Admit it or not, you probably have a teddy bear somewhere in your past that you were — or maybe are — fond of. Not to disparage your bear, but we think Bradfield might have had a bigger adventure than yours has. Bradfield was launched in November on a high-altitude balloon by Year 7 and 8 students at Walhampton School in the UK in connection with Southampton University. Dressed in a school uniform, he was supposed to ride to near space, but ran into some turbulence. The BBC reported that poor Bradfield couldn’t hold on any longer and fell from around 17 miles up. The poor bear looked fairly calm for being so high up.

A camera recorded the unfortunate stuffed animal’s plight. Apparently, a companion plushie, Bill the Badger (the Badger being the Southampton mascot), successfully completed the journey, returning to Earth with a parachute.

There have been some news reports that Bradfield may have been recovered, but we haven’t seen anything definitive yet. Of course, there are plenty of things you can launch on a balloon, but what a great idea to let kids send a mascot aloft with your serious science payloads and radio gear. Because we know you are launching a balloon for a serious purpose, right? Sure, we won’t tell you just want the cool pictures.

No offense to Bradfield, but sending humans aloft on balloons requires a little more care. We aren’t as well-equipped to drop 17 miles. The Hackaday Supercon has even been the site of an uncrewed (and unbeared) balloon launch. Meanwhile, if you are around Reading and spot Bradfield, be sure to give him a cookie and call the Walhampton school.

youtube.com/embed/l7JiO5356KY?…

hackaday.com/2025/12/12/the-ne…

One swol mealworm amidst its weaker brethren. (Credit: The Thought Emporium, YouTube)
Have you ever found yourself looking at the insects of the Paleozoic era, including the dragonfly Meganeuropsis permiana with its 71 cm wingspan and wondered what it would be like to have one as a pet? If so, you’re in luck because the mad lads over at [The Thought Emporium] have done a lot of the legwork already to grow your own raven-sized moths and more. As it turns out, all it takes is hijacking the chemical signals that control the development phases, to grow positively humongous mealworms and friends.

The growth process of the juveniles, such as mealworms – the larval form of the yellow mealworm beetle – goes through a number of molting stages (instars), with the insect juvenile hormone levels staying high until it is time for the final molt and transformation into a pupa from which the adult form emerges. The pyriproxyfen insecticide is a juvenile hormone analog that prevents this event. Although at high doses larvae perish, the video demonstrates that lower doses work to merely inhibit the final molt.

Hormone levels in an insect across its larval and pupa stages.
That proof-of-concept is nice of course if you really want to grow larger grubs, but doesn’t ultimately really affect the final form as they simply go through the same number of instars. Changing this requires another hormone/insecticide, called ecdysone, which regulates the number of instars before the final molt and pupal stage.

Amusingly, this hormone is expressed by plants to mess with larvae as they predate on their tissues, with spinach expressing a very significant amount of this phyto-ecdysone. For humans this incidentally interacts with the estrogen receptor beta, which helps with building muscle. Ergo bodybuilding supplies provide a ready to use source of this hormone as ‘beta ecdysterone’ to make swol insects with.

Unfortunately, this hormone turned out to be very tricky to apply, as adding it to their feed like with pyriproxyfen merely resulted in the test subjects losing weight or outright dying. For the next step it would seem that a more controlled exposure method is needed, which may or may not involve some DNA editing. Clearly creating Mothra is a lot harder than just blasting a hapless insect with some random ionizing radiation or toxic chemicals.
Gauromydas heros, the largest true fly alive today. (Credit: Biologoandre)
A common myth with insect size is that the only reason why they got so big during the Paleozoic was due to the high CO₂ content in the atmosphere. This is in fact completely untrue. There is nothing in insect physiology that prevents them from growing much larger, as they even have primitive lungs, as well as a respiratory and circulatory system to support this additional growth. Consequently, even today we got some pretty large insects for this reason, including some humongous flies, like the 7 cm long and 10 cm wingspan Gauromydas heros.

The real reasons appears to be the curse of exoskeletons, which require constant stressful molting and periods of complete vulnerability. In comparison, us endoskeleton-equipped animals have bones that grow along with the muscles and other tissues around them, which ultimately seems to be just the better strategy if you want to grow big. Evolutionary speaking this makes it more attractive for insects and other critters with exoskeletons to stay small and fly under the proverbial radar.

