Tag: rust
-
AWS backs Open VSX as Rust survey shows VS Code decline
AI-first editors and agent-driven tooling intensify competition in the IDE market First seen on theregister.com Jump to article: www.theregister.com/2026/03/03/open_vsx_aws/
-
Indian APT ‘Sloppy Lemming’ Targets Defense, Critical Infrastructure
India-nexus cyber threat actors are growing more active and sophisticated, using custom tools coded in Rust and cloud-based command and control. First seen on darkreading.com Jump to article: www.darkreading.com/threat-intelligence/india-apt-sloppy-lemming-defense-critical-infrastructure
-
SloppyLemming Espionage Campaign Targets Pakistan, Bangladesh with BurrowShell Backdoor and Rust RAT
SloppyLemming, an India-linked espionage group also known as Outrider Tiger and Fishing Elephant, has run a year-long cyber campaign against high”‘value targets in Pakistan and Bangladesh using a new BurrowShell backdoor and a Rust-based remote access tool (RAT). This activity builds directly on earlier operations exposed by Cloudflare’s CloudForce One in 2024. However, it shows…
-
Epic Fury introduces new layer of enterprise risk
Tags: access, apt, attack, business, cisa, ciso, communications, country, credentials, cyber, cybersecurity, data-breach, disinformation, exploit, group, infrastructure, intelligence, international, Internet, iran, malware, middle-east, network, ransomware, resilience, risk, rust, service, software, technology, tool, ukrainePhysical attacks on US-linked locations through direct action or partner groups. We are already seeing Iranian missile launches into a variety of nations in the region.Cyber operations that include disruptive activity, targeted intrusions, credential and access harvesting, destructive malware deployment, and the use of compromised infrastructure to support broader influence or operational objectives.Proxy networks across…
-
SloppyLemming Targets Pakistan and Bangladesh Governments Using Dual Malware Chains
The threat activity cluster known as SloppyLemming has been attributed to a fresh set of attacks targeting government entities and critical infrastructure operators in Pakistan and Bangladesh.The activity, per Arctic Wolf, took place between January 2025 and January 2026. It involves the use of two distinct attack chains to deliver malware families tracked as BurrowShell…
-
Stored XSS Vulnerability in RustFS Console Puts S3 Admin Credentials at Risk
A critical security flaw has been identified in the RustFS Console, exposing administrators to a high risk of account takeover. Tracked as CVE-2026-27822, this Stored Cross-Site Scripting (XSS) vulnerability carries a critical CVSS v3 score of 10.0 and affects versions of the Rust package before 1.0.0-alpha.82. The vulnerability allows an attacker to execute arbitrary JavaScript…
-
NDSS 2025 Translating C To Rust: Lessons From A User Study
Session 13D: Software Security: Code and Compiler Authors, Creators & Presenters: Ruishi Li (National University of Singapore), Bo Wang (National University of Singapore), Tianyu Li (National University of Singapore), Prateek Saxena (National University of Singapore), Ashish Kundu (Cisco Research) PAPER Translating C To Rust: Lessons From A User Study Rust aims to offer full memory…
-
NDSS 2025 Translating C To Rust: Lessons From A User Study
Session 13D: Software Security: Code and Compiler Authors, Creators & Presenters: Ruishi Li (National University of Singapore), Bo Wang (National University of Singapore), Tianyu Li (National University of Singapore), Prateek Saxena (National University of Singapore), Ashish Kundu (Cisco Research) PAPER Translating C To Rust: Lessons From A User Study Rust aims to offer full memory…
-
NDSS 2025 Translating C To Rust: Lessons From A User Study
Session 13D: Software Security: Code and Compiler Authors, Creators & Presenters: Ruishi Li (National University of Singapore), Bo Wang (National University of Singapore), Tianyu Li (National University of Singapore), Prateek Saxena (National University of Singapore), Ashish Kundu (Cisco Research) PAPER Translating C To Rust: Lessons From A User Study Rust aims to offer full memory…
-
NDSS 2025 Translating C To Rust: Lessons From A User Study
Session 13D: Software Security: Code and Compiler Authors, Creators & Presenters: Ruishi Li (National University of Singapore), Bo Wang (National University of Singapore), Tianyu Li (National University of Singapore), Prateek Saxena (National University of Singapore), Ashish Kundu (Cisco Research) PAPER Translating C To Rust: Lessons From A User Study Rust aims to offer full memory…
-
