Sophos ha annunciato di aver risolto tre distinte vulnerabilità di sicurezza in Sophos Intercept X per Windows e nel relativo programma di installazione. Queste problematiche, identificate con i codici CVE-2024-13972, CVE-2025-7433 e CVE-2025-7472, sono state classificate con un livello di gravità “Alto”. Il bollettino di sicurezza, con ID pubblicazione sophos-sa-20250717-cix-lpe, è stato aggiornato e pubblicato il 17 luglio 2025 e non prevede soluzioni alternative temporanee. I prodotti interessati sono Sophos Intercept X Endpoint e Intercept X per il server.

La prima vulnerabilità, CVE-2024-13972, riguarda un problema di permessi nel registro durante l’aggiornamento di Intercept X per Windows. Questa falla avrebbe potuto consentire a un utente locale di ottenere privilegi a livello di sistema durante il processo di aggiornamento del prodotto. Sophos ha ringraziato Filip Dragovic di MDSec per aver segnalato responsabilmente questa vulnerabilità.

La seconda criticità, CVE-2025-7433, è una vulnerabilità di escalation dei privilegi locali nel componente Device Encryption di Sophos Intercept X per Windows. Questa falla avrebbe potuto permettere l’esecuzione di codice arbitrario. Sophos ha espresso gratitudine a Sina Kheirkhah (@SinSinology) di watchTowr per la sua segnalazione responsabile.

Infine, la CVE-2025-7472 è una vulnerabilità di escalation dei privilegi locali scoperta nel programma di installazione di Intercept X per Windows. Se il programma di installazione fosse stato eseguito con privilegi di sistema (SYSTEM), un utente locale avrebbe potuto ottenere privilegi a livello di sistema.

Questa vulnerabilità è stata scoperta e segnalata a Sophos tramite il suo programma bug bounty, con un ringraziamento particolare a Sandro Poppi per la sua segnalazione responsabile. Per i clienti che utilizzano versioni precedenti del programma di installazione per distribuire attivamente endpoint e server, è fondamentale scaricare la versione più recente del programma di installazione da Sophos Central.

Per la maggior parte dei clienti, non è richiesta alcuna azione manuale. Ciò è dovuto al fatto che, per impostazione predefinita, i clienti che utilizzano la politica di aggiornamento predefinita ricevono automaticamente gli aggiornamenti per i pacchetti raccomandati. Questo assicura che le correzioni per queste vulnerabilità vengano installate senza intervento dell’utente.

Tuttavia, i clienti che utilizzano pacchetti di Supporto a Termine Fisso (FTS) o Supporto a Lungo Termine (LTS) devono intraprendere un’azione per ricevere queste correzioni. È necessario che questi utenti eseguano un aggiornamento per assicurarsi che le patch di sicurezza siano applicate ai loro sistemi.

L'articolo Sophos risolve vulnerabilità in Intercept X per Windows proviene da il blog della sicurezza informatica.

Over on his YouTube channel [Pat Deegan] from Psychogenic Technologies shows us two KiCad tips to save a million clicks.

In the same way that it makes sense for you to learn to touch type if you’re going to be using a computer a lot, it makes sense for you to put some thought and effort into your KiCad keyboard shortcuts keys, too.

In this video [Pat] introduces the keymap that he has come up with for the KiCad programs (schematic capture and PCB layout) and explains the rules of thumb that he used to generate his recommended shortcut keys, being:

• one handed operation; you should try to make sure that you can operate the keyboard with one hand so your other hand can stay on your mouse
• proximity follows frequency; if you use it a lot it should be close to hand
• same purpose, same place; across programs similar functions should share the same key
• birds of a feather flock together; similar and related functionality kept in proximate clusters
• typing trounces topography; if you have to use both hands for typing you have to take your hand off the mouse anyway so then it doesn’t really matter where on the keyboard the shortcut key is

You can find importable KiCad keymaps and customizable SVG cheatsheets in the downloads section of his notes.

[Pat]’s video includes some other tips and commentary (he gives you free access to a KiCad course he has put together) but for us the big takeaway was the keymaps. Also, if you haven’t been keeping abreast of developments, KiCad is now at version 9, as of February this year.

youtube.com/embed/T-voZId8eyw?…

hackaday.com/2025/07/17/improv…

What has 8 ARM cores, 8 GB of RAM, fits in a pocket, and runs NixOS? It’s no pi-clone SBC, but [MWLabs]’s smartphone– a OnePlus 6, to be precise.

The video embedded below, and the git link above, are [MWLabs]’s walk-through for loading the mobile version of Nix onto the cell phone, turning it into a tiny-screened Linux computer. He’s using the same flake on the phone as on his desktop, which means he gets all the same applications set up in the same way– talk about convergence. That’s an advantage to Nix in this application, compared to the usual Alpine-based PostMarketOS.

