Create accountLogin

Recent searches

No recent searches

Search options

Only available when logged in.
norden.social is one of the many independent Mastodon servers you can use to participate in the fediverse.
Moin! Dies ist die Mastodon-Instanz für Nordlichter, Schnacker und alles dazwischen. Folge dem Leuchtturm.

Administered by:

Server stats:

3.4K
active users

norden.social: AboutStatusProfiles directoryPrivacy policy

Mastodon: AboutGet the appKeyboard shortcutsView source codev4.3.7

#nim

2 posts2 participants0 posts today
Public
OTX Bot

It's 2025... so why are obviously malicious advertising URLs still going strong?

In 2025, a phishing email containing a malicious link redirected through Google Ads was received by the Internet Storm Center. The link led to a credential-stealing page hosted on a dynamic DNS service. Despite being clearly fraudulent and detected by VirusTotal, the ad redirect remained active for over a week. The article questions why major ad providers like Google aren't implementing basic security measures to prevent such obvious threats. It suggests that ad companies should filter out links to domains unsuitable for legitimate ads and regularly check landing pages for malicious content. The author argues that this should be the minimum expected from ad providers in 2025, especially given the availability of AI and tools like VirusTotal for threat detection.

Pulse ID: 680630cf7d432f84fd61b71b
Pulse Link: otx.alienvault.com/pulse/68063
Pulse Author: AlienVault
Created: 2025-04-21 11:49:35

Be advised, this data is unverified and should be considered preliminary. Always do further verification.

LevelBlue Open Threat ExchangeLevelBlue - Open Threat ExchangeLearn about the latest cyber threats. Research, collaborate, and share threat intelligence in real time. Protect yourself and the community against today's emerging threats.
#CyberSecurity#DNS#Email
Public
OTX Bot

CVE-2025-24054, NTLM Exploit in the Wild

A critical vulnerability, CVE-2025-24054, related to NTLM hash disclosure via spoofing, has been actively exploited since March 19, 2025. The flaw allows attackers to leak NTLM hashes or user passwords using a maliciously crafted .library-ms file, potentially compromising systems. A campaign targeting government and private institutions in Poland and Romania used malspam to distribute Dropbox links containing archives exploiting this vulnerability. The exploit can be triggered with minimal user interaction, such as right-clicking or navigating to the folder containing the malicious file. This vulnerability appears to be a variant of the previously patched CVE-2024-43451, sharing several similarities.

Pulse ID: 680034fc84efc0751b3bc07d
Pulse Link: otx.alienvault.com/pulse/68003
Pulse Author: AlienVault
Created: 2025-04-16 22:53:48

Be advised, this data is unverified and should be considered preliminary. Always do further verification.

LevelBlue Open Threat ExchangeLevelBlue - Open Threat ExchangeLearn about the latest cyber threats. Research, collaborate, and share threat intelligence in real time. Protect yourself and the community against today's emerging threats.
#CyberSecurity#Dropbox#Government
Public
OTX Bot

Melting Pot of macOS Malware Adds Go to Crystal, Nim and Rust Variants

ReaderUpdate, a macOS malware loader platform active since 2020, has evolved to include variants written in Crystal, Nim, Rust, and now Go programming languages. Originally a compiled Python binary, the malware has been largely dormant until late 2024. The loader is capable of executing remote commands, potentially offering Pay-Per-Install or Malware-as-a-Service. It collects system information, creates persistence mechanisms, and communicates with command and control servers. The Go variant, less common than others, uses string obfuscation techniques to hinder analysis. While currently associated with adware delivery, the loader's capabilities pose a potential threat for more malicious payloads in the future.

Pulse ID: 67e41bedc264bcc69a9b8e20
Pulse Link: otx.alienvault.com/pulse/67e41
Pulse Author: AlienVault
Created: 2025-03-26 15:23:25

Be advised, this data is unverified and should be considered preliminary. Always do further verification.

LevelBlue Open Threat ExchangeLevelBlue - Open Threat ExchangeLearn about the latest cyber threats. Research, collaborate, and share threat intelligence in real time. Protect yourself and the community against today's emerging threats.
#CyberSecurity#InfoSec#Mac
Replied in thread
Public
skrzyp

@chainq OK, so you got 244 BYTES Hunk executable with this?
Holy hell, you don't need to seel it any longer, I already bought!

And the fact you can simply define OS calls as function calls just by passing LVOffsets and registers as params? Damn, I thought about doing similar thing with #Nim macros, but that's definitely more elegant than mine.

Also, it's not that bad, looks better than equivalent C counterpart, more signal, less noise.

Public
skrzyp

Here are two screens (cropped for clarity).
The top is from #Amiga and the bottom is from #AtariST.

Both run from the same codebase in #Nim, yet the code is completely different. While I appreciate Amiga for its awesome hardware and capabilities, the AmigaOS API is... ugh, I can't find the English word to describe it. It's bad.

Yet, the ST/STe hardware is so basic it feels like they just glued DMA on 68000 SBC in a weekend. But their APIs? I wish it could swap places with AmigaOS somtimes.

Two cropped screenshots from Amiga and Atari ST emulators, both displaying the string "[sys] Here comes the code execution!"
Public
Alexander Schoch 🇨🇭

For 2024, I solved Advent of Code in 25 different languages. Was a fun project, sometimes a bit (very) painful (*glances at Erlang and Zig*).

Code (bottom of post) and summary for each language:
blog.aschoch.ch/posts/aoc-2024

Keep in mind that I used most of these language for a few hours tops, so my judgement is very much subjective.

What's your favourite of the bunch?

blog.aschoch.chAdvent of Code 2024 – 25 Languages<!-- --> • Alexander Schoch's BlogI solved Advent of Code 2024 with 25 different programming languages
#adventofcode#programming#software
Public
Pjotr Prins

Please share! The first weekend of February we are organising a devroom at FOSDEM2025 on *Declarative and Minimalistic Computing* with talks on Lisp, Nim, Lua, Zig etc. Feel free to submit your own project! If you are uncertain ping us. For the submission system etc see libreplanet.org/wiki/FOSDEM202 @lisp_discussions #lisp #zig #lua #nim

libreplanet.orgFOSDEM2025-devroom-declarative-and-minimalistic-computing-cfp - LibrePlanet
Public
hyperreal

Does anyone know if there is something for #Python that allows one to create stand-alone dependency-free executables a la #Nim? This would effectively solve some of the annoyance of using Python scripts that are meant to be portable.

Er...uh...should I just learn some Nim? I had considered learning Nim a while back, but was discouraged because I saw that one of the core devs was an arsehat.

Public
Karl Voit :emacs: :orgmode:

What happens, when you join two paths in a #programming language when the second one is an absolute one?

join("foo", "/bar")
returns "foo/bar" or "/bar"?

The wonderful @meisterluk wrote a great article about that you might want to read: lukas-prokop.at/articles/2024-

I can not tell what version I'd actually prefer. There are situations where both versions would be "proper".

#Python #Golang #UNIX #POSIX #rust #C++ #CPP #Java #dotNet #Dart #Flutter #Dlang #TCL #Nim #FreePascal #PowerShell #zig

lukas-prokop.atLukas' weblog
ExploreLive feeds
About