Negli Stati Uniti è stato aperto un procedimento penale contro il 24enne Noah Lamb, che gli inquirenti ritengono sia uno degli organizzatori di un complotto per uccidere alti funzionari e altre personalità note. Secondo l’accusa, Lamb, insieme ad altri membri del gruppo estremista, avrebbe stilato una lista di persone da eliminare. Secondo l’inchiesta, questa lista includeva dipendenti di enti governativi federali, regionali e locali, nonché dirigenti di grandi aziende e organizzazioni pubbliche.

Le vittime non sono state scelte a caso. Le persone sono state incluse in base alla loro razza, religione, origine nazionale, orientamento sessuale o identità di genere. Il caso sarà processato nel distretto orientale della California, dove Lamb è accusato. Il sospettato è legato al movimento radicale Terrorgram Collective. Questo gruppo estremista di estrema destra è stato designato organizzazione terroristica dall’amministrazione Biden all’inizio del 2025.

Terrorgram utilizza attivamente Telegram per diffondere propaganda e coordinare le azioni. L’ideologia del gruppo si basa sul concetto di superiorità razziale e incita alla violenza basata sull’etnia o sulla religione. Anche le autorità britanniche e australiane hanno aggiunto questo movimento alle loro liste di gruppi proibiti. L’indagine su Lamb nasce dall’arresto di due presunti leader del gruppo avvenuto lo scorso autunno, quando le forze dell’ordine hanno preso in custodia Dallas Humber, 34 anni, della California, e Matthew Allison, 37 anni, dell’Idaho.

Furono accusati di aver creato una lista “nera” simile, di aver incitato a omicidi, di aver incitato all’odio etnico e di aver sostenuto altre strutture terroristiche. Ciò includeva la distribuzione di istruzioni su come fabbricare ordigni esplosivi. L’identità delle presunte vittime coinvolte nelle indagini su Lamb e sui suoi complici non è stata resa pubblica ufficialmente, ma è noto che si tratta di persone di notevole levatura sociale o politica.

Secondo il Dipartimento di Giustizia degli Stati Uniti, Lamb deve rispondere di otto capi d’accusa, tra cui cospirazione, istigazione all’omicidio di dipendenti federali, pubblicazione di informazioni personali di funzionari governativi e minacce nei loro confronti. Il vice procuratore generale John Eisenberg ha sottolineato che le reti criminali internazionali che diffondono idee radicali e pianificano omicidi rappresentano una minaccia diretta per la società e saranno perseguite con il massimo rigore previsto dalla legge. Se condannato, Lamb rischia fino a 85 anni di carcere. Il processo si terrà in California.

Le forze dell’ordine hanno parlato per la prima volta del Terrorgram Collective nel 2017. Gli ideologi del gruppo sono convinti che una serie di attacchi e atti terroristici potrebbero provocare un conflitto razziale, distruggere le istituzioni di potere esistenti e portare alla creazione di uno stato etnocratico.

Il canale Telegram principale invia regolarmente ai partecipanti materiale che incita ad attaccare oppositori politici e minoranze. Distribuisce inoltre istruzioni su come preparare gli attacchi ed elenchi di obiettivi prioritari, tra cui infrastrutture strategiche. L’indagine ha già collegato i membri di Terrorgram a reati specifici. Lo scorso luglio, il gruppo stava preparando un attacco a impianti energetici nel New Jersey. Ad agosto, si è verificato un accoltellamento in una moschea in Turchia. E nell’autunno del 2022, si è verificata una sparatoria nei pressi di un bar frequentato da membri della comunità LGBT in Slovacchia.

L'articolo Terrorgram Collective: 24enne accusato di complotto per uccidere funzionari rischia 85 anni proviene da il blog della sicurezza informatica.

You could use a little pocket-sized Pez dispenser if you’re a humble, reserved person. Or, you could follow the example of [Backhaul Studios], and build a dangerously powerful blaster that shoots Pez fast enough to shatter them into pieces. Just don’t aim it at your own mouth.

