In OpenStack Neutron through 25.0.0, neutron/extensions/tagging.py can use an incorrect ID during policy enforcement. NOTE: 935883 has the "Work in Progress" status as of 2024-11-24.

**Exploitability Metrics**

Attack Vector: This metric reflects the context by which vulnerability exploitation is possible. This metric value (and consequently the resulting severity) will be larger the more remote (logically, and physically) an attacker can be in order to exploit the vulnerable system. The assumption is that the number of potential attackers for a vulnerability that could be exploited from across a network is larger than the number of potential attackers that could exploit a vulnerability requiring physical access to a device, and therefore warrants a greater severity.

Attack Complexity: This metric captures measurable actions that must be taken by the attacker to actively evade or circumvent existing built-in security-enhancing conditions in order to obtain a working exploit. These are conditions whose primary purpose is to increase security and/or increase exploit engineering complexity. A vulnerability exploitable without a target-specific variable has a lower complexity than a vulnerability that would require non-trivial customization. This metric is meant to capture security mechanisms utilized by the vulnerable system.

Attack Requirements: This metric captures the prerequisite deployment and execution conditions or variables of the vulnerable system that enable the attack. These differ from security-enhancing techniques/technologies (ref Attack Complexity) as the primary purpose of these conditions is not to explicitly mitigate attacks, but rather, emerge naturally as a consequence of the deployment and execution of the vulnerable system.

Privileges Required: This metric describes the level of privileges an attacker must possess prior to successfully exploiting the vulnerability. The method by which the attacker obtains privileged credentials prior to the attack (e.g., free trial accounts), is outside the scope of this metric. Generally, self-service provisioned accounts do not constitute a privilege requirement if the attacker can grant themselves privileges as part of the attack.

User interaction: This metric captures the requirement for a human user, other than the attacker, to participate in the successful compromise of the vulnerable system. This metric determines whether the vulnerability can be exploited solely at the will of the attacker, or whether a separate user (or user-initiated process) must participate in some manner.

**Vulnerable System Impact Metrics**

Confidentiality: This metric measures the impact to the confidentiality of the information managed by the VULNERABLE SYSTEM due to a successfully exploited vulnerability. Confidentiality refers to limiting information access and disclosure to only authorized users, as well as preventing access by, or disclosure to, unauthorized ones.

Integrity: This metric measures the impact to integrity of a successfully exploited vulnerability. Integrity refers to the trustworthiness and veracity of information. Integrity of the VULNERABLE SYSTEM is impacted when an attacker makes unauthorized modification of system data. Integrity is also impacted when a system user can repudiate critical actions taken in the context of the system (e.g. due to insufficient logging).

Availability: This metric measures the impact to the availability of the VULNERABLE SYSTEM resulting from a successfully exploited vulnerability. While the Confidentiality and Integrity impact metrics apply to the loss of confidentiality or integrity of data (e.g., information, files) used by the system, this metric refers to the loss of availability of the impacted system itself, such as a networked service (e.g., web, database, email). Since availability refers to the accessibility of information resources, attacks that consume network bandwidth, processor cycles, or disk space all impact the availability of a system.

**Subsequent System Impact Metrics**

Confidentiality: This metric measures the impact to the confidentiality of the information managed by the SUBSEQUENT SYSTEM due to a successfully exploited vulnerability. Confidentiality refers to limiting information access and disclosure to only authorized users, as well as preventing access by, or disclosure to, unauthorized ones.

Integrity: This metric measures the impact to integrity of a successfully exploited vulnerability. Integrity refers to the trustworthiness and veracity of information. Integrity of the SUBSEQUENT SYSTEM is impacted when an attacker makes unauthorized modification of system data. Integrity is also impacted when a system user can repudiate critical actions taken in the context of the system (e.g. due to insufficient logging).

Availability: This metric measures the impact to the availability of the SUBSEQUENT SYSTEM resulting from a successfully exploited vulnerability. While the Confidentiality and Integrity impact metrics apply to the loss of confidentiality or integrity of data (e.g., information, files) used by the system, this metric refers to the loss of availability of the impacted system itself, such as a networked service (e.g., web, database, email). Since availability refers to the accessibility of information resources, attacks that consume network bandwidth, processor cycles, or disk space all impact the availability of a system.

