Clearview AI ha ricevuto l’approvazione giudiziaria definitiva per un accordo che fornisce una quota azionaria del 23% della società a una categoria di consumatori che hanno affermato che la società di riconoscimento facciale ha utilizzato in modo improprio le immagini delle persone senza il loro consenso riporta Bloomberg.

Approvando l’accordo giovedì, la giudice Sharon Johnson Coleman della Corte distrettuale degli Stati Uniti per il distretto settentrionale dell’Illinois ha stimato che la quota dell’accordo valesse 51,75 milioni di dollari, sulla base di una valutazione di 225 milioni di dollari di gennaio 2024.

“Certo, la natura di una quota azionaria è che potrebbe ridursi o crescere a seconda delle performance della società”, ha detto Coleman nel suo ordine. Ma “Clearview è ottimista sulla potenziale crescita della società in base al mercato disponibile”, ha detto.

In assenza di un accordo, non era chiaro se Clearview avrebbe potuto pagare milioni di dollari come parte di una sentenza, o se avesse i fondi per superare il processo, secondo un giudice in pensione che ha facilitato le negoziazioni per la conciliazione.

Clearview ha raggiunto questo accordo per risolvere le cause legali consolidate secondo cui l’azienda avrebbe violato l’Illinois Biometric Information Privacy Act estraendo miliardi di foto online e inserendole in un database di riconoscimento facciale.

L’accordo prevede la nomina di un supervisore con il diritto di ispezionare le finanze di Clearview e di vendere la quota, al fine di proteggere gli interessi della class action che ha concluso l’accordo. Coleman ha ritenuto l’accordo equo, ragionevole e adeguato, nonostante le obiezioni politiche di 22 stati e del Distretto di Columbia, nonché dei gruppi di pressione.

L'articolo 225 milioni di dollari per l’Uso Illecito delle Foto Online. Clearview perde la class Action e cede il 23% proviene da il blog della sicurezza informatica.

SUPPORTED BY

THIS IS DIGITAL POLITICS. I'm Mark Scott, and continued my Euro-trash existence this week in Geneva where I'm moderated a panel on March 24 on tech sovereignty and data governance. I'll include a write-up in next week's newsletter.

Talking of events, I'll also be co-hosting a tech policy meet-up in hipster East London on March 27 at 6:30pm. There are a few spots left for this (free) event. Sign up here.

— We're living through an era of 'tech sovereignty.' No one knows what that concept means — and that's quickly turning into a problem.

— Brussels forced Apple to open up to competitors. That's going to help many US firms that, in principle, oppose the bloc's competition revamp.

— In what must be the least-shocking fact about the latest AI models, almost none of the data used to train these systems comes from Global Majority countries.

Let's get started.

Tech sovereignty in an era of zero-sum geopolitics

MAYBE IT'S BECAUSE I WAS IN SWITZERLAND to talk about this topic, but we need to focus on tech sovereignty. Bear with me. For most of us, this concept is either unknown or irrelevant. Or possibly both. But over the last five years, policymakers and lawmakers — first in Europe, but increasingly everywhere — have embraced this catch-all term for efforts by individual governments to regain control over parts of the technology industry that have historically been left to the private sector.

Think the United States (or European Union) Chips Act, or efforts to bring back high-end semiconductor manufacturing to the "homeland." Think Washington's Joe Biden-era export controls to stop Beijing getting hold of next generation chip manufacturing equipment. Think Brussels' litany of initiatives — from the creation of so-called 'data spaces' to the (badly named) AI 'gigafactories' — to give itself a seat at the global table of tech powers.

At its core, tech sovereignty is a realization by elected officials that they are no longer in control. They see complex technological global supply chains, the rise of world-spanning tech giants and the influx of billions of dollars in private capital and worry their voters (and homegrown companies) won't see the economic and social benefits of how tech has become so ingrained in everything from buying a car to sending your child to school.

Well, maybe that's one (slightly cynical) definition. After more than five years since 'tech sovereignty' became a thing, governments are still grappling with exactly what it means, how to implement it and what the consequences will be when everyone from London to Brasilia wants to "onshore" tech to boost their local interests.

