A Microsoft Windows Update is wreaking havoc with printers worldwide this week—KB50000802 (for newer Windows 10 builds; older Windows 10 and Server builds may have a KB ending in 808 or 822 instead) was intended to provide updates to security "when Windows performs basic operations," but the update crashes some print drivers due to overflowing a GDI Object limit of 10,000.

The lab's latest computer vision model, CLIP, can be tricked by in what's described as a “typographical attack." Simply write the words ‘iPod’ or ‘pizza’ on a bit of paper, stick it on an apple, and the software will wrongly classify the piece of fruit as a Cupertino music player or a delicious dish.

Currently, this Chinese version of the old Flash Player app is available only via flash.cn, a website managed by a company named Zhong Cheng Network, the only entity authorized by Adobe to distribute Flash inside China.

During subsequent analysis, researchers found that the app was indeed installing a valid version of Flash but also downloading and running additional payloads.

The IBM-owned Linux distro giant will offer selected bodies free "RHEL subscriptions for any use within the confines of their infrastructure." By infrastructure, they mean things like build and continuous integration systems, and web and mail servers.

And in case you're wondering, Red Hat said it is going to keep Fedora around, "for driving leading-edge development of Linux operating system improvements and enhancements."

The Exodus report on LastPass shows seven trackers in the Android app, including four from Google for the purpose of analytics and crash reporting, as well as others from AppsFlyer, MixPanel, and Segment. Segment, for instance, gathers data for marketing teams, and claims to offer a "single view of the customer", profiling users and connecting their activity across different platforms, presumably for tailored adverts.

Do all password apps contain such trackers? Not according to Exodus. 1Password has none. KeePass has none. The open-source Bitwarden has two for Google Firebase analytics and Microsoft Visual Studio crash reporting. Dashlane has four. LastPass does appear to have more than its rivals.

So far, however, researchers have yet to observe delivery of any payload on any of the infected 30,000 machines, leaving the malware’s ultimate goal unknown. The lack of a final payload suggests that the malware may spring into action once an unknown condition is met.

“To me, the most notable [thing] is that it was found on almost 30K macOS endpoints... and these are only endpoints the MalwareBytes can see, so the number is likely way higher,” Patrick Wardle, a macOS security expert, wrote in an Internet message. “That’s pretty widespread... and yet again shows the macOS malware is becoming ever more pervasive and commonplace, despite Apple’s best efforts.”

Gregory Kurtzer, co-founder of the now-defunct CentOS Linux distribution, has founded a new startup company called Ctrl IQ, which will serve in part as a sponsoring company for the upcoming Rocky Linux distribution.

Ctrl IQ reached out due to confusion caused by the original headline of this article (since corrected). Ctrl IQ is only a sponsor of the Rocky Linux project, not a parent company.

Long-standing tradition—and ambiguity in Red Hat's posted terms—led users to believe that CentOS 8 would be available until 2029, just like the RHEL 8 it was based on. Red Hat's early termination of CentOS 8 in 2021 cut eight of those 10 years away, leaving thousands of users stranded.

Although CentOS Stream could be considered appropriate and perfectly adequate for enthusiasts and home-labbers, the lack of a long, well-defined life cycle made it inappropriate for most production use and, especially, production use by shops that chose a RHEL-compatible distribution in the first place.

For a select few in China, though, the death of Flash meant being late to work, because the city of Dalian in northern China was running their railroad system on it. Yes, a railroad, run on Flash, the same thing used to run “free online casinos” and knockoff Breakout games in mortgage re-fi ads.

The railroad’s technicians did get everything back up and running, but the way they did this is fascinating, too. They didn’t switch the rail management system to some other, more modern codebase or software installation; instead, they installed a pirated version of Flash that was still operational.

In multiple tests by BleepingComputer, this one-liner can be delivered hidden inside a Windows shortcut file, a ZIP archive, batch files, or various other vectors to trigger hard drive errors that corrupt the filesystem index instantly.

What's worse is, the vulnerability can be triggered by standard and low privileged user accounts on Windows 10 systems.

BleepingComputer's tests also show that you can use this command on any drive, not only the C: drive and that drive will subsequently become corrupted.