22Juil 2025 by Webmaster

Introducing OSS Rebuild: Open Source, Rebuilt to Last (Google Online Security Blog)

Sécurité
Posted by Matthew Suozzo, Google Open Source Security Team (GOSST) Today we're excited to announce OSS Rebuild, a new project to strengthen trust in open source package ecosystems by reproducing upstream artifacts. As supply chain attacks continue to target widely-used dependencies, OSS Rebuild gives security teams powerful data to avoid compromise without burden on upstream maintainers. The project comprises: Automation to derive declarative build definitions for existing PyPI (Python), npm (JS/TS), and Crates.io (Rust) packages. SLSA Provenance for thousands of packages across our supported ecosystems, meeting SLSA Build Level 3 requirements with no publisher intervention. Build observability and verification tools that security teams can integrate into their existing vulnerability management workflows. Infrastructure definitions to allow organizations to easily run their own instances of OSS Rebuild to rebuild, generate, sign, and…
Read More
20Juil 2025 by Webmaster

Poor Passwords Tattle on AI Hiring Bot Maker Paradox.ai (Krebs on Security)

Sécurité
Security researchers recently revealed that the personal information of millions of people who applied for jobs at McDonald’s was exposed after they guessed the password (“123456”) for the fast food chain’s account at Paradox.ai, a company that makes artificial intelligence based hiring chatbots used by many Fortune 500 firms. Paradox.ai said the security oversight was an isolated incident that did not affect its other customers, but recent security breaches involving its employees in Vietnam tell a more nuanced story. A screenshot of the paradox.ai homepage showing its AI hiring chatbot “Olivia” interacting with potential hires. Earlier this month, security researchers Ian Carroll and Sam Curry wrote about simple methods they found to access the backend of the AI chatbot platform on McHire.com, the McDonald’s website that many of its franchisees…
Read More
20Juil 2025 by Webmaster

Poor Passwords Tattle on AI Hiring Bot Maker Paradox.ai (Krebs on Security)

Sécurité
Security researchers recently revealed that the personal information of millions of people who applied for jobs at McDonald’s was exposed after they guessed the password (“123456”) for the fast food chain’s account at Paradox.ai, a company that makes artificial intelligence based hiring chatbots used by many Fortune 500 firms. Paradox.ai said the security oversight was an isolated incident that did not affect its other customers, but recent security breaches involving its employees in Vietnam tell a more nuanced story. A screenshot of the paradox.ai homepage showing its AI hiring chatbot “Olivia” interacting with potential hires. Earlier this month, security researchers Ian Carroll and Sam Curry wrote about simple methods they found to access the backend of the AI chatbot platform on McHire.com, the McDonald’s website that many of its franchisees…
Read More