Printed circuit boards were once so simple. One or two layers of copper etched on a rectangular fiberglass substrate, with a few holes drilled in key locations so components could be soldered into place. They were functional objects, nothing more—built only for the sake of the circuit itself.

Fast forward to today, and so much has changed. Boards sprout so many layers, often more than 10, and all kinds of fancy geometric features for purposes both practical and pretty. But what catches they eye more than that, other than rich, saturated color? [Joseph Long] came to the 2024 Hackaday Supercon to educate us on the new world of full color PCBs.

youtube.com/embed/LOSMH_EV6pQ?…

[Joseph] begins his talk with an explanation of terminology. We often look at a PCB and cite its color—say, green for example. As [Joseph] explains, the color comes from the solder mask layer—so called for its job in ensuring solder can only go where it’s supposed to go. The solder mask sits atop the copper layer, but beneath the silk screen which has all the component outlines and part labels.

Solder mask was traditionally green, and this is still the most common color you’ll find in the majority of electronics. However, in recent decades, the available gamut of colors has increased. Now, you can routinely order yellow, blue, purple, and red solder masks quite easily, as well as black or white if you’re so inclined. As some creative makers have found, when designing a board, it’s possible to get several colors into a design even if you’re just using one color of solder mask. That’s because the solder mask appears in slightly different shades when it’s laid over the bare fiberglass of the PCB, versus being laid over copper, for example. Add in white silkscreen and you’ve got quite a lot to work with.

PCB Color Palette
byu/Half_Slab_Conspiracy inPrintedCircuitBoard

Different colors are achievable on a PCB even just by using a single soldermask color.
We’re used to having a choice of color on our PCB orders today, but so much more is possible.
But what if you want more? What if you want real color? [Joseph] realized this could be possible when he found out that PCB board houses were already using inkjet-like printers to lay down silkscreen layers on small-run boards. Since there was already a printer involved in the board production process, wouldn’t it be simple to start printing on circuit boards in full color?

As it turns out, this was very practical. Two big Shenzhen board houses—JLCPCB and PCBWay—both started delivering color printed boards in 2024. The method involved using a white solder mask layer, with a full-color “silkscreen” layer printed on top using UV-cured ink. Using this ink was a particular key to unlocking full color PCBs. The UV-cured inks are more robust under the tough conditions PCBs face, such as the high temperatures during reflow or hand soldering.

Color printing PCBs might sound trivial and only relevant for cosmetic purposes, but [Joseph] points out it has lots of practical applications too. You can easily color code pinouts and traces right on the the board, a feature that has obvious engineering value. You can even use photorealistic footprints to indicate where other board-level modules should be soldered in, too, making assembly more intuitive. Plus, full color boards are fun—don’t discount that!

[Joseph] likes using the full-color prints to aid in assembly, by using far more realistic footprints for items like board-scale modules and batteries.[Joseph] is also a big fan of the SAO format, having designed several compatible boards himself. At his talk, he showed off special “extender” boards of his own creation and offered giveaways to attendees.If you’re wondering how to get started, [Joseph]’s talk covers all the important ground. He goes over the workflow for doing color PCBs with typical board houses. As the main suppliers in this area, PCBWay and JLCPCB both have slightly different ways of working with design files for color boards. Obviously, creating a color board involves making images outside of your traditional board design software. It’s straightforward enough, but you have to follow some careful practices to ensure your images are printed in the right size and right orientation to match the rest of your PCB design. PCBWay lets you make your own images and submit them with your Gerber files from whatever board design tool, while JLCPCB requires you to produce your PCB within their EasyEDA design software and put the graphics directly in there. [Joseph] also explains the costs involved for printing these boards, which does come at a premium relative to traditional boards.

As a bonus, we even get to see some of Joseph’s awesome color boards. The graphics are stunning—they really show the potential of full-color PCBs and how they can elevate a project or a fun badge design. If you’re eager to try this out, go ahead and watch [Joseph]’s primer and dive in for yourself!

hackaday.com/2025/03/26/superc…

These days we don’t get too fussed about miniaturized electronics, not when you can put an entire processor and analog circuitry on a chip the size of a grain of sand. Things were quite different back in the 1980s, with the idea of a credit card-sized radio almost preposterous. This didn’t stop the engineers over at Casio from having a go at this and many other nutty ideas, with [Matt] from Techmoan having a go at taking one of these miniaturized marvels apart.
The Casio FM Stereo radio in happier days. (Credit: Techmoan, YouTube)
On the chopping block is the FM stereo device that was featured in a previous episode. Out of the four credit card-sized radios in that video, the one with the rechargeable battery (obviously) had ceased to work, so it was the obvious choice for a teardown. This mostly meant peeling off the glued-on top and bottom, after which the circuitry became visible.

