8.7 C
New York
Friday, March 28, 2025
Home Blog Page 32

Take away default white background shade SwiftUI

codesanitize
-
0
Take away default white background shade SwiftUI


So right here is the deal. I am making a button part that may have two kinds. One of many type has any backgroundColor outlined by the dev and the opposite type has no backgroundColor however does have a border. I’ve applied the type with the background shade however I’m attempting to arrange the type with out background shade and it at all times applies a default white shade that I can not do away with, making the border of the part not look proper.

Button with backgroundColor:

    var mainContentView: some View {
        HStack{
            if let leadingIcon = configuration.leadingIcon {
                imageView(useful resource: leadingIcon, shade: type.leadingIconColor, measurement: measurement.iconSize())
            }
            titleView
            if let trailingIcon = configuration.trailingIcon {
                imageView(useful resource: trailingIcon, shade: type.trailingIconColor, measurement: measurement.iconSize())
            }
        }
        .body(maxWidth: configuration.maxWidth ? .infinity : nil)
        .padding(.vertical, 8)
        .padding(.horizontal, 8)
        .background(Coloration.grey)
        .clipShape(
            .rect(
                topLeadingRadius: configuration.invertCornerRadius ? 5 : 15,
                bottomLeadingRadius: configuration.invertCornerRadius ? 15 : 5,
                bottomTrailingRadius: configuration.invertCornerRadius ? 5 : 15,
                topTrailingRadius: configuration.invertCornerRadius ? 15 : 5
            )
        )
    }

enter image description here

Button with out backgroundColor:

    var mainContentView: some View {
        HStack{
            if let leadingIcon = configuration.leadingIcon {
                imageView(useful resource: leadingIcon, shade: type.leadingIconColor, measurement: measurement.iconSize())
            }
            titleView
            if let trailingIcon = configuration.trailingIcon {
                imageView(useful resource: trailingIcon, shade: type.trailingIconColor, measurement: measurement.iconSize())
            }
        }
        .body(maxWidth: configuration.maxWidth ? .infinity : nil)
        .padding(.vertical, 8)
        .padding(.horizontal, 8)
        // .background(Coloration.clear) I've do this too
        .overlay(
            RoundedRectangle(cornerRadius: 0)
                .stroke(Coloration.purple, lineWidth: 2)
                .clipShape(
                    .rect(
                        topLeadingRadius: configuration.invertCornerRadius ? 5 : 15,
                        bottomLeadingRadius: configuration.invertCornerRadius ? 15 : 5,
                        bottomTrailingRadius: configuration.invertCornerRadius ? 5 : 15,
                        topTrailingRadius: configuration.invertCornerRadius ? 15 : 5
                    )
                )
        )
    }

enter image description here

Ingress NGINX RCE Vulnerability Permits Attackers to Compromise Whole Cluster

codesanitize
-
0
Ingress NGINX RCE Vulnerability Permits Attackers to Compromise Whole Cluster


A sequence of distant code execution (RCE) vulnerabilities often called “IngressNightmare” have been found within the Ingress NGINX Controller for Kubernetes.

These vulnerabilities, recognized as CVE-2025-1097CVE-2025-1098CVE-2025-24514, and CVE-2025-1974, pose a crucial menace to Kubernetes clusters, permitting attackers to realize unauthorized entry to all cluster secrets and techniques and probably take management of the complete cluster.

CVE-2025-24514: auth-url Annotation Injection

The CVE-2025-24514 vulnerability arises from the dealing with of authentication-related annotations, particularly the nginx.ingress.kubernetes.io/auth-url annotation.

Within the authReq parser, the auth-url discipline just isn’t correctly sanitized when it’s included into the NGINX configuration.

This oversight permits attackers to inject arbitrary NGINX directives by crafting malicious annotations.

