Feed aggregator

Enjoy greater peace of mind while your little one sleeps with the best baby monitor for your family.

Nearly a dozen crypto packages on NPM, including one published 9 years ago, have been hijacked to deliver infostealers.

The post 9-Year-Old NPM Crypto Package Hijacked for Information Theft appeared first on SecurityWeek.

Article URL: https://www.seriouseats.com/the-physiology-of-foie-why-foie-gras-is-not-u

Comments URL: https://news.ycombinator.com/item?id=43504556

Points: 3

# Comments: 1

Article URL: https://arxiv.org/abs/1806.08790

Comments URL: https://news.ycombinator.com/item?id=43504546

Points: 1

# Comments: 0

Anyone knows of a way to generate assets or blueprints for common cases using an LLM for unreal engine 5.5. An example prompt would be like submitting an image of union station new york and generating a 3d asset for the entire building or a prompt like "Create a third person player. Put a switch on the wall. When the character flips the switch, turn ON the light if it is turned OFF and vice versa" and this prompt generates the necessary blueprint

Comments URL: https://news.ycombinator.com/item?id=43504535

Points: 1

# Comments: 2

Hi everyone, I'm Chris, the developer of Reconquer Online (https://alpha.reconquer.online/). Today, I'm excited to share Reconquer Engine

https://github.com/ReconquerOnline/reconquer-engine.

Reconquer Engine provides all the necessary logic and game assets to build an OSRS-style MMORPG using Javascript. Upon building and running it for the first time, you'll have a fully functional MMORPG. It utilizes gltf-Transform for asset processing, a Node.js server with Express and Socket.io, and WebGL/three.js for browser-based graphics. Simple example implementations for the database, authentication, and payments are included, but you are encouraged to integrate your own systems. The game and engine are developed purely in Javascript (99.9% JS, 0.1% HTML, 0% CSS) including the asset exporter, server, and client.

My Development Workflow:

1. Blender: I create, texture, and animate 3d models.

2. JSON Configuration: For each asset, I define its type and properties in a JSON config file (e.g., inventory item, scenery).

3. Custom Exporter: A JavaScript tool I built iterates through these config files and generates optimized assets for both the client and server.

4. Compilation & Server Start: I compile the frontend Javascript and launch the Node.js server.

Licensing:

Reconquer Engine is released under a license similar to Unreal Engine's: free for non-commercial and small commercial use, with a royalty for larger commercial ventures.

Limitations:

There is very little documentation, although the code and structure itself is designed to be as simple as possible. I think the codebase can be learned fairly quickly through inspection or with an LLM helper.

Future Plans:

* I'm working on creating a comprehensive tutorial to help others get started.

* I plan to further improve the tooling, with the potential goal of creating a browser-based MMORPG maker.

* I'm also exploring the development of an AI agent to very easily create new content.

Please try it out! It's very easy to get up and running. Also, I plan on posting a tutorial on my Youtube channel (https://www.youtube.com/channel/UCEqXVu4orzl7nnkwJZ72AOg)

Thank you for checking it out!

Best,

Chris @ Reconquer Games

Comments URL: https://news.ycombinator.com/item?id=43504525

Points: 3

# Comments: 0

These crucial shopping tips will help you spend wisely, whether you want an iPhone or Android phone.

Commentary: I want to see improvements to Apple Intelligence and Siri at WWDC 25 -- and recent rumors make me think Apple wants to level up Siri's visual smarts.

Palo Alto, USA, 28th March 2025, CyberNewsWire

The post SquareX Discloses Browser-Native Ransomware that Puts Millions at Risk appeared first on The Security Ledger with Paul F. Roberts.

When it comes to whatever Nintendo might announce next week, expect the unexpected.

Two new free line offers coincide with a recent cost increase.

CISA has published a Malware Analysis Report (MAR) with analysis and associated detection signatures on a new malware variant CISA has identified as RESURGE. RESURGE contains capabilities of the SPAWNCHIMERA[1] malware variant, including surviving reboots; however, RESURGE contains distinctive commands that alter its behavior. These commands: 

• Create a web shell, manipulate integrity checks, and modify files. 

• Enable the use of web shells for credential harvesting, account creation, password resets, and escalating permissions. 

• Copy the web shell to the Ivanti running boot disk and manipulate the running coreboot image. 

RESURGE is associated with the exploitation of CVE-2025-0282 in Ivanti Connect Secure appliances. CVE-2025-0282 is a stack-based buffer overflow vulnerability in Ivanti Connect Secure, Policy Secure, and ZTA Gateways. CISA added CVE-2025-0282 to its Known Exploited Vulnerabilities Catalog on January 8, 2025.  

