![[The AI Show Episode 146]: Rise of “AI-First” Companies, AI Job Disruption, GPT-4o Update Gets Rolled Back, How Big Consulting Firms Use AI, and Meta AI App](https://www.marketingaiinstitute.com/hubfs/ep%20146%20cover.png)
![Ditching a Microsoft Job to Enter Startup Hell with Lonewolf Engineer Sam Crombie [Podcast #171]](https://cdn.hashnode.com/res/hashnode/image/upload/v1746753508177/0cd57f66-fdb0-4972-b285-1443a7db39fc.png?#)
.jpg?width=1920&height=1920&fit=bounds&quality=70&format=jpg&auto=webp#)
-Nintendo-Switch-2-Hands-On-Preview-Mario-Kart-World-Impressions-&-More!-00-10-30.png?width=1920&height=1920&fit=bounds&quality=70&format=jpg&auto=webp#)
-xl.jpg)
![New iPad 11 (A16) On Sale for Just $277.78! [Lowest Price Ever]](https://www.iclarified.com/images/news/97273/97273/97273-640.jpg)
![Apple Foldable iPhone to Feature New Display Tech, 19% Thinner Panel [Rumor]](https://www.iclarified.com/images/news/97271/97271/97271-640.jpg)
Security news weekly round-up - 9th May 2025
The two prevalent cybersecurity threats that internet users face do not appear to be going anywhere soon. If you're an active reader of this series, you already know what they are; malware and phishing. When you think we're going to have a break, you read another news of another discovery, probably where you least expect it. Also, we thought we knew how to detect deepfakes because they could not mimic heartbeats. Now, based on recent research, it turns out that we were wrong. In other news, today is exactly 5 years since I started this series. Do you want to give me a shout-out? Kindly leave them in the comments section. Thank you. With that out of the way, let's begin. Deepfakes Now Outsmarting Detection By Mimicking Heartbeats Deepfakes can lead to heavy financial losses. That's why you need to confirm the identity of the person that you're talking to even if it appears or sound like them. Before this research, researchers relied on subtle skin color changes caused by human pulse because as it turns out, AI could not fake it. Now, that's not the case. Here is why: The generated deepfakes were impressively high-quality, avoiding common mistakes that plagued earlier generations of fake videos. When the researchers analyzed the deepfakes, they discovered that the fake videos contained valid heart rate signals that closely matched those in the original source videos. What does this mean for our ability to identify fake videos? According to the researchers, we need to shift away from simply looking for the presence or absence of heart rate signals. Instead, future detection methods should analyze how these signals are distributed across the face. Malicious Go Modules Deliver Disk-Wiping Linux Malware in Advanced Supply Chain Attack Have you ever been in a situation where you're planning an important presentation and your system fails to boot? If you end up being a victim of this malware — I hope you don't — that's exactly what will happen to you. That's how destructive this malware is. Here is how to stay safe: To mitigate the risk posed by such supply chain threats, developers are advised to verify package authenticity by checking publisher history and GitHub repository links; audit dependencies regularly; and enforce strict access controls on private keys. Hundreds of e-commerce sites hacked in supply-chain attack When I read about supply-chain attacks, I am uneasy and sometimes think of the Solar Winds hack. Now, let's backtrack for a little while. In this attack, a multi-billion dollar company is among the compromised customers. To make it worse, the malware was reportedly dormant for six years before coming to life. From the article: One of the easiest ways to spot the malicious code is looking for a function added to it that executes a file named $licenseFile as PHP code. The backdoor code checks for a secret key in incoming Web requests and when presented gives the key holder the ability to run commands on the e-commerce server. Researchers Uncover Malware in Fake Discord PyPI Package Downloaded 11,500+ Times Without the efforts of the researchers, there is the possibility that the malware will remain undetected. Now, that the news is out, we need to ask a question: What is the extent of the damage caused by this malware? Yes, it's evident that it has been downloaded more than 11k times, but do we know who downloaded it and the sensitivity of the projects that they were working on? Time will tell. For now, remember the following excerpt from the article: The package in question is discordpydebug, which was uploaded to PyPI on March 21, 2022. It has been downloaded 11,574 times. In a nutshell, discordpydebug could be used to read sensitive data, such as configuration files, tokens, and credentials, tamper with existing files, download additional payloads, and run commands to exfiltrate data. Malicious npm Packages Infect 3,200+ Cursor Users With Backdoor, Steal Credentials The level of trust users can have in an app store or package repository can be reduced if they keep on reading news like this one. As humans, we inherently believe that these platforms should be safe and that what were downloading are safe. Threat actors bank on this trust and serve malware that you willingly download and install yourself. You can take the following away from the article: "This campaign highlights a growing supply chain threat, with threat actors increasingly using malicious patches to compromise trusted local software," Boychenko said. The selling point here is that the attackers are attempting to exploit developers' interest in AI as well as those who are looking for cheaper usage fees for access to AI models. Catching a phish with many faces Phishing has evolved from static web pages designed to steal your login credentials to customized phishing web pages that make it look more convincing that everything is "all rig
The two prevalent cybersecurity threats that internet users face do not appear to be going anywhere soon. If you're an active reader of this series, you already know what they are; malware and phishing. When you think we're going to have a break, you read another news of another discovery, probably where you least expect it.