As an illustration, if an attacker makes use of the next annotation:

nginx.ingress.kubernetes.io/auth-url: "http://instance.com/#;ninjection_point"

The ensuing NGINX configuration may seem as:

proxy_http_version 1.1;
set $goal http://instance.com/#;
injection_point
proxy_pass $goal;

This vulnerability is especially harmful as a result of it permits attackers to inject instructions into the NGINX configuration, probably resulting in distant code execution.

CVE-2025-1097: auth-tls-match-cn Annotation Injection

In line with the Wiz reviews,CVE-2025-1097 includes the nginx.ingress.kubernetes.io/auth-tls-match-cn annotation, which requires a price beginning with “CN=” and adopted by a sound common expression.

Nonetheless, attackers can bypass these checks to inject arbitrary configurations. For instance, utilizing the annotation:

nginx.ingress.kubernetes.io/auth-tls-match-cn: "CN=abc #(n){}n }}nglobal_injection;n#"

can result in injection of arbitrary NGINX directives into the configuration file.

To use this, attackers want entry to a TLS certificates or keypair secret within the cluster, which is usually available in managed environments. Generally exploited secrets and techniques embody:

kube-system/konnectivity-certs
kube-system/azure-wi-webhook-server-cert
kube-system/aws-load-balancer-webhook-tls
kube-system/hubble-server-certs
kube-system/cilium-ca
calico-system/node-certs
cert-manager/cert-manager-webhook-ca
linkerd/linkerd-policy-validator-k8s-tls
linkerd/linkerd-proxy-injector-k8s-tls
linkerd/linkerd-sp-validator-k8s-tls

CVE-2025-1098: Mirror UID Injection

On this vulnerability, the mirror annotation parser permits attackers to inject arbitrary directives by manipulating the UID discipline of the ingress object.

Since this enter just isn’t sanitized by regex guidelines utilized to annotations, attackers can simply escape the supposed context and inject arbitrary NGINX configurations.

CVE-2025-1974: NGINX Configuration Code Execution

Whereas the earlier vulnerabilities permit for configuration injection, CVE-2025-1974 demonstrates how these injections might be leveraged for distant code execution.

By exploiting the ssl_engine directive inside the injected configurations, attackers can load arbitrary shared libraries from the filesystem.

That is achieved by utilizing NGINX’s consumer physique buffering function to briefly save a shared library onto the pod’s filesystem after which specifying its ProcFS path to load it as a library.

Exploitation Steps

The exploitation includes the next key steps:

  1. Add Shared Library: Ship a big HTTP request with the shared library as its physique to the NGINX occasion, inflicting it to avoid wasting the library briefly.
  2. Preserve File Descriptor Open: Use a Content material-Size header that exceeds the precise request dimension, protecting the file descriptor open regardless of NGINX eradicating the file.
  3. Inject Directive: Ship an AdmissionReview request with the ssl_engine directive pointing to the file descriptor path.
  4. Obtain RCE: The library is loaded, permitting arbitrary code execution resulting from NGINX’s elevated privileges and entry to all cluster secrets and techniques.

Mitigation and Detection

To mitigate these vulnerabilities, customers ought to:

  • Replace Ingress NGINX Controller: Transfer to model 1.12.1 or 1.11.5.
  • Limit Admission Webhook Entry: Make sure the admission webhook endpoint just isn’t uncovered to the general public web.
  • Implement Community Insurance policies: Enable solely the Kubernetes API server to entry the admission controller.
  • Disable Admission Controller Quickly: If an instantaneous replace just isn’t possible.

As these vulnerabilities expose clusters to vital danger, quick motion is suggested to safe Ingress NGINX Controllers and forestall potential takeovers.

The safety group encourages ongoing vigilance relating to admission controllers, usually neglected however crucial parts in Kubernetes environments.

Examine Actual-World Malicious Hyperlinks & Phishing Assaults With Risk Intelligence Lookup - Strive for Free

XPENG Unveils 1st XPENG Tech Middle in Asia

codesanitize
-
0
XPENG Unveils 1st XPENG Tech Middle in Asia



Join every day information updates from CleanTechnica on electronic mail. Or comply with us on Google Information!

