Forwarded from BleepingComputer
New Windows zero-day exploited by 11 state hacking groups since 2017
At least 11 state-backed hacking groups from North Korea, Iran, Russia, and China have been exploiting a new Windows vulnerability in data theft and cyber espionage zero-day attacks since 2017. [...]
https://www.bleepingcomputer.com/news/security/new-windows-zero-day-exploited-by-11-state-hacking-groups-since-2017/
At least 11 state-backed hacking groups from North Korea, Iran, Russia, and China have been exploiting a new Windows vulnerability in data theft and cyber espionage zero-day attacks since 2017. [...]
https://www.bleepingcomputer.com/news/security/new-windows-zero-day-exploited-by-11-state-hacking-groups-since-2017/
BleepingComputer
New Windows zero-day exploited by 11 state hacking groups since 2017
At least 11 state-backed hacking groups from North Korea, Iran, Russia, and China have been exploiting a new Windows vulnerability in data theft and cyber espionage zero-day attacks since 2017.
Forwarded from BleepingComputer
GitHub Action hack likely led to another in cascading supply chain attack
A cascading supply chain attack that began with the compromise of the "reviewdog/action-setup@v1" GitHub Action is believed to have led to the recent breach of "tj-actions/changed-files" that leaked CI/CD secrets. [...]
https://www.bleepingcomputer.com/news/security/github-action-hack-likely-led-to-another-in-cascading-supply-chain-attack/
A cascading supply chain attack that began with the compromise of the "reviewdog/action-setup@v1" GitHub Action is believed to have led to the recent breach of "tj-actions/changed-files" that leaked CI/CD secrets. [...]
https://www.bleepingcomputer.com/news/security/github-action-hack-likely-led-to-another-in-cascading-supply-chain-attack/
BleepingComputer
GitHub Action hack likely led to another in cascading supply chain attack
A cascading supply chain attack that began with the compromise of the "reviewdog/action-setup@v1" GitHub Action is believed to have led to the recent breach of "tj-actions/changed-files" that leaked CI/CD secrets.
Forwarded from BleepingComputer
Malware campaign 'DollyWay' breached 20,000 WordPress sites
A malware operation dubbed 'DollyWay' has been underway since 2016, compromising over 20,000 WordPress sites globally to redirect users to malicious sites. [...]
https://www.bleepingcomputer.com/news/security/malware-campaign-dollyway-breached-20-000-wordpress-sites/
A malware operation dubbed 'DollyWay' has been underway since 2016, compromising over 20,000 WordPress sites globally to redirect users to malicious sites. [...]
https://www.bleepingcomputer.com/news/security/malware-campaign-dollyway-breached-20-000-wordpress-sites/
BleepingComputer
Malware campaign 'DollyWay' breached 20,000 WordPress sites
A malware operation dubbed 'DollyWay' has been underway since 2016, compromising over 20,000 WordPress sites globally to redirect users to malicious sites.
Plex Pass monthly, yearly, and lifetime subscriptions are getting a price hike on April 29 for the first time in a decade.
But you can lock in a fixed lifetime rate now.
https://www.pcmag.com/news/plex-pass-streaming-price-increase-april-29-how-to-avoid
But you can lock in a fixed lifetime rate now.
https://www.pcmag.com/news/plex-pass-streaming-price-increase-april-29-how-to-avoid
PCMAG
This Streaming Service Is Raising Prices After 10 Years: How to Get Around It
Plex Pass monthly, yearly, and lifetime subscriptions are getting a price hike on April 29 for the first time in a decade. But you can lock in a fixed lifetime rate now.
Forwarded from GameDev Pulse
Yet again: do not update NVIDIA drivers to 572.xx. For many users of all generations from GTX 10 and up to RTX 50, these drivers may cause system freezes and black screen issues. Stay at 566 or whatever you are using right now.
#NVIDIA@GameDEV
#Hardware@GameDEV
#NVIDIA@GameDEV
#Hardware@GameDEV
Forwarded from vx-underground
This media is not supported in your browser
VIEW IN TELEGRAM
Arkana ransomware group claims to have compromised an Internet Service Provider in California.
They were even nice enough to put together a music video montage illustrating the level of access they possess.
They were even nice enough to put together a music video montage illustrating the level of access they possess.
Forwarded from japanese ghetto
ssssssssssssssssssiiiiiiiiiccccccccccckkkkkkkkkkkkk
kawaii project (keychain-sized Nintendo Wii (60x60mm)) by YveltalGriffin and WeskMods
https://twitter.com/WeskMods/status/1815160639641493610
https://twitter.com/YveltalGriffin/status/1838035343578145123
kawaii project (keychain-sized Nintendo Wii (60x60mm)) by YveltalGriffin and WeskMods
https://twitter.com/WeskMods/status/1815160639641493610
https://twitter.com/YveltalGriffin/status/1838035343578145123
Forwarded from BleepingComputer
Cloudflare R2 service outage caused by password rotation error
Cloudflare has announced that its R2 object storage and dependent services experienced an outage lasting 1 hour and 7 minutes, causing 100% write and 35% read failures globally. [...]
https://www.bleepingcomputer.com/news/security/cloudflare-r2-service-outage-caused-by-password-rotation-error/
Cloudflare has announced that its R2 object storage and dependent services experienced an outage lasting 1 hour and 7 minutes, causing 100% write and 35% read failures globally. [...]
https://www.bleepingcomputer.com/news/security/cloudflare-r2-service-outage-caused-by-password-rotation-error/
BleepingComputer
Cloudflare R2 service outage caused by password rotation error
Cloudflare has announced that its R2 object storage and dependent services experienced an outage lasting 1 hour and 7 minutes, causing 100% write and 35% read failures globally.
