Feed aggregator

Article URL: https://snapdemo.io/

Comments URL: https://news.ycombinator.com/item?id=44061510

Points: 6

# Comments: 1

Article URL: https://www.theregister.com/2025/05/22/freelance_coders_ai_work/

Comments URL: https://news.ycombinator.com/item?id=44061508

Points: 2

# Comments: 0

Article URL: https://github.com/richardsondx/checkmate

Comments URL: https://news.ycombinator.com/item?id=44061482

Points: 1

# Comments: 1

Article URL: https://datascienceweekly.substack.com/p/data-science-weekly-issue-600

Comments URL: https://news.ycombinator.com/item?id=44061467

Points: 2

# Comments: 0

Article URL: https://www.ign.com/articles/the-big-shigeru-miyamoto-interview-i-see-nintendo-as-like-a-talent-agency-and-we-have-within-our-roster-a-lot-of-talented-characters

Comments URL: https://news.ycombinator.com/item?id=44061446

Points: 1

# Comments: 0

Comments URL: https://news.ycombinator.com/item?id=44061423

Points: 1

# Comments: 1

Article URL: https://www.nybooks.com/articles/2025/06/12/arms-race-in-ukraine-tim-judah/

Comments URL: https://news.ycombinator.com/item?id=44061420

Points: 1

# Comments: 1

Article URL: https://www.science.org/content/article/bird-feeders-have-caused-dramatic-evolution-california-hummingbirds

Comments URL: https://news.ycombinator.com/item?id=44061419

Points: 3

# Comments: 0

The US Department of Justice (DOJ) and Microsoft have disrupted the infrastructure of the Lumma information stealer (infostealer).

Lumma Stealer, also known as LummaC or LummaC2, first emerged in late 2022 and quickly established itself as one of the most prolific infostealers. Infostealers is the name we use for a group of malware that collects sensitive information from infected devices and sends the data to an operator. Depending on the type of infostealer and the goals of the operator, infostealers can be interested in taking anything from usernames and passwords to credit card details, and cryptocurrency wallets.

Lumma operates under a malware-as-a-service (MaaS) model, meaning its creators sell access to the malware on underground marketplaces and platforms like Telegram. This model allows hundreds of cybercriminals worldwide to deploy Lumma for their own malicious campaigns.

What makes Lumma particularly dangerous is its wide range of targets and its evolving sophistication. It doesn’t just grab browser-stored passwords or cookies. It’s also capable of extracting autofill data, email credentials, FTP client data, and even two-factor authentication tokens and backup codes, which enables attackers to bypass additional security layers.

As Matthew R. Galeotti, head of the Justice Department’s Criminal Division put it:

“Malware like LummaC2 is deployed to steal sensitive information such as user login credentials from millions of victims in order to facilitate a host of crimes, including fraudulent bank transfers and cryptocurrency theft.”

Over the last few months alone, Microsoft identified over 394,000 Windows computers infected with Lumma worldwide. The FBI estimates that Lumma has been involved in around 10 million infections globally.

Using a court order from the US District Court for the Northern District of Georgia, Microsoft’s DCU seized and facilitated a takedown, suspension, and blocking of approximately 2,300 malicious domains that were part of the infostealer’s backbone.

Most of the seized domains served as user panels, where Lumma customers are able to access and deploy the infostealer, so this will stop the criminals from being able to to access Lumma in order to compromise computers and steal victim information.

Government agencies and researchers sometimes alter DNS addresses to lead the traffic to their own servers (called sinkholes). By redirecting the seized domains to Microsoft-controlled sinkholes, investigators can now monitor ongoing attacks and provide intelligence to help defend against similar threats in the future. This takedown slows down cybercriminals, disrupts their revenue streams, and buys time and knowledge for defenders to strengthen security.

How to protect yourself

Even with the Lumma infrastructure disrupted, the threat of information stealers remains very real and evolving. Here are some practical steps to reduce your risk:

• Use strong, unique passwords for every account and consider a reputable password manager to keep track of them.
• Enable multi-factor authentication (MFA) wherever possible. Although Lumma tries to bypass 2FA, having it still adds a crucial layer of defense.
• Be cautious with emails and downloads. Lumma often spreads through phishing emails and malicious downloads, sometimes disguised as legitimate CAPTCHAs or antivirus software.
• Keep your software and operating system updated to patch vulnerabilities that malware can exploit.
• Regularly monitor your financial and online accounts for suspicious activity.
• Educate yourself about phishing and social engineering tactics to avoid falling victim to trickery.
• Use an up-to-date real-time anti-malware solution to block install attempts and detect active information stealers.