Before 2025, that remained almost exclusively a headache for uber-policy types (like myself.) But this year has shown, already, that we are living in a more transactional, zero-sum mercantilist world where all elected leaders — and not just US President Donald Trump — are willing to use all the levers at their disposal to reshape the world order to their needs.

**A message from Microsoft** Each day, millions of people use generative AI. Abusive AI-generated content, however, can present risks to vulnerable groups such as women, children, and older adults. In a new white paper, developed in consultation with civil society, we present actionable policy recommendations to promote a safer digital environment.**

That means, inevitably, revisiting how we define 'tech sovereignty' because, like it or not, how we collectively approach the topic will have significant real-world implications for how technology is developed, governed and used in the years to come.

If done well, it could build upon the core tenets of what made the internet such a game-changing technology: open, rights-based core infrastructure that allowed anyone (read: with money and technical capacity) to build whatever they wanted, however they wanted.

If done poorly, it could undermine those key principles that have made technology crucial to both economic and social benefits for all.

Case in point: if a country decides to keep all of its citizens' data within national borders — a term known as data localization — for either commercial or national security reasons, then it makes it harder to trade, based on a reduction of global data flows, and starts to cut off specific countries from the now-fraying world order. This is not hypothetical: Russia, Nigeria, India and China are among states that already have such rules on the books.

What is urgently needed is an honest conversation about what people mean by 'tech sovereignty.' Currently, that falls into two camps.

Camp One leans toward isolationism. In this world, politicians funnel public cash into homegrown 'tech champions' that use siloed-off local data and technical skills to create services/products that are then sold worldwide in a race to build global giants.

Camp Two relies on each country shifting to tech-related areas where it can compete globally (eg: Taiwan/South Korea on microchips; Vietnam on device manufacturing), and then opening up each market to overseas competition. The goal isn't to own everything in tech. It's about figuring out where you can compete, globally, while giving local citizens access to (cheap) outside services/products that improve their daily lives.

You can probably figure out which version of 'tech sovereignty' would be my preference.

Before I get angry emails, I realize there's a lot of nuance that lies between those two extreme positions. Those who want to create a so-called "Euro stack," for instance, would probably argue their efforts are about giving Europe greater autonomy at a time when the US is not perceived as a trusted partner. Those in Brazil supportive of the country's data localization mandate would likely say such provisions are about keeping local's personal information safe under national laws.

I get it. Everyone has a reason why their version of "tech sovereignty" is OK, while everyone else's take is blatant protectionism.

Thanks for reading Digital Politics. If you've been forwarded this newsletter (and like what you've read), please sign up here. For those already subscribed, reach out on digitalpolitics@protonmail.com

But here's the problem with that. This ongoing nibbling at what has made technology an inherent force for good (despite, ahem, some significant downsides) has placed increased onus on equating national power as the only mechanism to get things done. That is especially true, in 2025, when long-standing allies are starting to not trust each other, and retaliatory tariffs are leading us toward a potential global trade war.

What I would prefer to see is a recognition by lawmakers about what they can — and what they can not — change when it comes to tech. Yes, much of the current global power dynamics mean the likes of the US, China and Europe have more say than other parts of the globe. That is not something, unfortunately, that will change overnight.

But while it's 100 percent legitimate for national leaders to want greater control of various forms of technology, I don't see how the ubiquitous calls to spend public money to "bring back" global supply chains to national shores as something that will achieve that.

First, it won't — given that these complex systems have grown over decades and won't just change quickly. And second, it will lead to short-term higher prices for consumers because of the inevitable cost hikes that will result from spending over the odds to onshore manufacturing when other countries can just do it cheaper (and faster.)

"Tech sovereignty" is a concept that sounds good as a talking point, but fails to deliver when confronted with reality. Yes, some form of greater control (or, at least, the semblance of control) over global tech forces is probably good for democracy, writ large. That's especially true for countries beyond the US and China that are net-takers of technology, at a global stage.

But you don't achieve that by putting up barriers to outsiders and investing public funds to develop clunky national champions that will struggle to compete worldwide.

