DEV Community: Neeraj Singh

NPM Supply Chain Attack Hits 20 Popular Packages

Neeraj Singh — Wed, 10 Sep 2025 01:46:55 +0000

A massive software supply chain attack has compromised over 20 popular npm packages, including chalk and debug, affecting 2B+ weekly downloads. Learn how a simple phishing attack on a maintainer led to crypto-stealing malware being distributed to millions.

🔗 Read on my blog

WhatsApp Patches Zero-Click Exploit on iOS and macOS

Neeraj Singh — Sat, 30 Aug 2025 07:29:56 +0000

WhatsApp has patched a critical zero-click vulnerability (CVE-2025-55177) on iOS and macOS. Learn how it was chained with an Apple flaw for targeted spyware attacks.

🔗 Read on my blog

North Korea Hits Diplomats with GitHub-Based Attacks

Neeraj Singh — Wed, 20 Aug 2025 10:20:54 +0000

North Korean hackers target diplomats using GitHub for C2 channels. Meanwhile, their IT workers have infiltrated over 320 firms. Uncover the dual-threat tactics.

🔗 Read on my blog

GNOME 49 Beta Arrives with Major Security Upgrades

Neeraj Singh — Sat, 16 Aug 2025 15:36:54 +0000

Explore the new GNOME 49 Beta, released on the project's 28th anniversary. Discover major security enhancements, including a new Privacy Hub, improved app sandboxing, and hardened Wayland protocols. Learn what these upgrades mean for your digital safety and why this release is a game-changer for Linux desktop security.

🔗 Read on my blog

UAT-7237 Targets Taiwan Servers with Custom Hacking Tools

Neeraj Singh — Fri, 15 Aug 2025 18:04:55 +0000

Chinese APT group UAT-7237 targets Taiwan web servers with custom open-source tools like SoundBill to establish long-term access. Learn their TTPs.

🔗 Read on my blog

VirtualBox 7.2 Adds Linux Kernel 6.17 Support

Neeraj Singh — Fri, 15 Aug 2025 02:30:54 +0000

Oracle has officially launched VirtualBox 7.2, a key update for virtualization users. The standout feature is the introduction of initial support for the yet-to-be-released Linux Kernel 6.17. This allows developers, testers, and cybersecurity professionals to begin working with the latest kernel developments in a virtualized environment ahead of its official release. Beyond the forward-looking kernel support, this version brings several other important enhancements. Users can expect improved 3D graphics performance with the VMSVGA controller, better stability for the latest Windows and macOS guest operating systems, and crucial security patches that strengthen the hypervisor. The update also includes various fixes for networking and minor usability tweaks to the user interface. This release ensures that VirtualBox remains a crucial tool for anyone needing to test on or develop for the latest platforms.

🔗 Read on my blog

KDE Gear 25.08 Released with Key Improvements

Neeraj Singh — Thu, 14 Aug 2025 10:48:54 +0000

KDE Gear 25.08 is here, delivering a fresh wave of updates to the popular open-source software suite. This release focuses on enhancing stability and user experience across dozens of applications. Key highlights include performance boosts for the Dolphin file manager, improved color scheme handling in the Konsole terminal, and powerful new window-specific recording features in the Spectacle screenshot tool. Users can also expect refinements in the Kate text editor, Kdenlive video editor, and Okular document viewer. This version continues KDE's commitment to providing a robust, secure, and productive environment for Linux users everywhere.

🔗 Read on my blog

NVIDIA 580 Driver Boosts Linux Wayland Support

Neeraj Singh — Wed, 13 Aug 2025 01:43:54 +0000

NVIDIA has just launched the 580 series Linux graphics driver, and it's a big deal for Wayland users. This beta release brings significant enhancements, including initial support for the explicit sync protocol, aiming to fix long-standing graphical glitches and system hangs. We break down what this means for your Linux gaming and desktop experience. The update addresses critical bugs and improves GBM API interactions, a topic that has been buzzing in developer forums. While it's still early, the performance gains and stability fixes are promising for both developers and enthusiasts. This could be the driver that finally makes the NVIDIA and Wayland combination a seamless reality, moving past the historical compatibility challenges that have plagued Linux users for years. Let's dive into what makes this release a potential game-changer.

🔗 Read on my blog

Erlang OTP SSH Exploits Target OT Firewalls

Neeraj Singh — Tue, 12 Aug 2025 02:14:54 +0000

Discover the surge in Erlang/OTP SSH RCE exploits (CVE-2025-32433) targeting OT firewalls. Learn how attackers are achieving RCE without authentication.

🔗 Read on my blog

Debian 13 Trixie Released What You Need to Know

Neeraj Singh — Sun, 10 Aug 2025 02:37:54 +0000

The much-anticipated Debian 13 'Trixie' has officially been released, marking a significant milestone for one of the world's most stable and secure operating systems. This new version takes over from 'Bookworm,' bringing a host of critical updates for security professionals, developers, and system administrators alike. Key enhancements include the leap to Linux Kernel 6.9, which offers massively improved hardware support and performance. From a security perspective, Trixie is a game-changer, with position-independent executables (PIE) now enabled by default across all packages and an updated cryptographic library in OpenSSL 3.3. This release continues Debian's legacy of delivering rock-solid reliability, now with a significantly hardened security posture right out of the box. Whether you manage servers or use Debian on your workstation, Trixie is a compelling and necessary upgrade.

🔗 Read on my blog

PeaZip 10.6 Enhances Archive Handling and Speed

Neeraj Singh — Sat, 09 Aug 2025 10:12:54 +0000

The latest PeaZip 10.6 release is here, delivering significant performance upgrades for power users and cybersecurity professionals. Headlining this update is the new 'Dynamic Virtual Mode,' a game-changing feature designed to streamline interactions with large archives. Instead of fully extracting files to a temporary directory, this mode allows for on-the-fly access, dramatically speeding up the process of opening individual files. Additionally, the archive pre-parsing mechanism has been heavily optimized, providing near-instant previews of archive contents, even for complex or large files. This is a massive quality-of-life improvement for anyone who needs to quickly inspect compressed files like ZIP, RAR, or TAR. The update also includes enhanced support for ZPAQ formats and various stability fixes, reinforcing PeaZip's position as a top-tier, free, and open-source file archiver. This version is a must-have for efficient and secure file management.

🔗 Read on my blog

Brazil Hit by AI Phishing and Efimer Crypto Trojan

Neeraj Singh — Sat, 09 Aug 2025 01:17:54 +0000

Cybersecurity researchers are sounding the alarm on a dual-pronged threat targeting Brazil. In one campaign, threat actors are leveraging legitimate generative AI tools to create highly convincing phishing pages of Brazilian government agencies to trick users into making payments. These fraudulent sites are boosted with SEO poisoning to appear in top search results. Simultaneously, a separate malspam campaign is distributing the Efimer trojan, a potent malware designed to steal cryptocurrency, which has already impacted over 5,000 users.

🔗 Read on my blog