Kategorie

Threat hunters have shed more light on a previously disclosed malware campaign undertaken by the China-aligned MirrorFace threat actor that targeted a diplomatic organization in the European Union with a backdoor known as ANEL. The attack, detected by ESET in late August 2024, singled out a Central European diplomatic institute with lures related to Word Expo, which is scheduled to kick off in

Threat hunters have shed more light on a previously disclosed malware campaign undertaken by the China-aligned MirrorFace threat actor that targeted a diplomatic organization in the European Union with a backdoor known as ANEL. The attack, detected by ESET in late August 2024, singled out a Central European diplomatic institute with lures related to Word Expo, which is scheduled to kick off in Ravie Lakshmananhttp://www.blogger.com/profile/[email protected]

At least four different threat actors have been identified as involved in an updated version of a massive ad fraud and residential proxy scheme called BADBOX, painting a picture of an interconnected cybercrime ecosystem. This includes SalesTracker Group, MoYu Group, Lemon Group, and LongTV, according to new findings from the HUMAN Satori Threat Intelligence and Research team, published in

At least four different threat actors have been identified as involved in an updated version of a massive ad fraud and residential proxy scheme called BADBOX, painting a picture of an interconnected cybercrime ecosystem. This includes SalesTracker Group, MoYu Group, Lemon Group, and LongTV, according to new findings from the HUMAN Satori Threat Intelligence and Research team, published in Ravie Lakshmananhttp://www.blogger.com/profile/[email protected]

Microsoft is calling attention to a novel remote access trojan (RAT) named StilachiRAT that it said employs advanced techniques to sidestep detection and persist within target environments with an ultimate aim to steal sensitive data. The malware contains capabilities to "steal information from the target system, such as credentials stored in the browser, digital wallet information, data stored

Microsoft is calling attention to a novel remote access trojan (RAT) named StilachiRAT that it said employs advanced techniques to sidestep detection and persist within target environments with an ultimate aim to steal sensitive data. The malware contains capabilities to "steal information from the target system, such as credentials stored in the browser, digital wallet information, data stored Ravie Lakshmananhttp://www.blogger.com/profile/[email protected]

The launch this weekend by Baidu of a native open-source multimodal foundation model called ERNIE 4.5 and a reasoning model, ERNIE X1, could lower AI adoption barriers, intensify competition, and reshape pricing strategies across the industry, an analyst said Monday.

In order for that to occur, said Thomas Randall, research lead for AI at Info-Tech Research Group, “the success of these models will depend on performance validation, developer adoption, and enterprise trust. However, they signal a global AI race where cost-efficiency and accessibility become as important as raw capability.”

The Chinese tech giant said in a release that the introduction of the two offerings “pushes the boundaries of multimodal and reasoning models,” adding that ERNIE X1 “delivers performance on par with DeepSeek R1 at only half the price.”

A ransomware-as-a-service (RaaS) operation called 'BlackLock' has emerged as one of the more active ransomware operations of 2025. [...]

French authorities have allowed Pavel Durov, Telegram's CEO and founder, to temporarily leave the country while criminal activity on the messaging platform is still under investigation. [...]

​Microsoft has discovered a new remote access trojan (RAT) that employs "sophisticated techniques" to avoid detection, maintain persistence, and extract sensitive data. [...]

OKX Web3 has decided to suspend its DEX aggregator services to implement security upgrades following reports of abuse by the notorious North Korean Lazarus hackers, who recently conducted a $1.5 billion crypto heist. [...]

It is now clear that Google Assistant will be replaced by generative AI (genAI) tool Gemini in most Android-based phones. The process is expected to begin shortly and be completed before the end of the year, according to the official Google blog The Keyword.

Mobile phones running Android 9 or earlier will not be affected by the decision, as they would likely run into problems using Gemini.

In addition to smartphones, Gemini will also be integrated into tablets, smart watches, televisions, monitors, cars and headphones, according to 9to5Google.

A recently disclosed security flaw impacting Apache Tomcat has come under active exploitation in the wild following the release of a public proof-of-concept (PoC) a mere 30 hours after public disclosure. The vulnerability, tracked as CVE-2025-24813, affects the below versions - Apache Tomcat 11.0.0-M1 to 11.0.2 Apache Tomcat 10.1.0-M1 to 10.1.34 Apache Tomcat 9.0.0-M1 to 9.0.98 It

A recently disclosed security flaw impacting Apache Tomcat has come under active exploitation in the wild following the release of a public proof-of-concept (PoC) a mere 30 hours after public disclosure. The vulnerability, tracked as CVE-2025-24813, affects the below versions - Apache Tomcat 11.0.0-M1 to 11.0.2 Apache Tomcat 10.1.0-M1 to 10.1.34 Apache Tomcat 9.0.0-M1 to 9.0.98 It Ravie Lakshmananhttp://www.blogger.com/profile/[email protected]

Apple has a lot of challenges these days. Would Steve Jobs really be handling these problems better than current leaders?

