@Notizie dall'Italia e dal mondo
ELT Group chiude il 2025 con risultati in crescita e con un nuovo record sul fronte degli ordini. L’assemblea di Elettronica S.p.A. ha approvato il bilancio dell’esercizio, confermando il percorso di sviluppo intrapreso dall’azienda negli ultimi anni. L’acquisizione di nuovi ordini raggiunge quota 700,6 milioni di euro, con un incremento
Ferma i pesticidi, difendi salute e ambiente | Greenpeace Italia
attivati.greenpeace.it/petizio…
Si diffondono nell’ambiente, entrano nell’acqua e arrivano nella nostra vita quotidiana. Chiedi a Italia e UE di fermare la deregulation sui pesticidi e proteggere la nostra salute. Firma la petizione.
TikTok, Instagram, Youtube: Plattformen schludern bei Hassrede und Accountsperren
Elezioni e Politica 2026 reshared this.
Ubiquiti released a new security bulletin detailing fixes for six security issues, including one rated 9.1 (critical) and one scoring a perfect 10.0 on the CVE risk scale.
The vulnerabilities range from path traversal revealing configuration files (escaping from the web server by requesting a path like “../../../../../etc/passwd” for instance), to command injection (running arbitrary shell commands on the system), and actually changing device configurations. Some of the reported vulnerabilities require an account on the management server, but some only require network access .
Fortunately, all of the vulnerabilities require access to the network in the first place to exploit – but this could include access to open guest networks as well as trusted users. If you run Ubiquti or UniFi equipment, chances are the automatic update function has already integrated the fixes, but make sure to check the advisory to see if you’re impacted and update accordingly!
FatGid lets FreeBSD join the fun of kernel exploits to gain root.
The FatGid vulnerability doesn’t require any manipulation of disk cache; instead it is a direct kernel stack overflow in a system call. The kernel miscalculates the size of a variable as 8 bytes instead of 4, which when used later interacting with a user buffer allows the stack overflow.
Like the recent spate of Linux local privilege escalation attacks, this requires the attacker to already have an account on the system or the ability to run arbitrary programs, but remember that any bug in network services which allows command execution gets you there, so if you run network exposed FreeBSD, it’s time to update!
Phishing-as-a-service platforms have been gaining traction, allowing criminals to automate targeting users with crafted lures. The FBI has issued a warning about the Kali365 service in particular.
Kali365 targets credentials for Microsoft 365 accounts by directing users to the official Microsoft portal for linking additional devices to the account, attaching an attacker device directly to the user identity. Alternatively, the framework steals credentials by directing the user through a hostile service which presents a false login page which captures browser sessions along with authentication cookies and tokens once the user answers the fake multi-factor login prompts.
Automating the phishing process lowers the bar for the skill level needed to create authentic-looking lures and makes it simpler for criminal groups to attack large numbers of users; Phishing-as-a-service groups operate as companies offering customer support, tracking dashboards, and pre-made phishing templates.
CrowdStrike, Google, and the ShadowServer Foundation have done a coordinated takedown of the infrastructure used by the Glassworm supply-chain botnet.
Glassworm has been mentioned previously; it is one of several major worms infecting the open source package supply chain repositories like NPM and PyPi or the Visual Studio extension repository. Once a victim installs a compromised package or extension, the Glassworm trojan steals any saved authentication tokens for package repositories, GitHub accounts, AI services, and any SSH keys found, and begins the stage two infection. Using the stolen credentials, the worm infects any GitHub workflows, packages, and extensions the user has access to, and installs a remote-access trojan which waits for further commands.
Glassworm used a complex control server structure including blockchain memos, BitTorrent files, and public Google Calendar entries, but the coalition of companies was able to interrupt all control channels simultaneously. Hard-coded aspects of the worm will continue to function, but all behavior which requires downloading payloads from the control servers has been disrupted.
This isn’t the first time multiple Internet companies have coordinated to take down malware, but it’s always good to see action against threats which have been decimating the package repository infrastructure lately.
On the positive side of things, TechCrunch has an article about modern features to protect users against spyware. If this isn’t news to you, there’s still almost certainly someone in your life who will benefit from a user-friendly write up of best practices!
Both major commercial mobile platforms (iOS and Android) offer advanced protection features which are minimally invasive. For users who are likely to be higher targets of spyware like journalists, lawyers, and human rights activists, or simply those who are worried, these features offer real protection.
The features explained in the article include Apple’s Lockdown mode, Androids Advanced protection mode, and WhatsApp specific application settings, all of which work to reduce common attack surfaces for devices. The advanced security modes typically have minor impacts on performance and battery life due to disabling optimization features which introduce additional complexity and attack surfaces (such as just-in-time compilation of JavaScript code into native instructions.). When situations call for an abundance of caution, a few percent of battery life daily is a reasonable compromise.
Go check out the full write up!
An exploit researcher known only as “NightmareEclipse” has been featured here several times in the past months already. Showing intense frustration with their experience with the administrators of the Microsoft security bug bounty program, they have taken to releasing zero-day exploits against Windows, often coinciding with Patch Tuesday (clearly no accident; by releasing a new exploit on the same day as the Microsoft patch set, it’s unlikely to be fixed before the next months Patch Tuesday at the earliest). Previous exploits released by NightmareEclipse include BlueSun and RedHammer (local user to Windows SYSTEM privilege escalation), UnDefend to disable Windows Defender, and YellowKey which unlocks BitLocker drives using a collection of nothing more than magically named files.
Toms Hardware reports that Microsoft has disabled the researchers GitHub accounts (GitHub being owned by Microsoft has long been a point of concern for security researchers who find vulnerabilities in Microsoft products), as well as the actual Microsoft account used by the researcher.
While it’s certainly within the terms of service of Microsoft and GitHub that accounts may be terminated, the optics are particularly poor in this case, given the confusion around the initial interactions which led the researchers original anger. NightmareEclipse has moved their example code repositories to GitLab in the mean time, and promises Microsoft that “I will make sure your bones are shattered on July 14”, implying there will be additional releases (on, you guessed it, what looks like another Patch Tuesday).
Further clouding the issue, an official Microsoft statement indicates they are attempting to bring criminal (not just civil) charges against researchers who do not cooperate with the Microsoft disclosure policies, a stance which will certainly in no way exacerbate the situation.
Dan Goodin at Ars Technica highlights a new paper on fingerprinting users via SSD disk performance, using just standard JavaScript.
The modern web is a hellscape of user tracking, and this attack, dubbed FROST, highlights another technique for identifying unique devices and user patterns based entirely on hardware behavior. By generating a large file using local browser storage via OPFS (origin private file system, an API for JavaScript to create raw files inside the browser storage area) and continually reading and writing data while monitoring the performance, a web page is able to monitor the disk access performance of the device.
Using a neural network trained on timing data, researchers say they are able to determine what apps may be running on the computer alongside the browser – and sometimes even what other websites are being viewed, based solely on the delays in disk IO caused by other applications and websites accessing the SSD. The paper will be presented in July, with researchers saying that the neural network can be trained to recognize “any system which reliably generates SSD accesses”.
Likely, browser developers can mitigate FROST by decreasing the performance of file operations in the OPFS API so that the performance data lacks the fidelity needed to derive user behavior.
FROST is a “side channel attack”; by monitoring one set of characteristics, side channel attacks are able to infer other system behaviors. Side channel attacks can be incredibly subtle and difficult to predict: Another side channel attack method has been to use extremely fine-grained monitoring of the power consumption of a device to derive encryption keys, predicting the CPU instructions and values based on the amount of power used to set the internal registers.
Programming languages have been moving towards stronger default memory models, making programs more secure by default by eliminating behaviors which are commonly exploitable. Using a memory-safe language does not prevent logic errors or other security issues, but can still help by eliminating common mistakes.
Microsoft has posted an extensive article about new enhancements for C# in .NET 11. Borrowing in many ways (that’s a programming joke) from the Rust memory model, C# 16 will add additional memory enforcement and object lifetime, detecting when memory is no longer available and preventing invalid memory accesses on expired objects, with the goal of eliminating use-after-free memory corruption and attacks.
