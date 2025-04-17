news
Security and Windows TCO Leftovers
Rlang ☛ AI-generated code comes with security risks
More and more students are using AI-generated code in their studies, without necessarily understanding the security risks that this entails. This has consequences for users such as students learning how to code in R.
LWN ☛ Security updates for Tuesday
Security updates have been issued by AlmaLinux (glibc), Red Hat (kernel and kernel-rt), Slackware (perl), SUSE (haproxy, kernel, and webkit2gtk3), and Ubuntu (cimg, perl, protobuf, and webkit2gtk).
GNOME ☛ Michael Catanzaro: Dangerous Arbitrary File Read Vulnerability in Yelp (CVE-2025-3155)
I don’t normally blog about particular CVEs, but Yelp CVE-2025-3155 is noteworthy because it is quite severe, public for several weeks now, and not yet fixed upstream. In short, help files can read your filesystem and execute arbitrary JavaScript code, allowing an attacker to exfiltrate any files your Unix user has access to. Thank you to parrot409 for responsibly disclosing this issue and going above and beyond to provide patches.
Pen Test Partners ☛ Not everything in a data leak is real
TL;DR Data breaches make the headlines usually because of the sheer volume of data
Research shows that often the volume of data is falsely inflated
Windows TCO / Windows Bot Nets
Google ☛ The backdoored Windows Registry Adventure #6: Kernel-mode objects
NOAA ☛ Deepwater Horizon Oil Spill
This April marks 15 years since the Deepwater Horizon oil spill — the largest offshore oil spill in U.S. history. The incident resulted in the tragic loss of 11 lives, the release of approximately 134 million gallons of oil into the Gulf of America, and unprecedented impacts to coastal resources and the people who depend on them.
Security Week ☛ Ransomware Group Claims Hacking of Oregon Regulator After Data Breach Denial
The Rhysida ransomware gang claims to have stolen 2.5 Tb of files from the Oregon Department of Environmental Quality.
Cyble Inc ☛ Taiwan To Launch Cybersecurity Center Amid Rising Threats
According to a report released last Wednesday by the National Institute of Cyber Security Research, the island nation is facing increasingly complex threats. These dangers include not only conventional attacks like ransomware and intellectual property theft, but also new risks posed by quantum tech and AI systems capable of automating cyber assaults.