What would be better is to set out a positive definition of 'tech sovereignty' that builds on what has worked for almost everyone over the last 80 years. Caveat: I understand that is a difficult pitch, politically, given the current geopolitical climate.

That would include: reaffirming open global markets based on right-based digital regulation that allows each country to 1) promote their own unique tech-related specialisms, both home and abroad and 2) allow national lawmakers to step in, where appropriate, when global tech forces undermine the rule of law or other key tenets within a nation state.

We already have such systems in other sectors like financial services and pharmaceuticals — and no one (at least not yet in 2025!) makes much political capital in undermining how those industries currently operate. Yes, tech is somewhat different as it's nominally not a separate industry. But, I would argue, neither is financial services.

Unfortunately, I don't see that positive agenda in any of the ongoing 'tech sovereignty' discussions that have become embedded in the geopolitical tensions of early 2025. That goes from Trump's MAGA approach to maintaining "US dominance" over AI to European Commission president Ursula von der Leyen's pitch to make the EU the hub for the next technological revolution.

That is a shame.

It's a shame because it undermines what has been built over the last 80 in so many tech-related fields that have benefited so many people worldwide. And it's a shame because it equally foretells a growing "splinternet" between countries/regions that solely focus on their short-term interests — without recognizing what damage that will produce over the mid-term.

Chart of the Week

THE LATEST ARTIFICIAL INTELLIGENCE MODELS already skew toward more developed countries. But researchers analyzed the most common datasets used to build these systems, from 1990 to 2024, to figure out where that information actually came from.

Not surprisingly, regions like Africa and South America were massively underrepresented, both on the number of datasets (see "by count" below) from those regions and the amount of information (see "by tokens or hours" below) included from those parts of the world.

That's a problem when next generation AI models are being rolled out globally in ways that won't meet regionally-specific needs because of a lack of local data baked into these complex systems.

The darker the part of the maps below, the more data was used from that region to train AI models.
Source: The Data Provenance Initiative

The complexities of antitrust enforcement

WHEN THE EUROPEAN COMMISSION ANNOUNCEDlast week it had forced Apple to make changes to comply with the bloc's new competition rules, the iPhone maker was quick to cry foul. The decision, according to the company, "wraps us in red tape, slowing down Apple's ability to innovate for users in Europe and forcing us to give away our new features for free to companies who don't have to play by the same rules."

Yet in many parts of the global tech world — including inside companies that equally dislike the EU's Digital Markets Act— there were cheers of victory. The split response highlights how these new competition rules, which allow European regulators to step into online markets before one specific company becomes too dominant, aren't as easy to define as many first thought.

First, a quick backstory. Last year, the European Commission's competition enforcers opened an investigation into how Apple allowed rival firms to interact with its products. On March 19, Brussels then ordered the iPhone maker to make it easier for non-Apple devices to connect to the company's products. It also demanded the Cupertino-based firm to provide its technical specs to outsiders so they could build services which more easily interact with Apple's operating systems.

**A message from Microsoft**New technologies like AI supercharge creativity, business, and more. At the same time, we must take steps to ensure AI is resistant to abuse. Our latest white paper, "Protecting the Public from Abusive AI-Generated Content across the EU," highlights the weaponization of women’s nonconsensual imagery, AI-powered scams and financial fraud targeting older adults, and the proliferation of synthetic child sexual abuse.

The paper outlines steps Microsoft is taking to combat these risks and provides recommendations as to how the EU's existing regulatory framework can be used to combat the abuse of AI-generated content by bad actors. We thank Women Political Leaders, the MenABLE project, the Internet Watch Foundation, the WeProtect Global Alliance, and the European Senior’s Union for their important work and support. Click here to read more.**

What does that mean? Over the next 12 months (caveat: Apple may still appeal these changes), it will become easier, say, for Garmin smartwatches to connect seamlessly with your iPhone — just as an Apple watch currently does. Rival apps will also be able to take advantage of Apple's technical wizardry to compete more directly with the company's own services that work hand-in-glove with its in-house software.

