Tag: rust
-
Malicious Rust packages targeted Web3 developers
A malicious Rust crate (package) named evm-units, aimed at stealing cryptocurrency from unsuspecting developers, has been pulled from the official public package registry for … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2025/12/04/malicious-rust-packages-targeted-web3-developers/
-
Rust core library partly polished for industrial safety spec
Tags: rustFerrous Systems achieves IEC 61508 (SIL 2) certification for systems that demand reliability First seen on theregister.com Jump to article: www.theregister.com/2025/12/04/rust_core_library_partly_polished/
-
Constant-time support lands in LLVM: Protecting cryptographic code at the compiler level
Tags: access, apple, attack, crypto, cryptography, data, exploit, government, group, infrastructure, open-source, rust, vulnerabilityTrail of Bits has developed constant-time coding support for LLVM 21, providing developers with compiler-level guarantees that their cryptographic implementations remain secure against branching-related timing attacks. This work introduces the __builtin_ct_select family of intrinsics and supporting infrastructure that prevents the Clang compiler, and potentially other compilers built with LLVM, from inadvertently breaking carefully crafted constant-time…
-
Constant-time support lands in LLVM: Protecting cryptographic code at the compiler level
Tags: access, apple, attack, crypto, cryptography, data, exploit, government, group, infrastructure, open-source, rust, vulnerabilityTrail of Bits has developed constant-time coding support for LLVM 21, providing developers with compiler-level guarantees that their cryptographic implementations remain secure against branching-related timing attacks. This work introduces the __builtin_ct_select family of intrinsics and supporting infrastructure that prevents the Clang compiler, and potentially other compilers built with LLVM, from inadvertently breaking carefully crafted constant-time…
-
Google Brings AirDrop Compatibility to Android’s Quick Share Using Rust-Hardened Security
In a surprise move, Google on Thursday announced that it has updated Quick Share, its peer-to-peer file transfer service, to work with Apple’s equipment AirDrop, allowing users to more easily share files and photos between Android and iPhone devices.The cross-platform sharing feature is currently limited to the Pixel 10 lineup and works with iPhone, iPad,…
-
Google Brings AirDrop Compatibility to Android’s Quick Share Using Rust-Hardened Security
In a surprise move, Google on Thursday announced that it has updated Quick Share, its peer-to-peer file transfer service, to work with Apple’s equipment AirDrop, allowing users to more easily share files and photos between Android and iPhone devices.The cross-platform sharing feature is currently limited to the Pixel 10 lineup and works with iPhone, iPad,…
-
Google Brings AirDrop Compatibility to Android’s Quick Share Using Rust-Hardened Security
In a surprise move, Google on Thursday announced that it has updated Quick Share, its peer-to-peer file transfer service, to work with Apple’s equipment AirDrop, allowing users to more easily share files and photos between Android and iPhone devices.The cross-platform sharing feature is currently limited to the Pixel 10 lineup and works with iPhone, iPad,…
-
Google Brings AirDrop Compatibility to Android’s Quick Share Using Rust-Hardened Security
In a surprise move, Google on Thursday announced that it has updated Quick Share, its peer-to-peer file transfer service, to work with Apple’s equipment AirDrop, allowing users to more easily share files and photos between Android and iPhone devices.The cross-platform sharing feature is currently limited to the Pixel 10 lineup and works with iPhone, iPad,…
-
Google links Android’s Quick Share to Apple’s AirDrop, without Cupertino’s help
Relies on very loose permissions, but don’t worry Google wrote it in Rust First seen on theregister.com Jump to article: www.theregister.com/2025/11/21/google_links_androids_quick_share/
-
Google links Android’s Quick Share to Apple’s AirDrop, without Cupertino’s help
Relies on very loose permissions, but don’t worry Google wrote it in Rust First seen on theregister.com Jump to article: www.theregister.com/2025/11/21/google_links_androids_quick_share/
-
Linus Torvalds is OK with vibe coding as long as it’s not used for anything that matters
Linux inventor also discusses Rust in the kernel, Nvidia’s proprietary code, and the problem of AI crawlers First seen on theregister.com Jump to article: www.theregister.com/2025/11/18/linus_torvalds_vibe_coding/
-
Rust Adoption Drives Android Memory Safety Bugs Below 20% for First Time
Google has disclosed that the company’s continued adoption of the Rust programming language in Android has resulted in the number of memory safety vulnerabilities falling below 20% for the first time.”We adopted Rust for its security and are seeing a 1000x reduction in memory safety vulnerability density compared to Android’s C and C++ code. But…
