Ontdek 3 geheime tips die je leven voorgoed veranderen! Benieuwd naar meer? Check de link! [link] #Levensveranderend #Tips 
https://itinsights.nl/het-laatste-it-nieuws/deze-3-geheime-tips-zullen-je-leven-voorgoed-veranderen/

What's New in Swift 6.2?

https://www.hackingwithswift.com/articles/277/whats-new-in-swift-6-2

#HackerNews #Swift6.2 #SwiftUpdates #Programming #News #Coding #Tips #HackingWithSwift

The core #BAML principle: LLM Prompts are functions https://docs.boundaryml.com/home #ai #agents #devops #tips

Ontdek hoe je jouw social media posts naar een hoger niveau tilt met deze simpele truc! #SocialMedia #Tips 
https://itinsights.nl/het-laatste-it-nieuws/je-bericht-lijkt-onvolledig-te-zijn-kunt-u-de-volledige-opdracht-of-het-onderwerp-specificeren-waarover-de-clickbait-titel-moet-gaan/

What happens when a single Go module can wipe your entire Linux system?

Researchers have uncovered three malicious Go packages that, once installed, can render a Linux machine completely unbootable. These modules—`prototransform`, `go-mcp`, and `tlsproxy`—were hosted on GitHub and disguised as legitimate open-source tools. What sets them apart isn’t just the malware, but how it’s delivered: hidden in obfuscated code that quietly checks if the OS is Linux, then downloads a shell script using `wget`. That script doesn’t just corrupt the system—it zeroes out `/dev/sda`, the primary disk, erasing all data beyond recovery.

These aren't isolated incidents. A parallel wave of threats has hit JavaScript and Python ecosystems too. Several npm packages—such as `crypto-encrypt-ts` and `userbridge-paypal`—were found stealing cryptocurrency wallet seed phrases and exfiltrating private keys. Meanwhile, other PyPI packages like `web3x` and `herewalletbot` targeted similar data and have already been downloaded over 6,800 times.

More concerning, another group of seven PyPI packages communicated through Gmail’s SMTP servers and WebSockets to exfiltrate data and enable remote command execution. Using hardcoded Gmail credentials, they sent success notifications back to attackers and opened persistent channels for control. Since Gmail traffic often bypasses scrutiny from corporate firewalls and endpoint protection systems, these packages operated with minimal detection.

The recurring theme here is trust—developers importing open-source packages assume some degree of safety if a library has been around or appears well-maintained. But attackers are exploiting that assumption, embedding silent functionality behind familiar names and benign-looking codebases.

Defensive practices matter. Teams should scrutinize dependency trees, validate GitHub sources, monitor for unusual outbound connections—including SMTP—and treat every third-party library as a potential threat vector, regardless of its age or download count. Ignoring this risk is no longer viable.

#Infosec #Cybersecurity #Software #Technology #News #CTF #Cybersecuritycareer #hacking #redteam #blueteam #purpleteam #tips #opensource #cloudsecurity

—
P.S. Found this helpful? Tap Follow for more cybersecurity tips and insights! I share weekly content for professionals and people who want to get into cyber. Happy hacking

I built a Corsi-Rosenthal Box! Here are my tips on building a Corsi-Rosenthal Box air cleaner for an airborne pandemic like COVID-19.

https://www.conferencesthatwork.com/index.php/resources-2/2022/05/tips-on-building-a-corsi-rosenthal-box-for-an-airborne-pandemic

You can’t Git clone a team

｢ We’re talking about skills that span kernel-level programming, hardware quirks, low-level debugging, distributed systems, security, orchestration logic, even the capability to work with the UI/UX team... and the ability to explain all that without scaring interns. You can’t just hire for that. You have to grow it. Nurture it. Beg for it. Or in some cases, resurrect it ｣

https://virtualize.sh/blog/you-cant-git-clone-a-team/

My quest to make motorcycle riding that tad bit safer

https://gill.net.in/posts/my-quest-to-make-motorcycle-riding-safer/

Don’t let bad links ruin your game night.
Choose tested VIPLeague alternatives and secure your connection with a reliable VPN.

https://turisvpn.com/blog/vipleague-stream-alternative/

Old Vumoo links not working anymore?
We’ve got you covered with 15+ legal, free alternatives—and a VPN guide to go with it.

https://turisvpn.com/blog/vumoo-alternatives/

How does a cyber threat group evolve from imitation to innovation?

