Latest Tech News

Stay updated with the latest in technology, AI, cybersecurity, and more

Filtered by: ack Clear Filter

Google spoofed via DKIM replay attack: A technical breakdown

news.ycombinator.com Gerasim Hovhannisyan 2025-12-31 17:28:40

This morning started with a call from a friend – clearly shaken. He had just received an alarming email that looked strikingly legitimate. Unsure whether it was safe or a scam, he reached out to me for help verifying its authenticity. What followed was a deep dive into the message to determine whether it was a genuine communication or a cleverly crafted phishing attempt. The email was convincing enough to create real concern, and that’s what makes this story worth sharing. This was the email:

Topics: attacker com dkim email google
Read More
Shop Amazon

BlackSuit ransomware extortion sites seized in Operation Checkmate

bleepingcomputer.com Unknown 2025-12-31 20:34:13

Law enforcement has seized the dark web extortion sites of the BlackSuit ransomware operation, which has targeted and breached the networks of hundreds of organizations worldwide over the past several years. The U.S. Department of Justice confirmed the takedown in an email earlier today, saying the authorities involved in the action executed a court-authorized seizure of the BlackSuit domains. Earlier today, the websites on the BlackSuit .onion domains were replaced with seizure banners announ

Topics: blacksuit ransomware royal seized sites
Read More
Shop Amazon

New Aarch64 Back End

news.ycombinator.com Unknown 2026-01-01 02:20:01

This page contains a curated list of recent changes to main branch Zig. Also available as an RSS feed. This page contains entries for the year 2025. Other years are available in the Devlog archive page. July 23, 2025 New Aarch64 Backend Author: Andrew Kelley & Jacob Young Jacob upstreamed his new backend yesterday. 275 src/codegen/aarch64/Mir.zig 138 src/codegen/aarch64/abi.zig 11799 src/codegen/aarch64/encoding.zig 10981 src/codegen/aarch64/Select.zig 905 src/codegen/aarch64/Disassemble.zig

Topics: backend build code compiler zig
Read More
Shop Amazon

BlackSuit ransomware leak sites seized in Operation Checkmate

bleepingcomputer.com Unknown 2026-01-01 08:34:13

Law enforcement has seized the dark web leak sites of the BlackSuit ransomware operation, which has targeted and breached the networks of hundreds of organizations worldwide over the past several years. The U.S. Department of Justice confirmed the takedown in an email earlier today, saying the authorities involved in the action executed a court-authorized seizure of the BlackSuit domains. Earlier today, the websites on the BlackSuit .onion domains were replaced with seizure banners announcing

Topics: blacksuit enforcement gang ransomware royal
Read More
Shop Amazon

Microsoft: SharePoint flaws exploited in Warlock ransomware attacks

bleepingcomputer.com Unknown 2026-01-01 17:53:14

A China-based hacking group is deploying Warlock ransomware on Microsoft SharePoint servers vulnerable to widespread attacks targeting the recently patched ToolShell zero-day exploit chain. Non-profit security organization Shadowserver is currently tracking over 420 SharePoint servers that are exposed online and remain vulnerable to these ongoing attacks. "Although Microsoft has observed this threat actor deploying Warlock and Lockbit ransomware in the past, Microsoft is currently unable to co

Topics: attacks department microsoft ransomware security
Read More
Shop Amazon

Satya Nadella seeks to reassure Microsoft employees in layoffs memo

theverge.com Tom Warren 2026-01-02 08:56:44

I also want to acknowledge the uncertainty and seeming incongruence of the times we’re in. By every objective measure, Microsoft is thriving — our market performance, strategic positioning, and growth all point up and to the right. We’re investing more in CapEx than ever before. Our overall headcount is relatively unchanged, and some of the talent and expertise in our industry and at Microsoft is being recognized and rewarded at levels never seen before. And yet, at the same time, we’ve undergon