The positive upshot of this is of course that this means that we can totally have dog-sized moths as pets, which surely is what the goal of the upcoming video will be.

youtube.com/embed/D0PjLvlBsWw?…

hackaday.com/2025/12/12/super-…

Apple’s AirPods can pair with their competitors’ devices and work as basic Bluetooth earbuds, but to no one’s surprise most of their really interesting features are reserved for Apple devices. What is surprising, though, is that simple Bluetooth device ID spoofing unlocks these features, a fact which [Kavish Devar] took advantage of to write LibrePods, an AirPods controller app for Android and Linux.

In particular, LibrePods lets you control noise reduction modes, use ear detection to pause and unpause audio, detect head gestures, reduce volume when the AirPods detect you’re speaking, work as configurable hearing aids, connect to two devices simultaneously, and configure a few other settings. The app needs an audiogram to let them work as hearing aids, and you’ll need an existing audiogram – creating an audiogram requires too much precision. Of particular interest to hackers, the app has a debug mode to send raw Bluetooth packets to the AirPods. Unfortunately, a bug in the Android Bluetooth stack means that LibrePods requires root on most devices.

This isn’t the first time we’ve seen a hack enable hearing aid functionality without official Apple approval. However, while we have some people alter the hardware, AirPorts can’t really be called hacker- or repair-friendly.

Thanks to [spiralbrain] for the tip!

hackaday.com/2025/12/12/libera…

Dear Friend of Press Freedom,

Rümeysa Öztürk has been facing deportation for 262 days for co-writing an op-ed the government didn’t like, and journalist Ya’akub Vijandre remains locked up by Immigration and Customs Enforcement over social media posts about issues he reported on. Read on for more on what we’re working on this week.

Stop the gatekeeping. The First Amendment’s for all of us

In the early days of the internet, online news confused analog-era judges, who pondered questions like, “If this is journalism then why are there no ink smudges on my fingers?” These days, First Amendment advocates tend to chuckle when thinking back on that era. But apparently it’s not quite over yet.

Freedom of the Press Foundation (FPF) Senior Adviser Caitlin Vogus wrote for the Sun-Sentinel about a judge in Florida’s unfortunate ruling that YouTube-based outlet Popcorned Planet can’t avail itself of the state’s reporter’s privilege to oppose a subpoena from actor Blake Lively. The court’s decision would “effectively exclude any independent journalist who publishes using online platforms from relying on the privilege to protect their sources.” If it stands, “vital information will stay buried,” she explained.

And FPF Executive Director Trevor Timm spoke to Columbia Journalism Review about another subpoena from Lively that’s testing whether celebrity blogger Perez Hilton can claim the privilege. “Hilton is gathering information, talking to sources, and publishing things in order to have the public consume them. That fits the definition of a journalist,” Timm explained. As CJR noted, FPF’s U.S. Press Freedom Tracker “was one of the few to highlight the Hilton case.”

It’s not a question of whether Popcorned Planet and Hilton are great journalists or if they pass some editorial purity test. It’s a question of whether the courts will allow litigants to chip away at First Amendment rights that protect all journalists, no matter what platform they use to report or what subjects they cover.

• READ THE OP-ED

Administration is trolling America with its FOIA responses

As The New York Times reported this week, Immigration and Customs Enforcement claimed it has no body-worn camera footage from Operation Midway Blitz in Chicago, Illinois, despite a federal judge’s explicit order that agents wear and activate those cameras.

And as The Daily Beast reported, the Department of Homeland Security told FFP’s Daniel Ellsberg Chair on Government Secrecy Lauren Harper that Kristi Noem had no Truth Social Direct messages, despite her millions of followers. Harper requested cabinet officials’ messages in a Freedom of Information Act request after President Donald Trump accidentally publicly posted correspondence with Attorney General Pam Bondi.

As Harper told the Times, “They are trolling citizens and judges … ICE continues to feel increasing impunity and that it has the right to behave as a secret police that’s exempt from accountability.” FPF is, of course, appealing.

• READ THE NYT STORY

Don’t weaken Puerto Rico’s public records law

When the U.S. Navy quietly reactivated Roosevelt Roads Naval Station in Puerto Rico earlier this year, some residents saw the promise of new jobs, while others saw it as a painful reminder of past harms from the American military presence on the island.