An espionage-focused hacking group with links to Pakistan, identified as SideCopy—a sub-group within APT36 (Transparent Tribe)—has expanded its operations in India with a more refined toolkit and a broader victim profile. According to SEQRITE, their recent campaigns have moved beyond traditional targets like defense or maritime sectors to now include Indian ministries responsible for railways, oil and gas, and external affairs.

This shift is not just in targets but also tactics. The group has stopped relying on HTA files and now uses Microsoft Installer (MSI) packages for initial malware delivery. This change likely reflects an attempt to bypass growing detection rates associated with older techniques. These MSI files are often disguised as legitimate documents—like holiday schedules or security guidelines—and delivered via phishing emails.

Technically, the group relies on a mix of open-source remote access trojans (RATs) like Spark RAT and Xeno RAT, which have been modified to serve specific campaign needs. Spark RAT is cross-platform, while Xeno RAT has been customized using basic obfuscation methods. A key highlight is the emergence of CurlBack RAT, a previously undocumented Windows-based tool with advanced capabilities: system reconnaissance, command execution, file downloads, privilege escalation, and user enumeration.

SideCopy makes use of multiple post-exploitation methods including DLL side-loading, reflective payload loading, and AES-encrypted PowerShell scripts. They're also drawing from other known tools—borrowing features such as browser data theft from AsyncRAT, and using Cheex to extract images and documents.

Overall, the group’s progression reflects a maturing operation that integrates reused code, custom malware, and targeted social engineering to conduct surveillance and data theft at scale.

#Infosec #Cybersecurity #Software #Technology #News #CTF #Cybersecuritycareer #hacking #redteam #blueteam #purpleteam #tips #opensource #cloudsecurity

—
P.S. Found this helpful? Tap Follow for more cybersecurity tips and insights! I share weekly content for professionals and people who want to get into cyber. Happy hacking

When your internet is down or broken, ask your neighbor for a password and use your old mobile phone as a wifi extender. #thetimeswelivein
#wifi #internet #hacks #tips

Snel je scooterrijbewijs halen? Let op waar je boekt!

Op sommige websites kun je een examenpakket kopen met slagingsgarantie. De verkoper boekt dan voor jou praktijklessen en het examen in. Helaas is dit niet altijd betrouwbaar.
Soms moet je erg lang wachten op het examen of is de locatie ver weg. Wil je dan toch sneller of dichterbij? Dan moet je ineens bijbetalen. Of je moet ineens bijbetalen voor het examen.

Trap hier niet in. Check de website en reviews goed!

Simple Tip To Save Process on Your Windows Computer (Optimize PC) https://www.youtube.com/watch?v=qRbpYl7udA8 #Windows #Computer #Performance #Optimize #Tips

Tip 85 of #TuesdayCodingTips - Incomplete types and name demangling

While writing type-safe APIs, a "tag" type is often useful. It is nothing more than a forward declaration of a type that will never be fully defined, just for the sake of creating a template with a unique type.

Even without reflection, type-driven APIs can provide an opportunity to auto-generate (de)serialization code using typeid::name() utility. With two caveats:

You can't get the type info of an incomplete type
Unlike MSVC, both GCC and Clang will output mangled names
Luckily, both have a solution. While you can't get type info of an incomplete type, getting info of a pointer to an incomplete type is valid. You can trim the trailing star from the name. As for demangling, you can use the related ABI function (internally used by the c++filt tool).

Just remember to free your buffers, as said ABI function is written in a C-compatible way.

https://linktr.ee/anselmcarson56
https://linktr.ee/apataoluwatoyin00

New Open-Source Tool Spotlight

DefectDojo consolidates DevSecOps workflows with ASPM and vulnerability management into one tool. It supports deduplication, end-to-end testing, and analysis—all Docker-deployable. Highly maintained with 4k stars on GitHub. #AppSec #DevSecOps

Project link on #GitHub https://github.com/DefectDojo/django-DefectDojo

#Infosec #Cybersecurity #Software #Technology #News #CTF #Cybersecuritycareer #hacking #redteam #blueteam #purpleteam #tips #opensource #cloudsecurity

—
P.S. Found this helpful? Tap Follow for more cybersecurity tips and insights! I share weekly content for professionals and people who want to get into cyber. Happy hacking

Got a smart TV or Android box? Turn it into an F1 streaming beast using this
simple VPN method.

https://turisvpn.com/blog/how-to-watch-f1-in-singapore-for-free/

If 1MoviesHD is not working for you, it’s time to explore new options. Here are 10 great alternatives that let you stream movies and TV shows with no issues or annoying ads. Say goodbye to interruptions!

https://turisvpn.com/blog/1movieshd-not-working/

Your UI should be like a good waiter

there when needed, invisible when not.