As the video explains, Pez is really the perfect candy for this application. It’s compact, hard, and already designed to be dispensed via a magazine. It’s thus not a big stretch to set it up to be fired out of a pistol-like blaster. The build is of the flywheel type, where a pair of counter-rotating wheels fling the candy out at great speed. The wheels themselves are spun up to high speed with a pair of small brushless motors, running off hobby speed controllers and lithium-ion batteries. A simple trigger mechanism dispenses the rectangular candies into the wheel mechanism, sending them flying out of the blaster at will. It’s all 3D-printed, designed specifically for the purpose of high-speed candy delivery.

The video goes into great detail on the design, from the development of the TPU treads on the flywheels and other details that helped improve the effectiveness of the design. The final build shoots Pez fast enough that they practically detonate upon hitting a surface.

We’ve featured some innovative work in this space from [Backhaul Studios] before—the condiment cannon was really quite something. Video after the break.

youtube.com/embed/wibRAZ_pmeY?…

hackaday.com/2025/07/03/pez-bl…

È stata scoperta una vulnerabilità nel plugin Forminator per WordPress che consente l’eliminazione non autorizzata di file arbitrari, il che potrebbe portare al controllo completo del sito vulnerabile. Al problema è stato assegnato l’identificatore CVE-2025-6463 (8,8 punti sulla scala CVSS) e riguarda tutte le versioni di Forminator fino alla 1.44.2. Il bug è stato scoperto da un ricercatore soprannominato Phat RiO – BlueRock, che lo ha segnalato a Wordfence il 20 giugno 2025. Lo specialista ha ricevuto una ricompensa di 8.100 dollari per aver scoperto questa vulnerabilità.

Forminator, creato da WPMU DEV, è un generatore di moduli di pagamento, moduli di contatto, moduli di feedback, moduli di quiz, moduli di sondaggio e questionari per siti WordPress. Il plugin utilizza una semplice funzionalità drag-and-drop e offre ampie possibilità di integrazione con terze parti. Secondo le statistiche di WordPress.org , il plugin è attualmente installato e attivo su 600.000 siti.

La vulnerabilità scoperta è correlata a una convalida e sanificazione degli input insufficienti, nonché a una logica di eliminazione dei file non sicura nel codice backend del plugin. Pertanto, quando un utente invia un modulo, la funzione save_entry_fields() salva tutti i valori dei campi, inclusi i percorsi dei file, senza verificare se questi campi debbano funzionare con i file.

Un aggressore può quindi sfruttare questo comportamento per iniettare un array di file appositamente creato in un campo qualsiasi (anche un campo di testo), simulando un file caricato con un percorso personalizzato, ad esempio puntando al file critico /var/www/html/wp-config.php.

Se l’amministratore elimina manualmente tale record (o se è abilitata l’eliminazione automatica dei vecchi record), Forminator cancellerà questo file di sistema di WordPress, dopodiché il sito entrerà in modalità di configurazione iniziale e diventerà vulnerabile agli attacchi. “Rimuovendo wp-config.php il sito entra in uno stato di configurazione che consente a un aggressore di avviare un’acquisizione del sito collegandolo a un database sotto il suo controllo”, spiega Wordfence.

Il 30 giugno, gli sviluppatori del plugin hanno rilasciato una versione patchata, la 1.44.3, che ha aggiunto un controllo per il tipo di campo e il percorso del file. Questo garantisce che le eliminazioni siano limitate alla sola directory di caricamento di WordPress. Da quando è stata rilasciata la patch, il plugin è stato scaricato circa 200.000 volte, ma non si sa quante installazioni siano ancora vulnerabili a CVE-2025-6463.

Si consiglia a tutti gli utenti di Forminator di aggiornare il prima possibile alla versione più recente o di disattivare il plugin finché la patch non sarà installata.

L'articolo Vulnerabilità Forminator: 600.000 siti WordPress a rischio proviene da il blog della sicurezza informatica.

Il panorama underground dei forum cybercriminali continua a evolversi e sta cambiando. Con un annuncio ufficiale pubblicato il 25 giugno 2025 sia su Telegram sia all’interno del forum DarkForums, l’utente Knox – attuale amministratore e figura apicale della piattaforma – ha comunicato il passaggio di controllo del canale Telegram “The Jacuzzi”, noto anche come baphchat, sotto l’egida di DarkForums.