GHSA-f27h-g923-68hw: OpenStack Neutron can use an incorrect ID during policy enforcement

Andrew Tate’s “The Real World” platform has been breached, again, leaking user data including emails and private chat…

Andrew Tate’s “The Real World” platform has been breached, again, leaking user data including emails and private chat logs. Explore the details of the hack and leaked data.

Andrew Tate, the controversial social media influencer currently under house arrest, is the newest victim of hacktivism. According to reports, unidentified hackers have successfully breached his online self-help platform, _The Real World_, formerly known as Hustler’s University.

Screenshot from the leaked data (Credit: Hackread.com)

The incident occurred when Tate was busy streaming the latest episode of his _show Emergency Meeting_, which airs on Rumble. This attack has resulted in the exposure of sensitive user data, including usernames, email addresses, and private chat messages. 

For your information, The Real World is an online university that focuses on health, fitness, financial investment, and e-commerce businesses with over 113,000 active users. It provides advanced training and mentoring at $50 per month and also teaches users how to master money making skills. 

The hackers, as per DailyDot, exploited a critical security vulnerability in the platform. After the successful attack, they flooded the primary chatroom with pro-feminist and LGBTQ+ emojis, temporarily banning users, and deleting attachments.

Their posted emojis included transgender flags, feminist fist, Tate’s AI-generated image draped in rainbow flags, another one with his buttocks enlarged, and cat characters used in his “boykisser” meme. 

Screenshot shows emojis spammed by the hackers

What is more concerning is that according to DDoSecrets, the hackers also managed to access a vast amount of user data, including over 794,000 usernames comprising current and former members, the content of The Real World’s 221 public and 395 private chat servers covering around a dozen campuses, and nearly 325,000 email addresses of users removed from the platform.

Tate is a controversial figure known for his toxic masculinity. The leaked data, now publicly available, offers a glimpse into the community that has formed around Tate with users expressing concerns about the _LGBTQ agenda_, the _matrix_, and recurrent shooting incidents. The hackers claimed their motive was hacktivism and Tate’s site being ‘hilariously insecure.’

It’s worth noting that this isn’t the first time Tate’s online platform has been compromised. Earlier this year, a data breach exposed millions of user messages and personal information due to a MongoDB database containing 88 gigabytes of data belonging to 968,447 user accounts being exposed since April 8, 2024. These repeated security failures raise serious questions about the platform’s commitment to protecting user data and maintaining a secure online environment.

1.  SiegedSec Hacktivist Strike NATO and Leak Sensitive Docs
2.  DDoS Attacks Hit France Over Telegram’s Pavel Durov Arrest
3.  Muslim Hacktivists Hack ISIS website; expose subscribers list
4.  Hacktivists Shut Down Donald Trump Hotel Collections Website
5.  RansomHub Hits Planned Parenthood Hack, Steals 93GB of Data
6.  SiegedSec Hits Heritage Foundation; Leaks Data Over “Project 2025”

Andrew Tate’s University Breach: 1 Million User Records and Chats Leaked

New York, the city that never sleeps, is renowned as a global epicentre for innovation, creativity, and business…

New York, the city that never sleeps, is renowned as a global epicentre for innovation, creativity, and business excellence. While it’s best known for its financial district, cultural landmarks, and media industry, New York has also emerged as a thriving cybersecurity, technology and app development hub.

Mobile app development companies in New York are at the forefront of delivering innovative solutions, driven by the city’s unique combination of resources, talent, and opportunity. Here’s why New York is a prime location for leading mobile development agencies.

****1\. Access to a Diverse Talent Pool****

New York is home to some of the world’s most prestigious universities and tech programs, including Columbia University, NYU, and Cornell Tech. These institutions produce highly skilled graduates in technology, design, and software engineering.

**Why It Matters:** Mobile app development companies in New York benefit from access to top-tier talent across various disciplines, ensuring they can assemble teams with diverse expertise. This diversity fosters creativity and innovation, critical for building cutting-edge mobile applications.

****2\. Thriving Tech Ecosystem****

New York’s Silicon Alley has grown into a vibrant tech ecosystem, attracting startups, established tech companies, and venture capitalists. This environment creates opportunities for collaboration, knowledge sharing, and investment in new ideas.