Operation Olalampo: MuddyWater Unleashes AI-Assisted Rust Malware and Telegram C2 in MENA Espionage Surge
The post Operation Olalampo: MuddyWater Unleashes AI-Assisted Rust Malware and Telegram C2 in MENA Espionage Surge appeared first on Daily CyberSecurity. First seen on securityonline.info Jump to article: securityonline.info/operation-olalampo-muddywater-unleashes-ai-assisted-rust-malware-and-telegram-c2-in-mena-espionage-surge/
-
NDSS 2025 A Comprehensive Study Of Security Risks In Deno And Its Ecosystem
Tags: access, api, attack, conference, control, Internet, network, programming, risk, rust, software, supply-chainSession 13A: JavaScript Security Authors, Creators & Presenters: Abdullah AlHamdan (CISPA Helmholtz Center for Information Security), Cristian-Alexandru Staicu (CISPA Helmholtz Center for Information Security) PAPER Welcome to Jurassic Park: A Comprehensive Study of Security Risks in Deno and its Ecosystem Node.js and its ecosystem npm are notoriously insecure, enabling the proliferation of supply chain attacks.…
-
Microsoft Unveils LiteBox, a Rust-Based Approach to Secure Sandboxing
Microsoft has released LiteBox, an experimental open-source library OS designed to sandbox applications while reducing their exposure to host systems. Written in Rust and published under the MIT license, LiteBox reflects the company’s efforts to upgrade software security as confidential computing gains adoption. LiteBox takes a different path from traditional virtualization or container technologies. Rather..…
-
Hackers abused React Native CLI flaw to deploy Rust malware before public disclosure
Hackers exploit a critical React Native CLI flaw (CVE-2025-11953) to run remote commands and drop stealthy Rust malware, weeks before public disclosure. Attackers are actively exploiting a critical flaw in the React Native CLI Metro server, tracked as CVE-2025-11953. The React Native CLI’s Metro dev server binds to external interfaces by default and exposes a…
-
Shai-Hulud & Co.: The software supply chain as Achilles’ heel
Tags: access, ai, application-security, attack, backdoor, ciso, cloud, credentials, cyber, github, Hardware, identity, infrastructure, kritis, kubernetes, malicious, network, nis-2, programming, risk, rust, sbom, software, strategy, supply-chain, threat, tool, vulnerability, wormThe polyglot supply chain attack: The most frightening prospect, however, is the convergence of these threats in a polyglot supply chain attack. Currently, security teams operate in isolation. AppSec monitors the code, CloudSec monitors the cloud, NetworkSec monitors the perimeter. A polyglot attack is designed to seamlessly break through these silos.This happens as follows: A…
-
Paranoid WhatsApp users rejoice: Encrypted app gets one-click privacy toggle
Meta also replaces a legacy C++ media-handling security library with Rust First seen on theregister.com Jump to article: www.theregister.com/2026/01/27/whatsapp_strict_account_settings_meta_rust/
-
Rust package registry adds security tools and metrics to crates.io
The Rust project updated crates.io to include a Security tab on individual crate pages. The tab shows security advisories drawn from the RustSec database and lists which … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2026/01/21/rust-crates-io-security-update/
-
Spear-Phishing Campaign Abuses Argentine Federal Court Rulings to Deliver Covert RAT
Seqrite Labs has uncovered a sophisticated spear-phishing campaign targeting Argentina’s judicial sector with a multi-stage infection chain designed to deploy a stealthy Rust-based Remote Access Trojan (RAT). The campaign primarily targets Argentina’s judicial institutions, legal professionals, justice-adjacent government bodies, and academic legal organizations. Attackers abuse legitimate Argentine federal court rulings specifically, preventive detention review documents…
-
Shai-Hulud & Co.: Die Supply Chain als Achillesferse
Tags: access, ai, application-security, backdoor, ciso, cloud, cyber, cyberattack, data, github, Hardware, infrastructure, kritis, kubernetes, LLM, monitoring, network, nis-2, programming, resilience, risk, rust, sbom, software, spyware, strategy, supply-chain, tool, vulnerabilityEgal, ob React2Shell, Shai-Hulud oder XZ Utils: Die Sicherheit der Software-Supply-Chain wird durch zahlreiche Risiken gefährdet.Heutige Anwendungen basieren auf zahlreichen Komponenten, von denen jede zusammen mit den Entwicklungsumgebungen selbst eine Angriffsfläche darstellt. Unabhängig davon, ob Unternehmen Code intern entwickeln oder sich auf Drittanbieter verlassen, sollten CISOs, Sicherheitsexperten und Entwickler der Software-Supply-Chain besondere Aufmerksamkeit schenken.Zu den…