You can understand why Apple is not a fan. But, equally, it will be a boon for the likes of Meta and Alphabet, as well as scores of smaller tech firms, that have long complained that Apple creates artificial technical barriers so that rival devices/apps just don't work as well as the iPhone maker's own offerings. Mark Zuckerberg, Meta's chief executive, even called out Apple in January over how it didn't allow other headphones to connect as well as the firm's (expensive) devices.

Sign up for Digital Politics

Thanks for getting this far. Enjoyed what you've read? Why not receive weekly updates on how the worlds of technology and politics are colliding like never before. The first two weeks of any paid subscription are free.

Subscribe
Email sent! Check your inbox to complete your signup.

No spam. Unsubscribe anytime.

Yes, you read that right. The European Commission and Zuckerberg are on the same page when it comes to digital competition.

That complexity can make my brain hurt. In the ongoing lobbying around new digital competition rules (looking at you, United Kingdom), the playbook often relies on claiming such legislation places regulators too squarely at the heart of business decisions of some of the world's largest tech companies. "It's killing innovation!," comes the claim. "Officials should keep their noses out of our business!"

I have some sympathy for that argument, especially when it comes to so-called ex ante regulation, or policy efforts to curb unfair dominance before a firm becomes too entrenched in a digital market. But I can also see a massive upside for consumers if a non-Apple product/service works as effortlessly as an in-house device designed in Cupertino.

For what such competition decisions lead to, we only have to look at a previous European Commission ruling to force the iPhone maker to switch all of its devices over to USB-C technology. Apple executives equally met that 'common charger' ruling with derision. But now, USB-C is the de fault global standard, allowing one cable to connect everything from iPhones to Samsung tablets.

It's still unclear if the recent Apple decision will lead to US pushback after the White House threatened retaliatory tariffs on countries/regions that went after American tech firms. But beyond the iPhone maker, many US companies remain supportive of this specific European Commission competition decision — mostly because it's good for their own business interests.

What I'm reading

— A subcommittee of the US Senate Committee on the Judiciary will hold a hearing on the "Censorship Industrial Complex" on March 24. Watch along here. A counterpoint to that subcommittee's focus.

— Company responses to the White House's call for input on a "AI Action Plan." Palantir. OpenAI. Alphabet. Microsoft. Frontier Model Forum. Anthropic. If anyone has seen Meta's submission, please let me know.

— AI Now gives the European Commission a report card on tech for the Berlaymont Building's first 100 days. More here.

— The UK regulator Ofcom outlined what companies must now do after a deadline passed for firms to conduct illegal harms risk assessments. More here.

— Small AI language models offer a cheap option for indigenous communities to take advantage of this emerging technology, argue Brooke Tanner and Cameron Kerry for the Brookings Institution.

digitalpolitics.co/newsletter0…

Recently Raspberry Pi publicly announced the release of their new rpi-image-gen tool, which is advertised as making custom Raspberry Pi OS (i.e. Debian for specific Broadcom SoCs) images in a much more streamlined fashion than with the existing rpi-gen tool, or with third-party solutions. The general idea seems to be that the user fetches the tool from the GitHub project page, before running the build.sh script with parameters defining the configuration file and other options.

The main advantage of this tool is said to be that it uses binary packages rather than (cross-)compiling, while providing a range of profiles and configuration layers to target specific hardware & requirements. Two examples are provided in the GitHub project, one for a ‘slim’ project, the other for a ‘webkiosk‘ configuration that runs a browser in a restricted (Cage) environment, with required packages installed in the final image.

Looking at the basic ‘slim’ example, it defines the INI-style configuration in config/pi5-slim.cfg, but even when browsing through the main README it’s still somewhat obtuse. Under device it references the mypi5 subfolder which contains its own shell script, plus a cmdline.txt and fstab file. Under image it references the compact subfolder with another bunch of files in it. Although this will no doubt make a lot more sense after taking a few days to prod & poke at this, it’s clear that this is not a tool for casual users who just want to quickly put a custom image together.