Puerto Ricans — and Americans everywhere — deserve basic answers about what the military is up to as tensions escalate with Venezuela and whether Puerto Rico’s government is coordinating with the Pentagon and whether their concerns are being taken into account. And of course, there are countless local issues Puerto Ricans are entitled to be informed about.

But at the moment when transparency is most essential, lawmakers are trying to slam the door shut.

• READ MORE

Don’t just take our word for it…

Throughout 2025 we’ve been hosting online events platforming journalists impacted by anti-press policies at the national and local levels, so you can hear directly from the people we hope will benefit from our work.

Read about three of our recent events. This week’s panel features journalists whose reporting is complicated by sources unwilling to come forward due to fear of retaliation. Last week we spoke with journalists about the difficulties of covering the immigration beat during Trump 2.0, and last month we talked about the immigration cases against journalists Sami Hamdi and Ya’akub Vijandre over their support for Palestinian rights (shoutout to our friends at The Dissenter for writing up that event). And there are even more past events on our YouTube channel.

• BROWSE OUR YOUTUBE CHANNEL

WHAT WE'RE READING

Chokehold: Donald Trump’s war on free speech and the need for systemic resistance

Free Press
In a comprehensive new report, Free Press’s Nora Benavidez analyzes how Trump and his political enablers have sought to undermine and chill the most basic freedoms protected by the First Amendment.

Press freedom advocates sound alarm over Ya’akub Vijandre, stuck for over two months in ICE custody in Georgia

WABE
We cannot just accept that “every so often the administration is going to abduct some lawful resident who said something it doesn’t like about Israel or Palestine,” FPF’s Seth Stern told WABE.

Watched, tracked, and targeted: Life in Gaza under Israel’s all-encompassing surveillance regime

New York Magazine
A powerful essay by Palestinian journalist Mohammed Mhawish about life in Gaza “under Israel’s all-encompassing surveillance regime.”

​​ICEBlock creator sues Trump administration officials saying they pressured Apple to remove it from the app store

CNN
Threatening to punish app stores if they don’t remove apps the government dislikes is unconstitutional. This time it’s ICEBlock, but tomorrow it could be a news app.

Longtime LA radio exec Will Lewis dies; Went to prison in Hearst case

My News LA
Many heroes work behind the scenes on press freedom. Will Lewis was one of them. A radio executive who championed public media, he spent 15 days in prison to protect sources. RIP.

‘Heroic excavators of government secrets’

National Security Archive
Congratulations to the indefatigable National Security Archive on 40 years of clawing back the self-serving veil of government secrecy.

freedom.press/issues/stop-the-…

Il 70% della popolazione ha un cervello asimmetrico. Solo il 30% possiede quella configurazione cognitiva bilanciata che i manuali di formazione considerano standard. Eppure continuiamo a progettare corsi di security awareness, procedure operative e processi di sicurezza come se tutti ragionassero allo stesso modo.

Il risultato? Un fallimento sistematico che è certificato dai tanti report annuali sull’incidenza degli attacchi (in Italia e nel mondo). Non perché le persone siano stupide o disattente, ma perché stiamo addestrando cervelli che non esistono.

Il mito dell’utente medio

Le aziende spendono milioni in tecnologie di difesa, firewall sofisticati, sistemi di rilevamento delle intrusioni. Poi il ransomware entra dopo un click su un’email di phishing. Come sempre, l’anello debole è additato con vari nomignoli: “utonto”, Layer 8, “ID-10T” (idiota).

Ma il vero problema non è il fattore umano. Il problema è trattare le persone come variabili da standardizzare invece che come ecosistemi cognitivi da comprendere.

Un dipendente con ADHD non fallisce il test di phishing perché è distratto: fallisce perché la sua attenzione funziona diversamente e nessuno ha progettato contenuti adatti al suo cervello. Una persona autistica non ignora le procedure perché è rigida: le ignora perché sono scritte in modo ambiguo e il suo cervello richiede coerenza logica assoluta. Un dislessico non legge male le policy: il suo cervello privilegia informazioni visive e nessuno gliele fornisce.

Almeno il 15-20% dei dipendenti in ogni organizzazione ha qualche forma di neurodivergenza (il 70% secondo lo studio di Greenberg, Warrier, Allison e Baron-Cohen) E la formazione standard li perde sistematicamente.

