Infosec.Pub

Given the direction that the Nix project is going, I suspect that many of you Nix users reading along here are currently considering alternatives, and among them Guix.

Personally I've only been using Nix for a few weeks, so my investment is not that big, but how about you? For a technical comparison, you could start with these two articles. If you're on IRC, I'd also suggest to join #guix just in case or look at the other communication options they endorse on their website.

What gives me the most thoughts is the availability of recent-ish software on Guix; but given Guix's FSF-level copyleft culture there's at least the certainty that whatever efforts I might put in to build and package things myself would have the lowest-possible likelihood of suffering corporate/fashtech capture. And we may be picking up momentum to collectively alleviate those problems.

Something’s rotten in New Dino City, and it’s up to you to solve the mystery in GNAW. In this metroidvania, explore a pre-apocalyptic saurian civilization hurtling toward self-annihilation. Meet strange characters, fight off twisted critters, and rescue your beloved city from extinction.

🎥 Youtube

🌐 Steam

cross-posted from: https://scribe.disroot.org/post/4943635

Archived version

Here is the technical report: CN APT targets Serbian Government

A suspected China-linked cyber-espionage campaign has targeted a Serbian government department overseeing aviation, as well as other European institutions, according to new research from the cybersecurity firm StrikeReady.

The campaign began in late September with phishing emails sent to a Serbian government office. Further analysis uncovered similar malicious activity in Hungary, Belgium, Italy and the Netherlands.

Victims who clicked on links in the phishing emails were redirected to fake Cloudflare verification pages — a tactic often used to make malicious sites appear legitimate before delivering malware.

The decoy documents used in the campaign included files themed around European government business, such as a study plan from Serbia’s National Academy of Public Administration, a European Commission meeting agenda, and an invitation to the European Political Community summit.

...

Similar tools and tactics have been seen in other China-linked operations, according to StrikeReady. In August, Google researchers uncovered an espionage campaign attributed to the Chinese group UNC6384, which targeted diplomats in Southeast Asia using Sogu to steal data and execute remote commands. The hackers also deployed PlugX through decoy documents mimicking EU Council meeting agendas.

...

Researchers said China-linked actors also used PlugX last year to spy on European healthcare organizations, and that PlugX infections were detected in more than 170 countries in 2024.

It remains unclear what information was accessed in the latest campaign reported by StrikeReady, or whether the attackers achieved their objectives.

A code execution vulnerability in the Unity game engine could be exploited to achieve code execution on Android and privilege escalation on Windows. [...]

Europol’s Cybercrime Conference has warned that cybercriminals are exploiting new technologies faster than law enforcement can adapt

Manufacturer Resumes Operations at Wolverhampton UnitBritish car maker Jaguar Land Rover began on Monday a phased restoration of operations following a month of cyberattack-induced idleness. Fears of large-scale job losses at the car manufacturer and its extensive network of suppliers led the U.K. government to guarantee a 1.5 billion pound loan.

cross-posted from: https://scribe.disroot.org/post/4925454

Archived version

Broadcom has patched a high-severity privilege escalation vulnerability in its VMware Aria Operations and VMware Tools software, which has been exploited in zero-day attacks since October 2024.

While the American technology giant didn't tag this security bug (CVE-2025-41244) as exploited in the wild, it thanked NVISO threat researcher Maxime Thiebaut for reporting the bug in May.

However, yesterday, the European cybersecurity company disclosed that this vulnerability was first exploited in the wild beginning mid-October 2024 and linked the attacks to the UNC5174 Chinese state-sponsored threat actor.

"To abuse this vulnerability, an unprivileged local attacker can stage a malicious binary within any of the broadly-matched regular expression paths. A simple common location, abused in the wild by UNC5174, is /tmp/httpd," Thiebaut explained.

"To ensure the malicious binary is picked up by the VMware service discovery, the binary must be run by the unprivileged user (i.e., show up in the process tree) and open at least a (random) listening socket."

NVISO also released a proof-of-concept exploit that demonstrates how attackers can exploit the CVE-2025-41244 flaw to escalate privileges on systems running vulnerable VMware Aria Operations (in credential-based mode) and VMware Tools (in credential-less mode) software, ultimately gaining root-level code execution on the VM.

...

From Input Output via this RSS feed

As developers increasingly lean on AI-generated code to build out their software—as they have with open source in the past—they risk introducing critical security failures along the way.

Asahi Group Holdings Ltd. restarted six of its breweries in Japan on Oct. 2 after a cyberattack forced the beer maker to halt production and shipments for several days.

Hackers are more likely to target educational institutions than private businesses, government survey showsWhen hackers attacked UK nurseries last month and published children’s data online, they were accused of hitting a new low.But the broader education sector is well used to being a target. Continue reading...

cross-posted from: https://ibbit.at/post/73106

At Green Party conference in Bournemouth, Zack Polanski discusses the Party’s surge in popularity, his red lines over Nigel Farage and how to tackle the question of immigration humanely.

From Novara Media via this RSS feed

Switzerland’s gambling regulator has opened a preliminary probe into sales of blockchain-based tokens backed by FIFA which fans can exchange for tickets to games at the 2026 World Cup.