**Why It Matters:** Mobile development agencies in the city are well-connected to this tech network, allowing them to leverage the latest tools and technologies. This ecosystem also provides opportunities to partner with other innovative businesses, further enhancing their service offerings.

****3\. Exposure to Multiple Industries****

New York is a global leader in industries such as finance, healthcare, fashion, real estate, and media. Each sector has specific needs for mobile applications, from e-commerce platforms to health monitoring tools.

**Why It Matters:** The wide range of industries in New York challenges mobile app development companies to adapt and innovate constantly. By working with clients across diverse sectors, these agencies gain valuable experience and insights that make their solutions more versatile and effective.

****4\. Strong Focus on Innovation and Creativity****

As a cultural melting pot, New York is known for its dynamic and creative energy. This culture of innovation extends to the tech industry, where agencies are encouraged to think outside the box and develop groundbreaking mobile solutions.

**Why It Matters:** Mobile app development companies in New York are uniquely positioned to combine technical expertise with creative problem-solving. This results in apps that are not only functional but also visually appealing and user-friendly.

****5\. Access to a Global Market****

New York’s status as an international hub makes it a gateway to global markets. Companies based in the city have the advantage of working with clients from around the world, giving them a broader perspective on user needs and preferences.

**Why It Matters:** Mobile app development companies in New York design solutions that cater to diverse audiences. Their global outlook allows them to incorporate features that appeal to users across different cultures and regions, making their apps more competitive on a worldwide scale.

****6\. Cutting-Edge Use of Emerging Technologies****

The city’s tech agencies are at the forefront of integrating emerging technologies such as artificial intelligence, augmented reality, blockchain, and IoT into mobile applications.

**Why It Matters:** By embracing these innovations, New York-based companies deliver apps that are future-proof and highly functional. This proactive approach ensures that their clients stay ahead of the competition and meet evolving market demands.

****7\. Networking Opportunities and Events****

New York hosts numerous tech conferences, meetups, and hackathons, providing opportunities for professionals to connect, learn, and share ideas. Events like TechDay NYC and the NY Tech Meetup attract thought leaders and innovators from across the globe.

**Why It Matters:** These events help mobile app development companies stay updated on industry trends and best practices. Networking opportunities also enable them to forge partnerships that enhance their capabilities and broaden their client base.

****8\. Strong Support for Startups and Enterprises****

New York’s robust economy supports both startups and established enterprises, creating a thriving market for mobile app development. The city offers resources like incubators, accelerators, and funding opportunities to help businesses grow.

**Why It Matters:** Mobile development agencies in New York can cater to a wide range of clients, from ambitious startups looking to make their mark to large corporations aiming to enhance their digital presence. This versatility strengthens their expertise and reputation.

****Conclusion****

New York’s combination of talent, industry diversity, and technological innovation makes it a prime location for leading mobile development agencies. Mobile app development companies in New York thrive in an environment that encourages creativity, collaboration, and excellence, enabling them to deliver world-class solutions.

For businesses seeking to create impactful mobile apps, partnering with a New York-based agency ensures access to top-tier expertise and innovative technologies. As the city continues to drive advancements in the digital space, it remains a global leader in mobile app development.

1.  21 Best Amazon PPC Management Agencies
2.  Top SEO Agencies in the UK: Expert Insights
3.  The Idea of Web3 and 7 Global Web3 Agencies
4.  Kotlin app development company – How to choose
5.  Benefits of hiring a Java web appl development company
6.  5 Best Crypto Marketing Agencies for Web3 Security Brands

Why New York is a Prime Location for Leading Mobile Development Agencies

This is the first time Russia has used its so-called Oreshnik intermediate-range ballistic missile in combat. The launch also serves as a warning to the West.

Two days ago, Russian president Vladimir Putin announced a change in the country's policy for employing nuclear weapons in conflict. Then, on Thursday, Russia attacked the Ukrainian city of Dnipro with a new type of ballistic missile capable of one day delivering multiple nuclear warheads to distant targets with little warning.

Putin says his ballistic missile attack on Ukraine is a warning to the West.

