Now Playing
ShinyHunters' Kodak Deadline, 24B Credential Dump & Vertex AI Patch
Audio is available on Spreaker — see link below.
ShinyHunters gives Kodak until June 18 to respond or face exposure of 2.2 million records, while researchers uncover a 24-billion-credential Elasticsearch dump fuelled by live infostealer logs. Plus: the Vertex AI race-condition patch and unverified ICAI exam-portal breach claims.
Audio is available on Spreaker — see link below.
A vulnerability in Google's Vertex AI SDK allowed attackers to intercept machine learning models in production and inject malicious code before the legitimate upload could complete. Google patched it on April fifteenth in version one point one four eight point zero.
The more time-sensitive story right now is Kodak. ShinyHunters has set a June eighteenth deadline for the company to make contact or watch two point two million records get published.
Elsewhere, researchers discovered an exposed Elasticsearch cluster holding roughly twenty-four billion credentials pulled from thirty-six separate sources. The database has since been taken offline, but that takedown only matters if the data hadn't already moved.
One story to track carefully rather than act on. Claims circulating on social media allege that a threat actor called zowico gained superadmin access to India's ICAI chartered accountancy exam portal with the ability to modify results.
Three things to track from here. Whether Kodak reaches June eighteenth without a data dump, which tells us something real about corporate extortion posture.
Chapter summary auto-generated from the verified script. Listen to the full episode for the complete content.