-
Android Reports Major Drop in Memory Bugs as Rust Adoption Accelerates
Android has shared new insights into how the platform’s long-term shift toward Rust is reshaping both security and software development. The new data reflects a decisive move toward memory safety, and, unexpectedly, faster engineering cycles across the Android ecosystem. First seen on thecyberexpress.com Jump to article: thecyberexpress.com/android-rust-memory-safety-productivity/
-
Building checksec without boundaries with Checksec Anywhere
Since its original release in 2009, checksec has become widely used in the software security community, proving useful in CTF challenges, security posturing, and general binary analysis. The tool inspects executables to determine which exploit mitigations (e.g., ASLR, DEP, stack canaries, etc.) are enabled, rapidly gauging a program’s defensive hardening. This success inspired numerous spinoffs:…
-
Rust Foundation tries to stop maintainers corroding
Tags: rustMemory safety costs money: Maintainers Fund to directly pay developers for their work First seen on theregister.com Jump to article: www.theregister.com/2025/11/05/rust_foundation_announces_maintainers_fund/
-
Rust Foundation tries to stop maintainers corroding
Tags: rustMemory safety costs money: Maintainers Fund to directly pay developers for their work First seen on theregister.com Jump to article: www.theregister.com/2025/11/05/rust_foundation_announces_maintainers_fund/
-
Debian demands Rust or rust in peace for legacy ports
Memory safety trumps retro computing: Alpha, PA-RISC, m68k, SH4 face the chop in 2026 First seen on theregister.com Jump to article: www.theregister.com/2025/11/03/debian_apt_to_require_rust/
-
Debian demands Rust or rust in peace for legacy ports
Memory safety trumps retro computing: Alpha, PA-RISC, m68k, SH4 face the chop in 2026 First seen on theregister.com Jump to article: www.theregister.com/2025/11/03/debian_apt_to_require_rust/
-
ThreatsDay Bulletin: DNS Poisoning Flaw, Supply-Chain Heist, Rust Malware Trick and New RATs Rising
The comfort zone in cybersecurity is gone. Attackers are scaling down, focusing tighter, and squeezing more value from fewer, high-impact targets. At the same time, defenders face growing blind spots — from spoofed messages to large-scale social engineering.This week’s findings show how that shrinking margin of safety is redrawing the threat landscape. Here’s what’s First…
-
RCE Vulnerability (CVE-2025-62518) Discovered in Popular Rust Library async-tar and Its Forks
A critical flaw has been identified in a Rust library that demands immediate attention from developers and IT decision-makers leveraging the Rust ecosystem. The vulnerability, tracked as CVE”‘2025″‘62518, exposes serious remote code execution (RCE) risks in the widely used async tar library ecosystem. First seen on thecyberexpress.com Jump to article: thecyberexpress.com/cve%e2%80%912025%e2%80%9162518-rce-flaw-in-async-tar/
-
TARmageddon Security Flaw in Rust Library Could Lead to Config Tampering and RCE
The Edera security team has discovered a critical vulnerability in the async-tar Rust library and its descendants, including the widely-used tokio-tar. Dubbed TARmageddon and assigned CVE-2025-62518, this flaw carries a CVSS score of 8.1 (High) and enables attackers to execute remote code by overwriting configuration files and hijacking critical build systems. Field Details CVE ID CVE-2025-62518 Vulnerability…
-
TARmageddon Security Flaw in Rust Library Could Lead to Config Tampering and RCE
The Edera security team has discovered a critical vulnerability in the async-tar Rust library and its descendants, including the widely-used tokio-tar. Dubbed TARmageddon and assigned CVE-2025-62518, this flaw carries a CVSS score of 8.1 (High) and enables attackers to execute remote code by overwriting configuration files and hijacking critical build systems. Field Details CVE ID CVE-2025-62518 Vulnerability…
-
TARmageddon flaw in abandoned Rust library enables RCE attacks
A high-severity vulnerability in the now-abandoned async-tar Rust library and its forks can be exploited to gain remote code execution on systems running unpatched software. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/tarmageddon-flaw-in-abandoned-rust-library-enables-rce-attacks/
-
TARmageddon flaw in Async-Tar Rust library allows to smuggle extra archives when the library is processing nested TAR files
CVE-2025-62518 TARmageddon flaw in Rust async-tar and forks like tokio-tar may allow remote code execution, says Edera. Edera team disclosed a vulnerability tracked as CVE-2025-62518 (CVSS score: 8.1), dubbed TARmageddon, in the Rust async-tar library and forks like tokio-tar. A remote attacker can exploit the flaw to achieve code execution. >>astral-tokio-tar is a tar archive…
-
Forking confusing: Vulnerable Rust crate exposes uv Python packager
Forks of forks of forks, but which ones are patched? First seen on theregister.com Jump to article: www.theregister.com/2025/10/22/vulnerable_rust_crate/