The problems, some are long-term, others short-term, include (but are not confined to):

• Chinese consumers turning to domestic brands in response to the US trade war.
• US customers feeling the impact of tariffs and anticipated increase in product prices.
• Regulators in every nation seemingly intent on chipping away at the services empire Apple built from thin air. 
• Apple’s recently-disclosed failure to launch with Apple Intelligence.
• Supply chain problems, partly in response to trade wars and partly exposed during Covid, when single-source supply chains collapsed overnight.
• Declining consumer trust in technology.

These challenges are in addition to the tasks Apple has always had to manage — maintaining hardware and software quality, developing new products and services that surprise and delight customers, building consumer engagement, and inventing the best hardware in the world. A look at the recently introduced Mac Studio and M4 MacBook Air  show the company still has the ability to do that. Both are the best computers in the world in their class.

Challenges everywhere

But the central problem Apple has is mirrored in its own actions. 

You see, reports claim the company’s marketing teams insisted on promoting Apple Intelligence and its much-vaunted contextual understanding of users, even though the feature wasn’t ready. They not only insisted on it, but they also went large on pushing it, helping build just the right environment to create a crisis of belief when it was revealed the company would be unable to make the grade. (Subsequent reports suggest the feature is already working, but just not consistently enough; perhaps Apple should introduce it as a public beta to show how far it’s come.)

What problem does this mirror? 

Just as Apple’s own teams focused on a service that wasn’t ready, the rest of us out here continue to seek solace in impossible dreams. We live in a world of confusion in which populists, snake oil salesmen, and fake thought leaders thrive. Lack of belief, combined with a search for easy answers, means we choose the answers that seem easy. That’s what happened with Apple Intelligence — so great was the need to seem to occupy space in AI, the company chose to market a feature it hadn’t got working yet. 

It took an easy road, rather than a hard one, and in doing so reflected the muddy waters of our times.

That’s not how things were when Jobs introduced the iMac, iPod, or iPhone. Back then, we thought tech would help us, social media hadn’t yet been weaponized against wider public good, and many still wanted to believe global governments would meet the goals of Agenda 21, rather than using 1984 as an instruction manual. Conflict hadn’t yet exposed the deep rifts underlying the fragile global consensus, and Apple under Jobs spoke a language of hope and optimism that reflected a more optimistic zeitgeist. 

Apple today can’t cling to that past. 

A new language for a new time

That aspect of the brand no longer seems to match the existence so many of its customers experience. And it’s arguable whether senior management, ensconced in the Silicon Valley bubble, is exposed enough to identify a product design and marketing language that resonates in our new, highly complex, polarized, conflicted reality. While Apple has done extraordinarily well as the ultimate aspirational brand and enthusiasm for its products will remain among those who can reasonably afford them. But declining sales means declining profits, and in a world set up to mirror Wall Street’s irrational belief that perpetual growth is possible on a finite planet, decline is unacceptable.

That’s true even for the most successful company in human history.

That’s a lot of pressure for Apple’s top brass to handle. Plus, of course, in every case, the answers they have available to them appear to be least-worse responses, rather than good ones. Adding additional complexity, the challenges are themselves intertwined as societies everywhere undergo significant structural change, as political forces of various hues attempt to hold things together with false narratives of a history that never really happened. 

Just how can the future look better tomorrow when it’s based on a past that never existed? 

The journey

All the same, the more complex things become, the harder we work just to stand still. And with myriad connected challenges, it’s not at all certain even Steve Jobs would be able to visualize an easy way through. The simple answer is to keep hope alive, but the uncomfortable truth is that, just as it did with the iMac, Apple’s biggest challenge now is to find a consumer product truly emblematic of its time, something that speaks to us of who are we, what we need, and where we are going. 

In that light, perhaps the failure of the launch of Apple Intelligence really reflects the time we’re in. We can see the mountain but can’t yet make it to the top.

You can follow me on social media! Join me on BlueSky,  LinkedIn, and Mastodon.

Posted by Rex Pan and Xueqin Cui, Google Open Source Security Team

In December 2022, we released the open source OSV-Scanner tool, and earlier this year, we open sourced OSV-SCALIBR. OSV-Scanner and OSV-SCALIBR, together with OSV.dev are components of an open platform for managing vulnerability metadata and enabling simple and accurate matching and remediation of known vulnerabilities. Our goal is to simplify and streamline vulnerability management for developers and security teams alike.

Today, we're thrilled to announce the launch of OSV-Scanner V2.0.0, following the announcement of the beta version. This V2 release builds upon the foundation we laid with OSV-SCALIBR and adds significant new capabilities to OSV-Scanner, making it a comprehensive vulnerability scanner and remediation tool with broad support for formats and ecosystems. 