Forwarded from Abraão
I saw this and if they really accomplished what they are claiming, it will be amazing...
https://www.tomshardware.com/pc-components/gpus/startup-claims-its-zeus-gpu-is-10x-faster-than-nvidias-rtx-5090-bolts-first-gpu-coming-in-2026
https://www.tomshardware.com/pc-components/gpus/startup-claims-its-zeus-gpu-is-10x-faster-than-nvidias-rtx-5090-bolts-first-gpu-coming-in-2026
Is Google Shutting Down AOSP?
Google's move in March 2025 was shocking: all Android development is going behind closed doors. No more open commits to AOSP (Android Open Source Project) in real time - now only finished code after release. Why does Google need this, what does it mean for us and how should we live now?
AOSP: Openness on Pause
AOSP is the heart of Android, open source code that anyone can take and twist. Samsung makes One UI, Xiaomi makes MIUI, and geeks are cutting LineageOS. Google runs the project, but earlier some of the work was done publicly through AOSP Gerrit - there you could spy on what was being prepared in the new version. Now - that's it. From March 31, 2025, development goes to secret internal branches, available only to partners with a GMS (Google Mobile Services) license. The code in AOSP will be posted only after the final release - like Android 16 or patches.
For what?
Google says: it's easier. The public branch lagged behind the internal one — compare AOSP and Android 16 beta: features and APIs were always late. Synchronizing branches took time, patches conflicted (remember setting up a screen magnifier — a real pain). Now everything is in one place, without unnecessary fuss. But there is a nuance: AOSP openness was a feature of Android for 16+ years. Is this a step back?
How does this work
Google has always maintained two branches: public AOSP and internal for its own and OEMs (Samsung, Qualcomm, etc.). The code will still be released under Apache 2.0, but not in the process, but after the fact. For users and developers, there will be zero changes. Pixels and Galaxy will be updated as usual, Play Store will not be touched. But for those following commits in search of interesting things (like mentions of Pixel 10), and contributors, it will be hell. Tracking development progress will become more difficult.
Pros and cons
Google promises faster development — fewer bugs, faster releases. OEMs with GMS access are also in the chocolate: they can see drafts anyway. But customizers like LineageOS or GrapheneOS are out of luck — they have to wait for the final code, not look at the source code. Fewer spoilers about new features (goodbye, early leaks via Gerrit). And most importantly: external patches in AOSP can become outdated while Google is quietly sawing away.
What's next?
Android isn't becoming closed — the code is still open after release. But the process is now more like iOS: development in a bunker, not in plain sight. For businesses and users, it doesn't matter, for enthusiasts, it's a blow. Google wants to make life easier for itself, but it's losing the spirit of openness that pulled Android up. In 2025, it's no longer "Linux for phones," but a product under lock and key.
We place bets on what will happen next and wait for the reaction of the developers of domestic AOSP forks
Source
Google's move in March 2025 was shocking: all Android development is going behind closed doors. No more open commits to AOSP (Android Open Source Project) in real time - now only finished code after release. Why does Google need this, what does it mean for us and how should we live now?
AOSP: Openness on Pause
AOSP is the heart of Android, open source code that anyone can take and twist. Samsung makes One UI, Xiaomi makes MIUI, and geeks are cutting LineageOS. Google runs the project, but earlier some of the work was done publicly through AOSP Gerrit - there you could spy on what was being prepared in the new version. Now - that's it. From March 31, 2025, development goes to secret internal branches, available only to partners with a GMS (Google Mobile Services) license. The code in AOSP will be posted only after the final release - like Android 16 or patches.
For what?
Google says: it's easier. The public branch lagged behind the internal one — compare AOSP and Android 16 beta: features and APIs were always late. Synchronizing branches took time, patches conflicted (remember setting up a screen magnifier — a real pain). Now everything is in one place, without unnecessary fuss. But there is a nuance: AOSP openness was a feature of Android for 16+ years. Is this a step back?
How does this work
Google has always maintained two branches: public AOSP and internal for its own and OEMs (Samsung, Qualcomm, etc.). The code will still be released under Apache 2.0, but not in the process, but after the fact. For users and developers, there will be zero changes. Pixels and Galaxy will be updated as usual, Play Store will not be touched. But for those following commits in search of interesting things (like mentions of Pixel 10), and contributors, it will be hell. Tracking development progress will become more difficult.
Pros and cons
Google promises faster development — fewer bugs, faster releases. OEMs with GMS access are also in the chocolate: they can see drafts anyway. But customizers like LineageOS or GrapheneOS are out of luck — they have to wait for the final code, not look at the source code. Fewer spoilers about new features (goodbye, early leaks via Gerrit). And most importantly: external patches in AOSP can become outdated while Google is quietly sawing away.
What's next?
Android isn't becoming closed — the code is still open after release. But the process is now more like iOS: development in a bunker, not in plain sight. For businesses and users, it doesn't matter, for enthusiasts, it's a blow. Google wants to make life easier for itself, but it's losing the spirit of openness that pulled Android up. In 2025, it's no longer "Linux for phones," but a product under lock and key.
We place bets on what will happen next and wait for the reaction of the developers of domestic AOSP forks
Source