Latest Hacking News

What Is a Buffer Overflow? The Bug That Keeps Driving Critical CVEs

A buffer overflow happens when a program writes more data into a memory buffer than the buffer can hold. The extra bytes land in adjacent memory, corrupting whatever was there. If an attacker controls ...
Decrypt

Linux Foundation, Tech Giants Launch Akrites to Defend Open Source Against AI-Powered Attacks

Akrites is a coalition of 19 organizations, including every major AI lab and Wall Street banks, built to defend open-source ...
SecurityWeek

Exploitable CI/CD Vulnerabilities Expose Millions of Repositories to Hijacking

Cordyceps, a systemic class of exploitable CI/CD vulnerabilities, allows unauthenticated attackers to hijack developer ...
The Hacker News

AryStinger Malware Infects 4,300 Legacy Routers to Build Reconnaissance Proxy Network

AryStinger malware has infected 4,300 Realtek RTL819X routers, using old CVEs to scan targets, tunnel traffic, and hide ...
Tech Times

Linux 7.2 Closes Memory Bug Class With strncpy Removal After Six Years

Linux kernel strncpy removed in Linux 7.2 after 362 patches and six years of coordinated work. The dangerous C string ...
Tech Times

Git 2.55 Makes Rust Default: CI Pipelines Must Add Toolchain Before Stable

Git 2.55 makes Rust enabled by default for the first time, meaning any build pipeline that compiles Git from source will fail without a Rust toolchain unless the new NO_RUST flag is explicitly set.
Wired

A Hacker Group Is Poisoning Open Source Code at an Unprecedented Scale

A so-called software supply chain attack, in which hackers corrupt a legitimate piece of software to hide their own malicious code, was once a relatively rare event but one that haunted the ...
The Verge

Linux devs are fighting the new age-gated internet

The open-source community is looking for a way out of the wave of new laws requiring operating systems to collect users’ ages. The open-source community is looking for a way out of the wave of new ...
Bleeping Computer

Trellix discloses data breach after source code repository hack

Cybersecurity firm Trellix disclosed a data breach after attackers gained access to "a portion" of its source code repository. Trellix is a global cybersecurity company formed from the October 2021 ...
Ars Technica

Microsoft open-sources “the earliest DOS source code discovered to date”

Several times in the last couple of decades, Microsoft has released source code for the original MS-DOS operating system that kicked off its decades-long dominance of consumer PCs. This week, the ...
InfoWorld

The two-pass compiler is back – this time, it’s fixing AI code generation

If you came up building software in the 1990s or early 2000s, you remember the visceral satisfaction of determinism. You wrote code. The compiler analyzed it, optimized it, and emitted precisely the ...
InfoQ

Claude Code Used to Find Remotely Exploitable Linux Kernel Vulnerability Hidden for 23 Years

A monthly overview of things you need to know as an architect or aspiring architect. Unlock the full InfoQ experience by logging in! Stay updated with your favorite authors and topics, engage with ...