At a glance.
- DOGE staffer mistakenly leaks xAI private key.
- Avantic Medical Lab sustains breach of patient data.
- North Korean threat actor plants malicious npm packages.
DOGE staffer mistakenly leaks xAI private key.
KrebsOnSecurity reports that DOGE staffer Marko Elez mistakenly published a private API key on GitHub that allowed anyone to directly interact with at least 52 different LLMs used by xAI. Philippe Caturegli from security consultancy Seralys told Krebs that the hardcoded key was removed from the repository after Elez was notified, but the key hasn't yet been revoked.
It's worth noting that Elez has also been granted access to sensitive databases at the US Social Security Administration, the Treasury and Justice departments, and the Department of Homeland Security, so this latest incident adds to ongoing concerns about DOGE's security culture.
Avantic Medical Lab sustains breach of patient data.
New Jersey-based clinical laboratory Avantic Medical Lab has sustained a data breach following a ransomware attack by the Everest gang, BeyondMachines reports. The gang published 31 GB of the allegedly stolen data after the lab refused to pay a ransom. The leaked data reportedly contains patients' personal, financial, and medical data from between 2018 and 2023. The exposed health information includes diagnoses, medical histories, health insurance information, blood draw dates and test types, diagnostic test results, and insurer correspondence.
The lab has not yet issued an official notice to patients. The company offers services throughout New Jersey, New York, and Pennsylvania.
North Korean threat actor plants malicious npm packages.
Researchers at Socket have published a report on a software supply chain attack attributed to a North Korean threat actor behind the Contagious Interview operation. The threat actor planted 67 malicious packages within the npm ecosystem, which have been collectively downloaded more than 17,000 times. The packages are designed to deliver a newly observed malware loader dubbed "XORIndex."
Socket states, "As in the HexEval campaign, the XORIndex Loader collects host metadata, decodes its follow-on script, and, when triggered, fetches and executes BeaverTail — the staple second-stage malware in the North Korean Contagious Interview threat actors’ arsenal. BeaverTail, in turn, references InvisibleFerret, a known third-stage backdoor linked to this operation."
