È stato scoperto un nuovo toolkit di phishing, MatrixPDF, che consente agli aggressori di trasformare normali file PDF in esche interattive che aggirano la sicurezza della posta elettronica e reindirizzano le vittime a siti Web che rubano credenziali o scaricano malware. I ricercatori di Varonis, che hanno scoperto lo strumento, sottolineano che MatrixPDF viene pubblicizzato come un simulatore di phishing e una soluzione per specialisti di black team. Tuttavia, sottolineano che è stato individuato per la prima volta su forum di hacker.
“MatrixPDF: è uno strumento avanzato per la creazione di PDF di phishing realistici, progettato per i team di black team e per la formazione sulla sicurezza informatica”, si legge nell’annuncio. “Con l’importazione di PDF tramite trascinamento della selezione, l’anteprima in tempo reale e le sovrapposizioni personalizzabili, MatrixPDF consente di creare scenari di phishing di livello professionale. Funzionalità di sicurezza integrate come la sfocatura dei contenuti, i reindirizzamenti sicuri, la crittografia dei metadati e il bypass di Gmail garantiscono affidabilità e distribuzione in ambienti di test.” Il toolkit è disponibile con diversi piani tariffari, che vanno da $ 400 al mese a $ 1.500 all’anno.
I ricercatori spiegano che il builder MatrixPDF consente agli aggressori di caricare un file PDF legittimo e poi di aggiungervi funzionalità dannose, come l’offuscamento del contenuto, falsi prompt “Documento protetto” e sovrapposizioni cliccabili che puntano a un URL esterno con il payload.
Inoltre, MatrixPDF consente azioni JavaScript, che vengono attivate quando un utente apre un documento o clicca su un pulsante. In questo caso, il codice JavaScript tenta di aprire un sito web o di eseguire altre azioni dannose.
La funzione di sfocatura crea file PDF il cui contenuto appare protetto, sfocato e contiene un pulsante “Apri documento protetto“. Cliccando su questo pulsante si apre un sito web che può essere utilizzato per rubare credenziali o distribuire malware.
Un test condotto da specialisti ha dimostrato che i PDF dannosi creati utilizzando MatrixPDF possono essere inviati a una casella di posta Gmail e che l’email riesce a bypassare i filtri anti-phishing. Questo perché questi file non contengono file binari dannosi, ma solo link esterni.
Un altro test condotto dai ricercatori dimostra come la semplice apertura di un PDF dannoso provochi l’apertura di un sito web esterno. Questa funzionalità è più limitata, poiché i moderni visualizzatori di PDF avvisano l’utente che il file sta tentando di connettersi a un sito remoto.
Gli esperti di Varonis ci ricordano che i file PDF restano uno strumento popolare per gli attacchi di phishing perché sono ampiamente distribuiti e le piattaforme di posta elettronica possono visualizzarli senza preavviso.
Theoretically USB-C is a pretty nifty connector, but the reality is that it mostly provides many exciting new ways to make your device not work as expected. With the gory details covered by [Alvaro], the latest to join the party is Segger, with its J-Link BASE Compact MCU debugger displaying the same behavior which we saw back when the Raspberry Pi 4 was released in 2019. Back then so-called e-marked USB-C cables failed to power the SBC, much like how this particular J-Link unit refuses to power up when connected using one of those special USB-C cables.
We covered the issue in great detail back then, discussing how the CC1 and CC1 connections need to be wired up correctly with appropriate resistors in order for the USB-C supply – like a host PC – to provide power to the device. As [Alvaro] discovered through some investigation, this unit made basically the same mistake as the RPi 4B SBC before the corrected design. This involves wiring CC1 and CC2 together and as a result seeing the same <1 kOhm resistance on the active CC line, meaning that to the host device you just hooked up a USB-C audio dongle, which obviously shouldn’t be supplied with power.
Although it’s not easy to tell when this particular J-Link device was produced, the PCB notes its revision as v12.1, so presumably it’s not the first rodeo for this general design, and the product page already shows a different label than for the device that [Alvaro] has. It’s possible that it originally was sloppily converted from a previous micro-USB-powered design where CC lines do not exist and things Just Work, but it’s still a pretty major oversight from what should be a reputable brand selling a device that costs €400 + VAT, rather than a reputable brand selling a <$100 SBC.
For any in the audience who have one of these USB-C-powered debuggers, does yours work with e-marked cables, and what is the revision and/or purchase date?