These events are just part of what has been a week of escalation in the war between Russia and Ukraine. In recent days, Ukraine fired US-made ATACMS tactical ballistic missiles and UK-supplied Storm Shadow missiles at targets in Russian territory for the first time. This followed approval by President Joe Biden for Ukraine to use US-provided longer-range missiles against Russian targets. Previously, Ukraine was only permitted to use them on its own territory.

In a rare televised statement Thursday, Putin said he ordered Russia's military to strike Dnipro, home to Soviet-era rocket factories, using a ballistic missile named Oreshnik. This means “hazelnut tree” in Russian. The attack was the first use of the Oreshnik missile “under combat conditions,” Putin said.

Videos from Dnipro posted on social media show multiple projectiles exploding as they impact the ground at high speed. Local residents in Dnipro said the Oreshnik missile struck an industrial plant operated by PA Pivdenmash, formerly known as Yuzhmash. The PA Pivdenmash factory previously manufactured booster stages for the Soviet-era Zenit rocket and, most recently, first-stage tanks for the US-operated Antares rocket for Northrop Grumman.

**Threats From the Kremlin**

Sabrina Singh, the Pentagon's deputy press secretary, called the weapon used Thursday an “experimental intermediate-range ballistic missile” based on Russia's RS-26 Rubezh intercontinental ballistic missile model. While the strike before dawn Thursday used conventional munitions, the impact of multiple projectiles suggests the missile employed multiple reentry vehicles, or MIRVs, similar to the way Russia might use the missile in a nuclear attack.

Singh said the missile could be refitted with different types of conventional or nuclear warheads. She said Russia notified the US government of the planned attack “briefly” before it happened through nuclear risk-reduction channels.

Ukrainian government officials initially said the attack on Dnipro was by an ICBM rather than an intermediate-range weapon, or IRBM.

ICBMs typically follow long, arcing trajectories that take the missiles into space, above the discernible atmosphere, as they travel to faraway targets. An intermediate-range missile, classified as a weapon that can travel between 3,000 and 5,500 kilometers, could also reach space, although the exact altitude reached by the Oreshnik missile was unknown Thursday.

“An IRBM and an ICBM, they can have similar flight paths. They can have high trajectories,” Singh said. “They can carry large payloads, but the main difference lies in the range and the strategic purpose.”

The Oreshnik missile launched Tuesday apparently took off from Russia’s Kapustin Yar rocket base roughly 800 kilometers from Dnipro, well away from intense fighting.

This is the first time any IRBM has been used in combat. The Intermediate-Range Nuclear Forces Treaty, ratified by the United States and the Soviet Union in 1988, banned ground-launched IRBMs. The US pulled out of the treaty in 2019 under the first Trump administration, citing noncompliance from Russia. At the time, US officials noted that China, which was not a signatory to the treaty, possessed more than 1,000 IRBMs in its arsenal.

Putin said Western air defenses are not capable of destroying the Oreshnik missile in flight, although this claim can't be verified. He said Russia would provide warnings to Ukraine in advance of similar missile attacks in the future to allow civilians to escape danger zones.

The Oreshnik missiles strike their targets at speeds of up to Mach 10, or 2.5 to 3 kilometers per second, Putin said. “The existing air defense systems around the world, including those being developed by the US in Europe, are unable to intercept such missiles.”

**A Global War?**

In perhaps the most chilling part of his remarks, Putin said the conflict in Ukraine is “taking on global dimensions” and said Russia is entitled to use missiles against Western countries supplying weapons for Ukraine to use against Russian targets.

“In the event of escalation, we will respond decisively and in kind,” Putin said. “I advise the ruling elites of those countries planning to use their military forces against Russia to seriously consider this.”

The change in nuclear doctrine authorized by Putin earlier this week also lowers the threshold for Russia’s use of nuclear weapons to counter a conventional attack that threatens Russian “territorial integrity.”

This seems to have already happened. Ukraine launched an offensive into Russia’s Kursk region in August, taking control of more than 1,000 square kilometers of Russian land. Russian forces, assisted by North Korean troops, are staging a counteroffensive to try to retake the territory.

Singh called Russia’s invitation of North Korean troops “escalatory” and said Putin could “choose to end this war today.”