Topics: acknowledge demanding dynamic industry microsoft
Read More
Shop Amazon

Hackers breach Toptal GitHub account, publish malicious npm packages

bleepingcomputer.com Unknown 2026-01-02 22:26:04

Hackers compromised Toptal's GitHub organization account and used their access to publish ten malicious packages on the Node Package Manager (NPM) index. The packages included data-stealing code that collected GitHub authentication tokens and then wiped the victims' systems. Toptal is a freelance talent marketplace that connects companies with software developers, designers, and finance experts. The company also maintains internal developer tools and design systems, most notably Picasso, which

Topics: github malicious packages picasso toptal
Read More
Shop Amazon

Shattering the rotation illusion: The attacker view and AWSKeyLockdown (2024)

news.ycombinator.com Unknown 2026-01-02 14:07:17

PDF Report Shattering the Rotation Illusion: How Quickly Leaked AWS Keys are Exploited Download Now -> Through the Attacker’s Eyes: A New Era of NHI Security This final installment in our blog series brings together everything we’ve uncovered about leaked AWS Access Keys—how attackers exploit them, why traditional security measures fall short, and what organizations can do to protect themselves. Over the series, we explored real-world scenarios across various platforms: GitHub and GitLab, Pac

Topics: access attackers aws exposed keys
Read More
Shop Amazon

Microsoft: SharePoint servers also targeted in ransomware attacks

bleepingcomputer.com Unknown 2026-01-03 11:53:14

A China-based hacking group is deploying Warlock ransomware on Microsoft SharePoint servers vulnerable to widespread attacks targeting the recently patched ToolShell zero-day exploit chain. Non-profit security organization Shadowserver is currently tracking over 420 SharePoint servers that are exposed online and remain vulnerable to these ongoing attacks. "Although Microsoft has observed this threat actor deploying Warlock and Lockbit ransomware in the past, Microsoft is currently unable to co

Topics: attacks department microsoft ransomware security
Read More
Shop Amazon

SonicWall urges admins to patch critical RCE flaw in SMA 100 devices

bleepingcomputer.com Unknown 2026-01-03 14:17:39

SonicWall urges customers to patch SMA 100 series appliances against a critical authenticated arbitrary file upload vulnerability that can let attackers gain remote code execution. The security flaw (tracked as CVE-2025-40599) is caused by an unrestricted file upload weakness in the devices' web management interfaces, which can allow remote threat actors with administrative privileges to upload arbitrary files to the system. "SonicWall strongly recommends that users of the SMA 100 series produ

Topics: 2025 attacks cve sma sonicwall
Read More
Shop Amazon

Thawing vacuum-packed fish correctly (2024)

news.ycombinator.com Shannon Stover 2025-12-30 08:37:44

Thawing vacuum-packed fish correctly Improper thawing of vacuum-packed fish can lead to a foodborne illness. Learn how to do it safely. Looking for vacuum-packed fish is an excellent way to purchase fish in the grocery store. Vacuum packaging keeps the fish from drying out by preventing water loss; it also can ensure the fish is packaged at peak quality. Vacuum packaging, also called reduced oxygen packaging (ROP), limits oxygen and allows for extended shelf life in the freezer by reducing od

Topics: fish packaging packed thawing vacuum
Read More
Shop Amazon

Shattering the Rotation Illusion: The Attacker View & AWSKeyLockdown

news.ycombinator.com Unknown 2026-01-03 14:07:17

PDF Report Shattering the Rotation Illusion: How Quickly Leaked AWS Keys are Exploited Download Now -> Through the Attacker’s Eyes: A New Era of NHI Security This final installment in our blog series brings together everything we’ve uncovered about leaked AWS Access Keys—how attackers exploit them, why traditional security measures fall short, and what organizations can do to protect themselves. Over the series, we explored real-world scenarios across various platforms: GitHub and GitLab, Pac