This is also reflected in the Raspberry Pi blog post, which strongly insinuates that this is targeting commercial & industrial customers, rather than hobbyists.

hackaday.com/2025/03/26/build-…

Many of us could have been lucky enough to have some form of pedal go-kart in our formative years, and among such lucky children there can have been few who did not wish for their ride to have a little power. Zipping around the neighborhood remained a strenuous affair though, particularly for anyone whose hometown was on a hill. What a shame we didn’t have [Matto Godoy] as a dad then, because he has taken a child’s go-kart and turned it into the electrically-propelled ride of dreams.

Out come the pedals and in goes a wooden floor panel, and at the rear the axle is replaced by a set of hoverboard motors and associated batteries and controllers. The wheels are off-the-shelf wheelbarrow parts, and the 36 V lithium-polymer gives it plenty of go. It looks too small for us, but yes! We want one.

If you want one too, you could do worse than considering a Hacky Racer. And if more motor power is your thing, raid the auto recyclers!

hackaday.com/2025/03/26/admit-…

Sono state scoperte due estensioni dannose nel VSCode Marketplace che nascondevano un ransomware. Uno di questi è apparso sullo store Microsoft nell’ottobre dell’anno scorso, ma è passato inosservato per molto tempo.

Si tratta delle estensioni ahban.shiba e ahban.cychelloworld che sono attualmente state rimosse dallo store. Inoltre, l’estensione ahban.cychelloworld è stata caricata sullo store il 27 ottobre 2024 e ahban.shiba il 17 febbraio 2025, aggirando tutti i controlli di sicurezza.

Il malware è stato individuato dagli esperti di ReversingLabs, che hanno scritto che entrambe le estensioni contenevano un comando PowerShell che scaricava ed eseguiva un altro script PowerShell da un server Amazon AWS remoto. Questo script era responsabile della distribuzione del ransomware.

Secondo i ricercatori, il ransomware è chiaramente in fase di sviluppo o test, poiché al momento crittografa solo i file nella cartella C:\users\%username%\Desktop\testShiba e non tocca gli altri.

Una volta completata la crittografia, lo script visualizza un avviso sullo schermo: “I tuoi file sono crittografati. Per ripristinarli, paga 1 ShibaCoin a ShibaWallet.” Non ci sono istruzioni aggiuntive o altri requisiti, a differenza dei classici attacchi ransomware.

Dopo che i ricercatori di ReversingLabs hanno informato Microsoft del ransomware, l’azienda ha rapidamente rimosso entrambe le estensioni dal VSCode Marketplace.

Italy Kruk, ricercatore di sicurezza di ExtensionTotal, che aveva eseguito la scansione automatica precedentemente, aveva rilevato queste estensioni dannose nel VSCode Marketplace, ma lo specialista non era riuscito a contattare i rappresentanti dell’azienda.

Crook spiega che ahban.cychelloworld non era originariamente dannoso e che il ransomware è apparso dopo il caricamento della versione 0.0.2, accettata sul VSCode Marketplace il 24 novembre 2024. Dopo di che, l’estensione ahban.cychelloworld ha ricevuto altri cinque aggiornamenti e tutti contenevano codice dannoso.

“Abbiamo segnalato ahban.cychelloworld a Microsoft il 25 novembre 2024, tramite un report automatico generato dal nostro scanner. Forse a causa del numero esiguo di installazioni di questa estensione, Microsoft non ha dato priorità al messaggio”, ha detto l’esperto.

Gli esperti hanno notato che entrambe le estensioni scaricavano ed eseguivano script PowerShell remoti, ma sono riuscite a non essere rilevate per diversi mesi, il che indica chiaramente gravi falle nei processi di verifica di Microsoft.

L'articolo VSCode Marketplace Distribuiva Ransomware! Scoperte Delle Estensioni Malevole proviene da il blog della sicurezza informatica.

Recentemente Google ha rilasciato un urgente bug fix relativo ad una nuova vulnerabilità monitorata con il CVE-2025-2783. Si tratta di una grave falla di sicurezza su Chrome Browser che è stata sfruttata in attacchi attivi.

L’attacco è stato sferrato attraverso e-mail di phishing che hanno preso di mira organi di stampa, istituti scolastici e organizzazioni governative in Russia. Inoltre, il CVE-2025-2783 è progettato per essere eseguito insieme a un exploit aggiuntivo che facilita l’esecuzione di codice remoto.