Of course some of the phone-like features of this pocket-computer are lacking: the SIM is detected, and he can text, but 4G is nonfunctional. The rear camera is also not there yet, but given that Mobile-NixOS builds on the work done by well-established PostMarketOS, and PostMarketOS’ testing version can run the camera, it’s only a matter of time before support comes downstream. Depending what you need a tiny Linux device for, the camera functionality may or may not be of particular interest. If you’re like us, the idea of a mobile device running Nix might just intrigue you,

Smartphones can be powerful SBC alternatives, after all. You can even turn them into SBCs. As long as you don’t need a lot of GPIO, like for a server,a phone in hand might be worth two birds in the raspberry bush.

youtube.com/embed/yxfDNqZ9WTM?…

hackaday.com/2025/07/17/8-core…

In today’s high-speed information overload environment, we often find ourselves with too much data to take in at once, causing us to occasionally miss out on opportunities otherwise drowned out in noise. None of this is more evident in the realm of high-speed trading, whether it’s for stocks, commodities, or even crypto. Most of us won’t be able to build dedicated high speed connections directly to stock exchanges for that extra bit of edge over the other traders, but what we can do is build a system that keys us in to our cryptocurrency price of choice so we know exactly when to pull the trigger on a purchase or sale.

[rishab]’s project for doing this is based on an ESP32 paired with a 10″ touchscreen display. It gathers live data from Binance, a large cryptocurrency exchange that maintains various pieces of information about many digital currencies. [rishab]’s tool offers a quick, in-depth look at a custom array of coins, with data such as percentage change over a certain time and high and low values for that coin as well. The chart updates in real time, and [rishab] also built a feature in which scales coins up if they have been seeing large movements in price over short timeframes.

Although it’s not a direct fiber link into an exchange, it certainly has its advantages over keeping this information in a browser window on a computer where it could get missed, and since it’s dedicated hardware running custom firmware it can show you exactly what you need to see if you’re day trading crypto. Certainly projects like this are in the DIY spirit that crypto enthusiasts tout as ideals of the currency, and as people move away from mining and more into speculative trading we’d expect to see more projects like this.

youtube.com/embed/U1MZoj3MJso?…

hackaday.com/2025/07/17/esp32-…

Over on his YouTube channel [Tom Stanton] shows us how to build a Stirling Engine for a bike.

A Stirling Engine is a heat engine, powered by the expansion and contraction of a working fluid (such as air) which is heated and cooled in a cycle. In the video [Tom] begins by demonstrating the Stirling Engine with some model engines and explains the role of the displacer piston. His target power output for his bike engine is 150 watts (about 0.2 horsepower) which is enough power to cycle at about 15 mph (about 24 km/h). After considering a CPU heatsink as the cooling system he decided on water cooling instead.

[Tom] goes on to 3D print and machine various parts for his bike engine. He uses myriad materials including aluminum and Teflon. He isn’t yet comfortable machining steel, so he had the steel part he needed for handling the hot end of the engine manufactured by a third party.

[Tom] explains that when he started the project he had intended to make a steam engine. But after some preliminary research he discovered that a Stirling Engine was a better choice, particularly they are quieter, more efficient, and safer. After a number of false starts and various adjustments he manages to get his engine to run, which is pretty awesome. Standby for part two to see the bike in action!

We have covered the Stirling Engine here on Hackaday many times before. You might like to read about how to create one with minimal parts or how to make one from expedient materials.

youtube.com/embed/zB3lrLjqIh4?…

hackaday.com/2025/07/17/buildi…

On Thursday, Demand Progress and Freedom of the Press Foundation (FPF) filed an ethics complaint against Edward L. Artau, a Florida judge who was nominated by President Donald Trump to a federal district court after delivering a favorable ruling for Trump in his defamation lawsuit against the Pulitzer Board. The ethics complaint asks the D.C. Court of Appeals and the Florida Judicial Qualifications Commission to investigate Artau for potentially breaking rules requiring judges to recuse themselves to avoid conflicts of interest, remain impartial, avoid impropriety, and avoid giving false statements.

Politico reported that Artau, who sought for Trump to nominate him shortly after the president won the 2024 presidential election, later ruled in Trump’s favor as part of a panel of state appellate judges deciding whether to allow the president’s lawsuit against the Pulitzer Prize Board to move forward. After joining a favorable panel ruling for Trump, and after going out of his way to write a gratuitous solo concurrence praising the lawsuit’s claims on the merits, Artau was nominated to be a judge on South Florida’s U.S. trial court. Artau later gave an incomplete and misleading testimony about these events to the Senate Judiciary Committee while under oath.

“A federal judge’s goal should be upholding the law and the American people’s confidence in the judiciary, not delivering whatever the president wants so that they can get a job,” said Emily Peterson-Cassin, director of corporate power at Demand Progress. “Judge Ed Artau’s behind-closed-doors jockeying for his nomination, his failure to recuse himself from the Pulitzer lawsuit and his misleading testimony to the Senate all raise bright red flags that need to be investigated.”

Seth Stern, director of advocacy at Freedom of the Press Foundation, said: “Judges should be safeguarding us against President Trump’s frivolous attacks on the free press, the First Amendment and the rule of law. Instead, Judge Artau seems eager to facilitate Trump’s unconstitutional antics in exchange for a job. That’s far from the level of integrity that the Rules of Professional Conduct demand. Attorney disciplinary commissions need to rise to this moment and not tolerate ethical violations that impact not only individuals before the court but our entire democracy.”