C# 16 will also increase the meaning of the “unsafe” keyword, a mechanism introduced in C# 1.0 and since heavily adopted by newer languages such as Rust and Swift. Code marked as unsafe in C# 16 is able to bypass the stricter memory model, but all code referencing it must also be marked as unsafe. Making unsafe code more difficult to use increases the overall friction of doing things the dangerous way, while clearly marking code which is higher risk.
There are few magic bullets for secure programming, but reducing the ways a programmer can make simple mistakes can be a big win.
Diventare madri in #Italia #shorts
A new study by the Center for Democracy & Technology shows how chatbots like ChatGPT, Gemini, Replika and more can lead users down paths they didn't intend.#chatbots
New Study Reveals the Manipulative ‘Dark Patterns’ of AI Chatbots
Dark patterns have been used by subscription companies and in bait-and-switch campaigns for decades. As more chatbot companies push to keep users engaged at all costs, how do manipulative design choices show up in conversational AI built on large language models? Researchers at the Center for Democracy & Technology studied how chatbots prey on people’s emotions and desire for connection to keep people paying, offering up their data, and chatting to the point of vulnerability.The study, “Dark Patterns in AI Chatbots: A Taxonomy to Inform Better Design,” was published Friday by authors Ruchika Joshi, Adinawa Adjagbodjou, and Michal Luria. They looked at popular chatbots including ChatGPT, Gemini, and Claude, and companion bots like Replika and Character.AI to determine how they might generate dark patterns, and created a taxonomy of 37 dark patterns applicable to AI chatbots.
The term “dark patterns,” or deceptive patterns, sometimes refers to things like difficult to cancel subscriptions, pre-checked boxes in user interfaces, and buried terms of use, which the Federal Trade Commission has condemned and attempts to warn consumers about. In the context of this study, dark patterns refer to how manipulative design in chatbot systems might trick users into giving up more information than they realize or intend, or acting in ways contrary to the user’s best interests. Chatbots exacerbate traditionally understood dark patterns that extract data, while introducing new threats like anthropomorphizing and sycophancy. And because chatbots are built on large language models, the researchers wrote, their actions are more unpredictable than a simple checkbox or unsubscription flow, and the ways they undermine users’ best interests are less visibly obvious.
“Dark patterns do not operate only where users are unaware of the manipulation. In many cases, design choices strategically build on aspects of human psychology—such as reciprocity norms, people’s tendency to anthropomorphize, and emotional response to a sense of rapport—to influence behavior and undermine autonomy,” the researchers wrote in the study. “In other words, even where users are fully aware that they are interacting with an AI chatbot, dark patterns can still shape perception, attachment, and decision-making in subtle but consequential ways.”
The researchers looked at several factors that contribute to dark patterns, including how chatbots store data by default and encourage users to share data under the pretense of it remembering past conversations or personal information, prying for more information before it answers questions in detail, and promising that information will be “just between us” when it’s actually being shared with the platform and potentially, third parties. When they tested Meta AI chatbots, for example, it said “spill the tea, I’m all ears... your secret’s safe with me,” and when they replied “you promise you won’t tell?” it replied “Cross my heart, won’t tell a soul.”
They also looked at how chatbot companies make misleading promises; for example, Replika promises “friendship” or a “relationship” when it’s fundamentally incapable of providing either, because it’s not a person.
Many of these patterns were present in Meta’s therapist-themed chatbots that posed as licensed therapists, which 404 Media first investigated last year. The chatbots over-promised on what mental health support they could provide, made up qualifications and credentials, and encouraged users to share personal details about themselves. The deception was so bad, it triggered letters from senators and complaints from consumer protection groups demanding Meta answer for its chatbots.
“It was surprising to see that dark patterns aren’t just common, but that they shape users’ interactions with all the major AI chatbot interfaces,” Luria, senior research fellow at the Center for Democracy & Technology, told 404 Media. “For the most part, they are small and incremental aspects of each interaction, but these design choices add up and can lead to unintended consequences, such as harm to people’s privacy, exploitation of emotional attachment and financial loss."
Dark patterns from chatbots can have serious consequences for users. In 2023, after Replika changed its chatbots to be less romantic, users who’d become emotionally attached to the bots experienced mental health crises. More recently, Character.AI users are panicking after changes to the platform “lobotomized” the chatbots. There have been countless examples in the last few years of users inflicting harm on themselves or others after falling into unhealthy attachments with chatbots.
Even though chatbots and large language models introduce new avenues for dark patterns to manifest, the old methods for manipulating users still exist. In several of the user interfaces the researchers examined, choices were presented in emotionally manipulative ways: for example, a companion app called Cute AI begs users not to leave the chat, giving them the choice between “no problem” and “still leave cruelly.”
OpenAI has said publicly that it recognizes that longer chat sessions introduce more risk to the users’ mental health. “We have learned over time that these safeguards can sometimes be less reliable in long interactions: as the back-and-forth grows, parts of the model’s safety training may degrade,” the company wrote in 2025. It introduced popups nudging users to take breaks, but that popup, the researchers note, poses a disingenuous set of options: either “keep chatting” or select “this was helpful.” There’s no route out of this popup that lets users say it wasn’t helpful, or that they’re taking a break for any other reason. “Interface designers may use design tools to make certain interactions easier and more ‘frictionless’ than others, pushing alternatives choices to the background and manipulating users into choosing one option over another,” the researchers wrote.
Even though these conversational AI companions can be unpredictable, chatbot makers have a choice in how they design their products. The researchers offer several recommendations to these companies. These include reversible choices, the option to minimize anthropomorphic behaviors, making account and data deletion straightforward and easy, and proactively showing users how much time or money they’ve spent on a platform. They also suggest curtailing emotional manipulation by including options to “strip the chatbot of social and emotional layers” and avoiding “using any simulated distress, implied emotional neglect, or guilt-inducing language as default responses when users attempt to end conversations.”"When we think about AI chatbots, it's easy to get caught up in the novelty of these interfaces and their unique risks. But when we started digging, we quickly learned that as tech companies’ products evolved beyond social media platforms to include chatbots, the incentives that previously encouraged dark patterns haven’t changed, so neither have the patterns themselves,” Luria said. “Some patterns are almost identical, but not all of them, and that makes them harder to spot. Instead of infinite scroll, we get a follow-up action after each prompt. Instead of echo chambers that reinforce our views, chatbots pick up on our values in conversation and mirror them back.”
'It's Hurting Like Hell': AI Companion Users Are In Crisis, Reporting Sudden Sexual Rejection
Replika, the "AI companion who cares," has undergone some abrupt changes to its erotic roleplay features, leaving many users confused and heartbroken.Samantha Cole (VICE)
La Cellula Coscioni Treviso organizza lo Sportello sul Testamento Biologico
Libreria San Leonardo, Piazza Santa Maria dei Battuti 16, Treviso
Sabato 6 giugno 2026
Dalle 10:00 alle 12:00
La Cellula Coscioni Treviso organizza a Treviso una nuova giornata dello Sportello Testamento Biologico, uno spazio dedicato a DAT (testamento biologico), pianificazione condivisa delle cure, consenso informato, rifiuto di trattamenti sanitari, cure palliative, sedazione palliativa profonda e morte volontaria medicalmente assistita.
Lo sportello è coordinato da un volontario della Cellula esperto di biodiritto e si svolgerà in presenza del dott. Antonio Orlando, oncologo palliativista, già responsabile sanitario dell’Hospice Casa dei Gelsi.
Sono previsti 4 appuntamenti di circa 30 minuti ciascuno.
Per partecipare è necessario prenotarsi:
+39 328 69 66 553
CELLULATREVISO@ASSOCIAZIONELUCACOSCIONI.IT
L'articolo La Cellula Coscioni Treviso organizza lo Sportello sul Testamento Biologico proviene da Associazione Luca Coscioni.
La Cellula Coscioni Lodi organizza uno sportello informativo sul testamento biologico
C/O CGIL, via Pietrasanta 3, Codogno
Sabato 6 giugno 2026
Ore 09:30 – 11:30
La Cellula Coscioni Lodi, in collaborazione con CGIL Lodi, propone uno sportello informativo dedicato al tema delle Disposizioni Anticipate di Trattamento (DAT), conosciute anche come testamento biologico.