Final Up to date on: twenty fifth March 2025, 12:16 am

Additionally, XPENG introduces extremely clever 7-seater, X9, in Hong Kong.

  • XPENG opens its first “XPENG Tech Middle” in Asia, positioned in Wan Chai, Hong Kong, showcasing cutting-edge AI-defined mobility applied sciences and robotics
  • XPENG proclaims plans for launching XP Supercharging community outdoors the Chinese language mainland, with first batch of stations positioned throughout key Hong Kong landmarks and a citywide charging map into its app.
  • Dedication to ground-breaking innovation with over-the-air (OTA) software program updates, that includes X-Combo Sensible State of affairs System — a customized driving expertise with over 360 clever management modules for enhanced mobility
  • The X9, an extremely clever seven-seater, debuts in Hong Kong, providing superior options reminiscent of customary lively rear-wheel steering, spacious, starship-inspired design and the one electrical, versatile magic area in its class. 

XPENG, a globally-orientated high-tech automotive firm, has formally opened its first “XPENG Tech Middle” in Asia, in Hong Kong SAR, China. This new location is a landmark step in XPENG’s international enlargement and serves as a devoted area for showcasing its newest developments in good mobility.

The shop affords Hong Kong customers an immersive showcase of XPENG’s imaginative and prescient for an AI-defined mobility future, that includes its robotics lineup and can sooner or later additionally introduce its self-developed chips, flying automobiles, and different cutting-edge applied sciences.

Brian Gu, Vice Chairman and President of XPENG, mentioned: The opening of our XPENG Tech Middle in Wan Chai is a big second for XPENG in Hong Kong in addition to globally. Customers right here have a powerful curiosity in superior good expertise and premium mobility options. Via this new area, we hope to convey them nearer to XPENG’s improvements, from autonomous driving to clever cockpit expertise and our future mobility options reminiscent of AI chips and humanoid robots. With the launch of the X9 in Hong Kong, we sit up for offering a extra clever and seamless driving expertise whereas leveraging town’s international connectivity to assist XPENG’s broader worldwide growth.”

XPENG has additionally introduced plans to ascertain its cutting-edge charging community to markets outdoors the Chinese language mainland in 2025, with Hong Kong as the primary metropolis to deploy XPENG-branded charging stations.

The primary XP Supercharging stations shall be positioned at Lai Solar Business Centre and the Conference Plaza, making XPENG the primary Chinese language good EV model to arrange its personal charging services in Hong Kong. The corporate additionally plans to increase the deployment of 360kW+ XP Hypercharging stations, enhancing comfort for EV house owners. As well as, XPENG will combine a Hong Kong-wide charging map into its in-car system and cell app, initially overlaying practically 2,000 public charging spots to assist drivers simply find and entry charging services throughout town.

In the meantime, XPENG has additionally launched the X9 to the Hong Kong market. This represents XPENG’s first ultra-intelligent, massive seven-seater within the native market, the X9 is designed to supply larger flexibility in city driving with its customary lively rear-wheel steering system for enhanced maneuverability in dense metropolis environments. The X9 boasts a starship-inspired design, that includes a roomy cabin with 7.7 sq. meters of ground area for straightforward entry, expandable storage capability from 755L to 2554L, and a three-row unbiased voice interplay system, delivering a futuristic and comfy mobility expertise for each passenger.

With insurance policies supporting cross-border journey between Hong Kong and the Chinese language mainland, the X9’s lengthy driving vary and joint guarantee service accessible throughout the Better Bay Space, makes it a sensible selection for these in search of seamless mobility throughout cities within the area.

XPENG continues to advance good mobility via its over-the-air (OTA) software program updates, enabling steady upgrades past conventional OTA capabilities. Via this, customers obtain common updates that introduce new clever driving options and system enhancements. The X-Combo Sensible State of affairs System permits for a customized driving expertise, integrating over 360 clever management modules to create adaptive and environment friendly mobility options.