Also, we thought we knew how to detect deepfakes because they could not mimic heartbeats. Now, based on recent research, it turns out that we were wrong.
In other news, today is exactly 5 years since I started this series. Do you want to give me a shout-out? Kindly leave them in the comments section. Thank you.
With that out of the way, let's begin.
Deepfakes Now Outsmarting Detection By Mimicking Heartbeats
Deepfakes can lead to heavy financial losses. That's why you need to confirm the identity of the person that you're talking to even if it appears or sound like them. Before this research, researchers relied on subtle skin color changes caused by human pulse because as it turns out, AI could not fake it. Now, that's not the case.
Here is why:
The generated deepfakes were impressively high-quality, avoiding common mistakes that plagued earlier generations of fake videos. When the researchers analyzed the deepfakes, they discovered that the fake videos contained valid heart rate signals that closely matched those in the original source videos.
What does this mean for our ability to identify fake videos? According to the researchers, we need to shift away from simply looking for the presence or absence of heart rate signals. Instead, future detection methods should analyze how these signals are distributed across the face.
Malicious Go Modules Deliver Disk-Wiping Linux Malware in Advanced Supply Chain Attack
Have you ever been in a situation where you're planning an important presentation and your system fails to boot? If you end up being a victim of this malware — I hope you don't — that's exactly what will happen to you. That's how destructive this malware is.
Here is how to stay safe:
To mitigate the risk posed by such supply chain threats, developers are advised to verify package authenticity by checking publisher history and GitHub repository links; audit dependencies regularly; and enforce strict access controls on private keys.
Hundreds of e-commerce sites hacked in supply-chain attack
When I read about supply-chain attacks, I am uneasy and sometimes think of the Solar Winds hack. Now, let's backtrack for a little while. In this attack, a multi-billion dollar company is among the compromised customers. To make it worse, the malware was reportedly dormant for six years before coming to life.
From the article:
One of the easiest ways to spot the malicious code is looking for a function added to it that executes a file named $licenseFile as PHP code. The backdoor code checks for a secret key in incoming Web requests and when presented gives the key holder the ability to run commands on the e-commerce server.
Researchers Uncover Malware in Fake Discord PyPI Package Downloaded 11,500+ Times
Without the efforts of the researchers, there is the possibility that the malware will remain undetected. Now, that the news is out, we need to ask a question: What is the extent of the damage caused by this malware?
Yes, it's evident that it has been downloaded more than 11k times, but do we know who downloaded it and the sensitivity of the projects that they were working on?
Time will tell. For now, remember the following excerpt from the article:
The package in question is discordpydebug, which was uploaded to PyPI on March 21, 2022. It has been downloaded 11,574 times.
In a nutshell, discordpydebug could be used to read sensitive data, such as configuration files, tokens, and credentials, tamper with existing files, download additional payloads, and run commands to exfiltrate data.
Malicious npm Packages Infect 3,200+ Cursor Users With Backdoor, Steal Credentials
The level of trust users can have in an app store or package repository can be reduced if they keep on reading news like this one. As humans, we inherently believe that these platforms should be safe and that what were downloading are safe. Threat actors bank on this trust and serve malware that you willingly download and install yourself.
You can take the following away from the article:
"This campaign highlights a growing supply chain threat, with threat actors increasingly using malicious patches to compromise trusted local software," Boychenko said. The selling point here is that the attackers are attempting to exploit developers' interest in AI as well as those who are looking for cheaper usage fees for access to AI models.
Catching a phish with many faces
Phishing has evolved from static web pages designed to steal your login credentials to customized phishing web pages that make it look more convincing that everything is "all right". In reality, it's not. Be careful, and don't click on links in suspicious emails.
From the article, you can read that the threat actors are always evolving their tactics:
Using dedicated phishing-as-a-service (PhaaS) toolkits, attackers can spin up authentic-looking phishing pages on the spot, all while customizing them for whoever they’re targeting. Instead of laboriously cloning a target website, even less tech-savvy attackers can get the toolkits to do the heavy lifting for them – and in real time and on a mass scale at that.
Credits
Cover photo by Debby Hudson on Unsplash.
That's it for this week, and I'll see you next time.