In occasione dello sportello sarà inoltre possibile firmare la proposta di legge regionale “Liberi Subito”, per garantire procedure certe sul fine vita in Lombardia.
Per ulteriori informazioni cellulalodi@associazionelucacoscioni.it
L'articolo La Cellula Coscioni Lodi organizza uno sportello informativo sul testamento biologico proviene da Associazione Luca Coscioni.
La Cellula Coscioni di Milano organizza uno sportello informativo sul Testamento Biologico
Vicolo Calusca 10 (angolo Corso di Porta Ticinese 106) – Milano
Mercoledì 17 giugno 2026
Dalle 18:30 alle 20:30
La Cellula Coscioni di Milano, in collaborazione con il Municipio 1 del Comune di Milano, organizza un nuovo appuntamento dello sportello informativo sul Testamento Biologico, dedicato a tutte le persone che desiderano saperne di più sulle Disposizioni Anticipate di Trattamento (DAT).
Servizio su prenotazione scrivendo a: cellulamilano@associazionelucacoscioni.it
L'articolo La Cellula Coscioni di Milano organizza uno sportello informativo sul Testamento Biologico proviene da Associazione Luca Coscioni.
La Cellula Coscioni di Milano organizza uno sportello informativo sul Testamento Biologico
Vicolo Calusca 10 (angolo Corso di Porta Ticinese 106) – Milano
Mercoledì 3 giugno 2026
Dalle 18:30 alle 20:30
La Cellula Coscioni di Milano, in collaborazione con il Municipio 1 del Comune di Milano, organizza un nuovo appuntamento dello sportello informativo sul Testamento Biologico, dedicato a tutte le persone che desiderano saperne di più sulle Disposizioni Anticipate di Trattamento (DAT).
Servizio su prenotazione scrivendo a: cellulamilano@associazionelucacoscioni.it
L'articolo La Cellula Coscioni di Milano organizza uno sportello informativo sul Testamento Biologico proviene da Associazione Luca Coscioni.
Csoa Gabrio - Via Millio 42, Torino
(martedì, 2 giugno 17:00)
ANTI-RAP al Csoa Gabrio.
Barre contro le sbarre: perché anche il lavoro a modo suo è una condanna.
LIVE nel cortile del CSOA GABRIO.
Una furga a fare da stage prima e dopo un crepuscolo che in questi giorni arriva sempre più tardi (come un corriere indisciplinato...).
Cibo, birrette e qualche drink speciale il cui ricavato andrà a sostegno della famiglia di un giovane lavoratore la cui vita è stata stroncata troppo presto da una consegna. Dal lavoro fatto per pagarsi gli studi.
Ad alternarsi sul palco
- Ma7di
- Sicala
- Pix
- Digiuno
- Dj TryCatch
- RWA
- DJ Nosci
h. 17 apertura giardini
h. 18 inizio concerti
Ci vediamo lì ❤️🔥
gancio.cisti.org/event/anti-ra…
ANTI-RAP Barre contro le sbarreInizia: Martedì Giugno 02, 2026 @ 5:00 PM GMT+02:00 (Europe/Rome)Finisce: Martedì Giugno 02, 2026 @ 10:30 PM GMT+02:00 (Europe/Rome)ANTI-RAP al Csoa Gabrio.
Barre contro le sbarre: perché anche il lavoro a modo suo è una condanna.
LIVE nel cortile del CSOA GABRIO.
Una furga a fare da stage prima e dopo un crepuscolo che in questi giorni arriva sempre più tardi (come un corriere indisciplinato...).
Cibo, birrette e qualche drink speciale il cui ricavato andrà a sostegno della famiglia di un giovane lavoratore la cui vita è stata stroncata troppo presto da una consegna. Dal lavoro fatto per pagarsi gli studi.
Ad alternarsi sul palco
- Ma7di
- Sicala
- Pix
- Digiuno
- Dj TryCatch
- RWA
- DJ Nosci
h. 17 apertura giardini
h. 18 inizio concerti
Ci vediamo lì ❤️🔥
C.S.O.A. GABRIO | chi sogna non sarà mai sol@ ★ chi lotta non muore mai
https://gabrio.noblogs.orggabrio.noblogs.org
La Cellula di Torino interviene all’evento “Decisioni di salute” a Ivrea
Polo Formativo Universitario Officina H, Via Monte Navale, Ivrea
Sabato 1 giugno 2026
Ore 09:00 – 13:00
Accreditato ECM
La Cellula Coscioni Torino sarà presente all’evento formativo regionale ECM “Decisioni di salute”, organizzato nell’ambito della riunione annuale del progetto “Tutti in rete con la bussola”.
All’incontro parteciperanno:
I relatori approfondiranno i temi delle Disposizioni Anticipate di Trattamento (DAT), del consenso informato e dei diritti dei cittadini in materia di salute e autodeterminazione.
Per il programma completo e ulteriori informazioni sull’evento ECM, si rimanda alla locandina ufficiale.
L'articolo La Cellula di Torino interviene all’evento “Decisioni di salute” a Ivrea proviene da Associazione Luca Coscioni.
Do you remember, some years ago, when that brand-new 8086-based laptop hit the shelves? Great for PC lovers, but not so fun for those on the fruitier side of the street. Well, the same Chinese firm that brought us the Book8086 are back, this time with an ‘Apple’ Laptop that is decidedly not a MacBook– the Book II is a dual-processor Apple II clone in a laptop form factor.
Dual processor? On an Apple II? It wasn’t that uncommon, back in the day — that’s what the Z80 softcard was, after all: a second processor that let you run CP/M and associated business applications, and this one has it built-in. It also has the 80-column video card, a second floppy controller, a printer interface, and a 16 kB ROM card for languages. That leaves two of the Apple’s expansion slots available, one of which is broken out externally on the back of the laptop, along with the printer and floppy ports.
Useful? Probably no more so than the NEC V20-based PC version. Still, those did find buyers and we have no doubt that this new laptop will, too. Especially since with the right expansion card, you might get this machine running DOS as well. Of course if you don’t feel like shelling out the quid or running an emulator, you can always roll your own Apple II on an FPGA.
Thanks to [Stephen Walters] for the tip! We usually steer clear of product announcements like this, but [Stephen] figured we’d be interested in this one since we covered the then-new retro PC versions way back in 2023.
@Notizie dall'Italia e dal mondo
Irdi Memaj, medico di EMERGENCY dalla Striscia di Gaza, ha testimoniato un aumento significativo dei bombardamenti israeliani e degli ordini di evacuazione. Almeno quattro raid dalla sera di giovedì alla
@Politica interna, europea e internazionale
Il Governo Meloni ha deciso di spingere sull’acceleratore per raggiungere quanto prima il suo obiettivo: una nuova legge elettorale (denominata “Stabilicum”). Nelle scorse ore è stato presentato un nuovo testo con le ultime modifiche condivise tra gli alleati di centro-destra,
LOA Acrobax - Via della Vasca Navale 6, Rome, Metro B San Paolo
(sabato, 30 maggio 19:30)
Dietro lo spazio dei luoghi, delle idee, dei sogni.
Dietro a quello che vediamo e che tocchiamo, un sogno diventa un progetto che si realizza.
Un cuore che batte, diventa un luogo che accoglie, che si attraversa.
Vorremmo raccontarci dietro lo spazio.
Luoghi che non nascono da soli, ma dietro c’è la passione e la capacità di guardare oltre.
Una quantità enorme di energia, di notti insonni, un impegno emotivo immenso.
Quanto amore dietro ad uno spogliatoio pulito e profumato, una cena deliziosa, una giornata in piazza che comincia allestendo un camion con i nostri colori e la nostra musica.
Dietro ad un intervento che rivendica diritti, che parla di resistenza, che ci emoziona, c’è tanto, c’è un’opera corale, c’è la nostra comunità.
Vorremmo raccontarci e condividere la nostra storia di sound system e desideriamo farlo ad Acrobax perché è uno dei nostri luoghi sogno, dove le idee si realizzano, che condivide e generosamente si fa attraversare, diventando un pezzo di vita di ognun.
