Just updated #Firefox to version 151.0.1 and it looks like #bug 2032822 might is gone ( https://bugzilla.mozilla.org/show_bug.cgi?id=2032822 ). Should apparently be fixed as well in >= 152.

#Firefox #Mozilla #developers - a big #thankyou for all your hard work.

FYI: this bug is about #Firefox menus disappearing / not showing after a monitor turns off, on #Wayland (in my case via #sway ).

SEO poisoning campaign leverages Gemini and Claude Code impersonation to deliver infostealer

Financially motivated eCrime actors are conducting an ongoing infostealer campaign targeting software developers through SEO poisoning techniques. The operation impersonates AI platforms including Gemini CLI and Claude Code, as well as developer tools like Node.js, Chocolatey, and KeePassXC. Attackers position fake domains above legitimate search results, directing victims to malicious installation pages that deliver fileless PowerShell-based infostealer malware. The malware executes entirely in memory, disables Windows Defender telemetry by patching ETW and AMSI, and harvests credentials from browsers, collaboration platforms, VPN clients, and cloud storage. Stolen data includes OAuth tokens, CI/CD credentials, and corporate VPN details, providing direct enterprise network access. The campaign leverages bulletproof hosting infrastructure and over 30 typosquatted domains registered between March and April 2026, primarily targeting users in the United States and United Kingdom.

Pulse ID: 6a0f06681c6ea37a99ec7d21
Pulse Link: https://otx.alienvault.com/pulse/6a0f06681c6ea37a99ec7d21
Pulse Author: AlienVault
Created: 2026-05-21 13:19:36

Be advised, this data is unverified and should be considered preliminary. Always do further verification.

#Browser #Cloud #CyberSecurity #InfoSec #InfoStealer #Malware #Nodejs #OTX #OpenThreatExchange #PowerShell #RAT #SEOPoisoning #UnitedKingdom #UnitedStates #VPN #Windows #bot #developers #AlienVault

AI's getting smarter, but can it *really* build your next project? 🤔 We dive into why developers are still essential – even with AI co-pilots. It's about more than just code! Check out the new video. 💻 #AICopilot #TechStack #Developers

https://www.youtube.com/watch?v=W6aZrfXqNc8

24 hours until the CfP for "API World 2026" closes: https://sessionize.com/api-world-2026/

#cfp #conference #api #data #general #developers #coding #ai #engineering #machine learning #innovation

24 hours until the CfP for "AI TechWorld 2026" closes: https://sessionize.com/ai-techworld-2026/

#cfp #conference #developers #coding #ai #engineering #machine learning

Popular Go Decimal Library Targeted by Long-Running Typosquat with DNS Backdoor

A long-running typosquatting campaign impersonated the widely used shopspring/decimal Go library by publishing github.com/shopsprint/decimal, differing by a single character. Active since November 2017, the package remained benign through seven releases until being weaponized in August 2023 with version v1.3.3. This version introduced a malicious init() function that executes automatically on import, establishing a DNS TXT record-based command and control channel to dnslog-cdn-images.freemyip.com. The backdoor polls every five minutes and executes arbitrary commands returned via TXT records. Although the GitHub repository and owner account have been deleted, the malicious module remains permanently cached and accessible through Go's module proxy system, continuing to pose a supply chain risk to developers who mistype the package name.

Pulse ID: 6a0d278a6320921cb57f8b69
Pulse Link: https://otx.alienvault.com/pulse/6a0d278a6320921cb57f8b69
Pulse Author: AlienVault
Created: 2026-05-20 03:16:26

Be advised, this data is unverified and should be considered preliminary. Always do further verification.

#BackDoor #CDN #CyberSecurity #DNS #GitHub #InfoSec #OTX #OpenThreatExchange #Proxy #SupplyChain #TypoSquatting #bot #developers #AlienVault

9 Year-Old PHP Vulnerability Keeps Swinging As One of the Most Targeted Vulnerabilities

CVE-2017-9841, a remote code execution vulnerability in PHPUnit's eval-stdin.php file, remains highly exploited nearly a decade after disclosure. Analysis reveals over 80,000 exploitation attempts detected in 30 days, with 36,500 hits in the last 10 days alone. The vulnerability affects PHPUnit versions prior to 4.8.28 and 5.x before 5.6.3, allowing attackers to execute arbitrary PHP code via POST requests without authentication. Mass-scanning infrastructure targets dozens of framework-specific paths across Laravel, Drupal, Yii, and WordPress installations. Primary attack sources include compromised infrastructure in the UK and US, delivering webshells and botnet payloads. Multiple botnets including RondoDox, Kinsing, KashmirBlack, Sysrv, and Androxgh0st actively exploit this vulnerability. The persistent exploitation stems from developers failing to exclude development dependencies in production environments and exposing vendor directories to web servers.

Pulse ID: 6a0ca36a3571d3fbd4cd92bc
Pulse Link: https://otx.alienvault.com/pulse/6a0ca36a3571d3fbd4cd92bc
Pulse Author: AlienVault
Created: 2026-05-19 17:52:42

Be advised, this data is unverified and should be considered preliminary. Always do further verification.

#AndroxGh0st #CyberSecurity #InfoSec #Kinsing #OTX #OpenThreatExchange #PHP #RCE #RDP #RemoteCodeExecution #UK #Vulnerability #Word #Wordpress #bot #botnet #developers #AlienVault

It's a vibe 😎

#SoftwareEngineering #Developers #Memes