Topics: access attackers aws exposed keys
Read More
Shop Amazon

Jitsi privacy flaw enables one-click stealth audio and video capture

news.ycombinator.com Unknown 2026-01-03 14:31:16

Jitsi is an open-source web conferencing application. Jitsi also hosts a public instance, with millions of monthly active users. Attack scenario Let’s walk through an example. An attacker runs a meeting called `MiniGinger` on the public Jitsi instance meet.jit.si. When a user visits the attacker controller webpage `CuteCats.com`, in the background they are redirected to: https://meet.jit.si/MiniGinger#config.prejoinConfig.enabled=false If the user visited any other Jitsi meeting before and

Topics: background feature jitsi meeting user
Read More
Shop Amazon

The Promised LAN

news.ycombinator.com Unknown 2026-01-04 16:24:32

🖧 The Promised LAN The Promised LAN is a closed, membership only network of friends that operate a 24/7 always-on LAN party, running since 2021. The vast majority of documentation is maintained on the LAN, but this website serves to give interested folks, prospective members or friends an idea of what the Promised LAN is, and how it works. A Manifesto for The Promised LAN For background on why we started the lan, what we hope to achieve, and how we approach the social-technical dynamics, we h

Topics: backbone lan network promised tpl
Read More
Shop Amazon

US nuclear weapons agency hacked in Microsoft SharePoint attacks

bleepingcomputer.com Unknown 2026-01-05 02:14:25

Unknown threat actors have breached the National Nuclear Security Administration's network in attacks exploiting a recently patched Microsoft SharePoint zero-day vulnerability chain. NNSA is a semi-autonomous U.S. government agency part of the Energy Department that maintains the country's nuclear weapons stockpile and is also tasked with responding to nuclear and radiological emergencies within the United States and abroad. A Department of Energy spokesperson confirmed in a statement that hac

Topics: attacks day department energy microsoft
Read More
Shop Amazon

US nuclear weapons agency reportedly hacked in SharePoint attacks

bleepingcomputer.com Unknown 2026-01-05 08:14:25

Unknown threat actors have reportedly breached the National Nuclear Security Administration's network in attacks exploiting a recently patched Microsoft SharePoint zero-day vulnerability chain. NNSA is a semi-autonomous U.S. government agency part of the Energy Department that maintains the country's nuclear weapons stockpile and is also tasked with responding to nuclear and radiological emergencies within the United States and abroad. A Department of Energy spokesperson confirmed in a stateme

Topics: attacks compromised day department microsoft
Read More
Shop Amazon

NPM package ‘is’ with 2.8M weekly downloads infected devs with malware

bleepingcomputer.com Unknown 2026-01-05 08:57:06

The popular NPM package 'is' has been compromised in a supply chain attack that injected backdoor malware, giving attackers full access to compromised devices. This occurred after maintainer accounts were hijacked via phishing, followed by unauthorized owner changes that went unnoticed for several hours, potentially compromising many developers who downloaded the new releases. The 'is' package is a lightweight JavaScript utility library that provides a wide variety of type checking and value v

Topics: attack compromised malware npm package
Read More
Shop Amazon

npm 'accidentally' removes Stylus package, breaks builds and pipelines

bleepingcomputer.com Unknown 2026-01-05 17:21:25

npm has taken down all versions of the real Stylus library and replaced them with a "security holding" page, breaking pipelines and builds worldwide that rely on the package. A security placeholder webpage is typically displayed when malicious packages and libraries are removed by the admins of npmjs.com, the world's largest software registry primarily used for JavaScript and Node.js development. But that isn't quite the case for Stylus: a legitimate "revolutionary" library receiving 3 million

Topics: npm npmjs package packages stylus
Read More
Shop Amazon

The Must-Have Exclusives From San Diego Comic-Con 2025

gizmodo.com James Whitbrook 2026-01-06 17:30:44

In just a couple more days, pop culture will descend on the San Diego Convention Center as SDCC prepares to dazzle us for another year (if everyone didn’t stop releasing their trailers before their panels, that is). But of course, among all the big news and astonishing cosplay, there’s going to be tons of fantastic merch to get your hands on exclusive to Comic-Con. Here’s our guide to some of the absolute coolest on offer. 100% Soft Galactus Vinyl SDCC is taking place during Fantastic Four: Fi

