Redditors have caught Google secretly updating its Chrome terms of service to remove a line that guaranteed that local AI models won't send data to Google servers.
That's now gone, meaning your local AI sends data to Google, so it's not that local.
reshared this
reshared this
reshared this
Now, whether or not cloudflare can be actually punished -for- racketeering, given they "just" "host" the service instead of running it directly? prrrobably not under this administration.
But y'know.
en.wikipedia.org/wiki/Racketee…
It's pretty obvious that this is a racket.
Cloudflare: "You've got some lovely infrastructure here. Shame if something... Happened to it."
flyingpenguin.com/can-someone-…
Can Someone Please Explain Whether Cloudflare Blackmailed Canonical?flyingpenguin
reshared this
reshared this
In this 3,000+ word deep-dive for my blog and newsletter ~ this week in security ~ I explore the most pressing threats to face the internet this year. This includes surveillance and choking online access to governments going rogue, and more, and why they pose a risk.
this.weekinsecurity.com/the-mo…
From surveillance and choking online access to governments going rogue, these are the most pressing threats to face the internet and its billions of users today.Zack Whittaker (~this week in security~)
reshared this
It's a day ending in "y".... so there's a supply chain attack happening on npm
socket.dev/blog/tanstack-npm-p…
Socket detected 84 compromised TanStack npm package artifacts modified with suspected CI credential-stealing malware.Socket Research Team (Socket)
reshared this
It has now spread from npm to PyPI, and has hit OpenSearch, Mistral AI, Squawk, Guardrails AI, and others, a total of 416 malicious artifacts. TeamPCP is taking credit, latest update in our post:
socket.dev/blog/tanstack-npm-p…
Socket detected 84 compromised TanStack npm package artifacts modified with suspected CI credential-stealing malware.Socket Research Team (Socket)
Carmaker Skoda discloses a security breach of its online site
reshared this
JDownloader hackerato: malware RAT nei download Linux e Windows
linuxeasy.org/jdownloader-hack…
Sito JDownloader violato: installer Linux con malware RAT per root access. Una supply chain attack da non sottovalutare per utenti Linux.
L'articolo JDownloader hackerato: malware RAT nei download Linux e Windows proviene da Linux Easy.
E' vietato
reshared this
SparkyLinux 8.3 Rilasciato, arriva il supporto per Linux 7.0
linuxeasy.org/sparkylinux-8-3-…
SparkyLinux 8.3 aggiorna kernel, desktop e software principali con base Debian 13 Trixie e nuove ISO disponibili.
L'articolo SparkyLinux 8.3 Rilasciato, arriva il supporto per Linux 7.0 proviene da Linux Easy.
E'
reshared this
Debian blocca i pacchetti non riproducibili nella repository Testing
linuxeasy.org/debian-blocca-i-…
Debian blocca i pacchetti non riproducibili in Testing e rafforza il controllo sulla sicurezza della supply chain.
L'articolo Debian blocca i pacchetti non riproducibili nella repository
reshared this
Linux valuta un killswitch per limitare le vulnerabilità più pericolose
linuxeasy.org/linux-valuta-un-…
Il kernel Linux valuta un killswitch per disattivare funzioni vulnerabili e ridurre il rischio tra disclosure e patch.
L'articolo Linux valuta un killswitch per limitare le
reshared this
PDFCraft: toolkit PDF open source completo e orientato alla privacy
linuxeasy.org/pdfcraft-toolkit…
PDFCraft è un toolkit PDF open source che funziona nel browser, con oltre 90 strumenti per modificare, convertire e proteggere documenti.
L'articolo PDFCraft: toolkit PDF open source completo e orientato alla
reshared this
PhotoFlare nasconde oltre 500 filtri avanzati grazie a G’MIC-Qt
linuxeasy.org/photoflare-nasco…
PhotoFlare integra G’MIC-Qt con oltre 500 filtri gratuiti per fotoritocco, restauro immagini ed effetti artistici avanzati.