In addition to the battery with a heavily corroded contact, the thin PCB contains a grand total of three ICs in addition to the analog circuitry. These were identified by [Spritetm] as an AM/FM tuner system IC (TA7792), an FM PLL MPX (TA7766AF) and a headphone amplifier (TA7767F), all of them manufactured by Toshiba.

Although [Matt] reckons this was a destructive teardown, we’re looking forward to the repair video where a fresh cell is soldered in and the case glued back together.

youtube.com/embed/XX_wOOvByPs?…

hackaday.com/2025/03/26/teardo…

You might think you don’t need a hearing aid, and you might be right. But in general, hearing loss eventually comes to all of us. In fact, you progressively lose hearing every year, which is why kids can have high-pitched ringtones their parents can’t hear.

You’d think hearing aids would be pretty simple, right? After all, we know how to pick up sounds, amplify them, and play them back. But there’s a lot more to it. Hearing aids need to be small, comfortable, have great battery life, and cram a microphone and speaker into a small area. That also can lead to problems with feedback, which can be very uncomfortable for the user. In addition, they need to handle very soft and loud sounds and accommodate devices like telephones.

Although early hearing aids just made sound louder and, possibly, blocked unwanted sound, modern devices will try to increase volume only in certain bands where the user has hearing loss. They may also employ sophisticated methods to block or reduce noise.

A Brief History

Hearing loss is nothing new. Ear trumpets appeared around the 17th century. These were just simple sound baffles that directed sound to your ear and, perhaps, cut some noise out that wasn’t in the trumpet’s direction.

The modern hearing aid dates back to the akouphone in 1895. [Miller Hutchison] developed the device for a friend who was deaf from a bout of scarlet fever. It was bulky — sitting on a table top — and used a carbon microphone, but it did work. He was also able to sell several models to royalty, many of whom suffered from hereditary deafness. This included Denmark’s Queen Alexandra, who, reportedly, was very impressed with the results.
The Acousticon microphone (left) and complete unit (right) (From Hawkins Electrical Guide #7, 1923)
Around 1902, [Hutchison] changed the device’s name to the acousticon, making it more portable with battery power. Despite impressive marketing, not all medical professionals were sold. If you were totally deaf, the device did nothing, unsurprisingly. In addition, the bulky batteries required frequent replacement, and the frequency response was poor.

It was still better than nothing, and the invention also led to the massacon and akoulalion that converted sound into vibration for the profoundly deaf. He later sold the rights for the acousticon to [Kelley Turner], who would not only improve the device, but also use the technology to launch the dictograph, which was a well-known office machine for many years.

Modern Times

The Zenith Miniature 75 (photo by [France1978] CC-BY-SA-2.0).Amplified hearing aids appeared around 1913, but they were still large boxes. By 1920, the vactuphone used vacuum tubes to perform amplification. At “only” seven pounds, the vactuphone was considered quite portable.

Keep in mind that portable hearing aids in the 1920s was a relative term. Typically, you’d have a unit carried in a bag or hung around your neck. World War II brought advances in minaturization which benefited hearing aids like the Zenith Miniature 75.

Transistors, of course, changed everything, including hearing aids. The Sonotone 1010, which appeared in 1952, used both transistors and tubes. Early transistor units were known to fail early due to moisture and heat. Silicon transistors and encapsulation helped.

Naturally, all of these hearing aids were analog as were the earliest IC-based devices. However, with the advent of ICs, it was possible to use digital techniques.
Patent drawing from 1984 — Hardly portable!
The path to digital hearing aids was difficult. In the 1970s, large computers could program digital elements in hearing aids to tune the device to set frequency bands and gains.

By 1980, several groups were experimenting with real digital hearing aids, although many of them had wireless links to real computers. A fully digital hearing aid first appeared in a 1984 patent, but it wasn’t tiny. Since then, things have gotten smaller and more capable.

Physical Form

Hearing aids went from table-top devices, to boxes hanging on necks. Getting smaller devices allowed for small boxes that hug the back of the ear with the earpiece into the ear canal.