Questa mossa rappresenta l’ennesimo tassello nella lenta ma inesorabile disgregazione dell’ecosistema lasciato vacante da BreachForums, a seguito degli eventi legali che ne hanno segnato la chiusura nel 2023 e la successiva instabilità nel 2024. Il canale “The Jacuzzi” era stato originariamente concepito come spazio non ufficiale per la community di BreachForums, in cui operatori, venditori e attori del cybercrime potevano interagire informalmente al di fuori delle rigidità della piattaforma principale.

Dal declino di BreachForums alla riconfigurazione di DarkForums

BreachForums successore spirituale del celebre RaidForums– aveva consolidato nel tempo una struttura centralizzata incentrata sullo scambio di database violati, dati personali (PII) e credenziali, finché l’arresto del suo amministratore “pompompurin” nel marzo 2023 non ha segnato un punto di non ritorno. Nonostante vari tentativi di rilancio da parte di attori come Baphomet e altri fork della community, il progetto non è mai più tornato alla stabilità iniziale.

In questo vuoto, DarkForums ha saputo giocare un ruolo strategico, acquisendo credibilità e utenza attraverso un’offerta simile in termini di contenuti (accessi RDP, combolist, leak, strumenti di malware development) ma con una governance meno esposta. Con il takeover di “The Jacuzzi”, DarkForums non si limita a incorporare un canale: consolida un’infrastruttura di comunicazione e reputazione precedentemente associata al marchio BreachForums.

Riferimenti ufficiali e implicazioni operative

Nel messaggio pubblicato sul forum, l’amministratore Knox scrive:

“The ‘Jacuzzi’ Telegram chat which was previously the Breachforums official chatroom is now owned by us, and from now this will be the official DarkForums chat.”

Contestualmente, sono stati resi disponibili i seguenti riferimenti:

• Forum Thread
• Telegram ufficiale
• Mirror e alternative d’accesso

L’iniziativa rafforza anche l’ecosistema di comunicazione out-of-band tipico dei forum criminali moderni, dove i canali Telegram agiscono da fallback in caso di downtime, sequestro o problemi di reputazione dei domini principali. La scelta di consolidare “The Jacuzzi” come ambiente affiliato ufficiale consente a DarkForums di presidiare attivamente l’engagement della community, attrarre ex utenti di BreachForums e legittimarsi come hub alternativo.

Conclusioni e analisi CTI

Dal punto di vista della Cyber Threat Intelligence, questo cambiamento rappresenta un ulteriore ricombinarsi delle dinamiche di leadership nei marketplace di dati illeciti. Il mantenimento di riferimenti Telegram attivi, ora sotto nuova gestione, costituisce un importante indicatore di persistenza delle attività legate alla criminalità informatica, pur in contesti di discontinuità strutturale.

Organizzazioni che monitorano le attività su canali OSINT/CLOSINT dovrebbero aggiornare i loro modelli di tracciamento, includendo questo nuovo asset di DarkForums come fonte attiva per potenziali early warning, comunicazioni interne alla threat actor economy e promozione di nuovi dump o servizi illeciti.

L'articolo DarkForums prende il controllo del canale Telegram “The Jacuzzi” gestito da BreachForums proviene da il blog della sicurezza informatica.

So-called artificial intelligence (AI) is all the rage right now between your grandma asking ChatGPT how to code in Python or influencers making videos without having to hire extras, but one growing concern is where the power is going to come from for the data centers. The MIT Technology Review team did a deep dive on what the current situation is and whether AI is going to kill us all (with carbon emissions).

Probably of most interest to you, dear hacker, is how they came up with their numbers. With no agreed upon methods and different companies doing different types of processing there were a number of assumptions baked into their estimates. Given the lack of information for closed-source models, Open Source models were used as the benchmark for energy usage and extrapolated for the industry as a whole. Unsurprisingly, larger models have a larger energy usage footprint.

While data center power usage remained roughly the same from 2005 to 2017 as increases in efficiency offset the increase in online services, data centers doubled their energy consumption by 2023 from those earlier numbers. The power running into those data centers is 48% more carbon intensive than the US average already, and expected to rise as new data centers push for increased fossil fuel usage, like Meta in Louisiana or the X data center found to be using methane generators in violation of the Clean Air Act.