-
Iran-linked MuddyWater APT deploys Rust-based implant in latest campaign
Rust offers evasion advantages: CloudSEK researchers said RustyWater was developed in Rust, which they said is increasingly used by malware authors for its memory safety features and cross-platform capabilities, according to the blog post. Other state-sponsored groups, including Russia’s Gossamer Bear and China-linked actors, have also deployed Rust-based malware in recent campaigns, according to security…
-
RustyWater Rising: MuddyWater Drops PowerShell for Stealthy Rust Implants
The post RustyWater Rising: MuddyWater Drops PowerShell for Stealthy Rust Implants appeared first on Daily CyberSecurity. First seen on securityonline.info Jump to article: securityonline.info/rustywater-rising-muddywater-drops-powershell-for-stealthy-rust-implants/
-
MuddyWater Launches RustyWater RAT via Spear-Phishing Across Middle East Sectors
The Iranian threat actor known as MuddyWater has been attributed to a spear-phishing campaign targeting diplomatic, maritime, financial, and telecom entities in the Middle East with a Rust-based implant codenamed RustyWater.”The campaign uses icon spoofing and malicious Word documents to deliver Rust based implants capable of asynchronous C2, anti-analysis, registry persistence, and modular First seen…
-
Claude is his copilot: Rust veteran designs new Rue programming language with help from AI bot
Rust veteran Steve Klabnik is using an LLM to explore memory safety without garbage collection First seen on theregister.com Jump to article: www.theregister.com/2026/01/03/claude_copilot_rue_steve_klabnik/
-
Xous & Baochip-1x: Rust-OS und eigener Chip für sicherere Embedded-Anwendungen
Tags: rustFür Mikrocontroller gibt es längst Betriebssysteme, doch ihnen fehlen wichtige Sicherheits-Features. Das will Hardwareentwickler Bunnie ändern. First seen on golem.de Jump to article: www.golem.de/news/xous-baochip-1x-rust-os-und-eigener-chip-fuer-sicherere-embedded-anwendungen-2601-203741.html
-
Microsoft wants to replace its entire C and C++ codebase, perhaps by 2030
Plans move to Rust, with help from AI First seen on theregister.com Jump to article: www.theregister.com/2025/12/24/microsoft_rust_codebase_migration/
-
New Linux Kernel Rust Vulnerability Triggers System Crashes
A critical race condition vulnerability has been discovered in the Linux kernel’s Rust Binder module, potentially causing system crashes and memory corruption. Assigned CVE-2025-68260, this issue affects the kernel’s inter-process communication mechanism and requires immediate attention from system administrators and kernel maintainers. The Vulnerability The vulnerability exists in the Rust Binder component’s death_list handling mechanism.…
-
New Linux Kernel Rust Vulnerability Triggers System Crashes
A critical race condition vulnerability has been discovered in the Linux kernel’s Rust Binder module, potentially causing system crashes and memory corruption. Assigned CVE-2025-68260, this issue affects the kernel’s inter-process communication mechanism and requires immediate attention from system administrators and kernel maintainers. The Vulnerability The vulnerability exists in the Rust Binder component’s death_list handling mechanism.…
-
New Linux Kernel Rust Vulnerability Triggers System Crashes
A critical race condition vulnerability has been discovered in the Linux kernel’s Rust Binder module, potentially causing system crashes and memory corruption. Assigned CVE-2025-68260, this issue affects the kernel’s inter-process communication mechanism and requires immediate attention from system administrators and kernel maintainers. The Vulnerability The vulnerability exists in the Rust Binder component’s death_list handling mechanism.…
-
New 01Flip Ransomware Targets Both Windows and Linux Systems
Security researchers at Palo Alto Networks Unit 42 have identified a newly emerging ransomware family, 01flip, that represents a significant shift in malware development tactics. Discovered in June 2025, this sophisticated threat is entirely written in Rust a modern programming language that enables cross-platform compatibility and currently targets a limited set of victims across the…
-
Beyond Cargo Audit: Securing Your Rust Crates in Container Images
Container image scanning has come a long way over the years, but it still comes with its own set of, often unique, challenges. One of these being the difficulty in analyzing images for vulnerabilities when they contain a Rust payload. If you’re a big Rust user, you may have found that some software composition analysis……