US officials say Russian forces are suffering some 1,200 deaths or injuries per day in the war. In September, The Wall Street Journal reported that US intelligence sources estimated that a million Ukrainians and Russians had been killed or wounded in the war.

The UN Human Rights Office most recently reported that 11,973 civilians have been killed, including 622 children, since the start of the full-scale Russian invasion in February 2022.

“We warned Russia back in 2022 not to do this, and they did it anyways, so there are consequences for that,” Singh said. “But we don't want to see this escalate into a wider regional conflict. We don't seek war with Russia.”

_This story originally appeared on_ _Ars Technica._

Russia’s Ballistic Missile Attack on Ukraine Is an Alarming First

Government agencies and non-governmental organizations in the United States have become the target of a nascent China state threat actor known as Storm-2077.
The adversary, believed to be active since at least January 2024, has also conducted cyber attacks against the Defense Industrial Base (DIB), aviation, telecommunications, and financial and legal services across the world, Microsoft said.

Google Exposes GLASSBRIDGE: A Pro-China Influence Network of Fake News Sites

The North Korea-linked threat actor known as Sapphire Sleet is estimated to have stolen more than $10 million worth of cryptocurrency as part of social engineering campaigns orchestrated over a six-month period.
These findings come from Microsoft, which said that multiple threat activity clusters with ties to the country have been observed creating fake profiles on LinkedIn, posing as both

North Korean Hackers Steal $10M with AI-Driven Scams and Malware on LinkedIn

Plus: The worst telecom hack in US history rolls on, iPhones are harder to break into, and more of the week’s top security news.

A joint investigation by WIRED, Bayerischer Rundfunk (BR), and Netzpolitik.org uncovered that US companies legally collecting digital ad data are enabling adversaries to cheaply track American military and intelligence personnel. A collaborative analysis of billions of location coordinates from a US-based data broker revealed detailed tracking of thousands of devices from sensitive US sites in Germany, including NSA facilities and bases reportedly housing US nuclear weapons.

Elsewhere, social media giant Meta has disclosed for the first time its efforts to combat the forced-labor compounds driving the surge in pig butchering scams on its platforms. The company revealed that it has been quietly collaborating with global law enforcement, tech industry partners, and external experts for over two years to dismantle the crime syndicates behind these operations in Southeast Asia and the UAE. This year alone, Meta reports it has taken down more than 2 million accounts linked to scam compounds in Myanmar, Laos, Cambodia, the Philippines, and the UAE.

At the Cyberwarcon security conference on Friday, the cybersecurity firm SpyCloud shared findings about publicly accessible black market services offering low-cost access to sensitive information on Chinese citizens, including phone numbers, banking details, hotel and flight records, and even real-time location data. According to the firm’s researchers, these services seem to obtain their data through insiders within Chinese surveillance agencies and government contractors, who sell their access. Also at the conference, cybersecurity firm Volexity uncovered that a Russian hacking group has reportedly developed a novel Wi-Fi-hacking technique that involves taking control of a nearby laptop and using it as a bridge to infiltrate a targeted Wi-Fi network. Dubbed a “nearest neighbor attack,” the method was uncovered during a 2022 investigation by the firm into a network breach of an unnamed Washington, DC. client. And finally, researchers explored how the US is calling out foreign influence campaigns faster than they ever have—but there’s plenty of room for improvement.

That’s not all. Each week, we round up the security and privacy news we didn’t cover in depth ourselves. Click on the headlines to read the full stories. And stay safe out there.

**“King of Toxic Masculinity” Gets Hacked**

Hacktivists have breached an online “educational platform” founded by the misogynistic right-wing influencer Andrew Tate reportedly revealing the email addresses of hundreds of thousands of users as well as the contents of the platforms’ private chat servers. Data from the hack, first reported by the Daily Dot, has now been published by the transparency nonprofit Distributed Denial of Secrets.

Andrew Tate, the so-called “king of toxic masculinity,” is currently under house arrest in Romania and faces two separate criminal charges, including allegations of forming an organized criminal group and trafficking women across Romania, the UK, and the US.