La catena dell’infezione democratica

Lo stesso malware che ieri bloccava i server di una banca oggi cripta le foto della signora Pina sul suo PC di casa. Come? Con un messaggio WhatsApp dal nipote, la cui moglie lavora in quella banca e che ha preso il virus sul PC aziendale che si è diffuso automaticamente nella rete di casa. E viceversa.

La cybersecurity è profondamente democratica: le minacce non fanno distinzioni tra multinazionali e casalinghe, tra esperti e principianti. Colpiscono l’anello più debole della catena, che quasi sempre è una persona che viene colta in un momento di vulnerabilità cognitiva.

Un attimo di distrazione, un messaggio che arriva nel momento sbagliato, una richiesta urgente che bypassa ogni difesa razionale. E un link che sembra legittimo perché usa esattamente le parole giuste per il tuo profilo cognitivo.

I criminali lo sanno. Usano social engineering, messaggi di urgenza, false autorità, pressione emotiva. E funziona su tutti: dal CEO al parente che non sa distinguere tra un link buono e uno cattivo.

Il gap italiano

L’Italia è agli ultimi posti tra i Paesi UE per competenze digitali di base: solo il 45% degli italiani le possiede secondo l’indice DESI 2025 della Commissione Europea. Un gap che rallenta la diffusione di una cultura della sicurezza che dovrebbe essere educazione civile, come quella stradale o sessuale.

Ma il problema non è solo l’alfabetizzazione digitale. È l’approccio cognitivo. Continuiamo a erogare formazione come se tutti processassero le informazioni allo stesso modo, come se tutti avessero gli stessi punti deboli, come se una soluzione unica potesse proteggere configurazioni mentali diverse.

Le aziende più avanzate lo hanno capito e stanno investendo in programmi di security awareness che coinvolgono non solo i dipendenti, ma anche le loro famiglie. Perché hanno compreso che la sicurezza non si ferma al perimetro aziendale: viaggia attraverso le connessioni umane, i dispositivi e le reti personali, le abitudini domestiche.

Verso una difesa cognitivamente inclusiva

La soluzione non è fare più formazione. È fare formazione diversa. Progettata per cervelli reali, non per l’utente medio che non esiste.

Significa profilare cognitivamente le persone: capire come processano informazioni, quali sono le loro vulnerabilità specifiche, quali leve cognitive funzionano su di loro. Non per manipolarle, ma per proteggerle efficacemente.

Significa usare formati diversi per configurazioni cognitive diverse: video brevi per ADHD, procedure dettagliate e logiche per autistici, infografiche e mappe visive per dislessici. Non un corso unico per tutti, ma percorsi adattivi.

Significa applicare il principio “zero trust” anche alle persone: non fidarsi delle buone intenzioni, verificare costantemente i comportamenti, rimediare rapidamente quando qualcuno devia dal protocollo.

Significa trattare la vulnerabilità umana come si tratta la vulnerabilità tecnologica: assessment continuo, prioritizzazione del rischio, patching comportamentale, monitoraggio degli indicatori.

Il fattore umano come risorsa

La cybersecurity deve spostarsi da silos tecnologici isolati a una visione integrata che consideri come il comportamento umano dentro e fuori dall’ufficio influisca direttamente sulla protezione aziendale.

E deve smettere di vedere la diversità cognitiva come problema. Un team con membri neurodivergenti vede vulnerabilità che un team omogeneo ignora. Ma solo se i processi sono progettati per usare il cervello che hanno, non per forzarli ad adattarsi a un modello che non gli appartiene.

La domanda non è più “come addestriamo meglio le persone?”. La domanda è “come progettiamo sistemi di difesa che funzionano su cervelli reali?”.

Se vuoi approfondire come trasformare il fattore umano da vulnerabilità a risorsa attraverso modelli di security awareness cognitivamente inclusivi, il libroCYBERCOGNITIVISMO 2.0 – Manipolazione, Persuasione e Difesa Digitale(in arrivo su Amazon) propone framework operativi per gestire la vulnerabilità cognitiva come si gestisce il rischio tecnologico: con assessment, profiling, remediation e monitoraggio continuo.

L'articolo La cyber-formazione esclude il 70% delle persone proviene da Red Hot Cyber.