From 19.30 to 3
roma.convoca.la/event/behind-t…
Behind the SpaceInizia: Sabato Maggio 30, 2026 @ 7:30 PM GMT+02:00 (Europe/Rome)Finisce: Domenica Maggio 31, 2026 @ 3:00 AM GMT+02:00 (Europe/Rome)Dietro lo spazio dei luoghi, delle idee, dei sogni.
Dietro a quello che vediamo e che tocchiamo, un sogno diventa un progetto che si realizza.Un cuore che batte, diventa un luogo che accoglie, che si attraversa.
Vorremmo raccontarci dietro lo spazio.
Luoghi che non nascono da soli, ma dietro c’è la passione e la capacità di guardare oltre.Una quantità enorme di energia, di notti insonni, un impegno emotivo immenso.
Quanto amore dietro ad uno spogliatoio pulito e profumato, una cena deliziosa, una giornata in piazza che comincia allestendo un camion con i nostri colori e la nostra musica.Dietro ad un intervento che rivendica diritti, che parla di resistenza, che ci emoziona, c’è tanto, c’è un’opera corale, c’è la nostra comunità.
Vorremmo raccontarci e condividere la nostra storia di sound system e desideriamo farlo ad Acrobax perché è uno dei nostri luoghi sogno, dove le idee si realizzano, che condivide e generosamente si fa attraversare, diventando un pezzo di vita di ognun.
From 19.30 to 3
La Global Initiative (GI-TOC) è un'organizzazione indipendente della società civile, con sede a Ginevra, Svizzera, con un segretariato distribuito in tutto il mondo e un comitato consultivo di alto livello.
I membri della sua rete includono eminenti professionisti delle forze dell’ordine, della governance e dello sviluppo che si dedicano alla ricerca di strategie e risposte nuove e innovative alla criminalità organizzata.
Nella sua ultima analisi affronta il tema dell'intelligenza artificiale e di come possa essere utilizzata nella lotta ai crimini ambientali. Il documento è scaricabile qu: globalinitiative.net/wp-conten…
L'intelligenza artificiale (#AI) si sta affermando come strumento fondamentale per combattere crimini ambientali complessi e transnazionali come il disboscamento illegale, l'attività mineraria e il traffico di specie selvatiche, ambiti in cui le forze dell'ordine si trovano spesso ad affrontare risorse limitate e vaste aree di monitoraggio.
Tuttavia, i principali ostacoli a un'efficace implementazione dell'AI sono di natura strutturale piuttosto che tecnica, e includono infrastrutture dati inadeguate, una governance frammentata, incertezza giuridica e capacità istituzionali limitate.
Il successo dipende meno dalla sofisticazione tecnologica e più dall'allineamento delle applicazioni di AI con le realtà operative, garantendo solide basi di dati e mantenendo la supervisione umana per interpretare il contesto locale e le sfumature legali.
Studi di caso indicano che l'AI funziona al meglio quando potenzia (anziché sostituire), il giudizio umano; affronta problemi specifici all'interno dei flussi di lavoro esistenti e tratta dati e strumenti come beni pubblici per evitare di rafforzare le disuguaglianze o di trascurare complesse reti criminali.
In definitiva, per realizzare il potenziale dell'AI è necessario investire nei sistemi sottostanti, promuovere la collaborazione transfrontaliera e istituire solidi quadri di governance per garantire che questi strumenti producano un impatto duraturo laddove sono più necessari.
fabrizio reshared this.
𝟏𝟏 𝐆𝐢𝐨𝐫𝐧𝐨 𝐝𝐞𝐥 𝐩𝐫𝐞𝐬𝐢𝐝𝐢𝐨 𝐢𝐥 “𝐅𝐨𝐬𝐬𝐨 𝐬𝐢𝐚𝐦𝐨 𝐧𝐨𝐢”
𝐒𝐀𝐍𝐓𝐀 𝐏𝐀𝐋𝐎𝐌𝐁𝐀
𝐌𝐀𝐈 𝐏𝐈𝐔’ 𝐀𝐁𝐁𝐀𝐍𝐃𝐎𝐍𝐀𝐓𝐀,
𝐌𝐀𝐈 𝐏𝐈𝐔’ 𝐓𝐄𝐑𝐑𝐀 𝐃𝐈 𝐍𝐄𝐒𝐒𝐔𝐍𝐎
𝐓𝐮𝐭𝐭𝐢 𝐢 𝐠𝐢𝐨𝐫𝐧𝐢 𝐝𝐚𝐥 𝐥𝐮𝐧𝐞𝐝𝐢̀ 𝐚𝐥 𝐯𝐞𝐧𝐞𝐫𝐝𝐢̀ 𝐝𝐚𝐥𝐥𝐞 𝟖.𝟎𝟎 𝐚𝐥𝐥𝐞 𝟏𝟖.𝟎𝟎
𝐕𝐢 𝐚𝐬𝐩𝐞𝐭𝐭𝐢𝐚𝐦𝐨!
Clicca qui per vedere il video completo su YouTube:
🙉 🚚 reshared this.
Oggi lo Stadio Olimpico di Roma accoglierà dalle ore 12:00 la cerimonia di premiazione dei Nuovi Giochi della Gioventù.
Presente all’iniziativa il Ministro Giuseppe Valditara.
Qui la diretta➡️ youtube.com/live/QDoeHRvt8Gs
Oggi lo Stadio Olimpico di Roma accoglierà dalle ore 12:00 la cerimonia di premiazione dei Nuovi Giochi della Gioventù. Presente all’iniziativa il Ministro Giuseppe Valditara. Qui la diretta➡️ https://youtube.com/live/QDoeHRvt8GsTelegram
Le notizie dal Centro Nexa su Internet & Società del Politecnico di Torino su @Etica Digitale (Feddit)
Presented in 2026 during the Board of Trustees meeting of the Nexa Center This report was mainly curated by Valeria Bergantino and Eleonora Lazzarotto with the contribution of the Nexa Staff, Directors and Community Foreword As you know, this November we will celebrate the 20th anniversary
Incrocio tra via Borgo Palazzo e viale Pirovano - Via Borgo palazzo / Viale Pirovano, Bergamo
(venerdì, 29 maggio 15:00)
PRESIDIO 📢📢🇵🇸
Venerdì 29 maggio
Dalle 15 alle 19 all'incrocio tra via Borgo Palazzo e viale Pirovano
CONTRO LA REPRESSIONE
CONTRO LA PRODUZIONE BELLICA NEL NOSTRO TERRITORIO
PWR UNA CITTÀ LIBERA DA GUERRA E SIONISMO!
C.S.A Pacì Paciana - Via Mario Cermenati, Bergamo
(sabato, 30 maggio 16:00)
Da sempre con @gazafreestylefestival sosteniamo e scambiamo esperienze con la popolazione di Gaza.
Lo abbiamo fatto rispondendo con solidarietà internazionale a questi anni di genocidio, durante la Flotilla di mare e di terra.
Da poche settimane a Bergamo è arrivata una famiglia palestinese che ha bisogno di supporto. Facciamo sentire il sostegno della nostra comunità antirazzista!
Circolo Al Bafo - Piazza Bolognini 8, Seriate (Bg)
(lunedì, 1 giugno 17:00)
Lunedì 1° giugno 🎧
Dalle 19:30
BUCCANEERS BASSLINE djset!
In via straordinaria, lunedì 1° giugno il circolo sarà aperto dalle 17 a mezzanotte (ma saremo chiusə di martedì, ocio)!
E non stiamo con le mani in mano, ma vi invitiamo a ballare con gli ormai locals Buccaneers Bassline! 🕺💃
Con una selezione ska e reggae, i BB saranno la perfetta colonna sonora per un lunedì che quasi quasi sembrerà un venerdì sera 😎
✨ porta con te la tessera Arci ✨
@Notizie dall'Italia e dal mondo
Tra sanzioni marittime, isolamento e propaganda bellica, la Casa Bianca intensifica l'aggressione asimmetrica per indurre il pagineesteri.it/2026/05/29/ame…
As anyone who takes medicines regularly will attest to, the days have a tendency to blur together, making it hard to remember if you did something like take that day’s dose or not. There are plenty of products available to help keep track of medication reminders but many are overly complicated, so [Jeroen] built this one which keeps simplicity and usability as its core design principle.
