The first quarter of 2025 saw the continued publication of vulnerabilities discovered and fixed in 2024, as some researchers were previously unable to disclose the details. This partially shifted the focus away from vulnerabilities that received new CVE-2025-NNNNN identifiers. The nature of the CVE assignment process can result in a notable delay between problem investigation and patch release, which is mitigated by reserving a CVE ID early in the process. As for trends in vulnerability exploitation, we are seeing increasing rates of attacks targeting older operating system versions. This is mainly driven by two factors: users not installing updates promptly, and the ongoing rollout of new OS versions that include improved protections against the exploitation of vulnerabilities in certain subsystems.

Statistics on registered vulnerabilities

This section contains statistics on registered vulnerabilities. The data is taken from cve.org.

Total number of registered vulnerabilities and number of critical ones, Q1 2024 and Q1 2025 (download)

The first quarter of 2025, like previous ones, demonstrates a significant number of newly documented vulnerabilities. The trend largely mirrors previous years, so we will focus on new data that can be collected for the most popular platforms. This report examines the characteristics of vulnerabilities in the Linux operating system and Microsoft software, specifically the Windows OS. Given that the Linux kernel developers have obtained the status of a CVE Numbering Authority (CNA) and they can independently assign CVE identifiers to newly discovered security issues, all information about vulnerabilities can now be obtained firsthand.

Let us look at the Linux kernel vulnerabilities registered in the first quarter of 2025 and categorized according to their Common Weakness Enumeration (CWE) types.

Top 10 CWEs for Linux kernel vulnerabilities registered in Q1 2025 (download)

For Linux, the most common CWEs are those with the following identifiers:

• CWE-476: Null Pointer Dereference
• CWE-416: Use after Free
• CWE-667: Improper Locking
• CWE-125: Out-of-bounds Read
• CWE-908: Use of Uninitialized Resource, most often referring to regions of system memory

This set of vulnerability types is fairly common for system software. That said, exploiting vulnerabilities in these CWEs often demands complex read-and-write capabilities from attackers, due to Linux’s robust exploit mitigations such as kernel address space layout randomization (KASLR).

Let us examine similar statistics for Microsoft software. Given the developer’s extensive product lineup, a variety of security issues have been identified. As a result, we will limit our analysis to the most common CWEs for vulnerabilities disclosed during the first quarter of 2025.

TOP 10 CWEs for Microsoft product vulnerabilities registered in Q1 2025 (download)

In addition to the CWEs described above, the following types of vulnerabilities were also frequently reported in the first quarter:

• CWE-122: Heap-based Buffer Overflow
• CWE-787: Out-of-bounds Write

In general, the TOP 10 CWEs for Microsoft products and the Linux kernel tend to be similar or overlap, which means the vulnerabilities are rooted in comparable principles. As a result, we often see attack techniques being “ported” from Linux to Windows and vice versa, with attackers modifying existing exploits to target a different operating system. This method is likewise applied to multiple products of the same software type.

These CWEs have remained an issue for some time, in spite of ongoing efforts from the research and development community. Knowing the most frequently encountered vulnerabilities on a given platform provides insight into which tools attackers are likely to use to compromise it.

Exploitation statistics

This section presents statistics on vulnerability exploitation for the first quarter of 2025. The data draws on open sources and our telemetry.

Windows and Linux vulnerability exploitation

The first quarter of 2025 saw a year-over-year increase in attacks using Windows exploits. As before, the vast majority of detected exploits targeted Microsoft Office products. Even though office suite applications are now widely available as cloud services, vulnerable local versions remain popular with users.

Historically, Kaspersky products have most often detected exploits targeting the Windows platform that leverage the following older vulnerabilities:

• CVE-2018-0802: a remote code execution vulnerability in the Equation Editor component
• CVE-2017-11882: another remote code execution vulnerability, also affecting Equation Editor
• CVE-2017-0199: a vulnerability in Microsoft Office and WordPad allowing an attacker to gain control over the system

These three vulnerabilities were the most prevalent throughout 2024, and we expect this trend to continue.

Following the top three vulnerabilities, other commonly exploited issues include vulnerabilities in WinRAR and in the Windows operating system itself, such as:

• CVE-2023-38831: a vulnerability in WinRAR involving improper handling of files within archive contents
• CVE-2024-35250: a vulnerability in the ks.sys driver that stems from dereferencing an untrusted pointer, which can allow an attacker to execute arbitrary code
• CVE-2022-3699: a vulnerability in the Lenovo Diagnostics Driver that allows improper issuance of IOCTL commands, enabling the attackers to read from or write to arbitrary kernel memory

All of the vulnerabilities listed above can be used for privilege escalation, and those affecting the kernel and drivers can result in full system compromise. For this reason, we strongly recommend regularly installing updates for the relevant software.

Dynamics of the number of Windows users encountering exploits, Q1 2024—Q1 2025. The number of users who encountered exploits in Q1 2024 is taken as 100% (download)

For the Linux operating system, the most frequently exploited vulnerabilities in early 2025 targeted the following issues:

• CVE-2022-0847, also known as Dirty Pipe: a widespread vulnerability that allows privilege escalation and enables attackers to take control of running applications
• CVE-2019-13272: a vulnerability caused by improper handling of privilege inheritance, which can be exploited to achieve privilege escalation
• CVE-2021-3156: a heap overflow vulnerability in the sudo utility that allows attackers to escalate privileges to root

Dynamics of the number of Linux users encountering exploits, Q1 2024—Q1 2025. The number of users who encountered exploits in Q1 2024 is taken as 100% (download)

It is essential to keep your operating system and software up to date by promptly installing all available patches and updates. However, updates for the Linux kernel and applications included with most distributions are critical, as a single vulnerability can lead to full system compromise.

