Key takeaways from BlackHat 2023

New GitHub Actions Attack Chain Uses Fake CI Updates to Exfiltrate Secrets and Tokens

A new attack campaign is actively targeting open-source repositories on GitHub by carefully disguising malicious code as completely routine CI build configuration updates. The campaign,

DPRK Cyber Program Uses Modular Malware Strategy to Evade Attribution and Survive Takedowns

North Korea’s cyber program has fundamentally shifted how it builds and deploys malware. Rather than relying on one all-purpose hacking tool, the regime has assembled

Trojanized PyPI AI Proxy Steals Claude Prompt, Exfiltrates Data

A malicious PyPI package, hermes-px, that masquerades as a “Secure AI Inference Proxy” while secretly stealing user prompts and abusing a private university AI service.

From Data Ownership to Learning Velocity in Direct-to-Consumer Healthcare

As commercialization increasingly reflects direct engagement dynamics, differentiation depends less on the volume of data controlled and more on the speed at which systems incorporate

News and Analysis

Subscribe to newsletter

More Posts

New GitHub Actions Attack Chain Uses Fake CI Updates to Exfiltrate Secrets and Tokens

DPRK Cyber Program Uses Modular Malware Strategy to Evade Attribution and Survive Takedowns

Trojanized PyPI AI Proxy Steals Claude Prompt, Exfiltrates Data

From Data Ownership to Learning Velocity in Direct-to-Consumer Healthcare

Products

Solutions

Healthcare cybersecurity

Healthcare Threat Intelligence

Use Cases

News and Analysis

Insights

Company