Topics: available booth convention pack year
Read More
Shop Amazon

New UK law would ban ransomware payments by publicly funded orgs

engadget.com Unknown 2026-01-06 22:08:51

The British government has announced plans to move forward with a law that would bar public organizations from paying off ransomware attackers. The proposed legislation would add schools, town councils, National Health Service (NHS) hospitals and critical infrastructure managers to a ban which already applies to the national government. The logic behind banning payments is simple. If cybercriminals know a ransomware attack against a UK school or hospital won't get them paid, they'll look somewh

Topics: attacks ban government ransom ransomware
Read More
Shop Amazon

Apple alerted Iranians to iPhone spyware attacks, say researchers

techcrunch.com Lorenzo Franceschi-Bicchierai 2026-01-07 03:57:48

Apple notified more than a dozen Iranians in recent months that their iPhones had been targeted with government spyware, according to security researchers. Miian Group, a digital rights organization that focuses on Iran, and Hamid Kashfi, an Iranian cybersecurity researcher who lives in Sweden, said they spoke with several Iranians who received the notifications in the last year. Bloomberg first wrote about these spyware notifications. Miaan Group published a report on Tuesday on the state of

Topics: apple attacks notifications said spyware
Read More
Shop Amazon

OSS Rebuild: open-source, rebuilt to last

news.ycombinator.com Posted Matthew Suozzo 2026-01-07 00:53:46

Today we're excited to announce OSS Rebuild, a new project to strengthen trust in open source package ecosystems by reproducing upstream artifacts. As supply chain attacks continue to target widely-used dependencies, OSS Rebuild gives security teams powerful data to avoid compromise without burden on upstream maintainers. The project comprises: Automation to derive declarative build definitions for existing PyPI (Python), npm (JS/TS), and Crates.io (Rust) packages. SLSA Provenance for thousan

Topics: build oss packages rebuild security
Read More
Shop Amazon

CISA and FBI warn of escalating Interlock ransomware attacks

bleepingcomputer.com Unknown 2026-01-07 17:36:42

CISA and the FBI warned on Tuesday of increased Interlock ransomware activity targeting businesses and critical infrastructure organizations in double extortion attacks. Today's advisory was jointly authored with the Department of Health and Human Services (HHS) and the Multi-State Information Sharing and Analysis Center (MS-ISAC) and it provides network defenders with indicators of compromise (IOCs) collected during investigations of incidents as recent as June 2025, along with mitigation meas

Topics: access attacks interlock networks ransomware
Read More
Shop Amazon

Nothing's $99 CMF Watch 3 Pro offers better battery life and AI fitness coaching

engadget.com Unknown 2026-01-08 03:10:59

CMF, the budget-friendly sub-brand from Nothing , has announced its latest smartwatch . Billed by its maker as the ideal entry-level fitness watch, the $99 Watch 3 Pro is the most advanced CMF wearable to date, promising updated health tracking and various built-in AI coaching features. The Watch 3 Pro introduces dual-band GPS, which should make its route tracking more accurate, as well as a new four-channel heart rate sensor that Nothing says offers "improved accuracy across all skin tones and

Topics: cmf health pro tracking watch
Read More
Shop Amazon

Report: Apple alerted Iranians to spyware attacks in lead-up to war with Israel

9to5mac.com Ryan Christoffel 2026-01-08 08:24:44

You may have never heard of them, but Apple sends “threat notifications” to users when it believes they’re being targeted by cyber attacks. Earlier this year that happened with several Iranians in the lead-up to the Iran-Israel war, per a new Bloomberg report. Here are the details. Apple threat notifications were sent to over a dozen Iranian cyberattack victims Patrick Howell O’Neill writes at Bloomberg: More than a dozen Iranians’ mobile phones were targeted with spyware in the months prior