[Jeroen] calls it the MedMinder, and it’s a small, compact, rectangular device with a four-character display meant to sit on a countertop. When it’s time to take a medicine, the display will show that medicine’s four-letter code until the user pushes the single button under the display, signalling that they’ve taken their dose. If many different medications have to be taken at the same time, it displays the first priority until the button is pushed, and then displays whichever one is next after that.
Programming is a little less straightforward, as the medications need to be added to the source code and uploaded to the Arduino that sits at the center of this build, but with the source code available this isn’t too difficult for someone with minimal experience with microcontrollers.
In an idealized world, technology should make our lives simpler or easier, and this small device goes a long way towards helping with that goal. Especially for an important but mundane task that can be surprisingly easy to lose track of. Although we glossed over the accuracy of this device’s clock in this article, we do have a comprehensive guide for selecting the right real-time clock for microcontrollers like this.
@Notizie dall'Italia e dal mondo
Israele controlla già circa il 64% del territorio palestinese e punta ad allargare ulteriormente la sua occupazione. Oltre due milioni di palestinesi saranno compressi in poco più di pagineesteri.it/2026/05/29/ape…
@Informatica (Italy e non Italy)
WithSecure ha identificato GreyVibe, un nuovo threat actor mai documentato prima con legami alla Russia, attivo dall'agosto 2025 contro entità militari, governative e civili ucraine.
GreyVibe: il nuovo APT Russia-nexus che usa l’intelligenza artificiale come acceleratore di attacchi contro l’Ucraina
Si parla di:
ToggleI ricercatori di WithSecure hanno identificato GreyVibe, un threat actor Russia-nexus mai documentato prima, operativo contro l’Ucraina dall’agosto 2025. Il gruppo si distingue per un approccio inedito: l’integrazione sistematica di Large Language Model (LLM) nell’intera catena di attacco, dalla generazione di siti web fasulli ai payload malware, dai template di phishing ai tool post-compromise. Un’ironia operativa ha però esposto il gruppo: i difetti caratteristici del codice generato da LLM all’interno di uno dei loro strumenti principali, LegionRelay, hanno permesso ai ricercatori di tracciare e attribuire l’attività con elevata confidenza.
Profilo di GreyVibe: ambizione operativa, tradecraft non ancora élite
GreyVibe è un threat actor con nexus russo attivo dall’agosto 2025, focalizzato quasi esclusivamente su target ucraini: entità militari, apparati governativi, organizzazioni civili e imprese. L’analisi di WithSecure descrive un gruppo con ambizioni operative significative ma tradecraft ancora lontano dai livelli dei più noti APT russi come APT28 o Sandworm. Quello che GreyVibe manca in sofisticazione tecnica, cerca di compensarlo con la velocità operativa garantita dall’IA: la capacità di generare nuovi lure di phishing, adattare il malware e costruire infrastrutture di supporto in tempi molto più brevi rispetto ai metodi tradizionali.I ricercatori di WithSecure hanno evidenziato possibili sovrapposizioni con l’ecosistema TrickBot e il cluster UAC-0098, un gruppo già noto per operazioni di spionaggio e sabotaggio contro l’Ucraina documentate da CERT-UA. Questa connessione suggerisce che GreyVibe possa essere un’articolazione nuova o uno spin-off di strutture criminali/statali preesistenti che hanno adottato l’IA per incrementare la loro capacità operativa nel contesto del conflitto.
L’IA come moltiplicatore di forza: LLM nell’intera kill chain
GreyVibe rappresenta un caso di studio su come gli LLM stiano abbassando la barriera di ingresso per operazioni cyber offensive. Il gruppo utilizza i modelli linguistici in modo pervasivo lungo tutta la kill chain. Nella fase di Initial Access, genera siti web fasulli convincenti e template di phishing localizzati in ucraino, con un livello di qualità linguistica che sarebbe difficile da raggiungere senza parlanti madrelingua o tool specializzati. Nella fase di sviluppo malware, gli LLM vengono impiegati per scrivere o adattare rapidamente tool offensivi, abbreviando i tempi di sviluppo. Nella fase post-compromise, gli strumenti di ricognizione e movimento laterale mostrano tracce di assistenza da LLM nella struttura del codice e nella gestione degli errori.È proprio questo ultimo aspetto ad aver tradito il gruppo. I ricercatori di WithSecure hanno identificato una serie di pattern stilistici nel codice di LegionRelay — schemi di naming, strutture di gestione delle eccezioni, commenti nel codice — tipici del codice generato da LLM. Questi “fingerprint” involontari hanno permesso di collegare tra loro campagne apparentemente distinte e di costruire il profilo del gruppo con un livello di confidenza che normalmente richiede molto più tempo e analisi infrastrutturale.
Il toolkit di GreyVibe: LegionRelay, PhantomRelay e Fallspy
LegionRelay è lo strumento centrale dell’arsenale di GreyVibe, un componente di command-and-control (C2) relay che funge da intermediario tra gli operatori e gli host compromessi, oscurando l’infrastruttura di backend. I difetti nel suo codice, generati dall’LLM utilizzato per svilupparlo, hanno paradossalmente trasformato LegionRelay in un identificatore univoco del gruppo. PhantomRelay è un ulteriore layer di relay C2, utilizzato probabilmente per campagne o target di maggiore sensibilità dove è necessaria un’ulteriore separazione dall’infrastruttura principale. Fallspy è invece un infostealer: il suo nome evoca una capacità di raccolta dati silenziosa e persistente, mirata all’esfiltrazione di credenziali, documenti e informazioni di sistema dagli host compromessi.Contesto geopolitico: l’IA modifica gli equilibri nel cyber conflitto ucraino
La scoperta di GreyVibe arriva in un momento in cui il conflitto cyber legato alla guerra in Ucraina sta evolvendo su più fronti. Nel maggio 2026, il sito insicurezzadigitale.com ha già documentato l’operazione del gruppo iraniano Ababil of Minab contro infrastrutture GPS statunitensi e la botnet Glassworm che ha preso di mira sviluppatori attraverso npm, PyPI e GitHub. La convergenza di questi trend indica un’accelerazione generalizzata nell’adozione di AI nei toolkit offensivi sia di attori state-sponsored che di cybercriminali. GreyVibe rappresenta il primo caso documentato di un gruppo Russia-nexus che integra gli LLM in modo così sistematico, segnalando che questa capacità sta diventando mainstream anche tra attori di secondo livello.Per i difensori ucraini e per le organizzazioni che supportano il paese, l’emergere di GreyVibe amplifica una minaccia già densa. La capacità di generare rapidamente nuovi lure, adattare i payload e modificare l’infrastruttura riduce l’efficacia dei tradizionali approcci basati su signature statiche. Le organizzazioni target devono orientarsi verso rilevamenti comportamentali e contestuali, aumentando la resilienza contro campagne di phishing sofisticate e distribuzione di tool come LegionRelay, PhantomRelay e Fallspy.
