When I use Channel4(UK) app, whenever a McDonald's advert comes on, the app will freeze on an image while subtitles and sound usually carry on -- causing me to need to close the app.

I call this the Channel4 "Google Play Services, Adobe, Location Tracking, Malicious Code" glitch. 👍

#Google #Android #Adobe #LocationTracking #MaliciousCode #Channel4UK #SpyCops

Un hacker ha inserito codice malevolo nella estensione Amazon Q per Visual Studio Code, progettata per assistere programmatori con AI generativa. Il codice, seppur difettoso e non dannoso, mirava a cancellare dati di sistema. Amazon ha rimosso la versione compromessa e invitato gli utenti ad aggiornare all’ultima release sicura.

https://www.bleepingcomputer.com/news/security/amazon-ai-coding-agent-hacked-to-inject-data-wiping-commands/

#amazonavscode #hackerattack #maliciouscode #cybersecurity #softwareupdate

Ubuntu Security Flaw Lets Attackers Bypass Full Disk Encryption
#OMGUbuntu article: https://www.omgubuntu.co.uk/2025/07/ubuntu-security-initramfs-bypass-encryption

“Not all #Linux distributions are affected, such as #OpenSUSE_Tumbleweed.”

“#Attackers with physical access to a Linux system can access a debug shell simply by entering the wrong #decryption #password several times in a row. On Ubuntu, they hit esc at the password prompt, punch in a few key combos and debug shell appears.
They can mount a USB drive with tools that let them modify the #initramfs (Initial RAM Filesystem – a temporary system run during boot to prep the main OS) to inject #maliciouscode, and then repack it – without tripping any #security flags.
Then, the next time the owner boots up their #laptop and enters their correct password, the code runs with elevated privileges to do whatever the #attacker wants.”

“Impactful though this exploit could be in the wild, there is no reason for most #Ubuntu users to be concerned about it.
This #vulnerability is what the security industry refer to as an '#evilmaidattack': it requires physical access to a #device to pull off.”

“Finally, protecting against this #vulnerability is easy. Users can simply tweak their system #kernel so that the #computer #reboots on failed password attempts, instead of providing a #debug shell.”

Enhancing Security in VSCode Extensions: Addressing the Threat of Malicious Code

https://thedefendopsdiaries.com/enhancing-security-in-vscode-extensions-addressing-the-threat-of-malicious-code/

#vscode
#maliciouscode
#ransomware
#cybersecurity
#softwaresecurity

Someone copied our GitHub project, added stars, and injected malicious code

https://old.reddit.com/r/golang/comments/1jbzuot/someone_copied_our_github_project_made_it_look/

#HackerNews #GitHub #Security #CodeInjection #MaliciousCode #OpenSource #Community

#Development #Explainers
Trojaned clipboard · How attackers try to abuse your clipboard https://ilo.im/15z3gs

_____
#Security #Malware #MaliciousCode #Code #Clipboard #Browser #Website #WebDev #Frontend #Backend

Article about XZ: As for which nation, Raiu names the usual suspects: China, Russia, North Korea. He says it’s still too early to know the true culprit.

Why is it never: United States of America. Because I can assure you, they are quite the player when it comes to building backdoors and other infiltration tech. Somehow they're always kept from the list.

Maybe they were less in need of it though, since they already have their ways by official means

#XZ #hack #maliciouscode #cybersecurity

Hunting for malicious code: The dangers of WASP stealing

https://medium.com/checkmarx-security/hunting-for-malicious-code-the-dangers-of-wasp-stealer-e0d073913623

#malware #maliciouscode #threatintel #threathunting