The developers are urging all developers who installed version 0.23.3 to take the following steps immediately: 1. Check your installed version: pip show elementary-data | grep Version 2. If the version is 0.23.3, uninstall it and replace it with the safe version: pip uninstall elementary-data pip install elementary-data==0.23.4 In your requirements and lockfiles, pin explicitly… Read More »
According to independent researcher Kevin Beaumont, three organizations told him that devices inside their networks that had Notepad++ installed experienced “security incidents” that “resulted in hands on keyboard threat actors,” meaning the hackers were able to take direct control using a web-based interface. All three of the organizations, Beaumont said, have interests in East Asia.… Read More »
Open-source software used by more than 23,000 organizations, some of them in large enterprises, was compromised with credential-stealing code after attackers gained unauthorized access to a maintainer account, in the latest open-source supply-chain attack to roil the Internet. The corrupted package, tj-actions/changed-files, is part of tj-actions, a collection of files that’s used by more than… Read More »
Enlarge / FreeBSD’s core development team, for the most part, does not appear to see the need to update their review and approval procedures. (credit: Aurich Lawson (after KC Green)) At first glance, Matthew Macy seemed like a perfectly reasonable choice to port WireGuard into the FreeBSD kernel. WireGuard is an encrypted point-to-point tunneling protocol,… Read More »