“Google è a conoscenza di segnalazioni secondo cui esiste in natura un exploit per CVE-2025-2783”, ha riportato nella correzione Google in un avviso tecnico. Google non ha rivelato ulteriori dettagli tecnici sulla natura degli attacchi. La vulnerabilità è stata inserita in Chrome versione 134.0.6998.177/.178 per Windows.

La vulnerabilità, viene identificata con il nome Mojo facendo riferimento a una raccolta di librerie di runtime che forniscono un meccanismo indipendente dalla piattaforma per la comunicazione tra processi (IPC).
Schema applicativo di Mojo
“In tutti i casi, l’infezione si è verificata immediatamente dopo che la vittima ha cliccato su un link in un’e-mail di phishing e il sito web degli aggressori è stato aperto tramite il browser web Google Chrome”, hanno affermato i ricercatori . “Non è stata richiesta alcuna ulteriore azione per essere infettati. L’essenza della vulnerabilità è dovuta a un errore logico all’intersezione tra Chrome e il sistema operativo Windows, che consente di aggirare la protezione sandbox del browser.”

“Tutti gli artefatti di attacco analizzati finora indicano un’elevata sofisticatezza degli aggressori, consentendoci di concludere con sicurezza che dietro questo attacco c’è un gruppo APT sponsorizzato da uno stato”, hanno affermato i ricercatori.

Il CVE-2025-2783, è il primo zero-day di Chrome attivamente sfruttato dall’inizio dell’anno. I ricercatori di Kaspersky Boris Larin e Igor Kuznetsov sono stati accreditati per aver scoperto e segnalato la falla il 20 marzo 2025.

Il fornitore russo di sicurezza informatica, nel suo stesso bollettino, ha caratterizzato lo sfruttamento zero-day di CVE-2025-2783 come un attacco mirato tecnicamente sofisticato, indicativo di una minaccia persistente avanzata (APT). Sta monitorando l’attività con il nome di Operation ForumTroll.

Si dice che i link di breve durata siano stati personalizzati per i bersagli, con lo spionaggio come obiettivo finale della campagna. Le email dannose, ha affermato Kaspersky, contenevano inviti presumibilmente provenienti dagli organizzatori di un legittimo forum scientifico ed esperto, Primakov Readings.

L'articolo Grave Zero-day rilevato in Chrome! Gli Hacker di stato stanno sfruttando questa falla critica proviene da il blog della sicurezza informatica.

VMware Tools for Windows stanno affrontando una vulnerabilità critica di bypass dell’autenticazione. La falla, identificata come CVE-2025-22230, consente ad attori malintenzionati con privilegi non amministrativi su una macchina virtuale guest Windows di eseguire operazioni ad alto privilegio all’interno di quella VM. Poiché sempre più aziende migrano verso ambienti virtuali e cloud, la sicurezza degli strumenti di virtualizzazione diventa cruciale.

Secondo l’avviso di sicurezza VMSA-2025-0005, il problema deriva da un controllo di accesso non corretto nella suite VMware Tools per Windows. Le versioni 11.xx e 12.xx di VMware Tools in esecuzione su sistemi Windows sono interessate, mentre le versioni per Linux e macOS non presentano questa criticità. Data la crescente centralità della virtualizzazione nelle infrastrutture IT aziendali, la necessità di vigilanza e patching tempestivo è fondamentale per mantenere la sicurezza degli ambienti virtualizzati.

La vulnerabilità, con un punteggio CVSSv3 di 7,8, è stata classificata come di gravità “Importante” da VMware. L’azienda ha rilasciato la versione 12.5.1 di VMware Tools per mitigare il rischio, raccomandando agli utenti di aggiornare immediatamente i propri sistemi. Tuttavia, VMware non ha fornito soluzioni alternative per le organizzazioni che non possono applicare subito l’aggiornamento, sottolineando l’importanza di implementare la patch al più presto.

