GitHub says hackers cloned code-signing certificates in breached repository
It remains unclear how the threat actor compromised access token used in the breach. Enlarge GitHub said unknown intruders gained unauthorized access to some of its code repositories and stole code-signing certificates.....»»
Hackers infect ISPs with malware that steals customers’ credentials
Zero-day that was exploited since June to infect ISPs finally gets fixed. Enlarge (credit: Getty Images) Malicious hackers likely working on behalf of the Chinese government have been exploiting a high-severity zero-day.....»»
The Sims 5: everything we know so far
The Sims 5 is currently being worked on under the code name Project Rene. Here's everything you need to know about your next life-sim obsession ahead of launch......»»
Project 007: everything we know so far
The most iconic secret agent is coming back in a game known by the code name Project 007 and made by IO Interactive. This is everything we know so far......»»
Another critical SolarWinds Web Help Desk bug fixed (CVE-2024-28987)
A week after SolarWinds released a fix for a critical code-injection-to-RCE vulnerability (CVE-2024-28986) in Web Help Desk (WHD), another patch for another critical flaw (CVE-2024-28987) in the company’s IT help desk solution has been pushed o.....»»
Canadian government intervenes in railway labor dispute
Federal Labor Minister Steven MacKinnon to use powers under Section 107 of the Labor Code to ask the Canada Industrial Relations Board to impose final, binding arbitration.....»»
GitHub Enterprise Server has a critical security flaw, so patch now
A newly discovered security flaw allows hackers to elevate their privileges and thus take over vulnerable endpoints......»»
Critical GitHub Enterprise Server auth bypass flaw fixed (CVE-2024-6800)
A critical vulnerability (CVE-2024-6800) affecting all currently supported versions of GitHub Enterprise Server (GHES) may allow attackers to gain unrestricted access to the instance’s contents. The issue, reported via the GitHub Bug Bounty pro.....»»
Toyota confirms data breach after info leaked on cybercrime forum
Carmaker confirms losing hundreds of gigabytes of sensitive customer data to hackers calling themselves ZeroSevenGroup......»»
0-day in Windows driver exploited by North Korean hackers to deliver rootkit (CVE-2024-38193)
CVE-2024-38193, an actively exploited zero-day that Microsoft patched earlier this month, has been leveraged by North Korean hackers to install a rootkit on targets’ computers, Gen Digital researchers have revealed. About CVE-2024-38193 CVE-202.....»»
Vulnerability in Microsoft apps allowed hackers to spy on Mac users
A vulnerability found in Microsoft apps for macOS allowed hackers to spy on users. Security researchers from Cisco Talos reported in a blog post how the vulnerability could be exploited by attackers and what Microsoft has been doing to fix the explo.....»»
Windows 0-day was exploited by North Korea to install advanced rootkit
FudModule rootkit burrows deep into Windows, where it can bypass key security defenses. Enlarge (credit: Getty Images) A Windows zero-day vulnerability recently patched by Microsoft was exploited by hackers working on be.....»»
Group-IB partners with SecurityHQ to enhance SOC capabilities
Group-IB announced the signing of a global partnership agreement with SecurityHQ, a global independent Managed Security Service Provider (MSSP). With this partnership, SecurityHQ will leverage Group-IB’s Threat Intelligence, Attack Surface Mana.....»»
x64dbg: Open-source binary debugger for Windows
x64dbg is an open-source binary debugger for Windows, designed for malware analysis and reverse engineering of executables without access to the source code. It offers a wide range of features and a plugin system, allowing you to customize and extend.....»»
This Code Breaker Is Using AI to Decode the Heart’s Secret Rhythms
Inspired by his expertise in breaking ancient codes, Roeland Decorte built a smartphone app that continuously listens for signs of disease hidden in our pulse......»»
Research AI model unexpectedly modified its own code to extend runtime
Facing time constraints, Sakana's "AI Scientist" attempted to change limits placed by researchers. Enlarge (credit: Moor Studio via Getty Images) On Tuesday, Tokyo-based AI research firm Sakana AI announced a new AI syst.....»»
Feature Request: Let us manually add any ticket or pass to Apple Wallet
I’m a huge fan of Apple Wallet, not just for Apple Pay, but also as a single repository for all my tickets, boarding passes, and the like. I love the proactive way they pop up when close to boarding time, making it a single tap to scan at a barr.....»»
35% of exposed API keys still active, posing major security risks
Nightfall AI’s research revealed that secrets like passwords and API keys were most often found in GitHub, with nearly 350 total secrets exposed per 100 employees every year. Hidden risks of secret sprawl in cloud and SaaS environments What’s.....»»
Almost unfixable “Sinkclose” bug affects hundreds of millions of AMD chips
Worse-case scenario: "You basically have to throw your computer away." Security flaws in your computer's firmware, the deep-seated code that loads first when you turn the machine on and controls even how its operating system boots up.....»»
Tesla Model Y refresh: leaked photos and what we expect to see
A Tesla Model Y refresh is likely coming, and it'll bring with it a series of improvements. Here's what we expect from the Model Y refresh, code-named Juniper......»»
ChatGPT unexpectedly began speaking in a user’s cloned voice during testing
Woolf: "OpenAI just leaked the plot of Black Mirror's next season." Enlarge (credit: Ole_CNX via Getty Images) On Thursday, OpenAI released the "system card" for ChatGPT's new GPT-4o AI model that details model limitatio.....»»