Typically, if you happened across a walnut lying about, you might consider eating it or throwing it to a friendly squirrel. However, as [Penguin DIY] demonstrates, it’s perfectly possible to turn the humble nut into a clandestine surveillance device. It turns out the walnut worriers were right all along.

The build starts by splitting and hollowing out the walnut. From there, small holes are machined into the mating faces of the walnut, into which [Penguin DIY] glues small neodymium magnets. These allow the walnut to be opened and snapped shut as desired, while remaining indistinguishable from a regular walnut at a distance.

The walnut shell is loaded with nine tiny lithium-polymer cells, for a total of 270 mAh of battery capacity at 3.7 volts. Charging the cells is achieved via a deadbugged TP4056 charge module to save space, with power supplied via a USB C port. Holes are machined in the walnut shell for the USB C port as well as the camera lens, though one imagines the former could have been hidden purely inside for a stealthier look. The camera itself appears to be an all-in-one module with a transmitter built in, with the antenna installed in the top half of the walnut shell and connected via pogo pins. The video signal can be picked up at a distance via a receiver hooked up to a smart phone. No word on longevity, but the included batteries would probably provide an hour or two of transmission over short ranges if you’re lucky.

If you have a walnut tree in your backyard, please do not email us about your conspiracy theories that they are watching you. We get those more than you might think, and they are always upsetting to read. If, however, you’re interested in surveillance devices, we’ve featured projects built for detecting them before with varying levels of success. Video after the break.

youtube.com/embed/j0rs7ny2t8A?…

hackaday.com/2025/12/12/hidden…

La recente edizione 2025.4 di Kali Linux è stata messa a disposizione del pubblico, introducendo significative migliorie per quanto riguarda gli ambienti desktop GNOME, KDE e Xfce. D’ora in poi, Wayland sarà il sistema di gestione delle finestre utilizzato di default, rappresentando un’importante novità rispetto alle precedenti versioni.

L’aggiornamento più recente trae spunto dalla versione precedente 2025.3 di settembre e vanta esperienze desktop perfezionate, un supporto guest VM potenziato in Wayland nonché una gamma di nuovi strumenti per la sicurezza offensiva.

Aggiornamenti dell’ambiente desktop

È importante sottolineare che GNOME ha abbandonato completamente il supporto per X11, spingendo Kali ad adottare Wayland come unico server Windows. Gli sviluppatori di Kali descrivono il passaggio come un’operazione fluida, grazie a test approfonditi e configurazioni aggiuntive per gli ambienti di macchine virtuali.

Tutti e tre gli ambienti desktop supportati, GNOME, KDE Plasma e Xfce, hanno ricevuto notevole attenzione. GNOME 49 introduce un’interfaccia più coerente e reattiva. Tra le modifiche più significative, una nuova categorizzazione degli strumenti nella griglia delle app, allineata alla tradizionale struttura del menu di Kali. Il lettore video Totem è stato sostituito con l’app più leggera Showtime e le scorciatoie da tastiera a lungo richieste per l’avvio dei terminali (Ctrl+Alt+T / Win+T) sono ora attive su tutti i desktop GNOME.

In Xfce, che rimane il desktop predefinito di Kali, è stato aggiunto un nuovo sistema di gestione dei colori, che finalmente raggiunge la parità con la personalizzazione visiva di GNOME e KDE. Gli utenti possono ora modificare i temi delle icone, i colori GTK/Qt e le decorazioni delle finestre tramite lo strumento Aspetto di Xfce e le utilità qt5ct / qt6ct.

Nuovi strumenti

Sono stati introdotti tre nuovi strumenti nei repository di Kali:

1. bpf-linker – Un semplice linker statico per programmi BPF (Berkeley Packet Filter).
2. evil-winrm-py – Una riscrittura in Python di Evil-WinRM, che consente l’esecuzione di comandi su macchine Windows remote tramite WinRM.
3. hexstrike-ai – Un server MCP che facilita l’esecuzione autonoma di strumenti da parte di agenti di intelligenza artificiale.

Oltre agli aggiornamenti della toolchain, Kali Linux ha aggiornato il suo kernel alla versione 6.16, garantendo la compatibilità con nuovi hardware e funzionalità.