Technology Review did find “researchers estimate that if data centers cut their electricity use by roughly half for just a few hours during the year, it will allow utilities to handle some additional 76 gigawatts of new demand.” This would mean either reallocating requests to servers in other geographic regions or just slowing down responses for the 80-90 hours a year when the grid is at its highest loads.

If you’re interested in just where a lot of the US-based data centers are, check out this map from NREL. Still not sure how these LLMs even work? Here’s an explainer for you.

hackaday.com/2025/07/03/ai-mig…

Mjolnir, also known as Thor’s hammer, is a discerning thing, at least if you believe the modern Marvel canon. [alemanjir] decided to build a semi-functional replica that makes judgement calls of its own, though they’re perhaps a little less thought-out than the storied hammer of legend.

The build consists of a 3D-printed hammer prop, inside of which is a Raspberry Pi Pico microcontroller running the show. It’s hooked up to a MPR121 touch sensor that detects when someone grips the handle of the hammer. At this point, the Pico makes a pseudorandom “worthiness check” as to whether the holder is righteous enough to wield the hammer. If they are pure of heart, it unlocks a magnet which frees the hammer from whatever metallic surface it might be stuck to. [alemanjir] also included a little additional functionality, with the hammer playing various sounds when swung thanks to a speaker and a ADXL345 accelerometer secreted inside.

One wonders whether the electromagnet inside is strong enough to hold out against an unworthy person lifting it from the ground. While it’s perhaps not as powerful or as decisive as the mythical object, it’s nonetheless a fun learning project that likely taught [alemanja] some useful basics of embedded development.

We’ve featured some terrifying takes of the Mjolnir prop before, too, like this shockingly high voltage version. Video after the break.

youtube.com/embed/zJyJTZsgy5M?…

hackaday.com/2025/07/03/smart-…

Modern fertilizer manufacturing uses the Haber-Bosch and Ostwald processes to fix aerial nitrogen as ammonia, then oxidize the ammonia to nitric acid. Having already created a Haber-Bosch reactor for ammonia production, [Markus Bindhammer] took the obvious next step and created an Ostwald reactor to make nitric acid.

[Markus]’s first step was to build a sturdy frame for his apparatus, since most inexpensive lab stands are light and tip over easily – not a good trait in the best of times, but particularly undesirable when working with nitrogen dioxide and nitric acid. Instead, [Markus] built a frame out of aluminium extrusion, T-nuts, threaded rods, pipe clamps, and a few cut pieces of aluminium.

Once the frame was built, [Markus] mounted a section of quartz glass tubing above a gas burner intended for camping, and connected the output of the quartz tube to a gas washing bottle. The high-temperature resistant quartz tube held a mixture of alumina and platinum wool (as we’ve seen him use before), which acted as a catalyst for the oxidation of ammonia. The input to the tube was connected to a container of ammonia solution, and the output of the gas washing bottle fed into a solution of universal pH indicator. A vacuum ejector pulled a mixture of air and ammonia vapors through the whole system, and a copper wool flashback arrestor kept that mixture from having explosive side reactions.

After [Markus] started up the ejector and lit the burner, it still took a few hours of experimentation to get the conditions right. The issue seems to be that even with catalysis, ammonia won’t oxidize to nitrogen oxides at too low a temperature, and nitrogen oxides break down to nitrogen and oxygen at too high a temperature. Eventually, though, he managed to get the flow rate right and was rewarded with the tell-tale brown fumes of nitrogen dioxide in the gas washing bottle. The universal indicator also turned red, further confirming that he had made nitric acid.

Thanks to the platinum catalyst, this reactor does have the advantage of not relying on high voltages to make nitric acid. Of course, you’ll still need get ammonia somehow.

youtube.com/embed/IGHNvnsykxQ?…

hackaday.com/2025/07/03/a-mini…

If you’re a solo musician, you probably have lots of gear you’d like to control, but you don’t have enough hands. You can enlist your feet, but your gear might not have foot-suitable interfaces as standard. For situations like these, [Nerd Musician] created the OpenMIDIStomper.

