Python tarfile vulnerability affects 350,000 open-source projects (CVE-2007-4559)
Trellix Advanced Research Center published its research into CVE-2007-4559, a vulnerability estimated to be present in over 350,000 open-source projects and prevalent in closed-source projects. Successful exploit The vulnerability exists in the Pytho.....»»
ThreatX provides always-active API security from development to runtime
ThreatX has extended its Runtime API and Application Protection (RAAP) offering to provide always-active API security from development to runtime, spanning vulnerability detection at Dev phase to protection at SecOps phase of the software lifecycle......»»
Apple must open iPadOS to sideloading within 6 months, EU says
iPads must comply with the same DMA regulations as the iPhone. Enlarge (credit: Andrew Cunningham) Starting in March with the release of iOS 17.4, iPhones in the European Union have been subject to the EU's Digital Marke.....»»
Too many vehicles, slow reactions and reckless merging: New math model explains how traffic and bacteria move
What do the flow of cars on a highway and the movement of bacteria towards a food source have in common? In both cases, annoying traffic jams can form. Especially for cars, we might want to understand how to avoid them, but perhaps we've never though.....»»
UK enacts IoT cybersecurity law
The Product Security and Telecommunications Infrastructure (PSTI) Act has come into effect today, requiring manufacturers of consumer-grade IoT products sold in the UK to stop using guessable default passwords and have a vulnerability disclosure poli.....»»
Meta to face EU probe for not doing enough to stop Russian disinformation
Insufficient moderation of political ads risk undermining electoral process. Enlarge (credit: FT) Brussels is set to open a probe into Meta’s Facebook and Instagram as soon as Monday over concerns the social media gian.....»»
Prompt Fuzzer: Open-source tool for strengthening GenAI apps
Prompt Fuzzer is an open-source tool that evaluates the security of your GenAI application’s system prompt against dynamic LLM-based threats. Prompt Fuzzer features Simulation of over a dozen types of GenAI attacks The tool contextualizes itsel.....»»
Tradition with a Twist at Maker Faire Kyoto
Maker Faire Kyoto returns on April 27 + 28, 2024 with a curated look at Japan's always interesting and eclectic maker community. The post Tradition with a Twist at Maker Faire Kyoto appeared first on Make: DIY Projects and Ideas for Makers......»»
Open Source Hardware Certifications For March 2024
Take a look at a few of the Open Source Hardware Association certifications from the month of March The post Open Source Hardware Certifications For March 2024 appeared first on Make: DIY Projects and Ideas for Makers......»»
Microsoft open-sources infamously weird, RAM-hungry MS-DOS 4.00 release
DOS 4.00 was supposed to add multitasking to the OS, but it was not to be. Enlarge / A DOS prompt. Microsoft has open-sourced another bit of computing history this week: The company teamed up with IBM to release the sou.....»»
Hackers try to exploit WordPress plugin vulnerability that’s as severe as it gets
WP Automatic plugin patched, but release notes don't mention the critical fix. Enlarge (credit: Getty Images) Hackers are assailing websites using a prominent WordPress plugin with millions of attempts to exploit a high-.....»»
LSA Whisperer: Open-source tools for interacting with authentication packages
LSA Whisperer consists of open-source tools designed to interact with authentication packages through their unique messaging protocols. Support is currently provided for the cloudap, kerberos, msv1_0, negotiate, pku2u, schannel packages and cloudap&#.....»»
Net neutrality has been restored
The Federal Communications Commission (FCC) today voted to restore a national standard to ensure the internet is fast, open, and fair. Today’s decision to reclassify broadband service as a Title II telecommunications service allows the FCC to prote.....»»
BlizzCon 2024 is not happening despite Blizzard’s strong 2024 lineup
Blizzard Entertainment confirmed that BlizzCon 2024 is not happening, but it will leave the door open for the event to return in the future......»»
Garry’s Mod is taking down 20 years’ worth of “Nintendo Stuff”
Creator: "They don't want you playing with that stuff... we have to respect that." Enlarge / "5ario" here won't be on the Garry's Mod Steam Workshop for long. (credit: Steam / LmaoSPW) The popular long-running Source-eng.....»»
Toy Inventor’s Notebook: Mystic Emoji Fortune Teller
Make this pocket-sized prognosticator and let cute emojis guide your future! The post Toy Inventor’s Notebook: Mystic Emoji Fortune Teller appeared first on Make: DIY Projects and Ideas for Makers......»»
The guardian angels of the source of the Seine
The river Seine, the centerpiece of the Paris Olympics opening ceremony in July, starts with a few drops of water in a mossy grotto deep in the woods of central France......»»
Political "color" affects pollution control spending in the US, new study finds
A new study led by the University of East Anglia (UEA) shows how firms in the United States behave differently depending on the political party in charge—even if they do not change policies......»»
Australia"s tall, wet forests were not open and park-like when colonists arrived—and we shouldn"t be burning them
Some reports and popular books, such as Bill Gammage's Biggest Estate on Earth, have argued that extensive areas of Australia's forests were kept open through frequent burning by First Nations people. Advocates for widespread thinning and burning of.....»»
Elite: Dangerous’s real-money ship sales spark “pay-to-win” outrage
In 2019, dev promised purchases would "only be used to buy cosmetic Game Extras." Enlarge / Players will be able to throw down a few bucks to get the Python Mk 2 starting next month. (credit: Frontier Developments) Elite.....»»
Meet Me At Open Hardware Summit 2024 Montreal
Last year’s Open Hardware Summit was one of the absolute highlights of my year. It was among the nerdiest, most inclusive, most stimulating events I’ve ever had the pleasure of attending. If my endorsement alone is enough to persuade you that yo.....»»