The compromised platform, a subscription-based service known as The Real World (formerly called Hustler's University), describes itself as a “global community” focused on “personal growth.” According to its website, members receive expert training, mentorship, and access to a wide range of educational courses for around $50 per month.

According to the Daily Dot, hacktivists announced their breach of the platform on Thursday by disrupting the course's main chatroom with a barrage of uploaded emojis while Tate was livestreaming an episode of his show _Emergency Meeting_ on Rumble. The emojis included a transgender pride flag, a feminist fist, an AI-generated image of Tate wrapped in a rainbow flag.

Data from the breach, verified by WIRED, includes more than 700,000 usernames and reportedly includes messages from 221 public and 395 private chat servers. An analysis by the Daily Dot reveals a mix of content within the chat logs, ranging from motivational quotes and personal progress updates to grievances about the “LGBTQ agenda.” WIRED is continuing to analyze the leaked material.

**The “Worst Telecom Hack in US History” Is Still Ongoing**

Chinese government hackers have infiltrated over a dozen US telecommunications companies in what a senior senator is calling the worst telecom breach in American history—and they’re still inside the networks. The hacking group, Salt Typhoon, has been able to eavesdrop on audio calls in real time and obtain millions of records of call and text metadata from targeted individuals, according to a Washington Post interview with Senator Mark Warner of Virginia, chairman of the Senate Intelligence Committee.

Fewer than 150 victims have been identified and notified by the FBI so far—most of them in the DC region—including president-elect Donald Trump, his vice president-elect, JD Vance, as well as people working for Vice President Kamala Harris and state department officials.

Warner said, however, that the effort was not directly election-related, as the hackers got into some telecom systems more than a year ago.

**Leaked Documents Show GrayKey Struggles to Access Modern iPhones**

Leaked documents obtained by 404 Media reveal that GrayKey, a phone-hacking tool used by law enforcement to extract data from devices in their possession, can at the moment only partially access information from modern iPhones running iOS 18.0 and 18.0.1.

While the precise details of exactly how Graykey operates are unknown, the tool reportedly brute-forces iPhone or Android passcodes to unlock them—essentially hacking the phone—allowing law enforcement to then access and extract encrypted device data. While the specific types of data accessible during a “partial” extraction are unclear, it likely includes unencrypted files and metadata, such as file sizes and folder structures.

The document provides context to an ongoing cat-and-mouse dynamic between forensic technology companies and mobile device manufacturers. With each new software update, tools like GrayKey are temporarily thwarted, prompting developers to quickly adapt their technology to catch up. At the moment it appears that they have not. This leak follows another report from 404 Media about a feature in iOS 18 called “inactivity reboot,” which forces devices to restart after four days of inactivity, adding another layer of difficulty for law enforcement attempting to access data on seized devices.

**Europe Probes Undersea Cable Sabotage**

European authorities are investigating suspected sabotage to two undersea fiber-optic cables: one linking Finland and Germany, and the other connecting Sweden and Lithuania. Russia—widely suspected as the likely perpetrator—denies involvement, dismissing the allegations as “ridiculous.”

The incident began on Sunday when two telecommunications companies detected traffic disruptions likely caused by physical damage to undersea cables. One of the affected cables, known as C-Lion—a vital 730-mile link between Finland and Central Europe—runs alongside other critical infrastructure, including gas pipelines and power lines.

By Wednesday, the Danish navy had reportedly intercepted a Chinese cargo ship in connection with the disruptions. The vessel, which had most recently docked in Russia before the incident, was near the damaged area at the time. It is now under investigation, with its crew being questioned about their possible involvement.

Andrew Tate’s ‘Educational Platform’ Was Hacked

Attackers are betting that the hype around generative AI (GenAI) is attracting less technical, less cautious developers who might be more inclined to download an open source Python code package for free access, without vetting it or thinking twice.

Source: Adrian Vidal via Alamy Stock Photo

Two Python packages claiming to integrate with popular chatbots actually transmit an infostealer to potentially thousands of victims.

Publishing open source packages with malware hidden inside is a popular way to infect application developers, and the organizations they work for or serve as customers. In this latest case, the targets were engineers eager to make the most out of OpenAI's ChatGPT and Anthrophic's Claude generative artificial intelligence (GenAI) platforms. The packages, claiming to offer application programming interface (API) access to the chatbot functionality, actually deliver an infostealer called "JarkaStealer."