L'articolo PhotoFlare nasconde oltre 500 filtri avanzati grazie a G’MIC-Qt proviene da Linux Easy.
E' vietato
reshared this
A data center drained 30M gallons of water unnoticed — until residents complained about low water pressure
Residents in Fayetteville, Georgia, noticed low water pressure last year. The utility discovered two unaccounted-for water connections at one of the nation’s largest data center campuses.
“We get this notification from Fayette County water system saying you need to stop watering your lawns to help conserve water."
reshared this
Gerry McGovern reshared this.
Vodafone were being held to ransom by some organised crime clowns. Vodafone refused to pay, good on 'em, break the cycle of crime clowns.
It's not "full infrastructure" as claimed (it's only a 5gb file), nor is it VMware ESXi as originally claimed.
reshared this
reshared this
Reminded me of this one from his first term.
(source unknown)
Omarchy 3.8 Rilasciato migliora i promemoria integrati e meteo live
linuxeasy.org/omarchy-3-8-rila…
Omarchy 3.8 aggiorna l’esperienza Arch Linux con promemoria integrati, meteo live e gestione rapida delle app predefinite.
L'articolo Omarchy 3.8 Rilasciato migliora i promemoria integrati e meteo
reshared this
Parrot OS 7.2 aggiorna sicurezza e strumenti con Linux Kernel 6.19
linuxeasy.org/parrot-os-7-2-ag…
Parrot OS 7.2 aggiorna kernel Linux 6.19, corregge la vulnerabilità Copy Fail e rinnova strumenti di sicurezza e desktop KDE Plasma.
L'articolo Parrot OS 7.2 aggiorna sicurezza e strumenti con Linux Kernel 6.19
reshared this
-FCC relaxes foreign router ban to allow for security updates
-ShinyHunters disrupts schools across US
-21-year-old RCE found in FreeBSD
-Another Linux zero-day LPE
-Mexican water utility hacked with AI
-SailPoint breach
-Recordings leak US-Israel-Argentina plan to destabilize LATAM govts with fake news
-France opens investigation of Musk and Twitter (X)
-FCC wants KYC for telcos
-CyberCorps scholarship rebrands to AI
Newsletter: news.risky.biz/risky-bulletin-…
Podcast: risky.biz/RBNEWS562/
In other news: ShinyHunters disrupts schools across US; 21-year-old RCE found in FreeBSD; and another Linux zero-day LPE.Catalin Cimpanu (Risky.Biz)
reshared this
Catalin Cimpanu reshared this.
Gazzetta del Cadavere reshared this.
Who may be at risk: Only people who downloaded and installed from jdownloader.org during 6th-7th May 2026 (UTC) using one or more website download links for "Download Alternative Installer" and/or the affected Linux shell installer link - see the timeline below.
Who is not affected: Everything that is not among the at-risk cases above - all other downloads and install paths on this site, existing installations, in-app updates, and installations from any other source.
DP Code la nuova interfaccia minimal per programmare con agenti AI
linuxeasy.org/dp-code-interfac…
DP Code semplifica lo sviluppo con agenti AI come Codex e Claude, offrendo workflow rapidi, PR automatiche e gestione multi-progetto.
L'articolo DP Code la nuova interfaccia minimal per programmare con agenti AI proviene da Linux
reshared this
Checkmarx hack update:
"We are aware that a modified version of the Checkmarx Jenkins AST plugin was published to the Jenkins Marketplace"
checkmarx.com/blog/ongoing-sec…
Incident Update: Saturday, May 9, 2026 We are aware that a modified version of the Checkmarx Jenkins AST plugin was published to the Jenkins Marketplace. We are in the process of publishing a new version of this plug-in.Checkmarx Team (Checkmarx)
reshared this
France arrested a cybersecurity executive for allegedly buying child sexual abuse material from the dark web
Filigran (OpenCTI) founder Samuel Hassine is allegedly one of the 232 suspects identified by police as buyers on the "Alice with Violence CP" portal
reshared this
Argentina arrested and deported a Russian national linked to a Kremlin disinformation network.