Sergey Bliznyuk di Positive Technologies, una società russa di sicurezza informatica, è stato accreditato per la scoperta e la segnalazione della vulnerabilità a VMware. La collaborazione tra ricercatori di sicurezza e fornitori di software continua a essere essenziale per l’identificazione e la gestione delle minacce. Questa falla evidenzia quanto sia necessario un approccio proattivo per proteggere le infrastrutture virtualizzate da attacchi informatici sempre più sofisticati.

In risposta alla vulnerabilità, gli esperti di sicurezza consigliano alle aziende di adottare misure immediate per proteggere i propri ambienti virtuali. VMware Tools è un componente chiave per la gestione delle macchine virtuali, migliorando prestazioni e usabilità. Tuttavia, la sua compromissione potrebbe avere conseguenze significative per le organizzazioni. Per questo motivo, rimanere aggiornati sugli avvisi di sicurezza e applicare tempestivamente le patch disponibili è essenziale per garantire l’integrità e la protezione degli ambienti virtualizzati.

L'articolo VMware Tools nel mirino: falla critica espone le macchine virtuali Windows! proviene da il blog della sicurezza informatica.

Spendiamo 800 miliardi per riarmare l'Europa?
Benissimo. Contro chi, e per fare cosa?
E poi... siamo sicuri che serva? (Spoiler: NO)

spreaker.com/episode/dk9x23-ar…

When Apple first launched the Macintosh, it created a new sort of “Lunchbox” form factor that was relatively portable and very, very cool. Reminiscent of that is this neat portable Macintosh Mini, created by [Scott Yu-Jan].

[Scott] has created something along these lines before—putting an iPad dock on top of a Macintosh Studio to create a look vaguely reminiscent of the very first Macintosh computers. However, that build wasn’t portable—it wasn’t practical to build such a thing around the Macintosh Studio. In contrast, the Mac Mini is a lithe, lightweight thing that barely sups power—it’s much more suitable for a “luggable” computer.

The build relies on a 3D printed enclosure that wraps around the Mac Mini like a glove. Inside, there’s a chunky 20,800 mAh power bank with enough juice to run the computer for over three hours. Just like the original Mac, there’s a handle on top, too. The build’s main screen is actually an iPad Mini, hooked up to the Mac Mini. If you want to use it separately, it can be popped out just by pushing it via a cutout in the bottom of the enclosure.

[Scott] notes that it’s cool, but not exactly practical—it weighs seven pounds, mostly due to the weight of the heavy power bank. We’ve featured [Scott’s] stylish builds before, too, like this nice iPhone dock.

youtube.com/embed/IXWmrXt52wM?…

hackaday.com/2025/03/25/design…

A moment’s inattention is all it takes to gather the information needed to make a physical copy of a key. It’s not necessarily an easy process, though, so if pen testing is your game, something like this Flipper Zero key copying toolchain can make the process quicker and easier when the opportunity presents itself.

Of course, we’re not advocating for any illegal here; this is just another tool for your lock-sports bag of tricks. And yes, there are plenty of other ways to accomplish this, but using a Flipper Zero to attack a strictly mechanical lock is kind of neat. The toolchain posted by [No-Lock216] starts with an app called KeyCopier, which draws a virtual key blank on the Flipper Zero screen. The app allows you to move the baseline for each pin to the proper depth, quickly recording the bitting for the key. Later, the bitting can be entered into an online app called keygen which, along with information on the brand of lock and its warding, can produce an STL file suitable for downloading and printing.

Again, there are a ton of ways to make a copy of a key if you have physical access to it, and the comments of the original Reddit post were filled with suggestions amusingly missing the entire point of this. Yes, you can get a key cut at any hardware store for a buck or two that will obviously last a lot longer than a 3D-printed copy. But if you only have a few seconds to gather the data from the key, an app like KeyCopier could be really convenient. Personally, we’d find a smartphone app handier, but if you’ve got a Flipper, why not leverage it?

Thanks to [JohnU] for the tip.

hackaday.com/2025/03/25/physic…

Although NVidia’s current disastrous RTX 50-series is getting all the attention right now, this wasn’t the first misstep by NVidia. Back in 2014 when NVidia released the GTX 970 users were quickly dismayed to find that their ‘4 GB VRAM’ GPU had actually just 3.5 GB, with the remaining 512 MB being used in a much slower way at just 1/7th of the normal speed. Back then NVidia was subject to a $30/card settlement with disgruntled customers, but there’s a way to at least partially fix these GPUs, as demonstrated by a group of Brazilian modders (original video with horrid English auto-dub).