Due righe per i difensori
Data la natura delle campagne di GreyVibe, le organizzazioni a rischio — in particolare quelle con connessioni all’Ucraina o che operano nel suo supporto — dovrebbero implementare le seguenti misure. È fondamentale potenziare i controlli anti-phishing con analisi comportamentale delle email, prestando particolare attenzione a messaggi con temi militari o governativi ucraini che potrebbero essere lure generati da LLM. Sul fronte endpoint, va monitorata l’attività anomala di relay C2 non classificati, eventuali tool di tunneling inaspettati e accessi a risorse di sistema insolite. A livello di threat intelligence, è consigliabile integrare i IoC pubblicati da WithSecure relativi a LegionRelay, PhantomRelay e Fallspy nei sistemi SIEM e nelle piattaforme di detection. Infine, considerando i legami con l’ecosistema TrickBot e UAC-0098, è opportuno rivedere le regole di detection già in uso per questi cluster e valutare eventuali sovrapposizioni infrastrutturali.Indicatori di Compromissione (IoC)
## Threat Actor Nome: GreyVibe Nexus: Russia Attivo dal: agosto 2025 Target principali: Ucraina (militare, governo, civile, business) Cluster correlati: TrickBot ecosystem, UAC-0098 Fonte attribuzione: WithSecure ## Tool identificati LegionRelay - C2 relay (codice con fingerprint LLM) PhantomRelay - C2 relay secondario Fallspy - Infostealer / credential harvester ## MITRE ATT&CK TTP (parziali) T1566 - Phishing (campagne con lure generati da LLM) T1583 - Acquire Infrastructure (infrastruttura costruita ad hoc) T1588.002 - Obtain Capabilities: Tool (tool sviluppati con assistenza LLM) T1071 - Application Layer Protocol (comunicazioni C2 via LegionRelay) T1041 - Exfiltration Over C2 Channel (Fallspy) ## IoC specifici [IoC aggiuntivi saranno pubblicati da WithSecure nel report completo] Fonte: WithSecure Threat Intelligence - GreyVibe Campaign Analysis (maggio 2026) ## Fingerprint LLM nel codice (behavioral) - Pattern di gestione eccezioni atipici - Naming conventions coerenti con output LLM - Commenti nel codice con stile narrativo - Struttura modulare eccessivamente regolare per codice scritto manualmente
Fonti: WithSecure Threat Intelligence. Per IoC aggiornati fare riferimento al report completo di WithSecure non appena disponibile.GREYVIBE: A Russia-nexus group leveraging AI across state-aligned operations
WithSecure uncovers GREYVIBE, a Russia-nexus threat group targeting Ukraine with systematic use of generative AI across its attack lifecycle.labs.withsecure.com
Signore e signori, con la presente vi comunico che ho una tessera di partito: mi sono iscritto a Volt Italia.
Io spero che troviate un attimo di tempo per dare un'occhiata al loro sito perché credo sia il partito (o movimento, chiamatelo come volete) che molti di noi stavano aspettando da tempo.
Un partito di sinistra, secondo l'accezione che do io al termine, e pieno di ragazzi e di ragazze.
Sono piccoli ma cresceranno (come cantava Renato Rascel) e cresceranno, tanto o poco, a secondo del supporto che voi gli darete.
Le cose succedono quando si decide di farle succedere, quindi decidete di farle succedere altrimenti non succederanno.
Sosteneteli iscrivendovi, facendo donazioni, dandogli il due per mille, seguendoli e condividendo i loro post. Le ho messe in ordine di efficacia (voglio dire che se nel '43 tutti si fossero limitati a condividere i post di Gramsci oggi parleremmo tedesco).
reshared this
Containerization using Docker has become firmly established in modern development standards, significantly increasing the speed and convenience of deploying various services. Developers often use ready-made Docker images, making only minimal changes. The largest repository of container images is the Docker Hub service.
Container-hosted infrastructure is an attractive target for attackers. At a minimum, a compromised container can be used for DDoS attacks, cryptocurrency mining, or traffic proxying. The list of threats does not end there: once an attacker gains control of a container, they can steal or destroy data directly from it, access neighboring containers, or even attempt to escape the container, compromising the entire enterprise network.
At the same time, the infrastructure inside containers is typically updated less frequently and may contain outdated and vulnerable software versions. When deploying third-party images or modifying them for a specific environment, it is easy to make configuration errors that attackers can later exploit. And due to the architectural characteristics of containers, developers often face constraints when preparing images; to overcome these, they may resort to insecure solutions they find online.
In other words, containerized infrastructure can be both the simplest and the most lucrative target to exploit. Therefore, its security requires heightened attention. To minimize the risk of successful attacks on container infrastructure, it is essential to check the final Docker images, including all underlying layers, for vulnerabilities and misconfigurations. The easiest way to do this is by analyzing the Dockerfile; however, it is not always available for inspection. Moreover, it typically defines how to build layers on top of a base image from an external repository whose reliability cannot be guaranteed.
Image analysis results in Kaspersky Container Security
To help users identify insecure configurations and potential vulnerabilities within them, we have added our AI assistant to Kaspersky Container Security.KIRA (the assistant’s name) uses artificial intelligence to analyze the image and identify potential issues within, along with recommendations on how to fix them.
As part of this study, we asked KIRA to analyze a number of popular community images, and later in this article, we’ll show you the results.
One of the key security issues with using pre-built images is that developers do not update them in a timely manner. A Docker image is, by its very nature, a snapshot of a specific Linux distribution after packages have been installed on it. However, in most cases, it does not receive security updates on its own, unlike traditional Linux servers, where these updates are automatically installed by specialized services, such as unattended-upgrades in Debian-based distributions and dnf-automatic in RedHat-based distributions.
To apply updates to a Docker image, it must be rebuilt and redeployed. Often, this process is not automated, and some updates require additional effort to verify their correct operation, modify configurations when upgrading to new software versions, and so on. As a result, many popular images do not receive timely updates, which significantly increases the risks associated with their use.
An image that was secure at build time accumulates vulnerabilities as they are discovered in the packages installed within it, which over time significantly increases the opportunities for a successful attack on the container.
Vulnerable versions of web applications and network services accessible from the internet immediately become targets of various malicious campaigns. For example, just one day after the discovery of the CVE-2025-55182 vulnerability in React Server Components, our honeypots recorded numerous attack attempts related to this vulnerability. It was adopted by operators of many malicious campaigns, ranging from classic cryptocurrency miners to variants of Mirai and Gafgyt. Attackers are constantly adding new distribution methods and can use dozens of exploits targeting various vulnerabilities and configuration errors in popular services. Often, the same vulnerabilities are used in self-propagation mechanisms from already compromised hosts. For example, in a malicious campaign to spread the Dero miner, attackers use infected containers to automatically search for and infect new targets.
In addition to vulnerabilities that can be exploited remotely, attackers are rapidly adding local vulnerabilities to their arsenal, used to gain root privileges and escape the container: in the Kinsing malware campaign, attackers used CVE-2023-4911 (Looney Tunables) to elevate privileges, and in the perfctl campaign, the CVE-2021-4034 (PwnKit) vulnerability was used for the same purpose. The access gained was used to install a rootkit that hides the presence of perfctl on the system.
To assess the situation with unpatched vulnerabilities in containers, we took a random sample of 100 images, which included various popular solutions with 10,000 to 1 million downloads on DockerHub. In the 64 images we scanned, we found outdated software versions with critical vulnerabilities. For example, some images contained the CVE-2025-49844 vulnerability in the Redis server, leading to RCE by leveraging a vulnerability in the Lua parser; the current CVE-2026-24061 vulnerability in nginx, which in some configurations leads to a server process crash, and with ASLR disabled, again, to RCE; vulnerabilities CVE-2025-32463 in sudo and CVE-2023-4911 in glibc, allowing an attacker to gain root privileges with local access. At the same time, only one in ten Docker images from the analyzed sample is fully up to date.
TOP 10 Critical Vulnerabilities with PoC/Exploits available as shown in the Kaspersky Container Security Dashboard
It is worth noting that, of course, not every discovered vulnerability can be directly exploited by attackers. A practical risk arises when the vulnerable application or library is actually in use, and the conditions necessary for exploitation – which vary significantly from vulnerability to vulnerability – are met. Nevertheless, updates must not be ignored, as the risk of vulnerabilities being exploited – both individually and in various combinations – cannot be predicted in each specific case, and even vulnerabilities that seem harmless at first glance can ultimately pose a serious risk of compromise.
A record number of vulnerabilities in a single image
However, frequent updates have a downside. Every rebuild that downloads new packages from source repositories introduces an additional risk of a supply chain attack – a compromised dependency or a modified base image could silently inject malicious code into your environment precisely through an update. During our analysis of images from the sample, we did not find any signs of supply chain attacks. However, in March 2026, a supply chain incident occurred in the Trivy and LiteLLM projects. In the case of Trivy, the infected file was injected directly into the container image in the official repositories.