For more information on the abovementioned malware variants and YARA rules for detection, see: MAR-25993211.R1.V1.CLEAR.

For a downloadable copy of the SIGMA rule associated with this MAR, see: AR25-087A SIGMA YAML.

CISA urges users and administrators to implement the following actions in addition to the Mitigation Instructions for CVE-2025-0282: 

• For the highest level of confidence, conduct a factory reset.
  • For Cloud and Virtual systems, conduct a factory reset using an external known clean image of the device. 

• See Ivanti’s Recommended Recovery Steps for more information, including how to conduct a factory reset. 

• Reset credentials of privileged and non-privileged accounts.  

• Reset passwords for all domain users and all local accounts, such as Guest, HelpAssistant, DefaultAccount, System, Administrator, and krbtgt. The krbtgt account is responsible for handling Kerberos ticket requests as well as encrypting and signing them. The krbtgt account should be reset twice because the account has a two-password history. The first account reset for the krbtgt needs to be allowed to replicate prior to the second reset to avoid any issues. See CISA’s Eviction Guidance for Networks Affected by the SolarWinds and Active Directory/M365 Compromise for more information. Although tailored to Federal Civilian Executive Branch (FCEB) agencies compromised in the 2020 SolarWinds Orion supply chain compromise, the steps are applicable to organizations with Windows AD compromise. 

• Review access policies to temporarily revoke privileges/access for affected devices. If it is necessary to not alert the attacker (e.g., for intelligence purposes), then privileges can be reduced for affected accounts/devices to “contain” them. 

• Reset the relevant account credentials or access keys if the investigation finds the threat actor’s access is limited to non-elevated permissions. 

• Monitor related accounts, especially administrative accounts, for any further signs of unauthorized access. 

Organizations should report incidents and anomalous activity related to information found in the malware analysis report to CISA’s 24/7 Operations Center at Report@cisa.gov or (888) 282-0870. Malware submissions can be made directly to Malware Nextgen at https://malware.cisa.gov. 

See the following resources for more guidance: 

• Ivanti: Security Advisory Ivanti Connect Secure, Policy Secure & ZTA Gateways (CVE-2025-0282, CVE-2025-0283) 

Noteworthy stories that might have slipped under the radar: Key members of Hellcat ransomware group identified, controversy around CrushFTP flaw CVE, NYU website hacked and defaced.

The post In Other News: Hellcat Hackers Unmasked, CrushFTP Bug Controversy, NYU Hacked appeared first on SecurityWeek.

Article URL: https://every.to/napkin-math/analyzing-the-fastest-growing-software-category-i-ve-ever-seen

Comments URL: https://news.ycombinator.com/item?id=43504238

Points: 1

# Comments: 0

Article URL: https://www.gain.pro/investor-reports/top-100-us-pe-investors-2025

Comments URL: https://news.ycombinator.com/item?id=43504198

Points: 1

# Comments: 1

I built a gratitude journaling app that implements CBT techniques to help users develop a daily mindfulness practice. Research shows that consistent gratitude practice can significantly improve mental wellbeing, and I wanted to create a tool that makes this accessible.

The app focuses on these core principles:

- Privacy: All data stays on your device with an offline-first approach - Simplicity: Clean interface optimized for quick daily entries - Consistency: Streak tracking and gentle notifications to build a habit - Organization: Category system to identify patterns in what brings you joy

Tech details:

- Built with React Native/Expo - Local SQLite database using expo-sqlite and drizzle-orm - In-app purchases via RevenueCat - Minimalist architecture with a focus on performance

As a developer, the most valuable lessons came from handling the entire process solo - from initial concept through development to App Store submission and payment infrastructure.

The current roadmap includes customizable notifications, dark mode, and an achievements system.

Link: https://apps.apple.com/app/apple-store/id6742772020

Any feedback or suggestions would be valuable for future iterations.

Comments URL: https://news.ycombinator.com/item?id=43504192

Points: 1

# Comments: 0

Article URL: https://yarchive.net/comp/linux/gpl.html

Comments URL: https://news.ycombinator.com/item?id=43504191

Points: 2

# Comments: 0

Article URL: https://www.cs.toronto.edu/~toni/Courses/Complexity2015/handouts/cook-clay.pdf

Comments URL: https://news.ycombinator.com/item?id=43504187

Points: 2

# Comments: 0

Article URL: https://medium.com/codex/i-tested-out-all-of-the-best-language-models-for-frontend-development-one-model-stood-out-f180b9c12bc1

Comments URL: https://news.ycombinator.com/item?id=43504181

Points: 1

# Comments: 1

Article URL: https://www.thecoder.cafe/p/functors-applicatives-monads

Comments URL: https://news.ycombinator.com/item?id=43504175

Points: 2

# Comments: 0