By understanding how threats like Lumma operate and by taking the necessary steps to protect ourselves, we can reduce the risk of falling prey to these invisible thieves.

You can use Malwarebytes’ free Digital Footprint Portal to see if any of your data has been stolen by a Lumma infostealer. We have many millions of stolen records stemming from Lumma stealers that are being traded on the Dark Web in our database.

SCAN NOW

We don’t just report on threats – we help safeguard your entire digital identity

Cybersecurity risks should never spread beyond a headline. Protect your—and your family’s—personal information by using identity protection.

Although there aren't many ISPs in Arlington, fast internet speeds are available for customers.

Marlboro-Chesterfield Pathology has been targeted by the SafePay ransomware group, which stole personal information from its systems.

The post Marlboro-Chesterfield Pathology Data Breach Impacts 235,000 People appeared first on SecurityWeek.

Commentary: I had to see it to truly believe it.

Commentary: Netflix's Untold documentary series has covered some wild stuff.

Commvault is monitoring cyber threat activity targeting their applications hosted in their Microsoft Azure cloud environment. Threat actors may have accessed client secrets for Commvault’s (Metallic) Microsoft 365 (M365) backup software-as-a-service (SaaS) solution, hosted in Azure. This provided the threat actors with unauthorized access to Commvault’s customers’ M365 environments that have application secrets stored by Commvault.

See the following resource for more information: Notice: Security Advisory (Update).

CISA believes the threat activity may be part of a larger campaign targeting various SaaS companies’ cloud applications with default configurations and elevated permissions.

CISA urges users and administrators to review the following mitigations and apply necessary patches and updates for all systems:

1. Monitor Entra audit logs for unauthorized modifications or additions of credentials to service principals initiated by Commvault applications/service principals.
   1. Handle deviations from regular login schedules as suspicious.
   2. For more information, see NSA and CISA’s Identity Management guidance, as well as CISA’s guidance on Identity, Credential, and Access Management (ICAM) Reference Architecture.
2. Review Microsoft logs (Entra audit, Entra sign-in, unified audit logs) and conduct internal threat hunting in alignment with documented organizational incident response polices.
3. (Applies to single tenant apps only) Implement a conditional access policy that limits authentication of an application service principal to an approved IP address that is listed within Commvault’s allowlisted range of IP addresses.
   1. Note: A Microsoft Entra Workload ID Premium License is required to apply conditional access policies to an application service principal and is available to customers at an additional cost.[1]
4. For certain Commvault customers, rotate their application secrets, rotate those credentials on Commvault Metallic applications and service principles available between February and May 2025.[2] Note: This mitigation only applies to a limited number of customers who themselves have control over Commvault’s application secrets.
   1. Customers who have the ability to, if applicable, should establish a policy to regularly rotate credentials at least every 30 days.
5. Review the list of Application Registrations and Service Principals in Entra with administrative consent for higher privileges than the business need.
6. Implement general M365 security recommendations outlined in CISA’s Secure Cloud Business Applications (SCuBA) Project.

Precautionary Recommendations for On-premises Software Versions

1. Where technically feasible, restrict access to Commvault management interfaces to trusted networks and administrative systems.
2. Detect and block path-traversal attempts and suspicious file uploads by deploying a Web Application Firewall and removing external access to Commvault applications [CSA-250502].
3. Apply the patches provided [3] and follow these best practices [4].
   1. Especially monitor activity from unexpected directories, particularly web-accessible paths.

CISA added CVE-2025-3928 to the Known Exploited Vulnerabilities Catalog and is continuing to investigate the malicious activity in collaboration with partner organizations.