Dmitry Novikov, 26, was one of the managers of a group known as "La Compañía" that used fake news and disinformation to attack LATAM governments that support Ukraine.
instagram.com/reel/DYC_AaLxWtR…
944 likes, 25 comments - pfa_ar on May 7, 2026: "Identificamos y expulsamos del país al ciudadano ruso Dmitrii Novikov, acusado de operar una red internacional vinculada a maniobras de desinformación y fake news.Instagram
reshared this
WhatsApp has banned more than 9,400 accounts linked to so-called "digital arrest" scams in India over a 12-week period starting January 2026
reshared this
Here's the website with the recordings. It's been under heavy DDoS for a week now
Archivo de investigación: audios, documentos y reportajes sobre Honduras. Lo que el poder dijo cuando pensaba que nadie escuchaba.hondurasgate.ch
reshared this
The Linux kernel team is working on Killswitch, a new security feature that will temporarily disable some kernel functions until a patch is available
This is in response to the recent CopyFail and DirtyFrag disclosure debacles
reshared this
The FreeBSD team has patched a remote code execution in its operating system that impacts all versions released since 2005
Tracked as CVE-2026-42511, the vulnerability resides in the FreeBSD DHCP client and is extremely easy to exploit
aisle.com/blog/aisle-discovers…
Learn how AISLE discovered a command injection to root RCE vulnerability in FreeBSD.AISLE
reshared this
TikTok has published its monthly report on covert influence operations the company has spotted on its platform in March this year.
Most of these networks have a connection with Russia, promoted Russian interests, pro-Kremlin parties, or were run from Russia.
reshared this
Security researchers extracted an API key from the Needle malware and then enumerated its backend to retrieve a list of 1900+ victims
The malware is an infostealer with a focus on crypto
beelzebub.ai/blog/needle-c2-cr…
AI-Native security platform: Deceive, Detect, Respond. “We turn that hard truth into your tactical advantage. Our AI-based decoys, built using our open-source framework, deceive attackers during lateral movement within the network.Beelzebub
reshared this
Riepilogo settimanale Linux Easy – Settimana 19 (4–10 maggio 2026)
linuxeasy.org/riepilogo-settim…
Settimana 19 su Linux Easy: nuove distribuzioni, aggiornamenti software, strumenti avanzati e novità per il gaming su Linux.
L'articolo Riepilogo settimanale Linux Easy – Settimana 19 (4–10 maggio 2026) proviene da Linux Easy.
E'
reshared this
AloxBook porta la contabilità personale offline su desktop con doppia scrittura e dati cifrati
linuxeasy.org/aloxbook-contabi…
AloxBook è un software desktop per contabilità personale con doppia scrittura, archiviazione cifrata locale e importazione CSV
L'articolo AloxBook porta la contabilità personale offline su desktop con doppia
reshared this
A cluster of 38 malicious npm libraries targeted the internal networks of large tech companies like Apple, Alibaba, and Google.
The campaign attempted to compromise dev machines by leveraging a technique known as dependency confusion.
The packages deployed malware that attempted to steal npm publish tokens, suggesting the goal was malicious and not bug bounty research.
Security firm Panther linked the campaign to "a single Indonesian-speaking threat actor."
panther.com/blog/frankly-malic…
Frankly Malicious: Inside a 38-Package NPM Supply Chain Campaign Targeting Tech Giantspanther.com
reshared this
A cluster of three npm accounts used 51 libraries over the past four years to abuse npm as a config storage system for their mobile apps.