With even smaller devices, the entire apparatus can be placed in the ear canal. Many of these go so deeply into the ear that they are largely invisible. There are also hearing aids that can surgically attach to your skull using a titanium post embedded in the bone. This can transmit sound even to people who can’t hear sound directly since it relies on bone conduction.

Other places to find hearing aids are built into thick glasses frames. Doctors with hearing problems can opt for stethoscopes with integrated hearing aids.

Modern hearing aids sometimes have rechargeable batteries. Otherwise, there will be some kind of small battery. There was a time that mercury cells were common, but with those banned in most places, many aids now take zinc-air batteries that deliver about 1.4 V.

We hear from an 8th grader that you can make hearing aid batteries last longer by peeling the sticker from them and waiting five minutes before installing them. Apparently, giving them a little time to mix with the air helps them.

What’s Next?

On the market today are hearing aids that use neural networks, have Bluetooth connections, and use other high tech tricks. We’ve looked at the insides of a hearing aid and why they cost so much before. If you want to roll your own, there is an open source design.

hackaday.com/2025/03/26/tech-i…

Clearview AI ha ricevuto l’approvazione giudiziaria definitiva per un accordo che fornisce una quota azionaria del 23% della società a una categoria di consumatori che hanno affermato che la società di riconoscimento facciale ha utilizzato in modo improprio le immagini delle persone senza il loro consenso riporta Bloomberg.

Approvando l’accordo giovedì, la giudice Sharon Johnson Coleman della Corte distrettuale degli Stati Uniti per il distretto settentrionale dell’Illinois ha stimato che la quota dell’accordo valesse 51,75 milioni di dollari, sulla base di una valutazione di 225 milioni di dollari di gennaio 2024.

“Certo, la natura di una quota azionaria è che potrebbe ridursi o crescere a seconda delle performance della società”, ha detto Coleman nel suo ordine. Ma “Clearview è ottimista sulla potenziale crescita della società in base al mercato disponibile”, ha detto.

In assenza di un accordo, non era chiaro se Clearview avrebbe potuto pagare milioni di dollari come parte di una sentenza, o se avesse i fondi per superare il processo, secondo un giudice in pensione che ha facilitato le negoziazioni per la conciliazione.

Clearview ha raggiunto questo accordo per risolvere le cause legali consolidate secondo cui l’azienda avrebbe violato l’Illinois Biometric Information Privacy Act estraendo miliardi di foto online e inserendole in un database di riconoscimento facciale.

L’accordo prevede la nomina di un supervisore con il diritto di ispezionare le finanze di Clearview e di vendere la quota, al fine di proteggere gli interessi della class action che ha concluso l’accordo. Coleman ha ritenuto l’accordo equo, ragionevole e adeguato, nonostante le obiezioni politiche di 22 stati e del Distretto di Columbia, nonché dei gruppi di pressione.

L'articolo 225 milioni di dollari per l’Uso Illecito delle Foto Online. Clearview perde la class Action e cede il 23% proviene da il blog della sicurezza informatica.

SUPPORTED BY

THIS IS DIGITAL POLITICS. I'm Mark Scott, and continued my Euro-trash existence this week in Geneva where I'm moderated a panel on March 24 on tech sovereignty and data governance. I'll include a write-up in next week's newsletter.

Talking of events, I'll also be co-hosting a tech policy meet-up in hipster East London on March 27 at 6:30pm. There are a few spots left for this (free) event. Sign up here.

— We're living through an era of 'tech sovereignty.' No one knows what that concept means — and that's quickly turning into a problem.

— Brussels forced Apple to open up to competitors. That's going to help many US firms that, in principle, oppose the bloc's competition revamp.

— In what must be the least-shocking fact about the latest AI models, almost none of the data used to train these systems comes from Global Majority countries.

Let's get started.

Tech sovereignty in an era of zero-sum geopolitics

MAYBE IT'S BECAUSE I WAS IN SWITZERLAND to talk about this topic, but we need to focus on tech sovereignty. Bear with me. For most of us, this concept is either unknown or irrelevant. Or possibly both. But over the last five years, policymakers and lawmakers — first in Europe, but increasingly everywhere — have embraced this catch-all term for efforts by individual governments to regain control over parts of the technology industry that have historically been left to the private sector.

Think the United States (or European Union) Chips Act, or efforts to bring back high-end semiconductor manufacturing to the "homeland." Think Washington's Joe Biden-era export controls to stop Beijing getting hold of next generation chip manufacturing equipment. Think Brussels' litany of initiatives — from the creation of so-called 'data spaces' to the (badly named) AI 'gigafactories' — to give itself a seat at the global table of tech powers.