The concept is simple enough—the hardy Hammond enclosure contains a bunch of foot switches and ports for external expression pedals. These are all read by an Arduino Pro Micro, which is responsible for turning these inputs into distinct MIDI outputs to control outboard gear or software. It handles this via MIDI over USB. The MIDI commands sent for each button can be configured via a webpage. Once you’ve defined all the messages you want to send, you can export your configuration from the webpage by cutting and pasting it into the Arduino IDE and flashing it to the device itself.

We’ve featured some great MIDI controllers over the years, like this impressive parts bin build.

youtube.com/embed/yELnZdEJqS0?…

hackaday.com/2025/07/03/openmi…

Good news, procrastinators! Today was going to be the last day to throw your hat in the ring for a slot to talk at Supercon in November, but we’re extending the deadline one more week, until July 10th. We have an almost full schedule, but we’re still missing your talk.

So if the thought of having missed the deadline fills you with regret, here’s your second chance. We have spots for both 40-minute and 20-minute talks still open. We love to have a mix of newcomers as well as longtime Hackaday friends, so don’t be shy.

Supercon is a super fun time, and the crowd is full of energy and excitement for projects of all kinds. There is no better audience to present your feats of hardware derring-do, stories of reverse engineering, or other plans for world domination. Where else will you find such a density of like-minded hackers?

Don’t delay, get your talk proposal in today.

hackaday.com/2025/07/03/last-c…

Since the earliest days of affordable, home 3D printers, the technology behind them has been continuously improving. From lowering costs, improving print quality, increasing size and detail, and diversifying the types of materials, it’s possible to get just about anything from a 3D printer today with a minimum of cost. Some of the things that printers can do now might even be surprising, like this upgrade that makes [Startup Chuck]’s 3D printer capable of printing realistic-sounding cowbells out of plastic.

The key to these metal-like prints is a filament called PPS-CF which is a carbon fiber-reinforced polyphenylene sulfide, or PPS. PPS-CF has a number of advantages over other plastics including high temperature tolerance and high dimensional stability, meaning its less likely to warp or deform even in harsh environments. But like anything with amazing upsides, there are some caveats to using this material. Not only does the carbon fiber require more durable extruder nozzles but PPS-CF also needs an extremely hot print head to extrude properly in addition to needing a heated bed. In [Startup Chuck]’s specific case he modified his print head to handle temperatures of 500°C and his print bed to around 100°C. This took a good bit of work just to supply it with enough energy to get to these temperatures and caused some other problems as well, like the magnet on the printer bed demagnetizing above around 75°C.

To get to a working cowbell took more than just printer upgrades, though. He had to go through a number of calibrations and test prints to dial in not only the ideal temperature settings of the printer but the best thicknesses for the cowbell itself so it would have that distinct metallic ring. But cowbells aren’t the only reason someone might want to print with carbon-reinforced materials. They have plenty of uses for automotive, chemical processing, high voltage, and aerospace applications and are attainable for home 3D printers. Just make sure to take some basic safety precautions first.

youtube.com/embed/iDTNg8wi9xA?…

hackaday.com/2025/07/03/i-gott…

Great Scott! If my calculations are correct, when this baby hits 88 miles per hour, you’re gonna see some serious shit. — Doc Brown

On this day, forty years ago, July 3rd, 1985 the movie Back to the Future was released. While not as fundamental as Hackers or realistic as Sneakers, this movie worked its way into our pantheon. We thought it would be appropriate to commemorate this element of hacker culture on this day, its forty year anniversary.

If you just never got around to watching it, or if it has been a few decades since you did, then you might not recall that the movie is set in two periods. It opens in 1985 and then goes back to 1955. Most of the movie is set in 1955 with Marty trying to get back to 1985 — “back to the future”. The movie celebrates the advanced technology and fashions of 1985 and is all about how silly the technology and fashions of 1955 are as compared with the advancements of 1985. But now it’s the far future, the year 2025, and we thought we might take a look at some of the technology that was enchanting in 1985 but that turned out to be obsolete in “the future”, forty years on.

