Linux fréttir

An anonymous reader shares a report: Popular AI-powered integrated development environment solutions, such as Cursor, Windsurf, Google Antigravity, and Trae, recommend extensions that are non-existent in the OpenVSX registry, allowing threat actors to claim the namespace and upload malicious extensions. These AI-assisted IDEs are forked from Microsoft VSCode, but cannot use the extensions in the official store due to licensing restrictions. Instead, they are supported by OpenVSX, an open-source marketplace alternative for VSCode-compatible extensions. As a result of forking, the IDEs inherit the list of officially recommended extensions, hardcoded in the configuration files, which point to Microsoft's Visual Studio Marketplace.

Read more of this story at Slashdot.

An anomaly or the beginning of a new trend? My bet's on the latter

I've been tracking AWS for a long time, with a specific emphasis on pricing. "What happens if AWS hikes prices" has always been something of a boogeyman, trotted out as a hypothetical to urge folks to avoid taking dependencies on a given provider.…

A subpoena has been issued, apparently

Resecurity offered its "congratulations" to the Scattered Lapsus$ Hunters cybercrime crew for falling into its threat intel team's honeypot – resulting in a subpoena being issued for one of the data thieves. Meanwhile, the notorious extortionists have since removed their claims of gaining "full access" to the security shop's systems.…

Capita, the UK outsourcer that won a $323 million contract to administer the nation's Civil Service Pension Scheme for 1.7 million members, has responded to a disastrous portal launch by asking users to hold off on complaints until its new AI chatbots go live. The service launched on December 1 and immediately ran into problems including unrecognized passwords, broken links and placeholder text scattered across unfinished pages. In a December 17 email to members, The Register reports today, managing director Chris Clements said Capita was "working tirelessly" and promised "one of the biggest services in the United Kingdom with AI at its core" by March. He asked users whose enquiries were not urgent to wait until the new year before contacting support again.

Read more of this story at Slashdot.

Google is quietly killing Gmail's ability to fetch mail from third-party email accounts using POP3, a long-standing feature that has allowed users to consolidate multiple inboxes into a single Gmail interface. The change takes effect this month and also ends Gmailify, the companion feature that applied Gmail's spam filtering and inbox organization to linked third-party accounts. Google buried the decision in a support note rather than making any formal announcement. The company's suggested workaround -- switching to IMAP -- doesn't work for all affected users. Users can still access third-party accounts through the Gmail mobile app, but the Gmail service itself will no longer retrieve messages from external providers.

Read more of this story at Slashdot.