Author: Harish
Cheap Android smartphones manufactured by Chinese companies have been observed pre-installed with trojanized apps masquerading as WhatsApp and Telegram that contain cryptocurrency clipper functionality as part of a campaign since June 2024. While using malware-laced apps to steal financial information is not a new phenomenon, the new findings from Russian antivirus vendor Doctor Web point to significant escalation where threat actors are directly targeting the supply chain of various Chinese manufacturers to preload brand new devices with malicious apps. “Fraudulent applications were detected directly in the software pre-installed on the phone,” the company said. “In this case, the malicious code…
Apr 16, 2025Ravie LakshmananVulnerability Management / Incident Response The U.S. government funding for non-profit research giant MITRE to operate and maintain its Common Vulnerabilities and Exposures (CVE) program will expire Wednesday, an unprecedented development that could shake up one of the foundational pillars of the global cybersecurity ecosystem. The 25-year-old CVE program is a valuable tool for vulnerability management, offering a de facto standard to identify, define, and catalog publicly disclosed security flaws using CVE IDs. The program has listed over 274,000 CVE records to date. Yosry Barsoum, MITRE’s vice president and director of the Center for Securing the Homeland…
Grok, the chatbot from Elon Musk’s AI company, xAI, has gained a canvas-like feature for editing and creating documents and basic apps. Called Grok Studio, the feature was announced on X late Tuesday. It’s available for both free and paying Grok users on Grok.com “Grok can now generate documents, code, reports and browser games,” wrote the official Grok account on X. “Grok Studio will open your content in a separate window, allowing both you and Grok to collaborate on the content together.” Today, we are releasing the first version of Grok studio, adding code execution and google drive support. Grok…
The demand for high-speed, reliable services is at an all-time high and service providers continue to face the challenge of modernizing their infrastructure while maintaining operational efficiency. In collaboration with Intel and Dell Technologies, Red Hat provides a powerful cloud-native platform built on Red Hat OpenShift as a foundation for this solution. This provides a future-ready, efficient and scalable platform for deploying virtualized cable modem termination systems (vCMTS) that meet modern service demands.OpenShift is an enterprise-grade platform designed to simplify development, deployment and management across hybrid and multicloud environments. Built on Red Hat Enterprise Linux (RHEL) and Kubernetes, OpenShift provides…
Semiconductor giant Nvidia is facing unexpected new U.S. export controls on its H20 chips. In a filing Tuesday, Nvidia said it was informed by the U.S. government that it will need a license to export its H20 AI chips to China. This license will be required indefinitely, according to the filing — the U.S. government cited “risk that the [H20] may be used in … a supercomputer in China.” Nvidia anticipates $5.5 billion in related charges in its Q1 2026 fiscal year, which ends April 27. The company’s stock was down around 6% in extended trading. The H20 is the most…
A hacker compromised a ZKsync admin account on April 15, minting $5 million worth of unclaimed airdrop tokens, according to a statement from the official ZKsync X account. The attack was described as isolated, with no user funds affected.Following an investigation, ZKsync detailed the incident on April 15, disclosing that the compromised account had administrative control over three airdrop distribution contracts. The attacker exploited a function called sweepUnclaimed() to mint 111 million unclaimed ZK tokens, increasing the total token supply by 0.45%. As of the latest update, the attacker still held control of most of the stolen funds.Source: ZKsyncZKsync is…
Former Y Combinator startup Telli is helping companies alleviate the bottleneck that occurs when a high-volume of customers try to, for example, book appointments. Its AI voice agents kick in and handle basic operations while handing off more-complex processes to human operators. The Berlin-based startup has now raised $3.6 million in a pre-seed funding round led by Berlin’s Cherry Ventures and Y Combinator. Telli says its AI voice agents can perform a number of tasks, including automated callbacks and even closing deals. The startup, which was founded by Seb Hapte-Selassie, Philipp Baumanns, and Finn zur Mühlen, has concentrated on making its agents blend…
Tariffs are threatening 31-year-old promotional product supplier Greater Pacific. “We’ve had to stop booking new business because the more we book, the more money we lose,” said Ben Zhang, Greater Pacific’s founder and president/CEO. Greater Pacific sources custom-branded products for major clients, including many Fortune 500 companies, through distributors. Think tote bags and reusable water bottles that you had at your last conference. But now it has had to halt hundreds of projects it has in production in China. “When they arrive at U.S. customs, we’ll be hit with tariffs that will add anywhere from $2 to $3 million in…
Funding is about to run out for the Common Vulnerabilities and Exposures (CVE) program – a system used by major companies like Microsoft, Google, Apple, Intel, and AMD to identify and track publicly disclosed cybersecurity vulnerabilities. The program helps engineers identify how bad an exploit is and how to prioritize applying patches or other mitigations.MITRE, the federally funded organization behind the program, confirmed to The Verge that its contract to “develop, operate, and modernize” CVE will expire on April 16th.First launched in 1999, the CVE program houses a database where participating organizations can assign IDs to known cybersecurity vulnerabilities. The…
OpenAI has updated its Preparedness Framework — the internal system it uses to assess the safety of AI models and determine necessary safeguards during development and deployment. In the update, OpenAI stated that it may “adjust” its safety requirements if a competing AI lab releases a “high-risk” system without similar protections in place. The change reflects the increasing competitive pressures on commercial AI developers to deploy models quickly. OpenAI has been accused of lowering safety standards in favor of faster releases, and of failing to deliver timely reports detailing its safety testing. Last week, 12 former OpenAI employees filed a brief…