Lifeboat Foundation

Microsoft’s AI-powered Recall feature sparked major privacy concerns. Now, it’s becoming an opt-in.

Cybersecurity researchers have disclosed that the LightSpy spyware recently identified as targeting Apple iOS users is in fact a previously undocumented macOS variant of the implant.

The findings come from both Huntress Labs and ThreatFabric, which separately analyzed the artifacts associated with the cross-platform malware framework that likely possesses capabilities to infect Android, iOS, Windows, macOS, Linux, and routers from NETGEAR, Linksys, and ASUS.

“The Threat actor group used two publicly available exploits (CVE-2018–4233, CVE-2018–4404) to deliver implants for macOS,” ThreatFabric said in a report published last week. “Part of the CVE-2018–4404 exploit is likely borrowed from the Metasploit framework. macOS version 10 was targeted using those exploits.”

A group of Israeli researchers explored the security of the Visual Studio Code marketplace and managed to “infect” over 100 organizations by trojanizing a copy of the popular ‘Dracula Official theme to include risky code. Further research into the VSCode Marketplace found thousands of extensions with millions of installs.

Visual Studio Code (VSCode) is a source code editor published by Microsoft and used by many professional software developers worldwide.

Microsoft also operates an extensions market for the IDE, called the Visual Studio Code Marketplace, which offers add-ons that extend the application’s functionality and provide more customization options.

Researchers are warning that hackers are actively exploiting a disputed vulnerability in a popular open-source AI framework known as Ray.

This tool is commonly used to develop and deploy large-scale Python applications, particularly for tasks like machine learning, scientific computing and data processing.

According to Ray’s developer, Anyscale, the framework is used by major tech companies such as Uber, Amazon and OpenAI.

The disclosure notice also noted several security changes made to the Spaces platform in response to the leak, including the removal of org tokens to improve traceability and auditing capabilities, and the implementation of a key management service (KMS) for Spaces secrets.

Hugging Face said it plans to deprecate traditional read and write tokens “in the near future,” replacing them with fine-grained access tokens, which are currently the default.

Spaces users are recommended to switch their Hugging Face tokens to fine-grained access tokens if they are not already using them, and refresh any key or token that may have been exposed.

Precision tested its BCI on 14 people so far. Two more are scheduled this month.

Join our newsletter to get the latest military space news every Tuesday by veteran defense journalist Sandra Erwin.

The estimated $1 billion IDIQ contract — a pre-negotiated agreement between the government and multiple vendors — is for a program known as R2C2, short for Rapid Resilient Command and Control, focused on developing a next-generation ground system built on a commercial cloud architecture.

DefenseScoop was exclusively briefed on Central Command’s new Desert Sentry commercial solutions opening, in partnership with the CDAO.

The Army has determined who will be the functional mangers for electronic warfare.