fidzu : computers

Security researchers say a highly sophisticated iPhone exploitation toolkit dubbed "Coruna," which possibly originated from a U.S. government contractor, has spread from suspected Russian espionage operations to crypto-stealing criminal campaigns. Apple has patched the exploited vulnerabilities in newer iOS versions, but tens of thousands of devices may have already been compromised. An anonymous reader quotes an excerpt from Wired's report: Security researchers at Google on Tuesday released a report describing what they're calling "Coruna," a highly sophisticated iPhone hacking toolkit that includes five complete hacking techniques capable of bypassing all the defenses of an iPhone to silently install malware on a device when it visits a website containing the exploitation code. In total, Coruna takes advantage of 23 distinct vulnerabilities in iOS, a rare collection of hacking components that suggests it was created by a well-resourced, likely state-sponsored group of hackers. In fact, Google traces components of Coruna to hacking techniques it spotted in use in February of last year and attributed to what it describes only as a "customer of a surveillance company." Then, five months later, Google says a more complete version of Coruna reappeared in what appears to have been an espionage campaign carried out by a suspected Russian spy group, which hid the hacking code in a common visitor-counting component of Ukrainian websites. Finally, Google spotted Coruna in use yet again in what seems to have been a purely profit-focused hacking campaign, infecting Chinese-language crypto and gambling sites to deliver malware that steals victims cryptocurrency. Conspicuously absent from Google's report is any mention of who the original surveillance company "customer" that deployed Coruna may have been. But the mobile security company iVerify, which also analyzed a version of Coruna it obtained from one of the infected Chinese sites, suggests the code may well have started life as a hacking kit built for or purchased by the US government. Google and iVerify both note that Coruna contains multiple components previously used in a hacking operation known as "Triangulation" that was discovered targeting Russian cybersecurity firm Kaspersky in 2023, which the Russian government claimed was the work of the NSA. (The US government didn't respond to Russia's claim.) Coruna's code also appears to have been originally written by English-speaking coders, notes iVerify's cofounder Rocky Cole. "It's highly sophisticated, took millions of dollars to develop, and it bears the hallmarks of other modules that have been publicly attributed to the US government," Cole tells WIRED. "This is the first example we've seen of very likely US government tools -- based on what the code is telling us -- spinning out of control and being used by both our adversaries and cybercriminal groups." Regardless of Coruna's origin, Google warns that a highly valuable and rare hacking toolkit appears to have traveled through a series of unlikely hands, and now exists in the wild where it could still be adopted -- or adapted -- by any hacker group seeking to target iPhone users. "How this proliferation occurred is unclear, but suggests an active market for 'second hand' zero-day exploits," Google's report reads. "Beyond these identified exploits, multiple threat actors have now acquired advanced exploitation techniques that can be re-used and modified with newly identified vulnerabilities."

Read more of this story at Slashdot.

04 Mar 2026 3:00am GMT

OpenAI is reportedly developing a code-hosting platform that could compete with GitHub, The Information reported on Tuesday. "If OpenAI does sell the product, it would mark a bold move by the creator of ChatGPT to compete directly against Microsoft, which holds a significant stake in the firm," notes Reuters. From the report: Engineers from OpenAI encountered a rise in service disruptions that rendered GitHub unavailable in recent months, which ultimately prompted the decision to develop the new product, the report said. The OpenAI project is in its early stages and likely will not be completed for months, according to The Information. Employees working on it have considered making the code repository available for purchase to OpenAI's customer base.

Read more of this story at Slashdot.