Most common published exploits

Distribution of published exploits by platform, Q4 2024 (download)

Distribution of published exploits by platform, Q1 2025 (download)

In the first quarter of 2025, operating systems – among the most complex types of software – continued to account for the highest number of published exploits. This is due to the large codebase and numerous OS components, as well as the operating system’s critical role in device functionality. Furthermore, we are seeing a steady rise in the number of browser exploits, a trend that continued throughout the past year. The proportion of exploits targeting vulnerabilities in Microsoft Office products has also increased.

Vulnerability exploitation in APT attacks

We analyzed data on attacks carried out by APT groups and identified which vulnerabilities they most frequently exploited during the first quarter of 2025. The following rankings are informed by our telemetry, research, and open-source data.

Top 10 vulnerabilities exploited in APT attacks, Q1 2025 (download)

Most attacker techniques are designed to gain access to the victim’s local network. As a result, the most commonly targeted vulnerabilities are typically found in perimeter devices and software that can function as server. Notably, the well-known critical Zerologon vulnerability, which allows attackers to take over a domain controller, has reappeared in the TOP 10 most exploited vulnerabilities.

The only exception to this trend is software used for accessing information, such as text editors and file-sharing applications.

Interesting vulnerabilities

This section covers the most noteworthy vulnerabilities published in the first quarter of 2025.

ZDI-CAN-25373: a vulnerability in Windows that affects how LNK files are displayed

The first vulnerability to make our list has been actively exploited against users for some time, yet it still lacks a CVE identifier. It affects LNK files in the Windows operating system. The main issue is that File Explorer does not fully display the data specified as parameters in application shortcuts. In the Target field, attackers add extra characters, such as spaces or line breaks, after a legitimate-looking path, followed by malicious commands that can compromise the system. At the same time, only the first part of the path is shown in the shortcut’s properties:

Example of shortcut properties with additional characters that are not fully displayed in File Explorer

Opening a shortcut like this executes commands that are hidden from the user. For example, the Target field might include arguments at the end of the line that trigger a request to download a payload using powershell.exe. It is important to consider the psychological aspect of this vulnerability: a file with hidden malicious activity like this can mislead users, since they cannot see the main actions that will be performed when the file is opened.

CVE-2025-21333: a heap buffer overflow vulnerability in the vkrnlintvsp.sys driver

This is a buffer overflow vulnerability in the kernel’s paged pool memory allocation that was actively exploited in zero-day attacks against end-user systems. The vulnerable vkrnlintvsp.sys driver, designed for Hyper-V, improperly handles pointers to kernel pool structures. This results in a paged pool overflow, allowing attackers to execute arbitrary code or escalate their privileges.

Notably, this vulnerability can be exploited during process creation within Windows Sandbox. The name of the vulnerable function, VkiRootAdjustSecurityDescriptorForVmwp, suggests that providing a security descriptor that exceeds the allowed size is sufficient to trigger the vulnerability. In this scenario, the memory counter responsible for calculating the security descriptor’s length will overflow, enabling arbitrary read/write operations of 0xffff bytes and ultimately allowing attackers to escape the sandbox environment.

CVE-2025-24071: a NetNTLM hash leakage vulnerability in the file system indexer

A built-in feature of File Explorer in all Windows operating systems has become a common tool for stealing NetNTLM hashes. Attackers distributed a malicious file with a .library-ms extension that contained a specially crafted directory path. The appearance of this file in the victim’s file system triggers the indexing mechanism. It opens a specified directory, and the operating system automatically performs NTLM authentication in the background without notifying the user, which results in the disclosure of NetNTLM hashes.

Conclusion and advice

The number of vulnerabilities registered in the first quarter of 2025 might appear misleading. One possible reason for the decrease is that security research findings or vulnerability descriptions are sometimes published well after the vulnerabilities are initially discovered. Therefore, it is critically important to update all software and devices as soon as updates become available.

To stay safe, it is essential to respond promptly to changes in the threat landscape. It is also recommended to ensure the following:

• Maintain continuous, around-the-clock monitoring of your infrastructure, with particular attention to perimeter defenses.
• Implement strong patch management process and apply security fixes without delay. Solutions like Kaspersky Vulnerability and Patch Management and Kaspersky Vulnerability Data Feed can be used to configure and automate vulnerability and patch management.
• Use robust solutions that can detect and block malware on corporate devices, and comprehensive tools that include incident response plans, employee training programs, and an up-to-date cyberthreat database.

securelist.com/vulnerabilities…

The following was a letter submitted by an anonymous Pirate supporter using the pseudonym “Forward Thoughts”, sharing critiques of “Uncle Sam”. This article is apart of the project “Message in a Bottle”, allowing supporters of the US Pirate Party to submit editorial articles to the United States Pirate Party website.

Uncle Sam, the personification of the federal government, is supposed to be a beacon of democracy and good fortune towards the will of the people right here in the United States of America. However, he has gotten too big for his britches since the beginning. History highlighting this goes as far back as Uncle Sam exerting his power from the Whiskey Rebellion to recently using the Enemy Alien Act of 1787 to deport immigrant dissenters speaking out against the genocide happening in Palestine.

Every state relies on his charity to a certain extent, some more than others. How can we rely on our government to provide for its people when it directly meddles and persistently goes against the will of its people by starting wars and cutting funds to social programs, sometimes it creates on its own volition?

