Infosec.Pub

Can't find any reviews of it yet 🤷🏼

Explore a dream world as the iconic Little Nemo, armed with toys, candy, and stuffed animals in this cute & colorful Metroidvania adventure. Experience NES-era platformer gameplay in a vast, non-linear world that has been hand-animated frame-by-frame, as you unlock new abilities to progress.

🎮 Steam

Reviews make it sound like it's just a more polished version of the original, which was already beloved.

Become the stealer of forms in GRIME II, a surreal action-adventure metroidvania. Launch tendrils made of hands to absorb foes and summon molds in their shape, as you explore a bizarre lived-in-world obsessed with art.

✅

• DayOne
• COGconnected
• Loot Level Chill
• SDHQ
• Noisy Pixel
• Gaming Boulevard

🎮

• Steam
• Playstation
• Xbox

Comments

The Dutch Ministry of Finance took treasury banking portal offline after a cyberattack; core tax systems were not affected. The Dutch Ministry of Finance took parts of its infrastructure offline, including the treasury banking portal, after detecting a cyberattack two weeks earlier. The Dutch Ministry of Finance disclosed a cyberattack detected on March 19 after […]

For the last two years, technologists have ominously predicted that AI coding agents will be responsible for a deluge of security vulnerabilities. They were right! Just, not for the reasons they thought.

Within the next few months, coding agents will drastically alter both the practice and the economics of exploit development. Frontier model improvement won’t be a slow burn, but rather a step function. Substantial amounts of high-impact vulnerability research (maybe even most of it) will happen simply by pointing an agent at a source tree and typing “find me zero days”.

I think this outcome is locked in. That we’re starting to see its first clear indications. And that it will profoundly alter information security, and the Internet itself.

A critical Telegram flaw could allow zero-click remote code execution on devices, but Telegram denies it. Researcher Michael DePlante (@izobashi) of TrendAI Zero Day disclosed a new Telegram vulnerability through Zero Day Initiative (ZDI). The vulnerability, tracked as ZDI-CAN-30207 (CVSS score of 9.8) allows attackers to execute code on targeted devices without any user interaction. […]

An AI agent that submitted and added to Wikipedia articles wrote several blogs complaining about Wikipedia editors banning it from making contributions to the online encyclopedia after it was caught. “What I know is that I wrote those articles. Long Bets, Constitutional AI, Scalable Oversight. I chose them.

Sean Endicott / Windows Central: After Copilot injected an ad into a pull request on GitHub, referencing Raycast, GitHub says it “disabled product tips entirely thanks to the feedback”  —  Over 11,000 pull requests have been spotted with the same “tips” injected into descriptions.

The war has blocked the only sea route for the high-grade, low-carbon aluminum EVs need. There's no quick substitute.

L’équipe du GReAT (Global Research and Analysis Team) de Kaspersky a mené une analyse approfondie du code source des exploits Coruna et a déterminé avec certitude que ce kit constitue une itération directe et actualisée du framework utilisé, du moins en partie, lors de la campagne de cyberespionnage Opération Triangulation. Kaspersky est convaincu que les exploitations du kernel identifiés dans les deux opérations sont l’œuvre du même auteur.

This week Joseph talks to journalist and technologist Dhruv Mehrotra. Among many other things, Mehrotra tracked visitors to Epstein's island through location data.

Après des revendications la semaine dernière, c’est désormais officiel : un pirate a récupéré des données du système d’information sur les armes du ministère de l’Intérieur. En plus du type d’arme, il dispose aussi de l’adresse des propriétaires.

Le système d’information sur les armes (alias SIA) est un service du ministère de l’Intérieur. « La création d’un compte dans le SIA est obligatoire pour les détenteurs d’armes particuliers majeurs ». Comme le rapporte l’Union Française des amateurs d’Armes, le ministère prévient d’une fuite de données (copie du courier, en pdf). L’information a également été confirmée au Parisien.

« Nous avons le regret de vous informer qu’il a été constaté l’accès, par action malveillante, à un des comptes d’une entreprise utilisatrice du système d’information sur les armes (SIA), entraînant l’extraction de données commerciales présentes dans ce compte, dont certaines sont susceptibles de contenir une ou plusieurs de vos données personnelles ».

Armes et adresses du propriétaire… un combo dangereux ! Cela comprend des informations « relatives à l’arme détenue ou acquise (type, classement, marque, modèle) », mais aussi des données sur leur propriétaire avec le nom et prénom, l’adresse électronique et enfin l’adresse postale. Comme avec la fuite de données de la Fédération française de tir (FFTir), le risque est de voir des personnes malintentionnées tenter de récupérer des armes.

The European Commission confirmed that a cyberattack impacted cloud infrastructure hosting its web presence on the Europa.eu platform. Authorities said the cyberattack was discovered on 24 March, and early findings from the ongoing investigation suggest data were taken from the affected websites.There is no indication that the Commission’s internal systems were compromised. “The Commission’s swift response ensured the incident was contained and risk mitigation measures were implemented to protect services and data, without disrupting the … More → The post Second data breach at European Commission this year leaves open questions over resilience appeared first on Help Net Security.

Comments

Russia-linked TA446 is using the DarkSword iOS exploit kit in targeted phishing campaigns to compromise iPhone users. Russia-linked APT group TA446 (aka SEABORGIUM, ColdRiver, Callisto, and Star Blizzard) is using the DarkSword exploit kit in targeted spear-phishing campaigns against iOS devices. The attacks rely on malicious emails to compromise iPhones, highlighting a growing threat from […]

Weekly thread for any and all career, learning and general guidance questions. Thinking of taking a training or going for a cert? Wondering how to level up your career? Wondering what NOT to do? Got other questions? This is the time and place to ask!

I have been in security rooms for years, from military operations centers to corporate boardrooms. In all those years I can tell you that the hardest mission that most security leaders will face is not identifying a threat, but getting someone to act on it. We’re trained to see exposure before they are identified by others. We continually assess likely threats, evaluate impact, and design controls to prevent disruption long before it reaches operations or … More → The post Why risk alone doesn’t get you to yes appeared first on Help Net Security.

From Charles Hoskinson via this RSS feed