04 Mar 2026 1:00am GMT

Chips and Cheese has an excellent deep dive into Arm's latest core design, and I have thoughts. Arm now has a core with enough performance to take on not only laptop, but also desktop use cases. They've also shown it's possible to deliver that performance at a modest 4 GHz clock speed. Arm achieved that by executing well on the fundamentals throughout the core pipeline. X925's branch predictor is fast and state-of-the-art. Its out-of-order execution engine is truly gargantuan. Penalties are few, and tradeoffs appear well considered. There aren't a lot of companies out there capable of building a core with this level of performance, so Arm has plenty to be proud of. That said, getting a high performance core is only one piece of the puzzle. Gaming workloads are very important in the consumer space, and benefit more from a strong memory subsystem than high core throughput. A DSU variant with L3 capacity options greater than 32 MB could help in that area. X86-64's strong software ecosystem is another challenge to tackle. And finally, Arm still relies on its partners to carry out its vision. I look forward to seeing Arm take on all of these challenges, while also iterating on their core line to keep pace as AMD and Intel improve their cores. Hopefully, extra competition will make better, more affordable CPUs for all of us. ↫ Chester Lam at Chips and Cheese The problem with Arm processors in the desktop (and laptop) space certainly isn't one of performance - as this latest design by Arm once again shows. No, the real problem is a complete and utter lack of standardisation, with every chip and every device in the Arm space needing dedicated, specific operating system images people need to create, maintain, and update. This isn't just a Linux or BSD problem, as even Microsoft has had numerous problems with this, despite Windows on Arm only supporting a very small number of Qualcomm processors. A law or rule that has held fast since the original 8086: never bet against x86. The number of competing architectures that were all surely going to kill x86 is staggeringly big - PowerPC, Alpha, PA-RISC, Sparc, Itanium, and many more - and even when those chips were either cheaper, faster, or both, they just couldn't compete with x86's unique strength: its ecosystem. When I buy an x86 computer, either in parts or from an OEM, either Intel or AMD, I don't have to worry for one second if Windows, Linux, one of the BSDs, or goddamn FreeDOS, and all of their applications, are going to run on it. They just will. Everything is standardised, for better or worse, from peripheral interconnects to the extremely crucial boot process. On the Arm side, though? It's a crapshoot. That's why whenever anyone recommends a certain cool Arm motherboard or mini PC, the first thing you have to figure out is what its software support situation is like. Does the OEM provide blessed Linux images? If so, do they offer more than an outdated Ubuntu build? Have they made any update promises? Will Windows boot on this thing? Does it work with any GPUs I might already own? There's so many unknowns and uncertainties you just don't have to deal with when opting for x86. For its big splashy foray into general purpose laptops with its Snapdragon Elite chips, Qualcomm promised Linux support on par with Windows from day one. We're several years down the line, and it's still a complete mess. And that's just one chip line, of one generation! As long as every individual Arm SoC and Arm board are little isolated islands with unknown software and hardware support status, x86 will continue to survive, even if x86 laptops use more power, even if x86 chips end up being slower. Without the incredible ecosystem x86 has, Arm will never achieve its full potential, and eventually, as has happened to every single other x86 competitor, x86 will eventually catch up to and surpass Arm's strong points, at lower prices. Never bet against x86.

03 Mar 2026 11:38pm GMT

Google is accelerating Chrome's major release cadence from four weeks to two starting with version 153 on September 8th. "...our goal is to ensure developers and users have immediate access to the latest performance improvements, fixes and new capabilities," says Google. "Building on our history of adapting our release process to match the demands of a modern web, Chrome is moving to a two-week release cycle." The company says the "smaller scope" of these releases "minimizes disruption and simplifies post-release debugging." They also cite "recent process enhancements" that will "maintain [Chrome's] high standards for stability." 9to5Google reports: There will still be weekly security updates between milestones. This applies to desktop, Android, and iOS, while there are "no changes to the Dev and the Canary channels": "A Chrome Beta for each version will ship three weeks before the stable release. We recommend developers test with the beta to keep up to date with any upcoming changes that might impact your sites and applications." The eight-week Extended Stable release schedule for enterprise customers and Chromium embedders will not change. Chromebooks will also have "extended release options": "Our priority is a seamless experience, so the latest Chrome releases will roll out to Chromebooks after dedicated platform testing. We are adapting these channels for the new two-week browser cycle and we will share more details soon regarding milestone updates for managed devices."

Read more of this story at Slashdot.

03 Mar 2026 11:00pm GMT

"Engineers are assessing what allowed the seal to become dislodged to prevent the issue from recurring."

03 Mar 2026 10:54pm GMT

Accenture plans to buy Ookla, which also includes RootMetrics and Ekahau.