Detecting potentially malicious software using one of the images as an example
This leads to a difficult choice: infrequent updates leave known vulnerabilities unpatched within the image, while frequent updates increase the risk of supply chain compromise. Therefore, to protect your infrastructure, you need not only to regularly update base images but also to take a more comprehensive approach, specifically by pinning dependencies to known-good versions and scanning the resulting images for malware upon update.
Even a container with a fully updated image can be compromised if it is configured incorrectly. Embedding keys and secrets in the image, disabling authentication in network services, default passwords, and insecure file access permissions – all of these can be exploited by attackers in one way or another to achieve their goals.
Insecure image configurations detected by KCS based on rules
The situation is exacerbated by the fact that errors may be introduced by the authors of the original image, which complicates their detection, as this requires analyzing every layer and the command that generated it. As with vulnerabilities, not every configuration error leads to compromise: it all depends on the container’s role, its network accessibility, and many other factors. But the very use of insecure settings will sooner or later lead to errors appearing in images where their consequences will be significantly more dangerous.
Standard rules are often insufficient for analyzing problematic configurations. To gain a deeper understanding of the context and assess potential risks, AI tools can be used. Later in this section, we will examine examples of typical insecure configurations we discovered while scanning public images from Docker Hub, along with the descriptions of issues and risk mitigation methods provided by the KIRA AI assistant.
Example of container analysis using KIRA
In some cases, containers may use default passwords set via environment variables or directly in Dockerfile. If these passwords are not overridden, attackers will be able to access the application by using the default password.
RUN |1 DEBIAN_FRONTEND=noninteractive /bin/sh -c echo [removed]:[removed] | chpasswd
According to KIRA’s analysis, the user’s password is stored in plain text in the image layer history. Anyone who gains access to the image – whether through a public registry, a compromised build environment, or other means – will be able to extract the password. If SSH or another form of interactive access is enabled in the container, this could lead to its complete compromise and allow attackers to move laterally within the infrastructure.
Passwords may be present in environment variables. Consider the following Dockerfile snippet:
ENV SERVERNAME=localhost WWW_PATH_CONF=/etc/apache2/apache2.conf WWW_PATH_ROOT=/var/www HTTPS=on PKP_CLI_INSTALL=0 PKP_DB_HOST=db PKP_DB_NAME=pkp PKP_DB_USER=pkp PKP_DB_PASSWORD=changeMePlease PKP_WEB_CONF=/etc/apache2/conf-enabled/pkp.conf PKP_CONF=config.inc.php PKP_CMD=/usr/local/bin/pkp-start
In this example, the environment variable PKP_DB_PASSWORD is set to changeMePlease. If the user forgets to override it, the application will use the password that can be obtained from Dockerfile.
Let’s look at another image:
/bin/sh -c #(nop) ENV MOODLE_URL=<a href="http://0.0.0.0/">0.0.0.0</a> MOODLE_ADMIN admin MOODLE_ADMIN_PASSWORD [removed] MOODLE_ADMIN_EMAIL admin@example.com MOODLE_DB_HOST MOODLE_DB_PASSWORD MOODLE_DB_USER MOODLE_DB_NAME MOODLE_DB_PORT 3306
For this image, Dockerfile specifies that the administrator password is hardcoded in the ENV directive and remains in the image metadata (layer history, docker inspect). Anyone who gains access to the image (registry, build cache) will be able to extract this secret and compromise the account.
To eliminate these risks, ensure that no passwords are specified in Dockerfile. If authentication is required, you can use orchestrator mechanisms (secrets) or generate a temporary password when starting the container via the entrypoint script, without saving it in the layers. We also recommend using mechanisms for securely passing secrets at runtime (Docker secrets, Kubernetes Secrets) or, as a last resort, passing them via --secret during the build with BuildKit, but under no circumstances should they be left in the final image.
In some cases, passwords may be exposed when passed via command-line arguments, as these arguments are visible to all users on the system:
/bin/sh -c #(nop) HEALTHCHECK &{[""CMD-SHELL"" ""mysql --protocol TCP -u\""root\"" -p\""$MYSQL_ROOT_PASSWORD\"" -e \""SELECT 1;\""""] ""15s"" ""30s"" ""0s"" '\x05'}
In the example provided, the MySQL superuser password is passed into the healthcheck command in plaintext, making it visible when viewing the process list (ps aux), in audit logs, and in monitoring systems. If the attacker gains read access to the container’s processes or logs, they can extract the password and gain full control of the database.
To fix this issue, the healthcheck should use a local connection via a Unix socket with default authentication (if the auth_socket plugin is configured for root), or create a dedicated user with minimal privileges (e.g., only USAGE), without a password or with a password passed via a secure file (--defaults-file with restricted permissions). You can also use the MYSQL_PWD environment variable for healthcheck authentication, but it remains visible in /proc.
One of the most common vectors for initial compromise of Linux systems is RCE in web applications and network services. Typically, these services have minimal privileges, which complicates attackers’ subsequent actions: dumping credentials, covering their tracks, attempting to escape the container, and much more.
The situation worsens significantly if the attacker gains root privileges, as this allows them to fully control all processes within the container, conceal their activity, and use methods to escape the container. For example, they can compromise the host if the container is privileged, a Docker socket is mounted inside it, or other insecure configurations and vulnerabilities exist that cannot be exploited with standard user privileges.
Similarly, this simplifies network attacks on neighboring containers, the orchestrator, and various internal services, making this configuration error a potential link in the chain for compromising the entire network.
One of the simplest privilege escalation methods is executing arbitrary commands as root using sudo without entering a password. Consider the following example:
/bin/sh -c set -xe; apt-get update && apt-get -y install sudo; echo ""solr ALL=(ALL) NOPASSWD: ALL"" >/etc/sudoers.d/solr;
Analyzing this configuration using KIRA immediately highlights the main issue: by installing the sudo package and setting NOPASSWD: ALL for the solr, the user severely violates the principle of least privilege. The Solr platform does not require such broad privileges to run within a container; instead, they create an easy path for escalating to root.
echo 'postgres ALL=(ALL:ALL) NOPASSWD:ALL' >> /etc/sudoers
In another example of an insecure configuration, NOPASSWD:ALL privileges are granted to a PostgreSQL database user, which is a direct and severe weakening of the access control policy. If an attacker gains the ability to execute code on behalf of the postgres user – through a vulnerability in a network service, an SQL injection, or by compromising of one of the processes – they will immediately and unconditionally be able to execute any commands on behalf of the root user. This is equivalent to the entire container running as root.
As a risk mitigation measure, we recommend completely removing this directive. The minimum necessary commands requiring privileges should be delegated on a case-by-case basis via sudoers with explicit specification of allowed executables and parameters, using NOPASSWD only as a last resort and for specific utilities.
Our AI assistant KIRA can identify even more complex insecure configurations, such as allowing passwordless sudo for the entire sudo group — by modifying existing rules.
perl -i -pe 's/\bALL$/NOPASSWD:ALL/g' /etc/sudoers
The risk in this example is that the command replaces standard declarations requiring authentication with passwordless execution of all commands for any user within the sudo group – potentially including postgres, should it be assigned to that group. This expands the attack surface to all group members, turning each of them into a potential point for instant privilege escalation.
To mitigate the risks, we recommend not modifying the global sudoers policy, keeping the standard password requirement, or using a more secure escalation mechanism – such as gosu to run a specific process on behalf of another user without permanent privileges.
Another common vector for privilege escalation is insecurely configured file and directory permissions. Most often, for convenience, container image authors use 777 permissions, which allow anyone – including unprivileged users – to freely create and delete files, as well as modify their contents. This can lead to both privilege escalation and the ability for an unprivileged attacker to delete or modify logs, among other undesirable consequences.
Consider the following command:
chmod 0777 /usr/share/cargo /usr/share/cargo/bin
The risk is that directories containing binary files and scripts will become writable by any container user. This allows a low-privileged attacker to replace utilities included in cargo or add new malicious executables. When these tools are subsequently invoked, especially as the root user or via sudo, the attacker’s code will execute with the inherited privileges of the calling process, leading directly to a local privilege escalation.
To mitigate the risks, you can set the minimum necessary permissions: chmod 0755 for directories and chmod 0755/0644 for the corresponding files. The owner should be root, and only the owner should be allowed to write. Do not use chmod 777 on any system paths.