What’s newEnhanced Dependency Extraction with OSV-SCALIBR

This release represents the first major integration of OSV-SCALIBR features into OSV-Scanner, which is now the official command-line code and container scanning tool for the OSV-SCALIBR library. This integration also expanded our support for the kinds of dependencies we can extract from projects and containers:

Source manifests and lockfiles:

• .NET: deps.json

• Python: uv.lock

• JavaScript: bun.lock

• Haskell: cabal.project.freeze, stack.yaml.lock

Artifacts:

• Node modules

• Python wheels

• Java uber jars

• Go binaries

Layer and base image-aware container scanning

Previously, OSV-Scanner focused on scanning of source repositories and language package manifests and lockfiles. OSV-Scanner V2 adds support for comprehensive, layer-aware scanning for Debian, Ubuntu, and Alpine container images. OSV-Scanner can now analyze container images to provide:

• Layers where a package was first introduced

• Layer history and commands

• Base images the image is based on (leveraging a new experimental API provided by deps.dev).

• OS/Distro the container is running on

• Filtering of vulnerabilities that are unlikely to impact your container image

This layer analysis currently supports the following OSes and languages:

Distro Support:

• Alpine OS

• Debian

• Ubuntu

Language Artifacts Support:

• Go

• Java

• Node

• Python

Interactive HTML output

Presenting vulnerability scan information in a clear and actionable way is difficult, particularly in the context of container scanning. To address this, we built a new interactive local HTML output format. This provides more interactivity and information compared to terminal only outputs, including:

• Severity breakdown

• Package and ID filtering

• Vulnerability importance filtering

• Full vulnerability advisory entries

And additionally for container image scanning:

• Layer filtering

• Image layer information

• Base image identification

Illustration of HTML output for container image scanning

Guided remediation for Maven pom.xml

Last year we released a feature called guided remediation for npm, which streamlines vulnerability management by intelligently suggesting prioritized, targeted upgrades and offering flexible strategies. This ultimately maximizes security improvements while minimizing disruption. We have now expanded this feature to Java through support for Maven pom.xml.

With guided remediation support for Maven, you can remediate vulnerabilities in both direct and transitive dependencies through direct version updates or overriding versions through dependency management.

We’ve introduced a few new things for our Maven support:

• A new remediation strategy override.

• Support for reading and writing pom.xml files, including writing changes to local parent pom files. We leverage OSV-Scalibr for Maven transitive dependency extraction.

• A private registry can be specified to fetch Maven metadata.

• A new experimental subcommend to update all your dependencies in pom.xml to the latest version.

We also introduced machine readable output for guided remediation that makes it easier to integrate guided remediation into your workflow.

What’s next?

We have exciting plans for the remainder of the year, including:

• Continued OSV-SCALIBR Convergence: We will continue to converge OSV-Scanner and OSV-SCALIBR to bring OSV-SCALIBR’s functionality to OSV-Scanner’s CLI interface.

• Expanded Ecosystem Support: We'll expand the number of ecosystems we support across all the features currently in OSV-Scanner, including more languages for guided remediation, OS advisories for container scanning, and more general lockfile support for source code scanning.

• Full Filesystem Accountability for Containers: Another goal of osv-scanner is to give you the ability to know and account for every single file on your container image, including sideloaded binaries downloaded from the internet.

• Reachability Analysis: We're working on integrating reachability analysis to provide deeper insights into the potential impact of vulnerabilities.

• VEX Support: We're planning to add support for Vulnerability Exchange (VEX) to facilitate better communication and collaboration around vulnerability information.

Try OSV-Scanner V2

You can try V2.0.0 and contribute to its ongoing development by checking out OSV-Scanner or the OSV-SCALIBR repository. We welcome your feedback and contributions as we continue to improve the platform and make vulnerability management easier for everyone.

If you have any questions or if you would like to contribute, don't hesitate to reach out to us at [email protected], or post an issue in our issue tracker.

A supply chain attack on the widely used 'tj-actions/changed-files' GitHub Action, used by 23,000 repositories, potentially allowed threat actors to steal CI/CD secrets from GitHub Actions build logs. [...]

​Microsoft says the March 2025 Windows cumulative updates automatically and mistakenly remove the AI-powered Copilot digital assistant from some Windows 10 and Windows 11 systems. [...]

A critical remote code execution (RCE) vulnerability in Apache Tomcat tracked as CVE-2025-24813 is actively exploited in the wild, enabling attackers to take over servers with a simple PUT request. [...]

An unpatched security flaw impacting the Edimax IC-7100 network camera is being exploited by threat actors to deliver Mirat botnet malware variants since at least May 2024. The vulnerability in question is CVE-2025-1316 (CVSS v4 score: 9.3), a critical operating system command injection flaw that an attacker could exploit to achieve remote code execution on susceptible devices by means of a