Profitez des vidéos et de la musique que vous aimez, mettez en ligne des contenus originaux, et partagez-les avec vos amis, vos proches et le monde entier.
La chiusura parziale di uffici e servizi pubblici a causa della mancata approvazione del bilancio federale non è un evento inedito negli Stati Uniti e lo “shutdown”, o la minaccia di esso, viene spesso utilizzato come uno strumento di pressione polit…
“LA PENSIONE NON È DOVUTA” La Fornero torna a fare terrorismo pontificando sulla Finanziaria: «Punirà i giovani». Parola di chi ha fabbricato migliaia di esodati. Da 14 anni insiste, cioè da quando tentò di distruggere quel che restava di un Paese massacrato dallo spread e in pieno tsunami da crisi dei debiti sovrani. Non ci riuscì. Ma da allora è un continuo rimodellare la realtà, vantare operazioni pseudo-strategiche, ergersi a salvatrice della patria.
Anche stavolta Fornero vede grigio e lancia un siluro dal titolo: «Legge di bilancio, il solito mercato che alla fine punisce i giovani». L’ex ministro del Lavoro, impegnata vita natural durante a giustificare la sua sanguinosa riforma, sostiene che sarebbe sbagliato proporre «provvedimenti che ripropongono per l’ennesima volta la falsa illusione dell’anticipo del pensionamento per fare posto ai giovani o il falso mito del diritto acquisito».
E per chiudere dichiara: «Mostrateci, governo e opposizione, quello sguardo lungo e inclusivo che per molto tempo è mancato alla politica italiana». Sorvolando sullo sguardo inclusivo (poiché il suo includeva i sottopassi delle stazioni come abitazioni per i 170.000 esodati fabbricati a mano),fa specie che la ex docente universitaria torinese continui a definire un diritto acquisito, praticamente una grazia del sovrano che getta dobloni dalla finestra ai villani, quello che secondo la Costituzione è uno dei patti sociali più inscalfibili in una democrazia; un contratto fra Stato e cittadini, i quali ne rivendicano il rispetto e l’applicazione nel momento in cui maturano requisiti anagrafici e contributivi di legge.
Fornero riesce a concretizzare due paradossi: definisce regalìa una prerogativa di legge, ancor più dopo l’applicazione in toto del sistema contributivo. E trasforma un dovere costituzionale (quello dell’erogazione della pensione ai lavoratori) in un principio contabile, scambiando allegramente lo Stato per una Spa.
È lo stesso errore che si commette sulla Sanità quando si evoca il pareggio di bilancio, ritenendo erroneamente che debba essere un investimento a scopo di lucro e non un servizio indispensabile da eseguire anche in perdita.
Una delle navi della Global Sumud Flotilla, la Alma, è stata abbordata dalle navi dell’IDF.
Al momento le navi si trovano nella zona definita ad alto rischio, a 10 miglia nautiche dalla costa di Gaza. Nelle scorse ore una ventina di navi non identificate erano state captate dai radar della Flottilla, dando il via allo stato di allarme.
People Are Farming and Selling Sora 2 Invite Codes on eBay
People are farming and selling invite codes for Sora 2 on eBay, which is currently the fastest and most reliable way to get onto OpenAI’s new video generation and TikTok-clone-but-make-it-AI-slop app. Because of the way Sora is set up, it is possible to buy one code, register an account, then get more codes with the new account and repeat the process.
On eBay, there are about 20 active listings for Sora 2 invite codes and 30 completed listings in which invite codes have sold. I bought a code from a seller for $12, and received a working code a few minutes later. The moment I activated my account, I was given four new codes for Sora 2. When I went into the histories of some of the sellers, many of them had sold a handful of codes previously, suggesting they were able to get their hands on more than four invites. It’s possible to do this just by cycling through accounts; each invite code is good for four invites, so it is possible to use one invite code for a new account for yourself, sell three of them, and repeat the process.
There are also dozens of people claiming to be selling or giving away codes on Reddit and X; some are asking for money via Cash App or Venmo, while others are asking for crypto. One guy has even created a website in which he has generated all 2.1 billion six-digit hexadecimal combinations to allow people to randomly guess / brute force the app (the site is a joke).