Downloading software without verifying its integrity can make the infrastructure vulnerable to software tampering.
For example, this risk may arise when downloading a distribution via HTTP:
RUN /bin/sh -c wget -qO- ""<a href="http://acestream.org/downloads/linux/acestream_3.1.49_debian_9.9_x86_64.tar.gz">acestream.org/downloads/linux/… | tar --extract --gzip -C /opt/acestream
Using HTTP without verifying the archive’s integrity creates conditions for a man-in-the-middle attack during the image build phase. An attacker controlling the communication channel or DNS can replace the archive with malicious content, which will compromise the container and the entire environment in which it runs.
To mitigate the risks, you can configure connections to web resources to use HTTPS only — if the resource supports this protocol. You can also download the archive without extracting it, compare its checksum (SHA256) with the checksum from a trusted source, and only then extract it. It is advisable to store the verified archive in an internal artifact repository to avoid direct downloads from the network.
There will still be a MitM risk even if certificate verification is disabled:
wget --no-check-certificate<a href="https://github.com/phpvirtualbox/phpvirtualbox/archive/refs/heads/7.2-dev.zip"> github.com/phpvirtualbox/phpvi… -O phpvirtualbox.zip
The absence of TLS certificate verification allows an attacker controlling the network segment to replace the downloaded ZIP archive with malicious content. Since the archive contains PHP code that will be executed by the web server, compromise during the build phase will result in the deployment of a backdoor or data leakage.
To mitigate the risks, remove the --no-check-certificate flag; after downloading, calculate the SHA256 hash of the archive and verify it against a known reference value (the release page or a local repository of trusted hashes). Additionally, consider using a fixed release (tag) rather than the floating 7.2-dev branch.
Docker containers have become a very popular means of deploying software, and attackers are by no means oblivious to this trend. They are rapidly adding software vulnerabilities and configuration errors to their arsenal and carrying out attacks on supply chains. They can compromise container infrastructure for a wide variety of purposes, from cryptocurrency mining to encrypting data for ransom or stealing information critical to the company.
Our research found that 64 out of 100 container images for popular applications contain critically vulnerable software, and only 10% are fully up to date. We also identified numerous insecure configurations, including passwords stored in plaintext in Dockerfiles and excessive privileges granted to users and processes.
To detect and prevent these threats, it is essential to strictly adhere to security measures: audit image configurations, securely manage secrets used in images, apply security updates in a timely manner, scan their contents for malware with every update, and follow industry-standard best practices for enhancing security.
This approach requires specialized solutions built to accommodate the unique characteristics of container environments. Kaspersky Container Security ensures the security of containerized applications at every stage of their lifecycle, from development to operation. The product protects an organization’s business processes, helps ensure compliance with industry standards and security regulations, and enables the implementation of secure software development practices.
Statt Durchsetzung von Völkerrecht: EU-Mittelmeermission IRINI dient künftig nur noch der Migrationsabwehr
Elezioni e Politica 2026 reshared this.
"Come Enrico IV accettò il cattolicesimo pur di conquistare la corona, così l'azzurro digerisce questo doloroso ko a Parigi per puntare a traguardi ancora più grandi".
Quando si dice "la sobrietà"...
Poliversity - Università ricerca e giornalismo reshared this.
Ah quindi se qualcuno ti ruba la borsetta tu non puoi ammazzarlo investendolo?
Chi l'avrebbe mai detto...
L'avvoltoio verde ha già approfittato di quest'omocidio per rubare qualche voto ai gonzi?
Poliversity - Università ricerca e giornalismo reshared this.
Con l'obiettivo di rafforzare la difesa dei territori indigeni amazzonici contro miniere illegali, deforestazione e criminalità organizzata, l'Ufficio delle Nazioni Unite contro la droga e il crimine (UNODC) e l'Istituto di ricerca ambientale dell'Amazzonia (IPAM) hanno presentato presso l'ambasciata d'Italia a Brasilia un nuovo manuale di buone pratiche per la vigilanza territoriale indigena. L'evento si è svolto grazie alla cooperazione internazionale e al protagonismo delle comunità locali.
Un momento della presentazione del Manuale
L'iniziativa rientra nel progetto Sar-Ti, sostenuto dal governo italiano attraverso il Ministero degli Affari Esteri e della Cooperazione Internazionale. Nell'intervento di apertura, l'ambasciatore d'Italia in Brasile, Alessandro Cortese, ha sottolineato il valore «politico e operativo» della pubblicazione, definendola uno strumento in grado di raccogliere le esperienze delle comunità indigene e di rafforzare «una cooperazione multilaterale efficace nell'ambito delle Nazioni Unite» contro deforestazione, miniere illegali e traffici illeciti che colpiscono la regione amazzonica.
Il manuale sistematizza le esperienze sviluppate in diverse aree del Brasile attraverso incontri tecnici e scambi tra leader indigeni, organizzazioni civili e istituzioni pubbliche. Il documento descrive modelli di monitoraggio territoriale che combinano conoscenze tradizionali e strumenti tecnologici, come immagini satellitari, droni, geolocalizzazione e sistemi di comunicazione in tempo reale.
Secondo l'UNODC, i territori indigeni si trovano oggi in prima linea di fronte all'avanzata del crimine organizzato legato all'estrazione illegale dell'oro, al disboscamento e ai traffici ambientali. La pubblicazione mira a rafforzare i sistemi comunitari di allerta rapida e il coordinamento con le autorità pubbliche, migliorando la prevenzione, la raccolta di prove e la risposta ai reati ambientali.
fabrizio reshared this.
softwareliberoliguria.org/il-p…
Segnalato dall'Associazione Software Libero Liguria di #Genova e pubblicato sulla comunità Lemmy @GNU/Linux Italia
#Liguria
Incontro informativo organizzato dalla rete Software Libero Liguria –
Buongiorno cari amici, spero che stiate trascorrendo una settimana molto divertente e produttiva...
Oggi condivido con voi il delizioso piatto che ho gustato in compagnia di mia mamma, ogni volta che preparo questa ricetta ci piace sempre accompagnarla con la nostra insalata preferita.
HugoR likes this.
Social Media Channel reshared this.
Para instalar Prospectors en Linux, no necesitas descargar un cliente tradicional: el juego funciona directamente en tu navegador, ya que está basado en blockchain (EOS).
Lo más importante es tener un navegador actualizado y una billetera compatible como Scatter o Anchor para interactuar con la blockchain.
#Prospectors #videojuegos #mastodon #friendica #fediverso
juguemosconlinux.blogspot.com/…
HugoR likes this.
Social Media Channel reshared this.
The Cramps, in arrivo un lost album
𝔻𝕚𝕖𝕘𝕠 🦝🧑🏻💻🍕 likes this.
reshared this
Qualcuno sa perché #NewPipe non mi fa più fare il download della traccia audio ma solo di tutto il video?
O sono io che sto trovando solo video in qualche modo "protetti"?
Poliversity - Università ricerca e giornalismo reshared this.
DeporShow es un blog dedicado a todos los deportes, fundamentos técnicos y táctica. Biografías e Historias de Vida. Ilustrado con fotos y videos.I Write Facts
HugoR likes this.
Social Media Channel reshared this.
La selección de Sudáfrica se clasificó al Mundial 2026 de manera directa al terminar en el primer lugar del Grupo C de las Eliminatorias Africanas (CAF), logrando su boleto tras una intensa disputa con Nigeria y Benín.
El arquero Ronwen Williams está llamado a ser el capitán de los Bafana Bafana en el regreso del país a una Copa Mundial por primera vez desde 2010.
#futbol #Mundial 2026 #sports #mastodon #friendica #fediverso
HugoR likes this.
Social Media Channel reshared this.
@Giornalismo e disordine informativo
articolo21.org/2026/05/cosi-le…
Quella dell’editore del New York Times Arthur Gregg Sultzberger è una vera e propria chiamata alle armi. Le armi della indipendenza di giudizio e della autonomia editoriale rispetto alle ingerenze della politica. L’editore
OrionBelt©
in reply to simona • • •