At its core, tech sovereignty is a realization by elected officials that they are no longer in control. They see complex technological global supply chains, the rise of world-spanning tech giants and the influx of billions of dollars in private capital and worry their voters (and homegrown companies) won't see the economic and social benefits of how tech has become so ingrained in everything from buying a car to sending your child to school.

Well, maybe that's one (slightly cynical) definition. After more than five years since 'tech sovereignty' became a thing, governments are still grappling with exactly what it means, how to implement it and what the consequences will be when everyone from London to Brasilia wants to "onshore" tech to boost their local interests.

Before 2025, that remained almost exclusively a headache for uber-policy types (like myself.) But this year has shown, already, that we are living in a more transactional, zero-sum mercantilist world where all elected leaders — and not just US President Donald Trump — are willing to use all the levers at their disposal to reshape the world order to their needs.

**A message from Microsoft** Each day, millions of people use generative AI. Abusive AI-generated content, however, can present risks to vulnerable groups such as women, children, and older adults. In a new white paper, developed in consultation with civil society, we present actionable policy recommendations to promote a safer digital environment.**

That means, inevitably, revisiting how we define 'tech sovereignty' because, like it or not, how we collectively approach the topic will have significant real-world implications for how technology is developed, governed and used in the years to come.

If done well, it could build upon the core tenets of what made the internet such a game-changing technology: open, rights-based core infrastructure that allowed anyone (read: with money and technical capacity) to build whatever they wanted, however they wanted.

If done poorly, it could undermine those key principles that have made technology crucial to both economic and social benefits for all.

Case in point: if a country decides to keep all of its citizens' data within national borders — a term known as data localization — for either commercial or national security reasons, then it makes it harder to trade, based on a reduction of global data flows, and starts to cut off specific countries from the now-fraying world order. This is not hypothetical: Russia, Nigeria, India and China are among states that already have such rules on the books.

What is urgently needed is an honest conversation about what people mean by 'tech sovereignty.' Currently, that falls into two camps.

Camp One leans toward isolationism. In this world, politicians funnel public cash into homegrown 'tech champions' that use siloed-off local data and technical skills to create services/products that are then sold worldwide in a race to build global giants.

Camp Two relies on each country shifting to tech-related areas where it can compete globally (eg: Taiwan/South Korea on microchips; Vietnam on device manufacturing), and then opening up each market to overseas competition. The goal isn't to own everything in tech. It's about figuring out where you can compete, globally, while giving local citizens access to (cheap) outside services/products that improve their daily lives.

You can probably figure out which version of 'tech sovereignty' would be my preference.

Before I get angry emails, I realize there's a lot of nuance that lies between those two extreme positions. Those who want to create a so-called "Euro stack," for instance, would probably argue their efforts are about giving Europe greater autonomy at a time when the US is not perceived as a trusted partner. Those in Brazil supportive of the country's data localization mandate would likely say such provisions are about keeping local's personal information safe under national laws.

I get it. Everyone has a reason why their version of "tech sovereignty" is OK, while everyone else's take is blatant protectionism.

Thanks for reading Digital Politics. If you've been forwarded this newsletter (and like what you've read), please sign up here. For those already subscribed, reach out on digitalpolitics@protonmail.com

But here's the problem with that. This ongoing nibbling at what has made technology an inherent force for good (despite, ahem, some significant downsides) has placed increased onus on equating national power as the only mechanism to get things done. That is especially true, in 2025, when long-standing allies are starting to not trust each other, and retaliatory tariffs are leading us toward a potential global trade war.

What I would prefer to see is a recognition by lawmakers about what they can — and what they can not — change when it comes to tech. Yes, much of the current global power dynamics mean the likes of the US, China and Europe have more say than other parts of the globe. That is not something, unfortunately, that will change overnight.

But while it's 100 percent legitimate for national leaders to want greater control of various forms of technology, I don't see how the ubiquitous calls to spend public money to "bring back" global supply chains to national shores as something that will achieve that.

First, it won't — given that these complex systems have grown over decades and won't just change quickly. And second, it will lead to short-term higher prices for consumers because of the inevitable cost hikes that will result from spending over the odds to onshore manufacturing when other countries can just do it cheaper (and faster.)

"Tech sovereignty" is a concept that sounds good as a talking point, but fails to deliver when confronted with reality. Yes, some form of greater control (or, at least, the semblance of control) over global tech forces is probably good for democracy, writ large. That's especially true for countries beyond the US and China that are net-takers of technology, at a global stage.