Supporto guest Wayland e VM completamente funzionante

Kali 2025.4 segna una pietra miliare nella transizione a Wayland, che ha sostituito X11 in tutta la distribuzione. Mentre GNOME ora impone ufficialmente sessioni esclusivamente basate su Wayland, Kali distribuiva Wayland di default per KDE già dalla versione 2023.1.

Uno dei principali ostacoli a un’adozione più ampia di Wayland è stato il supporto incompleto per le utilità guest delle VM, in particolare la condivisione degli appunti e il ridimensionamento dinamico delle finestre. Gli sviluppatori di Kali segnalano di aver risolto questi problemi in questa versione. Le installazioni virtualizzate di Kali su VirtualBox, VMware e QEMU offrono ora il supporto completo per l’aggiunta di VM guest su Wayland, allineandosi all’esperienza X11.

Altri aggiornamenti

La piattaforma NetHunter per Android ha ricevuto diversi aggiornamenti, tra cui il supporto anticipato ad Android 16 per le varianti Samsung Galaxy S10, OnePlus Nord e dispositivi Xiaomi Mi 9. Il terminale NetHunter è ora di nuovo funzionante, con supporto per la modalità interattiva Magisk, che garantisce una migliore stabilità della sessione.

Lo strumento di phishing Wifipumpkin3 è stato aggiornato con nuovi modelli per piattaforme comuni come Instagram, iCloud e Snapchat, ed è in fase di sperimentazione un nuovo terminale in-app (versione alpha).

Chi fosse interessato a provare Kali Linux 2025.4 può scaricarlo da qui . A causa delle limitazioni di Cloudflare CDN sulle dimensioni dei file (~5 GB) e del costante aumento del peso e della complessità dei pacchetti, l’immagine Live ISO è ora disponibile solo tramite BitTorrent.

L'articolo Esce Kali Linux 2025.4! Miglioramenti e Novità nella Distribuzione per la Sicurezza Informatica proviene da Red Hot Cyber.

I server di posta elettronica del Ministero dell’Interno in Francia sono stati presi di mira da un attacco informatico. L’hacker è riuscito ad accedere a “diversi file”, ma al momento non è stata rilevata alcuna “grave compromissione”.

La notizia, rivelata da BFMTV , è stata confermata dal Ministro dell’Interno Laurent Nuñez alla radio RTL.

“C’è stato un attacco informatico“, ha affermato. “Un aggressore è riuscito ad accedere a diversi file “. La natura e il numero dei file coinvolti non sono ancora noti, secondo Laurent Nuñez, che ha specificato di non avere “tracce di compromissione grave” in questa fase.

Sono state implementate procedure di sicurezza standard e il livello di sicurezza è stato rafforzato, in particolare per quanto riguarda l’accesso al sistema informativo per tutti i dipendenti pubblici, che è stato rafforzato. Ciò include l’introduzione di un’analisi proattiva dei server e delle caselle di posta elettronica e l’implementazione sistematica dell’autenticazione a due fattori, secondo il Ministero dell’Interno.

Parallelamente, è stata presentata una segnalazione al procuratore generale Laure Beccuau. È in corso un’indagine giudiziaria.

Al momento non si prospetta alcuna ipotesi. “Esistono diverse motivazioni per un attacco informatico: a volte può trattarsi di interferenze straniere, di persone che vogliono sfidare le autorità pubbliche per dimostrare di essere in grado di accedere ai sistemi, e di reati informatici. Per ora, non sappiamo di cosa si tratti “, ha spiegato il ministro.

Alla domanda sulla possibilità di una violazione dei dati su larga scala, Laurent Nuñez ha assicurato che ” è stato predisposto tutto per impedirlo ” e per ” rafforzare immediatamente il sistema “.

L'articolo Attacco informatico ai server del Ministero dell’Interno Francese proviene da Red Hot Cyber.

We all know that you can play DOOM on nearly anything, but what about the lesser known work being done to let other species get in on the action? For ages now, our rodent friends haven’t been able to play the 1993 masterpiece, but [Viktor Tóth] and colleagues have been working hard to fix this unfortunate oversight.

If you’ve got the feeling this isn’t the first time you’ve read about rats attempting to slay demons, it’s probably because [Victor] has been working on this mission for years now — with a previous attempt succeeding in allowing rats to navigate the DOOM landscape. Getting the rodents to actually play through the game properly has proved slightly more difficult, however.

