Infosec.Pub

L'un des piliers de l'écosystème JavaScript, la bibliothèque Axios, a été compromise pour diffuser un malware. En piratant le compte d'un mainteneur, des attaquants ont injecté une dépendance malveillante dans deux versions officielles, exposant serveurs et postes de travail au vol de données.

A number of Baidu Inc.’s Apollo Go robotaxis suddenly stopped on the streets of China’s Wuhan city on Tuesday, leaving passengers stranded and raising concerns about the safety and reliability of autonomous driving technology.

Machine learning models built to catch malware on Windows systems are typically evaluated on data that closely resembles their training set. In practice, the malware arriving on enterprise endpoints looks different, comes from different sources, and in many cases has been deliberately obfuscated to evade detection. A study from researchers at the Polytechnic of Porto tests what happens when that gap is made explicit, and the results have direct implications for organizations relying on static … More → The post Malware detectors trained on one dataset often stumble on another appeared first on Help Net Security.

No, the sky isn't falling, but Q Day is coming, and it won't be as expensive as thought.

Cisco has suffered a cyberattack after threat actors used stolen credentials from the recent Trivy supply chain attack to breach its internal development environment and steal source code belonging to the company and its customers. [...]

Researchers say some targets correlate with cities hit by Iranian missile strikes Suspected Iran-linked threat actors are conducting password-spraying attacks against hundreds of organizations, primarily Middle Eastern municipalities, in campaigns that security researchers believe may have been aimed at supporting bomb-damage assessment following missile strikes.…

When Apple discovers trending popular emojis, or when Google reports traffic at a busy restaurant, they're analyzing large datasets made up of individual people. Those people's personal information is systematically protected thanks in large part to research by Harvard computer scientists. Now, after two decades of work on the cryptography-adjacent mathematical framework known as differential privacy, researchers in the John A. Paulson School of Engineering and Applied Sciences have reached a key milestone in moving privacy best practices from academia into real-world applications.

With ever increasing sizes of various programs (video games being notorious for this), the question of size optimization comes up more and more often. [Nathan Otterness] shows us how it’s …read more

Reviews are surprisingly good. I didn't find one below an 8.5

A Souls-Like Western full of Eldritch horrors. Explore the accursed Wild West town of Tombwater and lay bare the darkness that lies beneath. Survive blood-spilling combat in this gruesome 2D action-RPG that may just drive you to madness.

🎮 Steam ✅

• COGconnected
• The Punished Backlog
• Gameliner
• The Gaming Outsider
• VDGMS

Guru Baran / Cyber Security News: Anthropic's Claude Code Source Code Reportedly Leaked Via Their npm Registry  —  Anthropic's proprietary Claude Code CLI tool has had its full TypeScript source code inadvertently exposed through a misconfigured npm package, after a security researcher discovered a leaked .map file referencing …

Hijacked maintainer account let attackers slip cross-platform trojan into 100M-downloads-a-week Axios One of npm's most widely used HTTP client libraries briefly became a malware delivery vehicle after attackers hijacked a maintainer's account and slipped a remote-access trojan (RAT) into two seemingly legitimate axios releases, in what's being described as "one of the most impactful npm supply chain attacks on record."…

Can't find any reviews of it yet 🤷🏼

Explore a dream world as the iconic Little Nemo, armed with toys, candy, and stuffed animals in this cute & colorful Metroidvania adventure. Experience NES-era platformer gameplay in a vast, non-linear world that has been hand-animated frame-by-frame, as you unlock new abilities to progress.

🎮 Steam

Reviews make it sound like it's just a more polished version of the original, which was already beloved.

Become the stealer of forms in GRIME II, a surreal action-adventure metroidvania. Launch tendrils made of hands to absorb foes and summon molds in their shape, as you explore a bizarre lived-in-world obsessed with art.

✅

• DayOne
• COGconnected
• Loot Level Chill
• SDHQ
• Noisy Pixel
• Gaming Boulevard

🎮

• Steam
• Playstation
• Xbox

Comments

The Dutch Ministry of Finance took treasury banking portal offline after a cyberattack; core tax systems were not affected. The Dutch Ministry of Finance took parts of its infrastructure offline, including the treasury banking portal, after detecting a cyberattack two weeks earlier. The Dutch Ministry of Finance disclosed a cyberattack detected on March 19 after […]

For the last two years, technologists have ominously predicted that AI coding agents will be responsible for a deluge of security vulnerabilities. They were right! Just, not for the reasons they thought.

Within the next few months, coding agents will drastically alter both the practice and the economics of exploit development. Frontier model improvement won’t be a slow burn, but rather a step function. Substantial amounts of high-impact vulnerability research (maybe even most of it) will happen simply by pointing an agent at a source tree and typing “find me zero days”.

I think this outcome is locked in. That we’re starting to see its first clear indications. And that it will profoundly alter information security, and the Internet itself.