But you don't achieve that by putting up barriers to outsiders and investing public funds to develop clunky national champions that will struggle to compete worldwide.

What would be better is to set out a positive definition of 'tech sovereignty' that builds on what has worked for almost everyone over the last 80 years. Caveat: I understand that is a difficult pitch, politically, given the current geopolitical climate.

That would include: reaffirming open global markets based on right-based digital regulation that allows each country to 1) promote their own unique tech-related specialisms, both home and abroad and 2) allow national lawmakers to step in, where appropriate, when global tech forces undermine the rule of law or other key tenets within a nation state.

We already have such systems in other sectors like financial services and pharmaceuticals — and no one (at least not yet in 2025!) makes much political capital in undermining how those industries currently operate. Yes, tech is somewhat different as it's nominally not a separate industry. But, I would argue, neither is financial services.

Unfortunately, I don't see that positive agenda in any of the ongoing 'tech sovereignty' discussions that have become embedded in the geopolitical tensions of early 2025. That goes from Trump's MAGA approach to maintaining "US dominance" over AI to European Commission president Ursula von der Leyen's pitch to make the EU the hub for the next technological revolution.

That is a shame.

It's a shame because it undermines what has been built over the last 80 in so many tech-related fields that have benefited so many people worldwide. And it's a shame because it equally foretells a growing "splinternet" between countries/regions that solely focus on their short-term interests — without recognizing what damage that will produce over the mid-term.

Chart of the Week

THE LATEST ARTIFICIAL INTELLIGENCE MODELS already skew toward more developed countries. But researchers analyzed the most common datasets used to build these systems, from 1990 to 2024, to figure out where that information actually came from.

Not surprisingly, regions like Africa and South America were massively underrepresented, both on the number of datasets (see "by count" below) from those regions and the amount of information (see "by tokens or hours" below) included from those parts of the world.

That's a problem when next generation AI models are being rolled out globally in ways that won't meet regionally-specific needs because of a lack of local data baked into these complex systems.

The darker the part of the maps below, the more data was used from that region to train AI models.
Source: The Data Provenance Initiative

The complexities of antitrust enforcement

WHEN THE EUROPEAN COMMISSION ANNOUNCEDlast week it had forced Apple to make changes to comply with the bloc's new competition rules, the iPhone maker was quick to cry foul. The decision, according to the company, "wraps us in red tape, slowing down Apple's ability to innovate for users in Europe and forcing us to give away our new features for free to companies who don't have to play by the same rules."

Yet in many parts of the global tech world — including inside companies that equally dislike the EU's Digital Markets Act— there were cheers of victory. The split response highlights how these new competition rules, which allow European regulators to step into online markets before one specific company becomes too dominant, aren't as easy to define as many first thought.

First, a quick backstory. Last year, the European Commission's competition enforcers opened an investigation into how Apple allowed rival firms to interact with its products. On March 19, Brussels then ordered the iPhone maker to make it easier for non-Apple devices to connect to the company's products. It also demanded the Cupertino-based firm to provide its technical specs to outsiders so they could build services which more easily interact with Apple's operating systems.

**A message from Microsoft**New technologies like AI supercharge creativity, business, and more. At the same time, we must take steps to ensure AI is resistant to abuse. Our latest white paper, "Protecting the Public from Abusive AI-Generated Content across the EU," highlights the weaponization of women’s nonconsensual imagery, AI-powered scams and financial fraud targeting older adults, and the proliferation of synthetic child sexual abuse.

The paper outlines steps Microsoft is taking to combat these risks and provides recommendations as to how the EU's existing regulatory framework can be used to combat the abuse of AI-generated content by bad actors. We thank Women Political Leaders, the MenABLE project, the Internet Watch Foundation, the WeProtect Global Alliance, and the European Senior’s Union for their important work and support. Click here to read more.**

What does that mean? Over the next 12 months (caveat: Apple may still appeal these changes), it will become easier, say, for Garmin smartwatches to connect seamlessly with your iPhone — just as an Apple watch currently does. Rival apps will also be able to take advantage of Apple's technical wizardry to compete more directly with the company's own services that work hand-in-glove with its in-house software.

You can understand why Apple is not a fan. But, equally, it will be a boon for the likes of Meta and Alphabet, as well as scores of smaller tech firms, that have long complained that Apple creates artificial technical barriers so that rival devices/apps just don't work as well as the iPhone maker's own offerings. Mark Zuckerberg, Meta's chief executive, even called out Apple in January over how it didn't allow other headphones to connect as well as the firm's (expensive) devices.

