- Dev Notes
- Posts
- Roblox Devs Targeted by Year-Long Malware Campaign
Roblox Devs Targeted by Year-Long Malware Campaign
Good Morning! Sorry, we missed you guys on Monday. Moving forward we’ll work on being more consistent and I hope you guys enjoy today’s issue because there is lot of news!
Roblox Devs Targeted by Year-Long Malware Campaign
Roblox
For over a year now, some sneaky attackers have been targeting Roblox developers through malicious npm packages. They've been impersonating the popular "noblox.js" library, publishing dozens of packages designed to steal sensitive info and compromise systems.
What's New: The bad actors are getting creative with their disguises. They're using a mix of brandjacking, combosquatting, and starjacking to make their malicious packages look legit. Think names like "noblox.js-async" or "noblox.js-thread" - pretty convincing, right?
But wait, there's more! The malware's capabilities are no joke:
Discord token theft
System info harvesting
Persistence through Windows registry manipulation
Deployment of additional payloads (hello, QuasarRAT!)
The kicker?: Even though npm's security team has been taking down these packages, new ones keep popping up. The attacker's GitHub repo is still active, which means this threat isn't going away anytime soon.
Read More Here
Xbox's Dev Support Under Fire
Microsoft
Xbox has been losing ground lately, with several high-profile games either skipping the platform or facing significant delays. The latest? Enotria: The Last Song, a Soulslike game inspired by Italian folklore.
What’s Happening?: Jyamma Games, the studio behind Enotria, dropped a bombshell. They claim their Xbox version is ready to go, but they can't submit it due to a bug in Microsoft's store page system. Even worse? Microsoft ghosted them for two months. Ouch.
But wait, there's more:
Baldur's Gate 3 was MIA on Xbox for months after its PS5 release
Capcom's retro game ports initially skipped Xbox entirely
Dune: Awakening devs are sweating over Xbox Series S optimizations
The tech breakdown: These issues seem to stem from a mix of hardware constraints (particularly with the Series S) and what developers perceive as lackluster support from Microsoft. It's a double whammy that's left devs frustrated and Xbox fans questioning their platform loyalty.
With Microsoft pushing cloud gaming and bringing exclusives to rival platforms, the Xbox's future as a dedicated gaming console looks shakier than ever. Unless Microsoft steps up its dev support game, we might be witnessing the early stages of a platform death spiral.
Read More Here
Android 15 Drops: What Devs Need to Know
Harish Jonnalagadda / Android Central
Google's been teasing us with developer previews and betas, but now Android 15 is officially out in the wild. It'll be rolling out to Pixel devices in the coming weeks, with other manufacturers following suit in the months ahead.
What's New:
Typography & Internationalization: Variable fonts are getting a boost, with FontFamily instances now auto-adjusting wght and ital axes. Plus, NotoSansCJK is now a variable font, opening up new typographic possibilities for CJK languages.
Camera & Media: HDR headroom control with setDesiredHdrHeadroom, intelligent audio volume adjustment, and Low Light Boost for better previews in dim conditions. Oh, and virtual MIDI 2.0 device support!
UX Improvements: Edge-to-edge display by default for SDK 35 targets, and improved split-screen multitasking.
Security Enhancements: New Private Space feature, passkey support, and the ability for apps to detect if they're being recorded.
For the curious: The source code is already available on AOSP, so you can start tinkering right away. Just remember, with great power comes great responsibility (and probably a few bugs to squash).
Reads More Here
🔥 More Notes
Wikimedia Slashed 300ms Off Every WASM Execution with WasmEdge: This quarter, the Abstract Wikipedia team committed to improve system performance. The biggest change was a re-write of the back-end "evaluator" service to pre-load WASM instead of loading it on request, resulting in 3-12x faster single requests and 30% faster saturated requests.
Firefox will consider a Rust implementation of JPEG-XL: Mozilla is working with Google to develop a Rust-based JPEG-XL decoder for Firefox, in order to address security concerns with the existing C++ implementation.
Generative AI Banned on StackOverflow: All use of generative AI (e.g., ChatGPT and other LLMs) is banned when posting content on Stack Overflow. This includes "asking" the question to an AI generator then copy-pasting its output as well as using an AI generator to "reword" your answers.
📹 Youtube Spotlight
Generative AI is not the panacea we’ve been promised | Eric Siegel for Big Think+
Was this forwarded to you? Sign Up Here