GitHub internal repositories breached
A malicious VS Code extension led to cloned private repositories, reportedly offered for sale on a criminal forum Categories: Threat Research Tags: GitHub, Supply chain
Software News – Noindex
Noindex workflow category for imported/news content.
Read More
Internet of Shit: AI Poop Analysis App Offered to Sell Me Database of Its Users’ Poops
A few weeks ago, I came across a wild post on Reddit’s r/DHExchange, a subreddit for trading large datasets: “I hoarded a large database of something valuable, just not what’s [sic] you expect…150k stools images.” The post, made by a user called Ill_Car_7351, was advertising exactly what it sounds like: A database of poop images,…
Software Developers Say AI Is Rotting Their Brains
Tech company executives are confident that AI will completely transform the economy and point to the changes they see in-house to prove that this change is coming fast. At Meta, Google, Microsoft, and others, leadership says that AI generates a growing share of the overall code, which makes it cheaper and faster to produce. The…
Multiple Hackers Warned Anti-Porn App Quittr About Security Issue for Months
At least three people warned Quittr, an app that wants to help men stop masturbating, about serious security issues for months, but the creators of the app didn’t fix them until weeks after 404 Media reached out for comment multiple times. “I emailed the founders and explained the vulnerability. A developer responded, said he was…
The People Left Behind by the Metaverse
When Meta announced its plan to shut down Horizon Worlds last week a lot of us laughed. Social scientist Dr Ruth Diaz was not one of them. Diaz worked for Meta as a VR community design developer in the early days of the Horizon Worlds project and left in 2022. After Meta’s announcement last week,…
NICKEL ALLEY strategy: Fake it ‘til you make it
Victimizing software developers via fake companies, jobs, and code repositories to steal cryptocurrency Categories: Threat Research Tags: NICKEL ALLEY, Contagious Interview, North Korea, clickfix
Viral ‘Quittr’ Porn Addiction App Exposed the Masturbation Habits of Hundreds of Thousands of Users
Quittr, an app that promises to help men stop watching pornography, leaked intimate data on hundreds of thousands of its users, including their masturbation habits, and lied about its security issues, 404 Media can now reveal. I first reported about Quittr exposing user data in January, but was unable to name Quittr in the story…
CBP Tapped Into the Online Advertising Ecosystem To Track Peoples’ Movements
Customs and Border Protection (CBP) bought data from the online advertising ecosystem to track peoples’ precise movements over time, in a process that often involves siphoning data from ordinary apps like video games, dating services, and fitness trackers, according to an internal Department of Homeland Security (DHS) document obtained by 404 Media. The document shows…
This App Warns You if Someone Is Wearing Smart Glasses Nearby
A new hobbyist developed app warns if people nearby may be wearing smart glasses, such as Meta’s Ray-Ban glasses, which stalkers and harassers have repeatedly used to film people without their knowledge or consent. The app scans for smart glasses’ distinctive Bluetooth signatures and sends a push alert if it detects a potential pair of…
Underground Facial Recognition Tool Unmasks Camgirls
An underground site uses facial recognition to reveal the site a camgirl streams on, potentially letting someone take a woman’s photo from social media, then use the site to out their sex work. The site presents a serious privacy risk to sex workers, some who may not want stalkers, harassers, or employers to discover their…