"AI is very hot, but also, many of these services require you to pay," notes George Apostopoulos, founding engineer at Endor Labs. As a result, in malicious circles, there's an effort to attract people to free access, "and people that don't know better will fall for this."

**Two Malicious "GenAI" Python Packages**

About this time last year, someone created a profile with the username "Xeroline" on the Python Package Index (PyPI), the official third-party repository for open source Python packages. Three days later, the person published two custom packages to the site. The first, "gptplus," claimed to enable API access to OpenAI's GPT-4 Turbo language learning model (LLM). The second, "claudeai-eng," offered the same for ChatGPT's popular competitor, Claude.

Neither package does what it says it does, but each provide users with a half-baked substitute — a mechanism for interacting with the free demo version of ChatGPT. As Apostopoulos says, "At first sight, this attack is not unusual, but what makes it interesting is if you download it and you try to use it, it will kind of look like it works. They committed the extra effort to make it look legitimate."

Under the hood, meanwhile, the programs would drop a Java archive (JAR) file containing JarkaStealer.

JarkaStealer is a newly documented infostealer sold in the Russian language Dark Web for just $20 — with various modifications available for $3 to $10 apiece — though its source code is also freely available on GitHub. It's capable of all the basic stealer tasks one might expect: stealing data from the targeted system and browsers running on it, taking screenshots, and grabbing session tokens from various popular apps like Telegram, Discord, and Steam. Its efficacy at these tasks is debatable.

**Gptplus & claudeai-eng's Year in the Sun**

The two packages managed to survive on PyPI for a year, until researchers from Kaspersky recently spotted and reported them to the platform's moderators. They've since been taken offline but, in the interim, they were each downloaded more than 1,700 times, across Windows and Linux systems, in more than 30 countries, most often the United States.

Those download statistics may be slightly misleading, though, as data from the PyPI analytics site "ClickPy" shows that both — particularly gptplus — experienced a huge drop in downloads after their first day, hinting that Xeroline may have artificially inflated their popularity (claudeai-eng, to its credit, did experience steady growth during February and March).

"One of the things that \[security professionals\] recommend is that before you download it, you should see if the package is popular — if other people are using it. So it makes sense for the attackers to try to pump this number up with some tricks, to make it look like it's legit," Apostopoulos says.

He adds, "Of course, most average people won't even bother with this. They will just go for it, and install it."

**About the Author**

Nate Nelson is a freelance writer based in New York City. Formerly a reporter at Threatpost, he contributes to a number of cybersecurity blogs and podcasts. He writes "Malicious Life" -- an award-winning Top 20 tech podcast on Apple and Spotify -- and hosts every other episode, featuring interviews with leading voices in security. He also co-hosts "The Industrial Security Podcast," the most popular show in its field.

Faux ChatGPT, Claude API Packages Deliver JarkaStealer

The Kubernetes kubelet component allows arbitrary command execution via specially crafted gitRepo volumes.This issue affects kubelet: through 1.28.11, from 1.29.0 through 1.29.6, from 1.30.0 through 1.30.2.

Attack vector: More severe the more the remote (logically and physically) an attacker can be in order to exploit the vulnerability.

Attack complexity: More severe for the least complex attacks.

Privileges required: More severe if no privileges are required.

User interaction: More severe when no user interaction is required.

Scope: More severe when a scope change occurs, e.g. one vulnerable component impacts resources in components beyond its security scope.

Confidentiality: More severe when loss of data confidentiality is highest, measuring the level of data access available to an unauthorized user.

Integrity: More severe when loss of data integrity is the highest, measuring the consequence of data modification possible by an unauthorized user.

Availability: More severe when the loss of impacted component availability is highest.

GHSA-27wf-5967-98gx:  Kubernetes kubelet arbitrary command execution

Inadequate Encryption Strength vulnerability in Apache Answer.

This issue affects Apache Answer: through 1.4.0.

The ids generated using the UUID v1 version are to some extent not secure enough. It can cause the generated token to be predictable.
Users are recommended to upgrade to version 1.4.1, which fixes the issue.

Latest News