Critical Unpatched Ray AI Platform Vulnerability Exploited for Cryptocurrency Mining
Mar 27, 2024
Vulnerability / Data Security
Cybersecurity researchers are warning that threat actors are actively exploiting a "disputed" and unpatched vulnerability in an open-source artificial intelligence (AI) platform called Anyscale Ray to hijack computing power for illicit cryptocurrency mining. "This vulnerability allows attackers to take over the companies' computing power and leak sensitive data," Oligo Security researchers Avi Lumelsky, Guy Kaplan, and Gal Elbaz said in a Tuesday disclosure. "This flaw has been under active exploitation for the last seven months, affecting sectors like education, cryptocurrency, biopharma, and more." The campaign, ongoing since September 2023, has been codenamed ShadowRay by the Israeli application security firm. It also marks the first time AI workloads have been targeted in the wild through shortcomings underpinning the AI infrastructure. Ray is an open-source, fully-managed compute framework that allows organizations to build, train, and ...