The apps belonged to Chinese sports gambling and pirate streaming platforms.
panther.com/blog/4-years-51-pa…
4 Years, 51 Packages, 3 organizations: How npm Became a Gambling Ring's Config Serverpanther.com
reshared this
A malicious credentials harvester was found in a popular HuggingFace repository named Open-OSS/privacy-filter
At the time of the discovery, the repository was listed as #1 in HuggingFace's trending section with more than 240,000 downloads
hiddenlayer.com/research/malwa…
HiddenLayer researchers identified a malicious Hugging Face repository typosquatting OpenAI’s Privacy Filter release, distributing infostealer malware through loader.py and start.bat.www.hiddenlayer.com
reshared this
reshared this
Website of download manager JDownloader was hacked in another supply chain incident
-spread malware for two days
-malware was included with Windows and Linux versions
-no malicious updates so infections occurred via new downloads only
-infection timeline May 6-7
jdownloader.org/incident_8.5.2…
Self-contained information on jdownloader.org about the May 2026 incident affecting some installer downloads: timeline, scope, and how to check your system.jdownloader.org
reshared this
ONLYOFFICE Workspace 12.8.0: compatibilità avanzata e nuove funzionalità
linuxeasy.org/onlyoffice-works…
ONLYOFFICE Workspace 12.8.0 migliora la compatibilità con file Apple, Visio e Hancom, introducendo nuove funzioni e aggiornamenti.
L'articolo ONLYOFFICE Workspace 12.8.0: compatibilità avanzata e nuove funzionalità proviene
reshared this
Parchment l’editor di testo minimale per GNOME Linux
linuxeasy.org/parchment-editor…
Parchment è un editor di testo minimale per Linux, pensato per scrivere codice e contenuti senza distrazioni inutili.
L'articolo Parchment l’editor di testo minimale per GNOME Linux proviene da Linux Easy.
E' vietato riprodurre questo articolo senza
reshared this
Anthropic’s Claude used in attempted compromise of Mexican water utility
cybersecuritydive.com/news/ant…
dragos.com/blog/ai-assisted-ic…
Dragos analyzed an adversary using Claude AI to target a water utility's ICS environment. See how AI is changing the OT threat landscape.Jay Deen (www.dragos.com)
reshared this
SpaceLifeForm
in reply to Catalin Cimpanu • • •AMS
in reply to Catalin Cimpanu • • •Oblomov reshared this.
Lazarou Monkey Terror 🚀💙🌈
in reply to Catalin Cimpanu • • •could they be using people's PCs to compute their AI like the malware mines crypto?
#Technology #AI #Chrome
gary
in reply to Catalin Cimpanu • • •it is a slippery slope now for big tech ai, a caveman could do it #give me some milk or else go home
Mistonas
in reply to Catalin Cimpanu • • •The problem is not Google, the problem are the people who don't care about any of it. Voting with your feet (leaving the product) would force the company to make changes for the good. People don't care.
We are quickly becoming a distopian world.
GrumpyDad 🇺🇦🇵🇸
in reply to Catalin Cimpanu • • •Michael Richardson 🇨🇦
in reply to Catalin Cimpanu • • •thriftwicker
in reply to Catalin Cimpanu • • •PastorOnRuby
in reply to Catalin Cimpanu • • •TelH90
in reply to Catalin Cimpanu • • •*Darth Vader Voice* "I altered the deal. Pray I don't alter it further!"
Why do people still use that #Govware?
- Use @torproject / #TorBrowser (and maybe @Waterfox if you have to use Websites run by assholes that block #Tor!)…
#privacy #AIslop #DontBlockTor
mausmalone
in reply to Catalin Cimpanu • • •stonedonkey 🕹️🎮👾
in reply to Catalin Cimpanu • • •Robert Kist 🇦🇹🇸🇬
in reply to Catalin Cimpanu • • •🏝️えいすま・EigoSmash 🇨🇦
in reply to Catalin Cimpanu • • •@iveyline
in reply to Catalin Cimpanu • • •