Developer gets 4 years for activating network “kill switch” to avenge his firing https://arstechni.ca/k4hK #maliciouscode #cybercrime #killswitch #developer #Policy
#MaliciousCode
Un hacker ha inserito codice malevolo nella estensione Amazon Q per Visual Studio Code, progettata per assistere programmatori con AI generativa. Il codice, seppur difettoso e non dannoso, mirava a cancellare dati di sistema. Amazon ha rimosso la versione compromessa e invitato gli utenti ad aggiornare all’ultima release sicura.
#amazonavscode #hackerattack #maliciouscode #cybersecurity #softwareupdate
Ubuntu Security Flaw Lets Attackers Bypass Full Disk Encryption
#OMGUbuntu article: https://www.omgubuntu.co.uk/2025/07/ubuntu-security-initramfs-bypass-encryption
“Not all #Linux distributions are affected, such as #OpenSUSE_Tumbleweed.”
“#Attackers with physical access to a Linux system can access a debug shell simply by entering the wrong #decryption #password several times in a row. On Ubuntu, they hit esc at the password prompt, punch in a few key combos and debug shell appears.
They can mount a USB drive with tools that let them modify the #initramfs (Initial RAM Filesystem – a temporary system run during boot to prep the main OS) to inject #maliciouscode, and then repack it – without tripping any #security flags.
Then, the next time the owner boots up their #laptop and enters their correct password, the code runs with elevated privileges to do whatever the #attacker wants.”
“Impactful though this exploit could be in the wild, there is no reason for most #Ubuntu users to be concerned about it.
This #vulnerability is what the security industry refer to as an '#evilmaidattack': it requires physical access to a #device to pull off.”
“Finally, protecting against this #vulnerability is easy. Users can simply tweak their system #kernel so that the #computer #reboots on failed password attempts, instead of providing a #debug shell.”
Enhancing Security in VSCode Extensions: Addressing the Threat of Malicious Code
#vscode
#maliciouscode
#ransomware
#cybersecurity
#softwaresecurity
Someone copied our GitHub project, added stars, and injected malicious code
https://old.reddit.com/r/golang/comments/1jbzuot/someone_copied_our_github_project_made_it_look/
#HackerNews #GitHub #Security #CodeInjection #MaliciousCode #OpenSource #Community
🚨 Malicious commits target GitHub projects! A Texas researcher claims someone is impersonating him to sabotage his reputation. 🛑👨💻 #GitHub #CyberSecurity #MaliciousCode #TechNews #Hacking #DataBreach #OpenSource #IdentityTheft #CyberAttack #ResearchNews
#Development #Explainers
Trojaned clipboard · How attackers try to abuse your clipboard https://ilo.im/15z3gs
_____
#Security #Malware #MaliciousCode #Code #Clipboard #Browser #Website #WebDev #Frontend #Backend
Article about XZ: As for which nation, Raiu names the usual suspects: China, Russia, North Korea. He says it’s still too early to know the true culprit.
Why is it never: United States of America. Because I can assure you, they are quite the player when it comes to building backdoors and other infiltration tech. Somehow they're always kept from the list.
Maybe they were less in need of it though, since they already have their ways by official means
Hunting for malicious code: The dangers of WASP stealing
OkCupid Security Flaw Threatens Intimate Dater Details - Attackers could exploit various flaws in OkCupid's mobile app and webpage to steal victims' sensit... more: https://threatpost.com/okcupid-security-flaw-threatens-intimate-dater-details/157809/ #crossoriginresourcesharing #vulnerabilities #okcupidsecurity #maliciouscode #mobileappflaw #vulnerability #securityflaw #websecurity #datingapp #okcupid #hack
No matter how many times I share to Mastodon from YouTube, it won't put it at the top of the share-to list. It actually keeps shuffling it around, making it more of a pain to locate.
#MaliciousCode
#Algorithms
Client Info
Server: https://mastodon.social
Version: 2025.07
Repository: https://github.com/cyevgeniy/lmst