The fact that the invite codes are being sold across the internet is an indication that OpenAI has been able to capture some initial hype with the release of the app (which we’ll have much more to say about soon), but does not necessarily mean that it’s going to be some huge success or have sustained attention. Code and app invite sales are very common on eBay, even for apps and concert tickets (or game consoles, or other items) that eventually aren’t very popular or are mostly just a flash in the pan. But much of my timeline today is talking about Sora 2, which suggests that we may be crossing some sort of AI slop creation rubicon.
This week Jonathan talks with Brandon and TC about Veilid, the peer-to-peer networking framework that takes inspiration from Tor, and VeilidChat, the encrypted messenger built on top of it. What was the inspiration? How does it work, and what can you do with it? Listen to find out!
Did you know you can watch the live recording of the show right on our YouTube Channel? Have someone you’d like us to interview? Let us know, or contact the guest and have them contact us! Take a look at the schedule here.
Kodak announced two new types of film that it will sell directly to photography stores, sidestepping a bizarre distribution agreement that has been in place since its bankruptcy.#Photography #FilmCameras #film
Kodak Is Selling Its Own Film Again for the First Time in a Decade
Kodak announced two new stocks of color film on Wednesday, in a move that has excited the photography world and which indicates that the photography giant is directly distributing still photography film again.
“To help meet the growing demand for film, Kodak is excited to announce the launch of two color-negative films, KODACOLOR 100 and KODACOLOR 200, in 135 format rolls,” Kodak said in an Instagram post. “For the first time in over a decade, Kodak will sell these films directly to distributors, in an effort to increase supply and help create greater stability in a market where prices have fluctuated. These films are sub-brands of existing Kodak films and offer the same high quality you’ve come to expect from Kodak.”
That quote is key—there are various types of Kodak film on the market right now. Those films are all made by Eastman Kodak (the legendary 133-year-old photography company) but they are sold through a totally separate company called Kodak Alaris, which is a UK-based company spun off from Eastman Kodak in 2012 as part of its bankruptcy. Since then, Kodak Alaris has had the sole right to distribute the still film stocks that Eastman Kodak manufactures. The sense in the photography community is that this arrangement is, at best, annoying and that it has perhaps led Kodak to not focus as much on making new film stocks as it should; there was further concern last year after Kodak Alaris was sold to a private equity firm.
What remains unclear is what KODACOLOR actually is; in the photography world, many “new” films are rebranded versions of other films that are on the market, are rereleased versions of film that had been previously discontinued, or are respooled versions of movie film that have been altered for still photography.
The Wednesday announcement of KODACOLOR makes clear that Eastman Kodak will be selling KODACOLOR directly to photography stores itself, which suggests that the company has wrested at least some control over the distribution of its films from Kodak Alaris, and raises all sorts of exciting possibilities about the future of Kodak film. The details of how or why it did this are not yet available and Kodak did not immediately respond to a request for comment. But it is notable that while Kodak manufactures about a dozen different types of film including Kodak Gold, Ektar, Portra, and Colorplus, the only “still film” listed on the Kodak website is now the new KODACOLOR film stocks.
Regardless of the reasoning or specifics behind the news, the announcement of new film stocks from the most important film company in the world is the latest sign of the enduring and resurgent popularity of analog film photography. And it at least shows that Kodak is interested in creating new types of film for the hobby; as Petapixel points out, it is Kodak’s “first new film in a very long time.” In recent years, there has been a handful of new film stocks announced and released, most notably a type of film called Phoenix from a company called Harman, which is made in a new factory in England and, according to the company, has been “hugely successful.”
HARMAN TECHNOLOGY ANNOUNCES SIGNIFICANT ONGOING INVESTMENT IN THE FUTURE OF PHOTOGRAPHIC FILM HARMAN technology Ltd, one of the world’s largest manufacturers of analogue photographic films, darkroom papers, and photo chemicals, has further reaffirmed…
“San Francesco, che ebbe tra i suoi principali obiettivi un annuncio di pace, ricorda che è possibile un mondo fraterno, disarmato, dove ciascuno ha il suo spazio, a partire dai più poveri e fragili”. Lo afferma il card.
These days, we take it for granted that you can connect a cheap piece of hardware to a microcontroller and have an amazing debugging experience. Stop the program. Examine memory and registers. You can see and usually change anything. There are only a handful of ways this is done on modern CPUs, and they all vary only by detail. But this wasn’t always the case. Getting that kind of view to an actual running system was an expensive proposition.