As the opening credits roll there are a bunch of different ticking clocks, signaling the time motif. But they are all analog clocks, some with pendulums, and not an LED or 7-segment display in sight. The only “digital” clock is a split-flap. The signaling of the time motif by clocks is done throughout the film, from the control panel in Doc’s DeLorean time-machine to the stopped clock on the town hall. Of course these days clocks have gotten much better and now they can even set themselves.

The JVC hand-held video camera recorded to VHS tape. The competing format to VHS at the time was known as Betamax which was developed by Sony. You will of course still find hand-held video cameras today but these days they are far more capable such as with 8K video cameras and you probably have one as a feature of your smartphone anyway. The tape-based VHS and Betamax media has been made obsolete mostly by flash media.

The old Cathode Ray Tube (CRT) television gave way to flat-screen LCD displays and nowadays transparent OLED is state of the art. There were two competing video standards back in 1985 being NTSC which was used in North America, Japan, parts of South America, and so on; and PAL which was used in Europe, Australia, parts of Asia, and Africa.

These old standards didn’t accommodate more than 30 frames-per-second, NTSC was 29.97 Hz and PAL was 25 Hz; and long before “widescreen” 16:9 aspect ratios were released in the 90s they had resolutions of up to 720 × 480 for NTSC and 720 × 576 for PAL. That’s “up to”, there were versions with resolutions worse than this. Of course this is a long way from the 4K@60Hz you have become accustomed to! Also there were no remote controls for these old beasts, you had to get up out of your chair to adjust the volume or change the channel, oh the indignity of it all!

When Marty McFly rocks out, he plugs his guitar into a vacuum tube amplifier, a piece of gear that has proven to have surprisingly long legs. You would think that it would now be an anachronism, replaced by transistor technology, but many guitarists still think that analog vacuum tube technology has a superior and warmer distortion sound. Powering the amp is another dinosaur that survived. The Variac controller shown is an autotransformer that is still made and used, although in 1985 the Variac trademark was owned by General Radio but is now owned by ISE, Inc.

The Cathode-Ray Oscilloscope (CRO) on the table there is completely obsolete, but it remains customary for a hacker to get nostalgic and buy one on eBay. The analog Voltage-Ohm-Milliamp (VOM) meter is maybe only half obsolete, and as with the CRO, a nostalgic hacker will still have one. Everyone else has a Digital Multi-Meter (DMM) which can do everything a VOM could do, and much more.

The old reel-to-reel magnetic tape recorder and player gave way to miniature flash storage in the end. And also a bunch of other media formats in the interim, ranging from floppy-disks to hard-drives. Reel-to-reel magnetic tech had a number of drawbacks, not least was that rewinding and fast-forwarding to find the track you were looking for was a real hassle. (Should we say a reel hassle?) Also the signal would get weaker and more distorted the more copies were made, this was known as generation loss and isn’t relevant to digital media.

The pulse-dial telephone gave way first to DTMF-based phones and then ultimately to cellphones and Voice over IP. People who are too young to have seen or used a rotary-dial phone won’t know how slow and annoying they were to use. To key in a number you had to rotate the dial in proportion to the number you wanted to enter, one for one, two for two, up to nine for nine and ten for zero; so if you had larger numbers in the phone number you were keying in you would have to wait for the dial to count back, which was tedious and boring. It is certainly not for practicality reasons that hackers keep trying to bring them back.

Like the pulse-dial and DTMF-based landline telephones the cordless telephone also gave way to cellphones and VoIP, but the old cordless telephones get a special mention because they were totally insecure. The radio signals they used were easily sniffed by anyone who knew how to operate a radio. To patch this technical vulnerability, the FCC made listening to particular frequencies illegal, and manufacturers cut out the cellphone and wireless phone bands from their scanners.

And to wrap-up let’s give a special mention to the push-button Seeburg vinyl jukebox. These were commonplace back in the day and every good bar had a coin-operated one. These days you’re unlikely to find a jukebox at the bar, it is perhaps more likely that one of the bar staff is streaming music to the bar’s Bluetooth speakers from their smartphone.

Thanks for coming with us on this brief journey back to 1985, it was fun to take some time to look at some of the things that have changed, and to pay our respects to this icon of hacker culture on its fortieth birthday. Don’t forget to sound-off in the comments regarding where you have seen references to the movie!

hackaday.com/2025/07/03/back-t…