Sign up for Digital Politics

Thanks for getting this far. Enjoyed what you've read? Why not receive weekly updates on how the worlds of technology and politics are colliding like never before. The first two weeks of any paid subscription are free.

Subscribe
Email sent! Check your inbox to complete your signup.

No spam. Unsubscribe anytime.

Yes, you read that right. The European Commission and Zuckerberg are on the same page when it comes to digital competition.

That complexity can make my brain hurt. In the ongoing lobbying around new digital competition rules (looking at you, United Kingdom), the playbook often relies on claiming such legislation places regulators too squarely at the heart of business decisions of some of the world's largest tech companies. "It's killing innovation!," comes the claim. "Officials should keep their noses out of our business!"

I have some sympathy for that argument, especially when it comes to so-called ex ante regulation, or policy efforts to curb unfair dominance before a firm becomes too entrenched in a digital market. But I can also see a massive upside for consumers if a non-Apple product/service works as effortlessly as an in-house device designed in Cupertino.

For what such competition decisions lead to, we only have to look at a previous European Commission ruling to force the iPhone maker to switch all of its devices over to USB-C technology. Apple executives equally met that 'common charger' ruling with derision. But now, USB-C is the de fault global standard, allowing one cable to connect everything from iPhones to Samsung tablets.

It's still unclear if the recent Apple decision will lead to US pushback after the White House threatened retaliatory tariffs on countries/regions that went after American tech firms. But beyond the iPhone maker, many US companies remain supportive of this specific European Commission competition decision — mostly because it's good for their own business interests.

What I'm reading

— A subcommittee of the US Senate Committee on the Judiciary will hold a hearing on the "Censorship Industrial Complex" on March 24. Watch along here. A counterpoint to that subcommittee's focus.

— Company responses to the White House's call for input on a "AI Action Plan." Palantir. OpenAI. Alphabet. Microsoft. Frontier Model Forum. Anthropic. If anyone has seen Meta's submission, please let me know.

— AI Now gives the European Commission a report card on tech for the Berlaymont Building's first 100 days. More here.

— The UK regulator Ofcom outlined what companies must now do after a deadline passed for firms to conduct illegal harms risk assessments. More here.

— Small AI language models offer a cheap option for indigenous communities to take advantage of this emerging technology, argue Brooke Tanner and Cameron Kerry for the Brookings Institution.

digitalpolitics.co/newsletter0…

Recently Raspberry Pi publicly announced the release of their new rpi-image-gen tool, which is advertised as making custom Raspberry Pi OS (i.e. Debian for specific Broadcom SoCs) images in a much more streamlined fashion than with the existing rpi-gen tool, or with third-party solutions. The general idea seems to be that the user fetches the tool from the GitHub project page, before running the build.sh script with parameters defining the configuration file and other options.

The main advantage of this tool is said to be that it uses binary packages rather than (cross-)compiling, while providing a range of profiles and configuration layers to target specific hardware & requirements. Two examples are provided in the GitHub project, one for a ‘slim’ project, the other for a ‘webkiosk‘ configuration that runs a browser in a restricted (Cage) environment, with required packages installed in the final image.

Looking at the basic ‘slim’ example, it defines the INI-style configuration in config/pi5-slim.cfg, but even when browsing through the main README it’s still somewhat obtuse. Under device it references the mypi5 subfolder which contains its own shell script, plus a cmdline.txt and fstab file. Under image it references the compact subfolder with another bunch of files in it. Although this will no doubt make a lot more sense after taking a few days to prod & poke at this, it’s clear that this is not a tool for casual users who just want to quickly put a custom image together.

This is also reflected in the Raspberry Pi blog post, which strongly insinuates that this is targeting commercial & industrial customers, rather than hobbyists.

hackaday.com/2025/03/26/build-…

Many of us could have been lucky enough to have some form of pedal go-kart in our formative years, and among such lucky children there can have been few who did not wish for their ride to have a little power. Zipping around the neighborhood remained a strenuous affair though, particularly for anyone whose hometown was on a hill. What a shame we didn’t have [Matto Godoy] as a dad then, because he has taken a child’s go-kart and turned it into the electrically-propelled ride of dreams.

Out come the pedals and in goes a wooden floor panel, and at the rear the axle is replaced by a set of hoverboard motors and associated batteries and controllers. The wheels are off-the-shelf wheelbarrow parts, and the 36 V lithium-polymer gives it plenty of go. It looks too small for us, but yes! We want one.