Topics: apple attacks notifications threat users
Read More
Shop Amazon

MakeShift: Security Analysis of Shimano Di2 Wireless Gear Shifting in Bicycles

news.ycombinator.com Maryam Motallebighomi 2026-01-04 15:08:40

The bicycle industry is increasingly adopting wireless gear-shifting technology for its advantages in performance and design. In this paper, we explore the security of these systems, focusing on Shimano's Di2 technology, a market leader in the space. Through a blackbox analysis of Shimano's proprietary wireless protocol, we uncovered the following critical vulnerabilities: (1) A lack of mechanisms to prevent replay attacks that allows an attacker to capture and retransmit gear shifting commands;

Topics: attacker attacks bike gear shifting
Read More
Shop Amazon

OSS Rebuild: open-source, Rebuilt to Last

news.ycombinator.com Posted Matthew Suozzo 2026-01-08 06:53:46

Today we're excited to announce OSS Rebuild, a new project to strengthen trust in open source package ecosystems by reproducing upstream artifacts. As supply chain attacks continue to target widely-used dependencies, OSS Rebuild gives security teams powerful data to avoid compromise without burden on upstream maintainers. The project comprises: Automation to derive declarative build definitions for existing PyPI (Python), npm (JS/TS), and Crates.io (Rust) packages. SLSA Provenance for thousan

Topics: build oss packages rebuild security
Read More
Shop Amazon

Google, Microsoft say Chinese hackers are exploiting SharePoint zero-day

techcrunch.com Zack Whittaker 2026-01-08 08:45:08

Security researchers at Google and Microsoft say they have evidence that hackers backed by China are exploiting a zero-day bug in Microsoft SharePoint, as companies around the world scramble to patch the flaw. The bug, known officially as CVE-2025-53770 and discovered last weekend, allows hackers to steal sensitive private keys from self-hosted versions of SharePoint, a software server widely used by companies and organizations to store and share internal documents. Once exploited, an attacker

Topics: china disrupt hacking microsoft sharepoint
Read More
Shop Amazon

The Great Unracking: Saying goodbye to the servers at our physical datacenter

news.ycombinator.com Ryan Donovan 2026-01-04 12:06:49

Since October 2010, all Stack Exchange sites have run on physical hardware in a datacenter in New York City (well, New Jersey). These have had a warm spot in our history and our hearts. When I first joined the company and worked out of the NYC office, I saw the original server mounted on a wall with a laudatory plaque like a beloved pet. Over the years, we’ve shared glamor shots of our server racks and info about updating them. For almost our entire 16-year existence, the SRE team has managed a

Topics: cables datacenter machines servers stack
Read More
Shop Amazon

Show HN: A rudimentary game engine to build four dimensional VR evironments

news.ycombinator.com Info Brainpaingames.Com 2026-01-06 00:23:33

Hypershack Hypershack is a standalone, private space designed for tinkering and learning with 4D objects in Virtual Reality. There are some elements designed to help get oriented in the 4d world: there are small particles falling down, i.e. moving towards negative y-axis. The speed they are falling depends on the orientation of the observed 3d space in the 4d world, the closer the 3d space is aligned with y-axis, the faster the particles fall. If you rotate the 3d space to be perpendicular to

Topics: 3d 4d axis hypershack space
Read More
Shop Amazon
Trending Topics
Hot Now
ai 3666 apple 3044 new 2419 google 2036 content 1735
Popular
like 1506 company 1433 pro 1339 iphone 1180 app 1133 zdnet 1116 said 1071 data 1054 does 910 reviews 895
Emerging
editorial 874 amazon 863 game 811 samsung 780 phone 768 pixel 761 android 743 just 724 users 689 available 686
About GoKawiil

GoKawiil is a project by nerdhub.co that curates technology news from trusted sources. We built this site to provide a cleaner, more mobile-friendly experience without intrusive ads or heavy JavaScript.

Privacy

Your privacy matters. GoKawiil doesn't use Google Analytics or Facebook Pixel. The only tracking occurs through affiliate links to Amazon.

Advertising

Interested in advertising? Contact us at [email protected]