enables forged certificate use
A critical vulnerability in the wolfSSL SSL/TLS library can weaken security via improper verification of the hash algorithm or its size when checking Elliptic Curve Digital Signature Algorithm (ECDSA) signatures. […]
Global Security News
Axios NPM Package Compromised in Precision Attack
The NPM package for Axios, a popular JavaScript HTTP client library, was briefly compromised this week, possibly by North Korean threat actors.
AI, Apps, Cybersecurity, Data Breaches, Global Security News, malware, Network Security, Risk Management
LiteLLM Supply Chain Attack Exposes Credentials Across AI Ecosystems
A widely used AI development library was compromised in a recent supply chain attack, potentially exposing a large number of systems to risk. Malicious LiteLLM packages on PyPI were backdoored to quietly steal credentials, tokens, and sensitive infrastructure data from both development and production environments. “The LiteLLM compromise shows just how quickly supply chain attacks…
AI, Global Security News
OpenAI rolls out ChatGPT Library to store your personal files
OpenAI is rolling out a new feature called ‘Library’ for ChatGPT, which allows you to store your personal files or images on OpenAI’s cloud storage, so you can reference those items in a future chat. […]
AI, Global Security News
VAST Data Introduces Foundation Stacks to Accelerate Enterprise Adoption of NVIDIA Blueprints
COMPANY NEWS: New open source library delivers production-ready implementations for scalable pipelines on the VAST AI Operating System
AI, Apps, Exploits, Global Security News, Risk Management
Critical defect in Java security engine poses serious downstream security risks
A maximum-severity vulnerability in pac4j, an open-source library integrated into hundreds of software packages and repositories, poses a significant security threat, but has thus far received scant attention. The defect in the Java security engine, which handles authentication across multiple frameworks, has not been exploited in the wild since code review firm CodeAnt AI published…
Global Security News
Malicious NuGet Package Targets Stripe Developers
Malicious NuGet package mimicking Stripe’s library targeted developers
AI, Apps, Compliance, Data Breaches, Endpoint, Exploits, Global Security News, Network Security, Risk Management
better-auth Flaw Allows Unauthenticated API Key Creation
A vulnerability in the better-auth library could allow attackers to take over user accounts without ever logging in. The flaw affects the library’s API keys plugin and enables unauthenticated attackers to mint privileged API keys for arbitrary users. Exploitation of the vulnerability grants “… full authenticated access as the targeted user and, depending on the…
AI, Global Security News
Microsoft Defender update lets SOC teams manage, vet response tools
Microsoft introduced library management in Microsoft Defender to help security analysts working with live response manage scripts and tools they use to triage, investigate and remediate threats. The library management interface allows analysts to organize their investigation tools and manage everything without waiting for an active session. “This enhancement in Defender’s live response tooling improves…
AI, GitHub, Global Security News, Microsoft, News, open source, operating system
Microsoft launches LiteBox, a security-focused open-source library OS
Microsoft has released LiteBox, a project intended to function as a security-focused library OS that can serve as a secure kernel for protecting a guest kernel using virtualization hardware. LiteBox was developed in collaboration with the Linux Virtualization Based Security (LVBS) project. The goal is to isolate and protect a normal guest kernel by running…