generates electromagnetic radiation from a device's RAM to send data from air-gapped computers.

The RAMBO attack achieves data transfer rates of up to 1,000 bits per second (bps), equating to 128 bytes per second, or 0.125 KB/s.
Transmissions are limited to a maximum range of 3 meters, with an error rate being 2-4%.

EICAR files in different file formats.

CoPilot can be encouraged to launch HTTP requests on the server side, potentially enabling access to data from other companies.

A server-side request forgery (SSRF) bug in Microsoft's tool for creating custom AI chatbots potentially exposed info across multiple tenants within cloud environments.

Though the research proved inconclusive about the extent that the flaw could be exploited to gain access to sensitive cloud data

The official website can be found on https://www.cedarpolicy.com/en

Cedar is a language for defining permissions as policies, which describe who should have access to what. It is also a specification for evaluating those policies. Use Cedar policies to control what each user of your application is permitted to do and what resources they may access.

It's called Mastodon Stampede: a link shared on an instance gets downloaded by all instances. A DDoS follows for small hostings.

2.9 milliards de personnes. La probabilité est forte que nous soyons impactés.

Les utilisateurs de applications de rencontres ont des risques d'être geolocalisé. Cela est d'autant plus inquiétant car ces applications sont utilisés par des harceleurs.

A great resource to get into them

Oups. Les mots de passes de 15 millions d'utilisateurs sont dans la nature.

Center for Internet Security BenchMarks

Forks are copy of the original repository. As such, leaked credentials remains in the forks.

A deleted repository still has the commit from the original repository and it can access it. Demo on youtube

Example:

They immediately deleted the repository, but since it had been forked, I could still access the commit containing the sensitive data via a fork

Also related to private repositories:

We demonstrate how organizations open-source new tools while maintaining private internal forks, and then show how someone could access commit data from the private internal version via the public one.

How to access the data? By direct access to the commit.

If you know the commit hash you can directly access data that is not intended for you.

AND

Commit hashes can be brute forced through GitHub’s UI, particularly because the git protocol permits the use of short SHA-1 values when referencing a commit.

because there are 65.536 minimal values, and 16.777.216 is a more realistic approach (6 characters per commit).

Also, "deleting a repository or fork does not mean your commit data is actually deleted."

The flaw also exists in other version control system products.

Crates relying on a lot of crates are potential security flaws

La vérification de l'identité en ligne a un impact sur la sécurité des données. Voici un exemple avec AU10TIX.

It can be useful and smart

Scarecrow takes advantage of malicious software checking the environment is safe for them to run, by running in the background of your computer and 'faking' these indicators. It's super lightweight and tricks malware into thinking your computer is not the place for them to be.