In a way, the American people receive assistance from the suits and ties of Capitol Hill in Washington D.C., that assistance comes in the form of government regulations more so than it comes from funding assistance. Guns, voting, criminal penalties, taxes, immigration, etc. are always the hot button issues every politician or candidate running for office has on their agenda.

“I want to be controlled harder by my government” said no one ever.

In order to curtail exerting pragmatic force against the will of the people, there’s supposed to be a system our founding fathers put in place called “checks and balances.” How this works is there’s the executive branch consisting of the presidency and cabinet members, Congress which consists of both the House of Representatives and the Senate, and the Supreme Court which consists of 9 justices.

However, what happens when all 3 branches reciprocate the same political ideology as one another? Who’s gonna stop these corrupt politicians from filling the coffers of themselves and of their allies (the oligarchy) they’re in cahoots with? Now we’re faced with a constitutional crisis where all 3 branches need to be severed like an infected limb.

Get this: Uncle Sam can exert his power over the economy on a whim. Right now President Trump is putting his hand up Uncle Sam as a puppet and he’s levying taxes on Chinese imports and other countries around the world. In retaliation, other countries he’s levied tariffs on are levying retaliatory tariffs against our imports into their countries. Consequently, prices on goods and services are rising. Stocks on the stock market are plummeting.

History is repeating itself. Remember back in US history class (well, hopefully you were taught this in US history class) about the Great Depression at the very end of the 1920s? Part of the reason why the economy went into a spiral was because of then Congress’s tariffs on foreign imports. Consumers no longer were able to afford products, therefore companies losing profits, especially those in the manufacturing industry, laid off workers.

Granted it wasn’t as if President Hoover bypassed Congress to make the tariffs happen, but my point still stands on how tariffs cause unintentional side effects to our everyday lives.

Lesson learned: tariffs backfire immensely on the economy.

Then President Nixon back in 1969 wanted to defund TV program PBS, Public Broadcasting Service. The nonprofit network was created to provide educational programming in a non-commercialized manner. It has brought us shows such as Sesame Street, Arthur, Mr. Rogers’ Neighborhood, just to name a few.

Speaking of Mr. Rogers, he testified before Congress and managed to avert budget cuts for the nationally renowned TV station. Fast forward to present day 2025 — Republicans in Congress and President Trump are trying to cut funds for PBS. History is repeating itself yet again. Will we have a savior of PBS like we did back in 1969?

Lesson to be learned: PBS really is made possible by viewers like you.

Even at the state level, funding can be granted and cut based on the current majority party’s and governor’s ideology of that time. Pennhurst State School & Hospital in Spring City, PA is one of many examples of state government apathetic to the welfare of its people, especially a vulnerable population.

Opened in 1908 and closed in 1987, Pennhurst State School & Hospital was a product of an era of eugenics where those deemed unfit to reproduce in the Caucasian gene pool were euthanized or removed from society. Marginalized groups such as the epileptic and the mentally disabled were housed here, but soon grew to orphans, physically disabled, etc. Within a few years Pennhurst became overcrowded and conditions became deplorable.

In 1968, Bill Baldini did a 5-part segment on the conditions at Pennhurst exposing its wretched standard of living and abuse residents faced. There was a public outcry after the segment aired. Conditions seldomly improved from there on out until its closure in 1987. Fortunately, these residents were moved to boarding homes.

Have you ever heard of a Kirkbride psychiatric hospital? They’re long-term psychiatric hospitals designed in a batwing fashion with emphasis on natural light and air circulation. However, lack of funding and mismanagement had led to conditions in a handful of these facilities to be anything but cheery. In fact, it is what can easily be described as wicked.

Trenton Psychiatric Hospital in Trenton, NJ, under the direction of Dr. Henry Cotton, extracted organs and teeth from patients. In spite of high mortality rates and disprovable claims of cure rates, this persisted at the behest of Dr. Cotton during his tenure.

Philly (Philadelphia) State Hospital at Byberry opened in 1907. Unlike Trenton Psychiatric Hospital and others similar to Trenton, it was not made using the Kirkbride blueprints. This didn’t make the hospital any less susceptible to daunting conditions such as overcrowding, barbaric experiments, abuse, and neglect.

Props are in order to a conscientious objector named Charlie Lord, who between 1945 and 1946 was so appalled by the conditions he took note of that he covertly took photos and leaked them to the press. In these photos, raw sewage and naked men lined the hallways of Byberry.

Lesson to be learned: these residents were at the mercy of state politicians apathetic to their basic needs. Moreover and lastly, psychiatric hospitals such as the Kirkbride hospitals and disabled residential facilities such as Pennhurst are archaic and stunt personal psychiatric growth in patients.

Most states’ systems are designed to where property taxes fund our public schools. Back in the late 1800s, public schools were a shining gem of what America could be. Nowadays in many communities, our schools are nothing more than shadows of their former selves, meeting the minimum standards set by the state for funding.

Gone are the days of home economics and industrial shop classes. It’s all about standardized testing mandated by the state capital and even Uncle Sam, which is basically modern day phrenology. There’s educators and politicians who’ll justify this inane waste of paper by saying it measures how schools are doing with educating their students.

Standardized testing can be summed up in four words, it’s this: elite stay in control.

Lesson to be learned: standardized testing is a disease on our education system designed to punish lower socioeconomic schools and to keep those at the higher end of the socioeconomic.

uspirates.org/message-in-a-bot…

What if you could design your 3D print to fall apart on purpose? That’s the curious promise of a new paper from CHI 2025, which brings a serious hacker vibe to the sustainability problem of multi-material 3D printing. Titled Enabling Recycling of Multi-Material 3D Printed Objects through Computational Design and Disassembly by Dissolution, it proposes a technique that lets complex prints disassemble themselves via water-soluble seams. Just a bit of H₂O is needed, no drills or pliers.