XPENG stays dedicated to increasing its presence in Hong Kong and different international markets, advancing the event of clever mobility, and contributing to a extra environment friendly and sustainable future for good electrical automobiles.

Whether or not you’ve solar energy or not, please full our newest solar energy survey.

Chip in a couple of {dollars} a month to assist assist unbiased cleantech protection that helps to speed up the cleantech revolution!

Have a tip for CleanTechnica? Need to promote? Need to counsel a visitor for our CleanTech Discuss podcast? Contact us right here.

Join our every day publication for 15 new cleantech tales a day. Or join our weekly one if every day is just too frequent.

Commercial



 

CleanTechnica makes use of affiliate hyperlinks. See our coverage right here.

CleanTechnica’s Remark Coverage



These Tiny Liquid Robots Merge and Cut up Like ‘Terminator’

codesanitize
-
0
These Tiny Liquid Robots Merge and Cut up Like ‘Terminator’


Our cells are like the final word comfortable robots. Made largely of a liquid inside wrapped inside a fatty shell, they break up, stretch, roam, and squeeze into each nook and cranny of the physique.

Precise robots, not a lot. Even comfortable robots product of versatile supplies wrestle to deform outdoors of the bodily limits of their constructing blocks.

This month, a crew from Korea launched liquid robots impressed by organic cells. In regards to the measurement of a grain of rice, every robotic is product of water coated with Teflon particles. The gummy-candy-like blobs are managed utilizing sound waves and might slip via grated fences, chomp up particles, and skim throughout strong and liquid surfaces.

They will additionally perform as tiny chemical reactors. In a check, the crew directed two robots, every loaded with a special chemical, to leap off a ledge and merge collectively with out breaking, permitting the chemical substances to react inside their Teflon shells.

As a result of the robots are biocompatible, they may someday shuttle medicine to hard-to-reach areas of the physique—probably loading up on chemotherapies to kill tumors, for instance. Formations with different molecular instruments embedded throughout the bots might additionally assist diagnose ailments.

“It’s difficult to emulate organic types and capabilities with synthetic machines,” wrote the crew. “[But] a promising avenue to sort out this downside is harnessing the supreme deformability of liquids whereas offering secure but versatile shells round them.”

From T-1000 to Liquid Marbles

Those that have seen Terminator 2: Judgment Day will bear in mind the movie’s formidable robotic antagonist. Manufactured from liquid steel, the T-1000 deforms, liquifies, and reconstructs itself on demand, immediately therapeutic harm to its physique.

Scientists have lengthy sought to seize this versatility in machines (with out the killer robotic angle, in fact). Earlier research have used a wide range of liquid metals that change their form when subjected to electromagnetic fields. These unconventional robots—smaller than a fingertip—can break up, merge, and transport cargoes on demand. However their excessive steel content material makes them incompatible with most chemical reactions and biology, limiting their sensible use.

One other technique to construct liquid robots is to encapsulate water or different liquids in an armor-like barrier. It’s a bit like making gummy sweet with a squishy however supportive outer casing and a gushy core. In apply, researchers mud a hydrophobic powder onto a liquid drop, the combination shrinks right into a bead-like form because of a bodily phenomenon known as capillary interplay.

These forces partly stem from the floor rigidity between a strong and liquid, like once you barely overfill a glass and the water types a spherical high. Including hydrophobic powder to small quantities of liquid stabilizes these forces, pushing water molecules into tiny beads that just about behave like solids.

Appropriately dubbed liquid marbles, these non-stick water drops can roll throughout surfaces. Researchers can management their motion utilizing gravity and electrical and magnetic fields, permitting them to drift and climb throughout terrain. Some variations may even shuttle components from one place and launch their cargo in one other.

