Tech Risk Reading Picks

1. Infiltration using AI models: Hackers are leveraging AI models to exploit companies using traditional cyberattack methods, with open-source models presenting new security challenges. Researchers found hundreds of malicious models on Hugging Face, highlighting the risks of hidden threats in AI systems. While proprietary models offer more security, many companies prefer open-source options despite the increased risk. Attackers can overload AI models, inject malicious code, or create imposter versions with slight misspellings to deceive users. As AI adoption grows, businesses often fail to implement proper security policies, leaving them vulnerable. With AI advancing rapidly, especially agentic AI that can execute tasks autonomously, cybersecurity threats are expected to rise significantly. [more]

2. NIST Adversarial Machine Learning - A Taxonomy and Terminology of Attacks and Mitigations: NIST published its finalised Trustworthy and Responsible AI report provides a structured taxonomy and defines key terminology in adversarial machine learning (AML), organizing concepts into a hierarchy that includes ML methods, attack life cycle stages, and attacker attributes. It highlights challenges in AI system security and outlines mitigation strategies while maintaining consistency with existing AML literature. The report aims to establish a common language for AML, supporting future standards and best practices for securing AI systems. [more]

3. 3rd party breach threat landscape: The 2025 Global Third-Party Breach Report by SecurityScorecard reveals a decline in tech sector breaches from 75% to 46.75%, signaling a diversification of attack surfaces. Retail and hospitality sectors had the highest breach rate (52.4%), while healthcare reported the most breaches (78). Singapore led globally in third-party breaches (71.4%), with the U.S. below average at 30.9%. Ransomware attacks exploiting third-party access made up 41.4% of cases, with the C10p group identified as a key actor. SecurityScorecard stresses the need for real-time monitoring, vendor risk management, and secure-by-design technologies to mitigate risks, recommending stringent procurement standards and infrastructure hardening. [more]

4. Risk of using GenAI in software development: A recent survey by software testing vendor Applause reveals widespread issues with generative AI tools. The study of 4,400 software developers, QA professionals, and consumers found that most users encounter problems including responses that lack detail, misunderstand prompts, or show bias. Nearly one-third of users have switched AI tools, while over one-third use different tools depending on the task. Despite these challenges, enterprise adoption continues to grow, with companies like Walmart expanding access to AI coding tools while implementing human validation processes. Industry experts recommend experimenting with the technology while establishing appropriate guardrails and risk assessment frameworks based on specific use cases, with stricter quality standards needed for more autonomous AI systems. [more]

5. As evidences accumulate - Oracle Cloud breach?: Security firms are proactively safeguarding their networks and advising customers to take precautionary measures amid claims of a major Oracle Cloud breach, allegedly compromising 6 million data records and impacting over 140,000 customers. While Oracle initially denied the attack and has since remained silent, researchers from CloudSEK and Rapid7 have found evidence supporting the hacker’s claims, linking the breach to a critical vulnerability (CVE-2021-35587) in Oracle Access Manager. Security firms like Rapid7 and Orca Security are rotating credentials as a precaution, while Palo Alto Networks is closely monitoring the situation. Despite skepticism about the breach’s full extent, experts urge organizations using Oracle Cloud to take immediate protective actions. [more]

6. Aviation Cyber Threats: 23 Mar, Kuala Lumpur International Airport (KLIA) experienced significant disruptions due to a ransomware attack demanding a $10 million ransom, which the Malaysian government refused to pay. The cyberattack affected flight information display systems, check-in counters, and other services, causing inconvenience to travelers. This incident highlights the vulnerabilities in critical infrastructure, such as transportation networks, which often lag in cybersecurity measures due to stringent regulations and slow adaptation to emerging threats. [more]

Web3 Cryptospace Spotlight

1. Over 300% more losses through web3 YoY: CertiK’s Q1 2025 Hack3d report highlights a sharp rise in Web3 security breaches, with hackers stealing approximately $1.67 billion across 197 incidents. This marks a 303.38% increase from the previous quarter, largely due to the $1.45 billion Bybit exploit. The report also underscores the growing threat of private key compromises, responsible for $142 million in losses, and phishing, which, despite smaller individual impacts, was the most frequent attack type. Attackers continue to exploit AI, social engineering, and contract manipulation to bypass security defenses. With cryptocurrency adoption and asset values rising, CertiK warns of escalating risks, urging stronger security measures. [more][more_CertiK_report]

2. Meme coin exploited: Decentralized exchange Hyperliquid delisted the Jelly-my-Jelly (JELLY) memecoin following a suspicious short squeeze exploit that saw a whale manipulate its liquidation parameters, making off with millions. The incident, part of a series of high-profile DeFi hacks in 2025, involved leveraged trades across multiple accounts, forcing Hyperliquid’s liquidity vault to absorb losses. Observers criticized the exchange’s response, likening it to FTX’s collapse, while Hyperliquid defended its actions, promising improvements. The JELLY token, launched by Venmo co-founder Iqram Magdon-Ismail, had already seen a steep price drop, reflecting broader concerns about hype-driven DeFi projects. Despite the exploit, losses were widespread, with even the attacker potentially facing a significant financial hit. [more]

3. Manipulating a callback function: A hacker exploited a vulnerability in SIR.trading’s smart contract, stealing $355,000 in TVL by manipulating a callback function linked to Ethereum’s new transient storage feature, introduced in the Dencun hard fork. The flaw allowed the attacker to redirect funds by replacing the Uniswap pool address, highlighting risks in transient storage's implementation. The stolen assets were funneled through Railgun, making recovery unlikely. This incident raises concerns about the security of emerging DeFi protocols and the effectiveness of smart contract audits, serving as a wake-up call for the Ethereum ecosystem to prioritize stronger security measures. [more]