At its core, this method builds dissolvable interfaces between materials like PLA and TPU using water-soluble PVA. Their algorithm auto-generates jointed seams (think shrink-wrap meets mushroom pegs) that don’t interfere with the part’s function. Once printed, the object behaves like any ordinary 3D creation. But at end-of-life, a water bath breaks it down into clean, separable materials, ready for recycling. That gives 90% material recovery, and over 50% reduction in carbon emissions.

This is the research – call it a very, very well documented hack – we need more of. It’s climate-conscious and machine-savvy. If you’re into computational fabrication or environmental tinkering, it’s worth your time. Hats off to [Wen, Bae, and Rivera] for turning what might otherwise be considered a failure into a feature.

youtube.com/embed/akN1_7oDHr8?…

hackaday.com/2025/05/30/sustai…

Just a quickie for anyone who is in the neighborhood, today the annual Open Source Hardware Summit conference starts in Edinburg, Scotland. If you’re able to make it, it’s a microcosm of the open-source hardware world, and full of great talks and great hackers.

If you’re not in Scotland, they have a livestream on YouTube that you should check out, as well as a Discord server for discussions during the event. It’s going on right now!

hackaday.com/2025/05/30/today-…

It’s fair to say that there can’t be many developers who have found the need for a rotary telephone dial as a peripheral for their Linux computer, but in case you are among them you might find [Stefan Wiehler]’s kernel driver for rotary dials to be of use.

It’s aimed at platforms such as systems-on-chip that have ready access to extra GPIOs, of which it will need a couple to service the BUSY and PULSE lines. There are full set-up instructions, and once it’s in place and configured it presents the dial as though it were a number pad.

We like this project, in fact we like it a lot. Interfacing with a dial is always something we’ve done with a microcontroller though, so it will be interesting to see whether it finds a use beyond merely curiosity. We can already see a generation of old-school dial IP phones using Linux-capable dev boards. He leaves us with a brief not as to whether Linus Torvalds would see it as worthy of mainline inclusion, and sadly however much we want things to be different, we agree that it might be wishful thinking.

If you’d like to use a dial phone, there can be simpler ways to do it.

Header: Billy Brown, CC BY 2.0 .

hackaday.com/2025/05/30/what-d…

Il 66% dei docenti italiani afferma di non essere formato per insegnare l’IA e la cybersecurity. Se consideriamo le sole scuole pubbliche, la percentuale aumenta drasticamente al 76%. La domanda che sorge è: stiamo davvero preparando gli studenti al futuro o stiamo arrancando rispetto all’evoluzione del mondo odierno?

Come possiamo parlare seriamente di autonomia tecnologica, digitalizzazione e futuro, se la classe dirigente di domani – che oggi siede sui banchi di scuola – cresce senza gli strumenti per comprenderli e governarli?

I dati dello studio

Un nuovo report condotto da GoStudent, basato su un sondaggio condotto su oltre 5.000 genitori e studenti e 300 insegnanti in tutta Europa, ha rivelato un crescente divario di conoscenze sull’IA tra l’istruzione di cui gli studenti necessitano e quello che le scuole attualmente offrono.

Tra esami tradizionali, programmi di studio rigidi e modelli didattici obsoleti, insegnanti, studenti e genitori condividono tutti un desiderio di cambiamento.

• Solo il 34% degli insegnanti italiani è preparato a insegnare l’intelligenza artificiale, un gap che si amplia nelle scuole pubbliche, dove la formazione scende al 24%.
• L’81% degli studenti italiani usa già l’intelligenza artificiale, ma solo il 28% impara queste competenze in classe.
• Gli studenti italiani chiedono competenze cruciali per il futuro, come cybersecurity (41%), sviluppo tecnologico (37%) e machine learning (35%).
• Il divario tra le regioni italiane è allarmante: mentre la Lombardia guida, con una preparazione del 24% dei docenti sull’IA, altre regioni sono indietro, con alcuni territori dove meno del 10% degli insegnanti si sente pronto a insegnare l’IA.

L’insegnamento della matematica e informatica va ripensata completamente

Secondo gli insegnanti, i programmi di informatica e matematica non sono allineati con il mondo sempre più digitale in cui viviamo. In tutti i paesi oggetto della ricerca, gli insegnanti concordano nell’affermare che matematica e informatica sono le due principali materie che non vengono più impartite in modo adeguato.

Gli insegnanti francesi si dimostrano particolarmente insoddisfatti di entrambe le materie: il 28% afferma che l’informatica non soddisfa più il suo obiettivo e il 30% sostiene lo stesso per la matematica. Entrambe le materie non riescono a stare al passo con un mondo digitale in rapida evoluzione. La matematica, in particolare, è oggetto di critiche
da parte degli insegnanti per il modo troppo approfondito con cui viene insegnata, con 

pesanti limiti di applicazione nel mondo reale.

Alcune materie mettono d’accordo sia genitori che studenti e studentesse: si tratta di danza e religione, il che è forse dovuto alla crescente laicità delle società europee.10 Sebbene il corpo docente ritenga che il modo in cui viene insegnata la matematica sia datato e non pertinente, i bravi insegnanti continuano ad avere un forte impatto.

La cybersecurity deve essere introdotta subito nelle scuole!