Today, you typically have some serial interface, often JTAG, and enough hardware in the IC to communicate with a host computer to reveal and change internal state, set breakpoints, and the rest. But that wasn’t always easy. In the bad old days, transistors were large and die were small. You couldn’t afford to add little debugging pins to each processor you produced.
This led to some very interesting workarounds. Of course, you could always run simulators on a larger computer. But that might not work in real time, and almost certainly didn’t have all the external things you wanted to connect to, unless you also simulated them.
The alternative? Create a special chip, often called a bond-out chip. These were usually expensive and had some way to communicate with the outside world. This might be a couple of pins, or there might be a bundle of wires coming out of the top of the chip. You replaced your microprocessor with the expensive bond-out chip and connected it to your very expensive in-circuit emulator. If you have a better scan of the ICE-51 datasheet, we’d love to see it. For example, the venerable 8051 had an 8051E chip that brought out the address and data bus lines for debugging. In fact, the history of the 8051 notes that they developed the bond-out chip first. The chip was bigger and sold in lower volumes, so it was more expensive. It needed not just connections but breakpoint hardware to stop the CPU at exactly the right time for debugging.
In some cases, the emulator probe was a board that sat between a stock CPU and the CPU socket. Of course, that meant you had to have room to accommodate the large board. Of course, it also assumes that at least your development board had a socket, although in those days it was rare to have an expensive CPU soldered right down to the board. Another poor scan, this time of the Lauterbach emulator probe for the 68000. For example, the Lauterbach ICE-68300 here could take a bond-out chip or a regular chip, although it would be missing features if you didn’t have the special chip.
Of course, you can still find them in circuit emulators, but the difference is that they almost certainly have supporting hardware on the standard chip and simply use a serial communication protocol to talk to the on-chip hardware.
Of course, if you want an emulator for an old CPU, you have enough horsepower now that you can probably emulate it like with a modern processor, like the IZE80 does in the video below. Then you can incorporate all kinds of magical debugging features. But be careful what you take on. To properly mimic the hardware means tight timing for things like DRAM refresh and a complete understanding of all the bus timings involved.
But it can be done. In any event, on chip debugging or real in-circuit emulation, it sure makes life easier.
“Facciamo nostro l’invito del Santo Padre Leone XIV ad intensificare la preghiera per la pace, in modo particolare con la recita del Rosario durante tutto il mese di ottobre e partecipando tutti insieme alla veglia del Giubileo della spiritualità mar…
“Un forte appello all’unità attorno all’ecologia integrale e per la pace!”. A rivolgerlo è stato Leone XIV, che al termine del discorso rivolto dal Centro Mariapoli a Castel Gandolfo ai partecipanti al Convegno “Raising Hope” nel decennale dell’encic…
Both organizations are seeking a copy of a data sharing agreement that is giving the personal data of nearly 80 million Medicaid patients to ICE.#Announcements
404 Media and Freedom of the Press Foundation Sue DHS
Last week Freedom of the Press Foundation and 404 Media filed a lawsuit against the multiple parts of the U.S. government demanding they hand over a copy of an agreement that shares the personal data of nearly 80 million Medicaid patients with ICE. The data sharing marked a watershed moment for ICE and its access to highly sensitive data that is ordinarily siloed off from the agency. We believe it’s important for the public to see this unprecedented data sharing agreement for themselves.
As the Associated Press wrote when it first reported on the data sharing agreement between the Department of Homeland Security (DHS) and the Centers for Medicare and Medicaid Services (CMS), the agreement will give ICE the ability to find “the location of aliens.” The data shared includes home addresses and ethnicities, according to the Associated Press.
💡 Do you know anything else about this data sharing agreement? I would love to hear from you. Using a non-work device, you can message me securely on Signal at joseph.404 or send me an email at joseph@404media.co.
Both Freedom of the Press Foundation and 404 Media filed similar Freedom of Information Act (FOIA) requests with DHS and CMS seeking a copy of the agreement. Neither agency provided the requested records in time, so we have now filed the lawsuit. In 404 Media’s case, CMS acknowledged the request but has not provided the records, and DHS did not even acknowledge the request at all.
404 Media’s request asked for a copy of the specific agreement, and if the agencies were unable to locate it, to alternatively provide copies of all agreements between DHS and CMS from this year.