However traditional liquid marbles have a weak point. Small fluctuations in temperature or power, reminiscent of squeezing or dropping, causes them to leak or totally collapse. So, the authors developed a stronger shell to make their marbles extra sturdy.

Ice, Ice, Child

First, the crew looked for the very best ratio of Teflon mud to water. They discovered that extra mud on the floor led to stronger, extra sturdy shells.

Subsequent, they labored out how one can manufacture droplets with larger mud content material. Conventional strategies use spherical drops, which don’t have a number of floor space in comparison with their quantity. Cubes are a greater start line as a result of they’ve extra space. So, the crew froze water in customized ice trays and coated the cubes with industrial-grade Teflon powder.

This methodology has one other perk. Ice has extra quantity than water. Because the cubes soften, their quantity shrinks, squeezing the Teflon particles collectively on the floor of the droplets, limiting their motion, and forming a lot stronger armor for every liquid robotic.

On the Transfer

The crew pitted these enhanced liquid robots in opposition to conventional liquid marbles in a type of playground with paper-covered foam constructions and swimming pools of water.

Each sorts of droplets might deform, reminiscent of briefly opening to show their watery inside. However because of their tougher shell, the Teflon bots have been higher ready maintain their liquid cores intact and survive falls with out bursting. The liquid marbles, then again, caught to surfaces and finally collapsed.

The crew used sound waves to steer the robots round for harder duties. In a single process, they piloted the bots throughout an array of 3D-printed pillars. Upon assembly a pair of pillars, the robots break up open, oozed via, after which merged again into their unique types on the opposite facet. In one other check, the researchers zapped adjoining bots with sound waves, deforming them right into a bridge-like form. As soon as touching, the 2 bots merged right into a single, bigger blob.

Because of their water-repelling nature, the robots might skim over each water and land—typically each. Older liquid marbles simply burst when shifting between the 2 terrains.

Liquid Bot Mission

To totally check the robots, the crew designed a mission the place two robots labored collectively. One bot picked up a chemical “toxin” locked behind bars. It then needed to discover its accomplice with the “antidote” in a pool of water, merge with the opposite bot to neutralize the toxin, and dump the ultimate chemical right into a protected container.

The crew steered the primary bot via its jail bars to engulf the toxin and carry it again out. In the meantime, its accomplice skimmed throughout the pool to devour the antidote. The bots dropped from a peak a number of instances their measurement to their rendezvous, the place they merged toxin and antidote, opened the outer shell, and dumped out the neutralized chemical.

Don’t fear, we’re nonetheless a methods from constructing T-1000s. The liquid robots are tiny and managed manually. However the crew is working so as to add sensible supplies for autonomous operation. And although they used water and Teflon right here, the identical course of may very well be used sooner or later to combine different components into a wide range of liquid robots with totally different capabilities.

3 Victims, $5K Entry Payment, Multi-OS, and Double Extortion Techniques

codesanitize
-
0
3 Victims, K Entry Payment, Multi-OS, and Double Extortion Techniques


Mar 24, 2025Ravie LakshmananMalware / Ransomware

3 Victims, K Entry Payment, Multi-OS, and Double Extortion Techniques

A ransomware-as-a-service (RaaS) operation known as VanHelsing has already claimed three victims because it launched on March 7, 2025.

“The RaaS mannequin permits a variety of individuals, from skilled hackers to newcomers, to get entangled with a $5,000 deposit. Associates preserve 80% of the ransom funds, whereas the core operators earn 20%,” Verify Level stated in a report printed over the weekend./p>

“The one rule is to not goal the Commonwealth of Impartial States (CIS).”

As with all affiliate-backed ransomware program, VanHelsing claims to supply the power to focus on a variety of working programs, together with Home windows, Linux, BSD, Arm, and ESXi. It additionally employs what’s known as the double extortion mannequin of stealing information previous to encryption and threatening to leak the knowledge until the sufferer pays up.

The RaaS operators have additionally revealed that the scheme provides a management panel that works “seamlessly” on each desktop and cellular gadgets, with even help for darkish mode.