Fortunatamente, genitori e insegnanti dimostrano una crescente consapevolezza dello scenario digitale, quando si tratta di immaginare le competenze che ragazzi e ragazze dovranno possedere per affrontare il mondo di domani. Oggi, vivere connessi è la normalità: smartphone, social media, ambienti virtuali e intelligenza artificiale sono parte integrante della quotidianità degli studenti. E proprio tra le competenze da introdurre con urgenza nei programmi scolastici, spicca con forza la cybersecurity, seguita da vicino dall’IA.

Per insegnanti e personale educativo, l’introduzione della cybersicurezza va di pari passo con lo sviluppo di una coscienza etica e morale, strumenti fondamentali per affrontare le sfide sociali che la tecnologia può portare con sé. In Austria, ad esempio, il 66% dei docenti è favorevole all’inserimento dell’etica come materia scolastica. Dall’altro lato, i genitori si concentrano maggiormente su ciò che serve concretamente ai figli nel breve termine: cybersicurezza, educazione finanziaria e comunicazione. In Spagna, oltre la metà dei genitori vorrebbe che la cybersecurity diventasse parte integrante del curricolo scolastico.

Anche le nuove generazioni sono pienamente consapevoli del peso crescente della tecnologia: ragazze e ragazzi indicano l’intelligenza artificiale e la cybersicurezza come materie di primaria importanza. Questo dato rivela un bisogno profondo di comprendere non solo le opportunità del digitale, ma anche i rischi e le minacce a cui ci si espone online. Parlare di phishing, furto d’identità, ingegneria sociale e protezione dei dati personali fin dalle scuole primarie significa formare cittadini digitali più consapevoli, responsabili e resilienti.

È evidente che l’educazione digitale non può più essere un’aggiunta facoltativa. Senza integrare la cybersecurity nei percorsi scolastici, priviamo intere generazioni della capacità di proteggersi in rete, riconoscere i pericoli digitali e costruire un’etica digitale solida. Allo stesso modo, l’assenza dell’intelligenza artificiale nei programmi scolastici significa non fornire gli strumenti per affrontare un futuro basato sull’analisi dei dati e sul problem solving avanzato. Il tempo di agire è ora: la scuola deve diventare la prima linea di difesa nella società digitale.

Conclusioni della cruda realtà italiana

In Italia, è arrivato il momento di ripensare radicalmente il modello scolastico, adeguandolo al mondo digitale in cui viviamo. Se oggi trascorriamo in media il 30% della nostra vita connessi a dispositivi digitali, è impensabile continuare a ignorare l’urgenza di introdurre materie come la cybersicurezza, l’intelligenza artificiale e l’etica del digitale nei programmi scolastici. Platone, Socrate e Manzoni resteranno sempre fondamentali nella formazione del pensiero critico e della cultura umanistica, ma non possiamo lasciare che la scuola italiana resti ancorata solo al passato, mentre il presente corre a velocità digitale.

Serve una visione strategica. È necessario che il Ministero dell’Istruzione avvii con urgenza una riforma strutturale, che dia alle discipline digitali lo stesso peso delle materie tradizionali, fin dalla scuola primaria. Se vogliamo che le future generazioni siano in grado di affrontare con consapevolezza le sfide tecnologiche e sociali che ci attendono, dobbiamo prepararle oggi. Altrimenti, tra trent’anni, i ragazzi e le ragazze di oggi – che saranno la futura classe dirigente – non avranno gli strumenti per guidare il Paese in un mondo governato dal digitale e che non sta ad aspettarci.

La Cina, la Russia e gli Stati Uniti stanno già formando le nuove generazioni in questa direzione, con curricoli scolastici che includono la programmazione, la sicurezza informatica, l’intelligenza artificiale e la comprensione critica dei media digitali. L’Italia, invece, rischia di restare ancora una volta il fanalino di coda della tecnologia mondiale, non per mancanza di talento, ma per mancanza di visione e di strategia.

Non possiamo parlare di autonomia tecnologica nazionale se non partiamo dalle scuole. È lì che si costruisce il futuro del Paese. E ogni giorno perso senza un cambiamento reale è un giorno in più di ritardo rispetto al mondo che ci circonda.

L'articolo Scuole italiane: Non ci siamo! Occorre una riforma epocale sulle tecnologie digitali. Subito! proviene da il blog della sicurezza informatica.

nugole.it/nugoletta/ju/p/17485…

Ju

2025-05-30 05:21:56

Questo è bello.
Storie di Verona: il brigante Falasco.

La torre Falasco è ancora in piedi, costruita in una specie di rientranza - coalo - in una delle molte falesie. Si vede facendo un po' di attenzione quando si risale la Valpantena, è sul lato a sinistra della valle venedo su da Verona.
Nell'articolo dice che s'è perso arrivandoci ma da quel che mi ricordo c'è una stradella abbastanza confortevole che porta su.

larena.it/rubriche/vi-cammino-…

La leggenda del Brigante Falasco. Bello e spietato, era il terrore della valle

I Balladoro, i Leonardi, i Tedeschi, gli Oliboni, i Benella di Laudi, i Rotari, i Padoani, gli Allegri… Perché dal passato riaffiorano... Scopri di più

^{Alessandro Anderloni (L'Arena)}

Le autorità statunitensi raccolgono e conservano il DNA dei bambini migranti in un database criminale federale progettato per rintracciare i criminali. Secondo i documenti ottenuti da WIRED, il Combined DNA Index System (CODIS) ha già caricato i profili genetici di oltre 133.000 minori, anche di bambini molto piccoli. Stiamo parlando di una sorveglianza biometrica di portata senza precedenti , che colpisce perfino i più giovani attraversatori di frontiera, quelli che hanno appena imparato a leggere o ad allacciarsi le scarpe.