“Despite having received the FOIA requests, and despite their obligations under the law, Defendants have failed to notify Plaintiffs of the scope of documents that they will produce or the scope of documents that they plan to withhold in response to the FOIA requests,” the lawsuit reads. playlist.megaphone.fm?p=TBIEA2… Freedom of the Press Foundation is a non-profit organization that monitors press freedom issues in the U.S. and trains journalists on how to keep themselves and their sources safe. It regularly sues the U.S. government for access to records.
The data sharing agreement is just one of a growing list of ways that ICE is sourcing highly sensitive, and sometimes legally protected, information as part of the Trump administration’s mass deportation effort. ProPublica reported on the vast system the IRS is building to share millions of taxpayers’ data with ICE 404 Media previously reported ICE has gained access to ISO Claimsearch, a massive insurance and medical bill database to find deportation targets. The database is nearly all encompassing and contains details on more than 1.8 billion insurance claims and 58 million medical bills.
Separately, 404 Media filed a lawsuit against ICE in September for access to the agency’s $2 million spyware contract.
[Mukesh Sankhla] has been tinkering in the world of Point of Sale systems of late. His latest creation is a simple, straightforward kiosk system, and he’s open sourced the design.
The Latte Panda MU single-board computer is at the heart of the build, handling primary duties and communicating with the outside world. It’s hooked up to a touchscreen display which shows the various items available for purchase. As an x86 system, the Latte Panda runs Windows 11, along with a simple kiosk software package written in Python. The software uses Google Firebase as a database backend. There’s also an Xiao ESP32 S3 microcontroller in the mix, serving as an interface between the Latte Panda and the thermal printer which is charged with printing receipts.
It’s worth noting that this is just a point-of-sale system; it executes orders, but doesn’t directly deliver or vend anything. With that said, since it’s all open-source, there’s nothing stopping you from upgrading this project further.
#NextGenAI, a Napoli da mercoledì 8 a lunedì 13 ottobre! Per il primo summit internazionale sull’Intelligenza Artificiale nella #scuola, promosso dal #MIM nell’ambito del Campus itinerante #ScuolaFutura, sono previste le delegazioni di istituzioni sc…
#NextGenAI, a Napoli da mercoledì 8 a lunedì 13 ottobre!
Per il primo summit internazionale sull’Intelligenza Artificiale nella #scuola, promosso dal #MIM nell’ambito del Campus itinerante #ScuolaFutura, sono previste le delegazioni di istituzioni sc…
Grazie alla Laudato si' di Papa Francesco, “il linguaggio della cura della casa comune è stato incorporato nei dibattiti accademici, scientifici e politici”.
In the middle of the 20th century, the atom was all the rage. Radiation was the shiny new solution to everything while being similarly poorly understood by the general public and a great deal of those working with it.
Against this backdrop, Firestone Tire and Rubber Company decided to sprinkle some radioactive magic into spark plugs. There was some science behind the silliness, but it turns out there are a number of good reasons we’re not using nuke plugs under the hood of cars to this day.
Hot Stuff
The Firestone Polonium spark plug represented a fascinating intersection of Cold War-era nuclear optimism and automotive engineering. These weren’t your garden-variety spark plugs – they contained small amounts of polonium-210. The theory behind radioactive spark plugs was quite simple from an engineering perspective. As the radioactive polonium decayed into lead, it would release alpha particles supposed to ionize the air-fuel mixture in the combustion chamber, making an easier path for the spark to ignite and reducing the likelihood of misfires. Thus, the polonium-210 spark plugs would theoretically create a better, stronger spark and improve combustion efficiency. Firestone decided polonium, not radium, was the way to go when it filed a patent of its own. Credit: US Patent These plugs hit the market sometime around 1940, though the idea dates back at least a full 11 years earlier. In 1924, Albert Hubbard applied for a patent (US 1,723,422), which was granted five years later. His patent concerned the use of radium to create an ionized path through the gas inside an engine’s cylinder to improve spark plug performance.
Firestone’s patent (US 2,254,169) came much later, granted in 1941. The company decided that polonium-210 was a more viable radioactive source. Radium was considered “too expensive and dangerous”, while uranium and thorium isotopes were found to be “ineffective.” Polonium, though, was the bee’s knees. From the patent filing:
Frequently, conditions will be so unfavorable that a spark will not occur at all, and it will be necessary to turn the engine over a number of times before a spark occurs. However, if the alpha rays of polonium are passing through the gap, a large number of extra ions are formed by each alpha ray (10,000 ions per-alpha ray) and the gap breaks down promptly after the voltage begins to rise and at a lower voltage value than that required by standard spark plugs. Thus, it might be said that polonium creates favorable conditions for gap breakdown under all circumstances. Many tests have been run which substantiate the above explanations. The most conclusive test of this type consisted in comparing the starting characteristics of many polonium-containing spark plugs with ordinary spark plugs, all plugs having had more than a year of hard service, in several engines at -15° F. It was found that thirty per cent fewer revolutions of an engine were required for starting when the polonium plugs were used.