Read the Complaint here or below.

freedom.press/static/pdf.js/we…

freedom.press/issues/fpf-deman…

Our next PPI board meeting will take place on 05.08.2025 at 14:00 UTC / 16:00 CEST.

All official PPI proceedings, Board meetings included, are open to the public. Feel free to stop by. We’ll be happy to have you.

Where:jitsi.pirati.cz/PPI-Board

The prior meeting was unfortunately delayed.

Prior to that meeting a SCENE meeting is scheduled on July 22 at 7 pm/ UTC 9 pm CEST.

All of our meetings are posted to our calendar: pp-international.net/calendar/

We look forward to seeing visitors.

Thank you for your support,

The Board of PPI

pp-international.net/2025/07/n…

Пиратская партия Германии на сайте Пиратского Интернационала обратила внимание на важную проблему: корпорации преследуют людей за создание мемов, не имеющих коммерческой цели.

Мемы, пародии и интернет-фольклор — важная часть современной культуры. Они рождаются в сетевых сообществах, переосмысливают медиа и становятся новым языком общения. Но так называемые правообладатели пытаются приватизировать даже те образы, которые давно стали частью общественного достояния.

В России, как и во всём мире, люди сталкиваются с аналогичными проблемами. Правообладатели активно подают в суд за использование мемов, даже если они созданы для развлечения. Например, «Си Ди Лэнд Контакт», приватизировавший Ждуна, несколько раз судился за его использование, Москвариум заявил о намерении зарегистрировать товарный знак «Рыбов показываем», петербургский предприниматель пытался, впрочем, безуспешно, зарегистрировать товарный знак «Как тебе такое, Илон».

Эта мировая практика показывает, как устаревшие законы о так называемом авторском праве, которое в первую очередь защищает не автора, а правообладателя, то есть, того, кто первым подберёт плохо лежащее, подавляют творчество и свободное выражение.

Пиратская партия России всецело поддерживает позицию ПП Германии.

Публикуем перевод их заявления:

Культура мемов — это здорово! Пираты обожают мемы. Мемы помогают людям делиться идеями и шутками. Но некоторые жадные создатели корпоративного контента нападают на тех, кто их создаёт. Они подают в суд на тех, кто создаёт мемы без какой-либо коммерческой цели. Мы должны дать этому отпор!

Один явный случай произошел в Германии. Фанаты создали мемы о героине детской книги Конни. Издатель разослал письма с требованием прекратить противоправные действия. Они угрожали аккаунту в <запрещённой в РФ соцсети с фотографиями>. И им это удалось. Они закрыли аккаунт. Они ограничили свободу слова. Они уничтожили собственное творение. Мемы позволили бы Конни выжить. Конни умрёт. Спасите Конни!

Хотя в Германии особенно строго относятся к «нарушению авторских прав», эта проблема носит глобальный характер и не ограничивается только мемами.

Такие случаи случаются в мире искусства. Disney разослал официальные уведомления о фан-арте.

Такие случаи происходят в игровой индустрии. Nintendo закрывает игры, созданные на основе их контента.

В музыкальной индустрии такое случается. Музыканты подают в суд на других музыкантов за ремиксы своих треков.

Они происходят в социальных сетях. Поклонников событий в Южной Корее предостерегли по поводу мемов о военном положении.

Мемы — это здорово! Переделки игр — это здорово! Ремиксы — это здорово! Протесты в социальных сетях — это здорово! Так общество развивается и создаёт новые формы самовыражения. Знания — производны. Мы учимся на истории и создаём новые версии, которые немного отличаются, но лучше.

Давайте потребуем защиты мемов! Ни один материал не должен быть заморожен авторским правом!

Вся история искусства — это цепочка заимствований, переосмыслений и новых интерпретаций. Шекспир перерабатывал старые сюжеты, музыканты делали каверы, а кинорежиссёры снимали ремейки. Сегодня цифровые технологии позволяют людям создавать новые формы искусства на основе существующих произведений, но корпорации хотят запретить это, превратив культуру в «закрытый клуб».

Наша цель — культура, которая принадлежит людям и авторам, а не так называемым правообладателям!

Вступайте в Пиратскую партию России и присоединяйтесь к борьбе за свободные мемы, открытые лицензии и право на ремиксы. Вместе мы сможем остановить цензуру и сохранить интернет как пространство творчества.

Сообщение Пираты любят мемы появились сначала на Пиратская партия России | PPRU.

Hanno cominciato ad ammazzare cattolici, stai a vedere che adesso comincia a importarcene qualcosa...

La presidente del Consiglio Giorgia Meloni ha condannato l’attacco contro la chiesa e in generale contro la popolazione civile con toni particolarmente duri: in un comunicato ha detto che «sono inaccettabili gli attacchi contro la popolazione civile che Israele sta dimostrando da mesi. Nessuna azione militare può giustificarla.

ilpost.it/2025/07/17/chiesa-sa…

Israele ha attaccato l’unica chiesa cattolica nella Striscia di Gaza

Quella della Sacra Famiglia: tre persone sono state uccise e nove ferite, fra cui il parroco

^{Il Post}