If you want one too, you could do worse than considering a Hacky Racer. And if more motor power is your thing, raid the auto recyclers!

hackaday.com/2025/03/26/admit-…

Sono state scoperte due estensioni dannose nel VSCode Marketplace che nascondevano un ransomware. Uno di questi è apparso sullo store Microsoft nell’ottobre dell’anno scorso, ma è passato inosservato per molto tempo.

Si tratta delle estensioni ahban.shiba e ahban.cychelloworld che sono attualmente state rimosse dallo store. Inoltre, l’estensione ahban.cychelloworld è stata caricata sullo store il 27 ottobre 2024 e ahban.shiba il 17 febbraio 2025, aggirando tutti i controlli di sicurezza.

Il malware è stato individuato dagli esperti di ReversingLabs, che hanno scritto che entrambe le estensioni contenevano un comando PowerShell che scaricava ed eseguiva un altro script PowerShell da un server Amazon AWS remoto. Questo script era responsabile della distribuzione del ransomware.

Secondo i ricercatori, il ransomware è chiaramente in fase di sviluppo o test, poiché al momento crittografa solo i file nella cartella C:\users\%username%\Desktop\testShiba e non tocca gli altri.

Una volta completata la crittografia, lo script visualizza un avviso sullo schermo: “I tuoi file sono crittografati. Per ripristinarli, paga 1 ShibaCoin a ShibaWallet.” Non ci sono istruzioni aggiuntive o altri requisiti, a differenza dei classici attacchi ransomware.

Dopo che i ricercatori di ReversingLabs hanno informato Microsoft del ransomware, l’azienda ha rapidamente rimosso entrambe le estensioni dal VSCode Marketplace.

Italy Kruk, ricercatore di sicurezza di ExtensionTotal, che aveva eseguito la scansione automatica precedentemente, aveva rilevato queste estensioni dannose nel VSCode Marketplace, ma lo specialista non era riuscito a contattare i rappresentanti dell’azienda.

Crook spiega che ahban.cychelloworld non era originariamente dannoso e che il ransomware è apparso dopo il caricamento della versione 0.0.2, accettata sul VSCode Marketplace il 24 novembre 2024. Dopo di che, l’estensione ahban.cychelloworld ha ricevuto altri cinque aggiornamenti e tutti contenevano codice dannoso.

“Abbiamo segnalato ahban.cychelloworld a Microsoft il 25 novembre 2024, tramite un report automatico generato dal nostro scanner. Forse a causa del numero esiguo di installazioni di questa estensione, Microsoft non ha dato priorità al messaggio”, ha detto l’esperto.

Gli esperti hanno notato che entrambe le estensioni scaricavano ed eseguivano script PowerShell remoti, ma sono riuscite a non essere rilevate per diversi mesi, il che indica chiaramente gravi falle nei processi di verifica di Microsoft.

L'articolo VSCode Marketplace Distribuiva Ransomware! Scoperte Delle Estensioni Malevole proviene da il blog della sicurezza informatica.

Recentemente Google ha rilasciato un urgente bug fix relativo ad una nuova vulnerabilità monitorata con il CVE-2025-2783. Si tratta di una grave falla di sicurezza su Chrome Browser che è stata sfruttata in attacchi attivi.

L’attacco è stato sferrato attraverso e-mail di phishing che hanno preso di mira organi di stampa, istituti scolastici e organizzazioni governative in Russia. Inoltre, il CVE-2025-2783 è progettato per essere eseguito insieme a un exploit aggiuntivo che facilita l’esecuzione di codice remoto.

“Google è a conoscenza di segnalazioni secondo cui esiste in natura un exploit per CVE-2025-2783”, ha riportato nella correzione Google in un avviso tecnico. Google non ha rivelato ulteriori dettagli tecnici sulla natura degli attacchi. La vulnerabilità è stata inserita in Chrome versione 134.0.6998.177/.178 per Windows.

La vulnerabilità, viene identificata con il nome Mojo facendo riferimento a una raccolta di librerie di runtime che forniscono un meccanismo indipendente dalla piattaforma per la comunicazione tra processi (IPC).
Schema applicativo di Mojo
“In tutti i casi, l’infezione si è verificata immediatamente dopo che la vittima ha cliccato su un link in un’e-mail di phishing e il sito web degli aggressori è stato aperto tramite il browser web Google Chrome”, hanno affermato i ricercatori . “Non è stata richiesta alcuna ulteriore azione per essere infettati. L’essenza della vulnerabilità è dovuta a un errore logico all’intersezione tra Chrome e il sistema operativo Windows, che consente di aggirare la protezione sandbox del browser.”