Firestone was quite proud of its new Atomic Age product. Credit: Firestone As per the patent, the radioactive material was incorporated into the electrodes by adding it to the nickel alloy used to produce them. This would put it in prime position to ionize the air charge in the spark gap where it mattered most.
The science seems to check out on paper, but polonium spark plugs were only on the market for a short period of time, with the last known advertisements being published sometime around 1953. If the radioactive spark plugs had serious performance benefits, one suspects they might have stuck around. However, physics tells us they may not have been that special in reality.
In particular, polonium-210 has a relatively short half-life of just 138 days. In a year, 84% of the initial polonium-210 would have already decayed. Thus, between manufacturing, shipping, purchase, and installation, it’s hard to say how much “heat” would have been left in the plugs by the time they even reached the consumer. These plugs would quickly lose their magic simply sitting on the shelf. Beyond that, there are some questions of their performance in a real working engine. Firestone’s patent claimed improved performance over time, but a more sceptical view would be that deposits left on the spark plug electrodes over time would easily block any alpha particles that would otherwise be emitted to help cause ionization. Examples of the polonium-impregnated spark plugs can be readily found online, though the radioactive material decayed away long ago. Credit: eBay Ultimately, while the plugs may have had some small benefit when new, any additional performance was minor enough that they never really found a market. Couple this with ugly problems around dispersal, storage, and disposal of radioactive material, and it’s perhaps quite a good thing that these plugs didn’t really catch on.
Despite the lack of market success, however, it’s still possible to find these spark plugs in the wild today. A simple search on online auction sites will turn up dozens of examples, though don’t expect them to show up glowing. The radioactive material within will long have decayed to the point where they’re not going to significantly exceed typical background radiation. Still, they’re an interesting call back to an era when radioactivity was the hottest new thing on the block.
Broadcom ha risolto una grave vulnerabilità di escalation dei privilegi in VMware Aria Operations e VMware Tools, che era stata sfruttata in attacchi a partire da ottobre 2024. Al problema è stato assegnato l’identificativo CVE-2025-41244. Sebbene l’azienda non abbia segnalato alcun exploit nel bollettino ufficiale, il ricercatore di NVISO Maxime Thibault lo ha segnalato a maggio che gli attacchi sono iniziati a metà ottobre 2024. L’analisi ha collegato gli attacchi al gruppo cinese UNC5174.
La vulnerabilità consente a un utente locale senza privilegi di inserire un file binario dannoso in directory che corrispondono a espressioni regolari generiche. Una variante osservata in attacchi reali è l’utilizzo della directory /tmp/httpd. Affinché il malware venga rilevato dal servizio VMware, è necessario eseguirlo come utente normale e aprire un socket di rete casuale.
Di conseguenza, gli aggressori ottengono la possibilità di aumentare i privilegi di root ed eseguire codice arbitrario all’interno della macchina virtuale. NVISO ha anche pubblicato un exploit dimostrativo che mostra come questa falla venga utilizzata per compromettere VMware Aria Operations in modalità con credenziali e VMware Tools in modalità senza credenziali.
Secondo Google Mandiant, UNC5174 opera per conto del Ministero della Sicurezza di Stato cinese. Nel 2023, il gruppo ha venduto l’accesso alle reti di appaltatori della difesa statunitensi, agenzie governative britanniche e organizzazioni asiatiche sfruttando la vulnerabilità CVE-2023-46747 in F5 BIG-IP.
Nel febbraio 2024, hanno sfruttato la vulnerabilità CVE-2024-1709 in ConnectWise ScreenConnect, attaccando centinaia di istituzioni negli Stati Uniti e in Canada.
Nella primavera del 2025, il gruppo è stato osservato anche mentre sfruttava la vulnerabilità CVE-2025-31324 , un errore di caricamento file in NetWeaver Visual Composer che consentiva l’esecuzione di codice arbitrario. Anche altri gruppi cinesi hanno partecipato ad attacchi ai sistemi SAP, tra cui Chaya_004, UNC5221 e CL-STA-0048, che hanno installato backdoor su oltre 580 istanze NetWeaver, comprese quelle in infrastrutture critiche negli Stati Uniti e nel Regno Unito.
