Just a lvl 27 guy from 🇫🇮 Finland. Full-stack web developer and Scrum Master by trade, but more into server-side programming, networking, and sysadmin stuff.
During the summer, I love trekking, camping, and going on long hiking adventures. Also somewhat of an avgeek and a huge Lego fanatic.
the malicious package was added to PyPi last year in June and has been downloaded 885 times so far.
That’s a pretty long time to go undetected. Makes you wonder how many other similar packages there currently are, yet to be discovered, in PyPi, npm and others.
Pretty sure any decent model could easily solve that anyways.
True, but often these things also track the mouse movements or touch inputs and analyse those to see if they match natural human input or not. Of course advanced AI would be able to simulate proper inputs but most bots today would fail this check.
Is it just me or does it feel that 2024 has not been a very good year in aviation safety? It seems that almost every month there’s news about some major crash or incident and then of course there was the whole fiasco with Boeing
My main issue with CVEs nowadays is that it seems one gets generated even when 99% of the use cases for the software in question are not vulnerable as the vulnerability requires a very specific configuration/circumstances/etc. to be exploitable. In large projects with lots of dependencies this adds a lot of noice and there’s a risk that actual important CVEs go unnoticed.
I remember reading an article about how we’re already able to simulate basic tastes, like sweetness and sourness, digitally. So just you wait, we might have lickable HTML elements in the future
The website (Telegram in this case, but can be any website) adds a specifically crafted text to the clipboard and then tricks the user into pasting that text into the Windows Run dialog, which can be used to execute any command(s), basically like a command prompt.
The text the attacker places in the clipboard is actually a command to download and execute an executable file from the internet, giving the attacker remote access to the system or whatever the payload happens to be.
It’s a pretty clever trick. Perhaps MS should consider adding a warning before allowing pasting into the Run dialog or cmd for the first time. They already have this in the Edge browser console.