The mod itself is quite straightforward, with the original 512 MB, 7 Gbps GDDR5 memory modules replaced with 1 GB, 8 Gbps chips and adding a resistor on the PCB to make the GPU recognize the higher density VRAM ICs. Although this doesn’t fix the fundamental split VRAM issue of the ASIC, it does give it access to 7 GB of faster, higher-density VRAM. In benchmarks performance was massively increased, with Unigine Superposition showing nearly a doubling in the score.

In addition to giving this GTX 970 a new lease on life, it also shows just how important having more VRAM on a GPU is, which is ironic in this era where somehow GPU manufacturers deem 8 GB of VRAM to be acceptable in 2025.

youtube.com/embed/JR5mm96Dj7k?…

hackaday.com/2025/03/25/brazil…

In mid-March 2025, Kaspersky technologies detected a wave of infections by previously unknown and highly sophisticated malware. In all cases, infection occurred immediately after the victim clicked on a link in a phishing email, and the attackers’ website was opened using the Google Chrome web browser. No further action was required to become infected.

All malicious links were personalized and had a very short lifespan. However, Kaspersky’s exploit detection and protection technologies successfully identified the zero-day exploit that was used to escape Google Chrome’s sandbox. We quickly analyzed the exploit code, reverse-engineered its logic, and confirmed that it was based on a zero-day vulnerability affecting the latest version of Google Chrome. We then reported the vulnerability to the Google security team. Our detailed report enabled the developers to quickly address the issue, and on March 25, 2025, Google released an update fixing the vulnerability and thanked us for discovering this attack.

Acknowledgement for finding CVE-2025-2783 (excerpt from security fixes included into Chrome 134.0.6998.177/.178)

We have discovered and reported dozens of zero-day exploits actively used in attacks, but this particular exploit is certainly one of the most interesting we’ve encountered. The vulnerability CVE-2025-2783 really left us scratching our heads, as, without doing anything obviously malicious or forbidden, it allowed the attackers to bypass Google Chrome’s sandbox protection as if it didn’t even exist. The cause of this was a logical error at the intersection of Google Chrome’s sandbox and the Windows operating system. We plan to publish the technical details of this vulnerability once the majority of users have installed the updated version of the browser that fixes it.
Our research is still ongoing, but judging by the functionality of the sophisticated malware used in the attack, it seems the attackers’ goal was espionage. The malicious emails contained invitations supposedly from the organizers of a scientific and expert forum, “Primakov Readings”, targeting media outlets, educational institutions and government organizations in Russia. Based on the content of the emails, we dubbed the campaign Operation ForumTroll.

Example of a malicious email used in this campaign (translated from Russian)

At the time of writing, there’s no exploit active at the malicious link – it just redirects visitors to the official website of “Primakov Readings”. However, we strongly advise against clicking on any potentially malicious links.

The exploit we discovered was designed to run in conjunction with an additional exploit that enables remote code execution. Unfortunately, we were unable to obtain this second exploit, as in this particular case it would have required waiting for a new wave of attacks and exposing users to the risk of infection. Fortunately, patching the vulnerability used to escape the sandbox effectively blocks the entire attack chain.

All the attack artifacts analyzed so far indicate high sophistication of the attackers, allowing us to confidently conclude that a state-sponsored APT group is behind this attack.

We plan to publish a detailed report with technical details about the zero-day exploit, the sophisticated malware, and the attackers’ techniques.

Kaspersky products detect the exploits and malware used in this attack with the following verdicts:

• Exploit.Win32.Generic
• Trojan.Win64.Agent
• Trojan.Win64.Convagent.gen
• PDM:Exploit.Win32.Generic
• PDM:Trojan.Win32.Generic
• UDS:DangerousObject.Multi.Generic

Indicators of Compromise

primakovreadings[.]info

securelist.com/operation-forum…