Dopo tre anni, perfino i ricercatori di OpenAI ammettono che le "allucinazioni" sono una caratteristica intrinseca dei modelli linguistici. Dopo tre anni, perfino il Wall Street Journal comincia a parlare di bolla speculativa dell'AI. Preparatevi.
Vita consacrata: Paoline, sr. Mari Lucia Kim è la nuova superiora generale
È sr. Mari Lucia Kim la nuova superiora generale delle Figlie di San Paolo, paoline. Nominata dal 12° Capitolo generale, sr. Mari Lucia è nata il 1° novembre 1965 a Mokpo, in Corea, ed è Figlia di San Paolo dal 25 gennaio 1995.
Gli Stati Uniti stanno spingendo sull’acceleratore per esportare i loro sistemi d’arma all’estero. Al Congresso è infatti in corso il tentativo più ambizioso degli ultimi decenni di aggiornare le regole sull’export
@Notizie dall'Italia e dal mondo Sciopero generale oggi in Grecia contro la proposta del governo di permettere ai dipendenti di lavorare fino a 13 ore al giorno per aumentare il proprio salario L'articolo Grecia. Scioperohttps://pagineesteri.it/2025/10/01/mediterraneo/grecia-sciopero-generale-giornata-lavorativa-13-ore/
e meno male esageravamo e putin non era nostro nemico... sembra come quando prima dell'invasione ucraina noi europei eravamo "isterici"... a detta di putin. sarà il caso di armarsi e cominciare a controbattere. almeno in modo difensivo..
Secondo quanto riferito, il governo del Regno Unito sta nuovamente chiedendo ad Apple di creare una backdoor per consentire ai funzionari governativi di accedere ai backup iCloud crittografati end-to-end nel Paese.
L'ultima volta che è successo, Apple ha disattivato la protezione avanzata dei dati di iCloud, la funzionalità opzionale che consente agli utenti di crittografare i backup nel cloud.
NEW: The U.K. government is reportedly once again requesting Apple build a backdoor so government officials can access end-to-end encrypted iCloud backups in the country.
Last time this happened, Apple disabled iCloud's Advanced Data Protection, the opt-in feature that lets users encypt cloud backups.
@lorenzofb ma hanno completamente ragione,ho solo pensiero per cui vorrei una risposta da lor signori,che sia legalmente rispettosa e in base al principio che stabilisce uguaglianza di diritti e senza retorica perché "essi"dovrebbero/devono esserne esclusi?per le cariche che svolgono!?forse tra di "essi"non possono esserci pedofili,corrotti,ladri!?"sono eletti dal popolo che MERITA rispetto per la fiducia affidatagli,non ABUSARE del potere ottenuto a fini personali.🤐
@Notizie dall'Italia e dal mondo Tra le crescenti concessioni idriche alle multinazionali private e le proteste delle popolazioni locali, due attivisti per la difesa dell'acqua e del territorio sono stati incriminati dopo un'udienza caratterizzata da numerose
La narrativa comune sull’Artico come teatro di guerra evoca immagini di ghiaccio, neve e temperature proibitive. Ma per gli addetti ai lavori ed i comandanti militari la stagione più insidiosa non è l’inverno, ma il “quinto tempo”, l’autunno e la primavera, quando il disgelo trasforma il terreno in un pantano impraticabile
@Notizie dall'Italia e dal mondo Il pericolo non arriva solo dalle bombe, cresce la violenza di genere e i diritti essenziali vengono calpestati. 700mila donne e ragazze in età fertile non hanno assorbenti, acqua pulita, sapone e privacy. L'articolo Gaza. Quasi 7 vittime su 10 sono donne, bambine e ragazze proviene da
@Informatica (Italy e non Italy 😁) Scoperta e risolta una vulnerabilità critica di escalation dei privilegi nell’app PosteID da parte dei ricercatori SERICS, poi risolta dal team dell’Identity Provider Poste Italiane, a testimonianza dei benefici nella
OrionBelt©
in reply to Cybersecurity & cyberwarfare • • •Cybersecurity & cyberwarfare likes this.
Cybersecurity & cyberwarfare reshared this.