References

[1] Workload identities - Microsoft Entra Workload ID | Microsoft Learn

[2] Change a Client Secret for the Azure App for OneDrive for Business

[3] CV_2025_03_1: Critical Webserver Vulnerability

[4] Best Practice Guide: Enhancing Security with Conditional Access and Sign-In Monitoring

Additional Resources

• Get servicePrincipal – Microsoft Graph v1.0 | Microsoft Learn
• Updated Best Practices in Security for Azure Apps Configuration to Protect M365, D365 or EntraID Workload | Commvault

Organizations should report incidents and anomalous activity to CISA’s 24/7 Operations Center at Report@cisa.gov or (888) 282-0870.

CISA has added one new vulnerability to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. 

• CVE-2025-4632 Samsung MagicINFO 9 Server Path Traversal Vulnerability 

These types of vulnerabilities are frequent attack vectors for malicious cyber actors and pose significant risks to the federal enterprise. 

Binding Operational Directive (BOD) 22-01: Reducing the Significant Risk of Known Exploited Vulnerabilities established the Known Exploited Vulnerabilities Catalog as a living list of known Common Vulnerabilities and Exposures (CVEs) that carry significant risk to the federal enterprise. BOD 22-01 requires Federal Civilian Executive Branch (FCEB) agencies to remediate identified vulnerabilities by the due date to protect FCEB networks against active threats. See the BOD 22-01 Fact Sheet for more information. 

Although BOD 22-01 only applies to FCEB agencies, CISA strongly urges all organizations to reduce their exposure to cyberattacks by prioritizing timely remediation of Catalog vulnerabilities as part of their vulnerability management practice. CISA will continue to add vulnerabilities to the catalog that meet the specified criteria. 

CISA released two Industrial Control Systems (ICS) advisories on May 22, 2025. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS.

• ICSA-25-142-01 Lantronix Device Installer
• ICSA-25-142-02 Rockwell Automation FactoryTalk Historian ThingWorx

CISA encourages users and administrators to review newly released ICS advisories for technical details and mitigations.

Today, CISA, the National Security Agency, the Federal Bureau of Investigation, and international partners released a joint Cybersecurity Information Sheet on AI Data Security: Best Practices for Securing Data Used to Train & Operate AI Systems. 

This information sheet highlights the critical role of data security in ensuring the accuracy, integrity, and trustworthiness of AI outcomes. It outlines key risks that may arise from data security and integrity issues across all phases of the AI lifecycle, from development and testing to deployment and operation. 

Defense Industrial Bases, National Security Systems owners, federal agencies, and Critical Infrastructure owners and operators are encouraged to review this information sheet and implement the recommended best practices and mitigation strategies to protect sensitive, proprietary, and mission critical data in AI-enabled and machine learning systems. These include adopting robust data protection measures; proactively managing risks; and strengthening monitoring, threat detection, and network defense capabilities. 

As AI systems become more integrated into essential operations, organizations must remain vigilant and take deliberate steps to secure the data that powers them. For more information on securing AI data, see CISA’s Artificial Intelligence webpage. 

Check out these must-have weather apps before you step out the door to help you figure out how to dress, whether or not to bring an umbrella or if it's an ideal time to go running.

I built https://aboutmepro.com — a simple tool to create profile bios.

The idea came as a byproduct while I was experimenting with faster ways to build software using large language models (LLMs). My process focused on:

Writing clear, simple rules to guide development

Using structured prompts to communicate with AI models

Creating lightweight product docs (PRDs) to outline features

Breaking work down into small, focused tasks to move faster

For AI support, I switched between two advanced models — Gemini 2.5 Pro and Claude 3.7 Sonnet — which helped me plan, write code, and even generate seeding data like categories and tools.

The UI draws inspiration from V0 (for fast layout), Cursor (an AI-powered code editor I use daily), and Replit — where I host the app on their Core plan. Replit lets me build, test, and deploy quickly without worrying about infrastructure. The only real cost was buying the domain (I already had a Cursor subscription).

I also applied SEO best practices like sitemap.xml, robots.txt, and static site generation to make pages fast and easy to find.

You can try it here: https://aboutmepro.com

Would love feedback.

Any other tips/tricks that you use to speed up your dev work?

Comments URL: https://news.ycombinator.com/item?id=44061117

Points: 1

# Comments: 0

Article URL: https://www.oneusefulthing.org/p/making-ai-work-leadership-lab-and

Comments URL: https://news.ycombinator.com/item?id=44061093

Points: 1

# Comments: 0