Il programma attivo di raccolta del DNA è iniziato nel 2020. Gli esperti stimano che il numero effettivo di dati univoci conservati dall’FBI sia di almeno 1,5 milioni, di cui oltre 1,3 milioni di dati riguardano adulti e 133 mila minori.

I nuovi dati pubblicati sul sito web della U.S. Customs and Border Protection (CBP) nel febbraio 2025 hanno mostrato che la raccolta del DNA ha subito una significativa accelerazione nel 2024, soprattutto con l’aumento degli arresti alla frontiera. Ad esempio, solo in un giorno di gennaio 2024, l’ufficio CBP di Laredo, in Texas, ha inviato 3.930 campioni di DNA per l’analisi, 252 dei quali appartenevano a individui di età inferiore ai 18 anni.

Nonostante le attuali norme stabiliscano a 14 anni l’età minima per la rilevazione obbligatoria delle impronte digitali e del DNA, le prove dimostrano che sono stati prelevati campioni anche da bambini più piccoli. In totale, 227 segnalazioni riguardano bambini di età inferiore ai 14 anni, tra cui bambini di dieci anni, undici anni e uno di quattro anni. Tecnicamente, la CBP ha l’autorità di derogare ai limiti di età in casi di “potenziali situazioni criminali”, ma le statistiche mostrano che solo il 2,2 percento dei minorenni è stato effettivamente incriminato o arrestato. La maggior parte di loro è elencata nel database solo come “trattenuta”.

I campioni di DNA vengono raccolti tramite un tampone dall’interno della guancia e poi inviati all’FBI per l’analisi, dove vengono utilizzati per creare un profilo identificativo per il database CODIS. Originariamente il sistema era stato progettato per conservare il DNA di autori di reati sessuali e di persone condannate per reati gravi. I marcatori utilizzati non contengono informazioni sulle malattie o sull’aspetto, ma il campione grezzo completo può essere conservato indefinitamente, suscitando preoccupazione tra gli attivisti per i diritti umani .

I dati del DNA sono tra le informazioni personali più sensibili e permanenti che esistano. Ogni profilo genetico è unico e immutabile, una sorta di firma biologica che ci accompagna per tutta la vita. A differenza di una password o di un numero di telefono, il DNA non può essere modificato, sostituito o aggiornato. Una volta che un campione genetico entra in un database come il CODIS, rimane collegato per sempre all’identità dell’individuo, rendendo ogni fuga di dati una violazione non solo della privacy, ma dell’integrità biologica della persona stessa.

Proprio per questa immutabilità, un eventuale data breach o attacco informatico a un database genetico rappresenta una minaccia di portata straordinaria. Se un hacker ruba il numero della tua carta di credito, puoi bloccarla e richiederne una nuova.

Ma se qualcuno ottiene il tuo profilo genetico, non esiste alcun modo per cambiarlo. I dati del DNA possono essere utilizzati per identificarti, rintracciare membri della tua famiglia, prevedere predisposizioni genetiche a malattie, o anche escluderti da benefici sociali e assicurativi. È come se qualcuno rubasse la tua identità, ma in una forma che non puoi mai più recuperare.

L'articolo Prima di togliersi il pannolino, era già nel database del governo! proviene da il blog della sicurezza informatica.

Il marchio di moda Victoria’s Secret ha segnalato un grave incidente di sicurezza che ha temporaneamente bloccato il sito web dell’azienda e interrotto alcune funzionalità nei suoi negozi al dettaglio.

Al momento, il sito è stato ripristinato, ma fino alla giornata di ieri era presente con un breve messaggio in cui l’azienda spiega di aver registrato l’incidente e di star prendendo tutte le misure necessarie per risolverlo.

Si prega di notare che sia i negozi Victoria’s Secret sia la sua catena affiliata PINK erano rimasti aperti, ma alcuni servizi sono stati temporaneamente non disponibili. La direzione assicura che il team sta lavorando 24 ore su 24 per riportare le operazioni alla normalità.

In un’intervista con i giornalisti, un rappresentante dell’azienda ha confermato che sono stati coinvolti specialisti terzi per condurre le indagini. È stato affermato che, dopo aver rilevato la minaccia, sono stati rapidamente attivati ​​protocolli di risposta interni e, per eccesso di cautela, è stata presa la decisione di disattivare temporaneamente le piattaforme digitali.

La CEO di Victoria’s Secret, Hillary Super, ha detto ai dipendenti che il processo di recupero potrebbe richiedere molto tempo. Questa informazione è stata confermata da una notifica interna ottenuta da Bloomberg .

Victoria’s Secret gestisce circa 1.380 negozi in quasi 70 paesi e ha registrato un fatturato di 6,23 miliardi di dollari nell’ultimo anno fiscale, conclusosi il 1° febbraio 2025. La portata dell’operazione evidenzia il potenziale impatto della rivoluzione digitale, soprattutto considerando la forte dipendenza dei rivenditori dalle vendite online e dall’automazione dei servizi offline.

In particolare, l’incidente si è verificato nel bel mezzo di un’ondata di attacchi informatici che ha travolto i marchi di vendita al dettaglio a livello globale. Solo due settimane fa, Dior ha segnalato un attacco informatico e la scorsa settimana Adidas ha confermato una fuga di notizie simile.

In precedenza, erano stati colpiti i rivenditori britannici Harrods, Co-op e Marks & Spencer. Quest’ultima società stima che le potenziali perdite derivanti dall’attacco informatico ammonteranno a 300 milioni di sterline, equivalenti a 402 milioni di dollari.

