New HalluSquatting Attack Could Trick AI Coding Assistants Into Installing Botnet Malware

AI coding assistants have a habit of making things up. Ask one to fetch a popular tool, and it will sometimes hand back a real-sounding name for a project that does not exist.

New research, which its authors call HalluSquatting, turns that habit … Continue reading New HalluSquatting Attack Could Trick AI Coding Assistants Into Installing Botnet Malware

Posted in Uncategorized

Ubiquiti Patches Critical UniFi Flaws Across Connect, Talk, Access, Protect, and OS

Ubiquiti has shipped updates to address multiple critical security flaws impacting UniFi Connect, UniFi Talk, UniFi Access, UniFi Protect, and UniFi OS that could result in privilege escalation and arbitrary command execution.

The list of vulnerabilit… Continue reading Ubiquiti Patches Critical UniFi Flaws Across Connect, Talk, Access, Protect, and OS

Posted in Uncategorized

GitHub ‘Verified’ Commits Can Be Rewritten Into New Hashes Without Breaking Signatures

New research shows that a signed Git commit’s hash is not the one-of-a-kind name that much of the software world assumes it to be. Given any signed commit, someone without the signing key can mint a second commit with the same files, author, and date, … Continue reading GitHub ‘Verified’ Commits Can Be Rewritten Into New Hashes Without Breaking Signatures

Posted in Uncategorized