03 Mar 2026 10:20pm GMT

Fifteen months have passed since our last Guix/Hurd on a Thinkpad X60 post and a lot has happened with respect to the Hurd. And most of you will have guessed, unless you skipped the title of this post, the rumored x86_64 support has landed in Guix! ↫ Janneke Nieuwenhuizen and Yelninei at the Guix blog A huge amount of work has gone into this effort over the past 18 months, but you can now download Guix and alongside the Linux kernel, you can now opt for the Hurd as well, in eother 32bit or 64 bit flavour. Do note that while Debian GNU/Hurd offers about 75% of Debian packages, Guix/Hurd only offers about 1.7% (32-bit) and 0.9% (64-bit) of packages for now. These percentages are always growing, of course, and now that Guix/Hurd can be installed in virtual machines and even on bare metal relatively easily like this, things might speed up a bit.

03 Mar 2026 10:14pm GMT

FCC to review foreign debt, but Carr indicates it will be a formality.

03 Mar 2026 10:05pm GMT

Have you bought and set up a new phone for someone else lately, especially someone less technologically savvy? It's a bit of a nightmare, with an endless list of confusing steps and dark patterns trying to trick you into signing up for all kinds of services. Joel Chrono (he took his username from the best game ever made) just went through this experience, with new Samsung phones for his parents, and it wasn't great. Without me, my parents would have ended up creating at least one extra Samsung account. Cloud services like OneDrive or Google Photos would be sucking up files and copying them to their servers, getting filled up with the data and then asking them to subscribe to unlock more storage a couple of months down the line. Left on their own, my parents may be seeing ads popping up constantly in OneUI, as well as browsing the web without an adblocker, they would be using default applications that don't work as reliably, that track whatever they do to a certain degree. And of course, all of those AI assistants would be listening in in the background. It really is a nightmare out there, and it's not only affecting my parents, it affects all of those unaware of the dangers that these practices bring. It's a mess all around. ↫ Joel Chrono In this particular case it involves Samsung phones, but the same applies to phones from other brands and even with other operating systems. Do you want to login with these accounts? Please add your credit card and all your personal information! Set up tap-to-pay so we can see where you buy what! Do you want to subscribe to our music service? Do you want access to our streaming service? What about the premium versions? Need more online storage? You're only getting 5GB for free, so if you don't want to lose those priceless pictures of your grand kids you should really upgrade to 1TB! Have you checked out our application store yet? And don't worry, if you say no to any of these questions we'll keep pestering you about them with notifications, fullscreen interstitials and banners in the settings application until your brain dissolves to mush! I have a collection of about a million PDAs, from the early days up until the very fanciest models from right around when the iPhone and Android started taking off. Of course, they're in storage so virtually always out of battery, but when I do turn any of them on, their onboarding process couldn't be simpler. Tap a few locations on the screen to calibrate the touch layer, set the date and time, and that's it - you're at the home screen ready to go. I wish modern smartphones were similar. I wish the greedy bean counters were told to pound sand and the user interface specialists took over again. My wife and I have two young boys, 3 and almost 5. One day, I'll be the out-of-touch dad or grandpa and I'll need their help to set up my brain implant chip or whatever. I hope it won't involve upsells for streaming services.

02 Mar 2026 10:51pm GMT

On Friday, July 18th, 2025, the Arch Linux team was notified that three AUR packages had been uploaded that contained malware. A few maintainers including myself took care of deleting these packages, removing all traces of the malicious code, and protecting against future malicious uploads.

30 Jan 2026 12:00am GMT

While starting this post I realized I have been maintaining personal infrastructure for over a decade! Most of the things I've self-hosted is been for personal uses. Email server, a blog, an IRC server, image hosting, RSS reader and so on. All of these things has all been a bit all over the place and never properly streamlined. Some has been in containers, some has just been flat files with a nginx service in front and some has been a random installed Debian package from somewhere I just forgot.

19 Jan 2026 12:00am GMT

In the recent blog post on the work funded by Sovereign Tech Fund (STF), we provided an overview of the "File Hierarchy for the Verification of OS Artifacts" (VOA) and the voa project as its reference implementation. VOA is a generic framework for verifying any kind of distribution artifacts (i.e. files) using arbitrary signature verification technologies. The voa CLI ⌨️ The voa project offers the voa(1) command line interface (CLI) which makes use of the voa(5) configuration file format for technology backends. It is recommended to read the respective man pages to get …

11 Jan 2026 12:00am GMT