Sebbene non siano stati stabiliti collegamenti ufficiali tra gli attacchi, il gruppo DragonForce ha rivendicato la responsabilità degli incidenti che hanno coinvolto Dior, Adidas e Marks & Spencer.

Victoria’s Secret non ha ancora divulgato i dettagli tecnici dell’incidente né ha dichiarato se i dati personali dei clienti siano stati interessati. Tuttavia, l’entità delle interruzioni lascia intuire la potenziale gravità dell’attacco. Si prevede che ulteriori informazioni saranno pubblicate una volta completata la fase iniziale dell’indagine.

L'articolo Anche Gli Hacker amano il Rosa! Victoria’s Secret chiude online dopo l’attacco informatico proviene da il blog della sicurezza informatica.

Last week, we examined a Doom port for the venerable Atari ST. As is so often the way with this thing, one netted another, and [Steve] wrote in to inform us about a different version under the name DOOM8088ST.

The port is so named because it’s based on Doom8088, which was originally written for DOS machines running Intel 8088 or 286 CPUs. Both ports are the work of [FrenkelS], and aims to bring the Doom experience into the far more resource constrained environment of the Atari ST. There is only very limited sound, no saving, and it only supports Doom 1 Episode 1. Still, it’s quite recognizable as Doom!

Doom8088ST is tunable to various levels of performance, depending on what you’re running it on. Low mode (30 x 128) is suitable for stock Atari ST machines running at 8 MHz. It’s described as having “excellent” framerate and is very playable. If you’ve got an upgraded ST or Mega STe, you can try Medium (60 x 128), which has greatly improved visuals but is a lot heavier to run.

Files are on Github for those interested to run or tinker with the code. Don’t forget to check out the other port we featured last week, either, in the form of STDOOM. Video after the break.

youtube.com/embed/81Tb2tIwLwI?…

[Thanks to Steve for the tip!]

hackaday.com/2025/05/29/anothe…

Oltre 9.000 router Asus sono stati hackerati dalla botnet AyySSHush, che attacca anche i router SOHO di Cisco, D-Link e Linksys. Questa campagna dannosa è stata scoperta dai ricercatori di GreyNoise a metà marzo 2025. Gli esperti sostengono che gli attacchi potrebbero essere collegati ad hacker governativi, anche se il rapporto non cita alcun gruppo specifico.

Secondo gli esperti, gli attacchi AyySSHush combinano la forza bruta per indovinare le credenziali, bypassare l’autenticazione e sfruttare vecchie vulnerabilità per hackerare i router Asus, inclusi i modelli RT-AC3100, RT-AC3200 e RT-AX55. Nello specifico, gli aggressori sfruttano una vecchia vulnerabilità di iniezione di comandi, la CVE-2023-39780, per aggiungere la propria chiave SSH pubblica e consentire al demone SSH di ascoltare su una porta TCP non standard, la 53282.

Queste modifiche consentono agli aggressori di ottenere un accesso backdoor al dispositivo e di mantenerlo attivo anche dopo riavvii e aggiornamenti del firmware. “Dato che la chiave viene aggiunta utilizzando le funzioni ufficiali Asus, questa modifica alla configurazione viene mantenuta attraverso gli aggiornamenti del firmware”, spiega GreyNoise. “Se sei stato attaccato, l’aggiornamento del firmware non rimuoverà la backdoor SSH.”

I ricercatori sottolineano che gli attacchi AyySSHush sono particolarmente furtivi perché gli hacker non utilizzano malware e disattivano anche la registrazione e la protezione AiProtection di Trend Micro per evitare di essere rilevati. Tuttavia, GreyNoise segnala di aver rilevato solo 30 query dannose correlate alla campagna negli ultimi tre mesi, mentre la botnet ha già infettato più di 9.000 router Asus.

Si ritiene che questa campagna possa sovrapporsi all’attività Vicious Trap, di cui gli analisti di Sekoia hanno recentemente messo in guardia. All’epoca, i ricercatori notarono che gli aggressori stavano sfruttando la vulnerabilità CVE-2021-32030 per hackerare i router Asus.

Nel complesso, la campagna scoperta da Sekoia prende di mira router SOHO, VPN SSL, DVR, controller D-Link BMC, nonché dispositivi Linksys, Qnap e Araknis Networks. I ricercatori hanno ipotizzato che gli aggressori stessero creando un’enorme rete honeypot di dispositivi compromessi e che, con il suo aiuto, avrebbero potuto “osservare i tentativi di sfruttamento in diversi ambienti, raccogliere exploit non pubblici e zero-day e riutilizzare l’accesso ottenuto da altri hacker”.

Come nel caso di ViciousTrap, gli obiettivi precisi degli operatori di AyySSHush non sono chiari, poiché i dispositivi infetti non vengono utilizzati per attacchi DDoS o per il proxy di traffico dannoso. I ricercatori sottolineano che gli sviluppatori di Asus hanno rilasciato patch per la vulnerabilità CVE-2023-39780, ma la loro disponibilità dipende dal modello specifico del router.

Si consiglia agli utenti di aggiornare il firmware il prima possibile, di verificare la presenza di file sospetti e di cercare la chiave SSH degli aggressori nel file authorized_keys. Gli indicatori di compromesso sono disponibili qui .

Gli esperti di GreyNoise hanno anche pubblicato quattro indirizzi IP associati ad attività dannose e che dovrebbero essere inseriti nella blacklist: 101.99.91[.]151, 101.99.94[.]173, 79.141.163[.]179 e 111.90.146[.]237.