What makes VanHelsing notable is that it permits respected associates to hitch without spending a dime, whereas new associates are required to pay a $5,000 deposit so as to achieve entry to this system.

Cybersecurity

As soon as launched, the C++-based ransomware takes steps to delete shadow copies, enumerate native and community drives, and encrypt recordsdata with the extension “.vanhelsing,” after which the desktop wallpaper is modified, and a ransom notice is dropped onto the sufferer system, urging them to make a Bitcoin cost.

It additionally helps numerous command-line arguments to dictate numerous points of the ransomware’s habits, such because the encryption mode for use, the places that have to be encrypted, unfold the locker to SMB servers, and skip renaming the recordsdata with the ransomware extension in “Silent” mode.

In response to CYFIRMA, authorities, manufacturing, and pharmaceutical firms positioned in France and the USA have grow to be the targets of the nascent ransomware operation.

“With a user-friendly management panel and frequent updates, VanHelsing is turning into a strong instrument for cybercriminals,” Verify Level stated. Inside simply two weeks of its launch, it has already triggered important harm, infecting a number of victims and demanding hefty ransoms.

The emergence of VanHelsing coincides with quite a lot of developments within the ever-evolving ransomware panorama –

  • The invention of new variations of Albabat ransomware that transcend Home windows to Linux and macOS, gathering system and {hardware} info
  • BlackLock ransomware, a rebranded model of Eldorado, has grow to be one of the vital lively RaaS teams in 2025, concentrating on expertise, manufacturing, development, finance, and retail sectors
  • BlackLock is actively recruiting traffers to drive early phases of ransomware assaults, directing victims to malicious pages that deploy malware able to establishing preliminary entry to compromised programs
  • The JavaScript-based malware framework often called SocGholish (aka FakeUpdates) is getting used to ship RansomHub ransomware, an exercise attributed to a menace cluster dubbed Water Scylla
  • The exploitation of safety flaws in Fortinet firewall home equipment (CVE-2024-55591 and CVE-2025-24472) by a menace actor dubbed Mora_001 since late January 2025 to ship a newly found ransomware pressure codenamed SuperBlack, a modified model of LockBit 3.0 that makes use of a customized information exfiltration instrument
  • The Babuk2 (aka Babuk-Bjorka) ransomware group has been noticed reusing information from earlier breaches related to RansomHub, FunkSec, LockBit, and Babuk to concern faux extortion calls for to victims

In response to statistics compiled by Bitdefender, February 2025 was the worst month for ransomware in historical past, hitting a document 962 victims, up from 425 victims in February 2024. Of the 962 victims, 335 have been claimed by the Cl0p RaaS group.

Cybersecurity

One other notable pattern is the rise in distant encryption assaults, whereby ransomware attackers compromise an unmanaged endpoint, and leverage that entry to encrypt information on managed, domain-joined machines.

Telemetry information shared by Sophos reveals that there was a surge in distant encryption by 50% year-on-year in 2024, and a 141% rise since 2022.

“Distant encryption has now grow to be an ordinary a part of ransomware teams’ bag of methods,” stated Chester Wisniewski, director and world subject CISO at Sophos. “Each group has blind spots and ransomware criminals are fast to take advantage of weaknesses as soon as found.”

“More and more the criminals are in search of out these darkish corners and utilizing them as camouflage. Companies have to be hypervigilant in guaranteeing visibility throughout their whole property and actively monitor any suspicious file exercise.”

Discovered this text fascinating? Observe us on Twitter and LinkedIn to learn extra unique content material we submit.



1...313233...3,906Page 32 of 3,906

ABOUT US

Welcome to CodeSanitize, your number one source for all things coding and technology. We’re dedicated to providing you the very best of software development tutorials, tips, and resources, with a focus on clarity, practical examples, and up-to-date content.

© Copyright 2024 - codesanitize.com. All rights reserved