“Tutti gli artefatti di attacco analizzati finora indicano un’elevata sofisticatezza degli aggressori, consentendoci di concludere con sicurezza che dietro questo attacco c’è un gruppo APT sponsorizzato da uno stato”, hanno affermato i ricercatori.

Il CVE-2025-2783, è il primo zero-day di Chrome attivamente sfruttato dall’inizio dell’anno. I ricercatori di Kaspersky Boris Larin e Igor Kuznetsov sono stati accreditati per aver scoperto e segnalato la falla il 20 marzo 2025.

Il fornitore russo di sicurezza informatica, nel suo stesso bollettino, ha caratterizzato lo sfruttamento zero-day di CVE-2025-2783 come un attacco mirato tecnicamente sofisticato, indicativo di una minaccia persistente avanzata (APT). Sta monitorando l’attività con il nome di Operation ForumTroll.

Si dice che i link di breve durata siano stati personalizzati per i bersagli, con lo spionaggio come obiettivo finale della campagna. Le email dannose, ha affermato Kaspersky, contenevano inviti presumibilmente provenienti dagli organizzatori di un legittimo forum scientifico ed esperto, Primakov Readings.

L'articolo Grave Zero-day rilevato in Chrome! Gli Hacker di stato stanno sfruttando questa falla critica proviene da il blog della sicurezza informatica.

VMware Tools for Windows stanno affrontando una vulnerabilità critica di bypass dell’autenticazione. La falla, identificata come CVE-2025-22230, consente ad attori malintenzionati con privilegi non amministrativi su una macchina virtuale guest Windows di eseguire operazioni ad alto privilegio all’interno di quella VM. Poiché sempre più aziende migrano verso ambienti virtuali e cloud, la sicurezza degli strumenti di virtualizzazione diventa cruciale.

Secondo l’avviso di sicurezza VMSA-2025-0005, il problema deriva da un controllo di accesso non corretto nella suite VMware Tools per Windows. Le versioni 11.xx e 12.xx di VMware Tools in esecuzione su sistemi Windows sono interessate, mentre le versioni per Linux e macOS non presentano questa criticità. Data la crescente centralità della virtualizzazione nelle infrastrutture IT aziendali, la necessità di vigilanza e patching tempestivo è fondamentale per mantenere la sicurezza degli ambienti virtualizzati.

La vulnerabilità, con un punteggio CVSSv3 di 7,8, è stata classificata come di gravità “Importante” da VMware. L’azienda ha rilasciato la versione 12.5.1 di VMware Tools per mitigare il rischio, raccomandando agli utenti di aggiornare immediatamente i propri sistemi. Tuttavia, VMware non ha fornito soluzioni alternative per le organizzazioni che non possono applicare subito l’aggiornamento, sottolineando l’importanza di implementare la patch al più presto.

Sergey Bliznyuk di Positive Technologies, una società russa di sicurezza informatica, è stato accreditato per la scoperta e la segnalazione della vulnerabilità a VMware. La collaborazione tra ricercatori di sicurezza e fornitori di software continua a essere essenziale per l’identificazione e la gestione delle minacce. Questa falla evidenzia quanto sia necessario un approccio proattivo per proteggere le infrastrutture virtualizzate da attacchi informatici sempre più sofisticati.

In risposta alla vulnerabilità, gli esperti di sicurezza consigliano alle aziende di adottare misure immediate per proteggere i propri ambienti virtuali. VMware Tools è un componente chiave per la gestione delle macchine virtuali, migliorando prestazioni e usabilità. Tuttavia, la sua compromissione potrebbe avere conseguenze significative per le organizzazioni. Per questo motivo, rimanere aggiornati sugli avvisi di sicurezza e applicare tempestivamente le patch disponibili è essenziale per garantire l’integrità e la protezione degli ambienti virtualizzati.

L'articolo VMware Tools nel mirino: falla critica espone le macchine virtuali Windows! proviene da il blog della sicurezza informatica.

Spendiamo 800 miliardi per riarmare l'Europa?
Benissimo. Contro chi, e per fare cosa?
E poi... siamo sicuri che serva? (Spoiler: NO)

spreaker.com/episode/dk9x23-ar…