L'articolo AyySSHush colpisce duro! Oltre 9.000 router Asus son finiti nella Botnet in una campagna stealth proviene da il blog della sicurezza informatica.

The Rasberry Pi Zero is a delightful form factor, with its GIPO and USB and HDMI, but it’s stuck using the same old ARM processor all the time. What if you wanted to change it up with some OpenSPARC, RISC V, OpenPOWER, or even your own oddball homebrew ISA and processor? Well, fret not, for [Chengyin Yao]’s IcePi Zero has got you covered with its ECP5 25F FPGA.

As the saying goes, you don’t tell an FPGA what to do, you tell it what to be. And with the ECP5 25F’s 24k LUTs, you can tell it to be quite a few different things. This means more work for the maker than plugging in a fixed processor, sure, but IcePi tries to make that as painless as possible with quality-of-life features like HDMI out (something missing from many FPGA dev boards), an onboard USB-to-JTAG converter (so you can just plug it in, no programmer needed), and even USB-C instead of the Pi’s old microUSB. There’s the expected SD card on one end, and 256 MiB of 166 MHz SDRAM on the other to make up for the FPGA’s paltry 112 KiB of onboard RAM.

Plus it’s a drop-in replacement for the Pi Zero, so if you’ve already got a project that’s got one of those running an emulator, you can fab one of these babies, spool up some Verilog, and enjoy running on bare metal. It seems like this device is just made for retro gaming handhelds, but we’d love to hear in the comments if you have other ideas what to do with this board– remember that an FPGA can be (almost) anything, even a GPU!

Currently, [Chengin Yao] is not selling the board, though they may reconsider due to demand in their Reddit thread. If you want one, you’ll have to call your favourite fabricator or etch your own PCB.

We’ve seen FPGAs before; most recently to create an absurdly fast 8080 processor. We’ve also seen DIY dev boards, like this one for the AMD Zyntac FPGA. Doing something fun with FPGAs? Drop us a tip! We’re happy [Chengin Yao] did, because this is amazing work, especially considering they are only 16 years old. We cannot wait to find out what they get up to next.

hackaday.com/2025/05/29/icepi-…

[Boylei] shows that those little LED filament strips make great freeze-frame blaster shots in a space battle diorama. That’s neat and all, but what we really want to highlight is a simple tip [Boylei] shares about working with these filament strips: how to glue them.
Glue doesn’t stick to LED filament strips, so put on a small piece of heat-shrink and glue to that instead.
The silicone (or silicone-like) coating on these LED filament strips means glue simply doesn’t stick. To work around this, [Boylei] puts a piece of clear heat shrink around the filament, and glues to that instead. If you want a visual, you can see him demonstrate at 6:11. It’s a simple and effective tip that’s certainly worth keeping in mind, especially since filament strips invite so many project ideas.

When LED filament strips first hit the hobbyist market they were attractive, but required high operating voltages. Nowadays they are not only cheaper, but work at battery-level voltages and come in a variety of colors.

These filaments have only gotten easier to work with over the years. Just remember to be gentle about bending them, and as [Boylei] demonstrates, a little piece of clear shrink tubing is all it takes to provide a versatile glue anchor. So if you had a project idea involving them that didn’t quite work out in the past, maybe it’s time to give it another go?

youtube.com/embed/0LqOKcvREHs?…

hackaday.com/2025/05/29/a-simp…

The Trump administration’s hostility to First Amendment rights extends beyond the press to nonprofit organizations, museums, colleges, and anyone else who might question his infallibility.

But his targeting of the press is a key component of the administration’s effort to appoint itself the country’s sole arbiter of truth. Freedom of the Press Foundation (FPF) Advocacy Direction Seth Stern writes for the Daily Beast that in Trump’s view, “inconvenient truths and malicious lies are equally troublesome. They must be met with equal force.”

Stern urged journalists and others who value press freedom to treat these attacks not as passing storms but as existential threats.

Read Stern’s article here.

freedom.press/issues/when-alte…

There are lots of different types of microphone, with the ribbon microphone being one of the rarer ones. Commercial versions are often prized for their tone and frequency response. You can make your own too, as [Something Physical] demonstrates using a packet of chewing gum.

Yes, the ribbon in this microphone was literally gained from Airwaves Extreme gum. It’s got nothing to do with freshness or the special mintiness quotient of the material, though; just that it’s a conductive foil and it makes the YouTube video more interesting to watch.

The gum wrapper is first soaked in hot water and then acetone, such that the paper backing can be removed. The foil is then corrugated with a tube press with some baking paper used for protection during this delicate process. The “motor” of the ribbon microphone is then produced out of plexiglass, copper tape, and a pair of powerful magnets. The ribbon is then stretched between the magnets and clamped in place, acting as the part of the microphone that will actually vibrate in response to sound. As it vibrates in the magnetic field, a current is generated in response to the sound. From there, it’s just a matter of hooking up a custom-wound transformer to the wires leading to the “motor” and it’s ready to test. It works off the bat, but there is some noise. Adding shielding over the transformer and a proper enclosure helps to make the microphone more fit for purpose.

If you’ve ever wanted to experiment with microphone construction, it’s hard to go past the joy of building a simple ribbon mic. You can experiment at will with different sizes and materials, too; you needn’t just limit yourself to different brands of gum!

We’ve featured some other great mic builds over the years, too. Video after the break.

youtube.com/embed/jkF-g9pnBSg?…

hackaday.com/2025/05/29/you-ca…