Improving on the previous attempt, V2 has the capability to allow rats to traverse through levels, be immersed in the virtual world with a panoramic screen, and take out enemies. Rewards are given to successful behaviors in the form of sugar water through a solenoid powered dispenser.

While this current system looks promising, the rats haven’t gotten too far though the game due to time constraints. But they’ve managed to travel through the levels and shoot, which is still pretty impressive for rodents.

DOOM has been an indicator of just how far we can take technology for decades. While this particular project has taken the meme into a slightly different direction, there are always surprises. You can even play DOOM in KiCad when you’re tired of using it to design PCBs.

hackaday.com/2025/12/12/rats-g…

The choice of a good keyboard is something which consumes a lot of time for many Hackaday readers, judging by the number of custom input device projects which make it to these pages. I live by my keyboard as a writer, but I have to admit that I’ve never joined in on the special keyboard front; for me it’s been a peripheral rather than an obsession. But I’m hard on keyboards, I type enough that I wear them out. For the last five years my Hackaday articles have come via a USB Thinkpad keyboard complete with the little red stick pointing device, but its keys have started parting company with their switches so it’s time for a replacement.

I Don’t Want The Blackpool Illuminations

Is it a gamer’s keyboard, or the Blackpool seafront at night? I can’t tell any more. Mark S Jobling, Public domain.
For a non keyboard savant peering over the edge, this can be a confusing choice. There’s much obsessing about different types of mechanical switch, and for some reason I can’t quite fathom, an unreasonable number of LEDs.

I don’t want my keyboard to look like the Blackpool Illuminations (translation for Americans: Las Vegas strip), I just want to type on the damn thing. More to the point, many of these “special” keyboards carry prices out of proportion to their utility, and it’s hard to escape the feeling that like the thousand quid stereo the spotty kid puts in his Opel Corsa, you’re being asked to pay just for bragging rights.

Narrowing down my needs then, I don’t need any gimmicks, I just need a small footprint keyboard that’s mechanically robust enough to survive years of my bashing out Hackaday articles on it. I’m prepared to pay good money for that.

The ‘board I settled upon is probably one of the most unglamorous decent quality keyboards on the market. The Cherry G84-4100 is sold to people in industry who need a keyboard that fits in a small space, and I’ve used one to the deafening roar of a cooling system in a data centre rack. It’s promising territory for a Hackaday scribe. I ordered mine from the Cherry website, and it cost me just under £70 (about $93), with the postage being extra. It’s available with a range of different keymaps, and I ordered the UK one. In due course the package arrived, a slim cardboard box devoid of consumer branding, inside of which was the keyboard, a USB-to-PS/2 adaptor, and a folded paper manual. I’m using it on a USB machine so the adaptor went in my hoard, but I’m pleased to be able to use this with older machines when necessary.

Hello My Old Data Centre Friend

It’s not shift-3 for the £ sign that’s important, but shift-2 for the quote. You have no idea how annoying not having that is on an international layout.
For my money, I got a keyboard described as “compact”, or 75%. It’s 282 by 132 by 26 mm in size, which means it takes up a little less space than the Thinkpad one it replaces, something of a win to my mind. It doesn’t have a numeric keypad, but I don’t need that. The switches are Cherry mechanical ones rather than the knock-offs you’ll find on so many competitors, and they have something of the mechanical sound but not the racket of an IBM buckled spring key switch. Cherry claim they’re good for 20 million activations, so even I shouldn’t wear them out.

The keymap is of course the standard UK one I’m used to, but what makes or breaks a ‘board like this one is how they arrange the other keys. I really like that their control key is in the bottom left hand corner rather than as in so many others, the function key, but I am taking a little while to get used to the insert and delete keys being to the left of the arrow keys in the bottom right hand corner. Otherwise my muscle memory isn’t being taxed too much by it.

There are a couple of little feet at the back underneath that can be flipped up to raise the ‘board at an angle. Since after years of typing the heel of my hand becomes inflamed if I rest it on the surface I elevate my wrist by about an inch with a rest, thus I use the keyboard tilt. I’ve been typing with the Cherry for a few weeks now, and it remains comfortable.

The Cherry G84-4100 then. It’s not a “special” keyboard in any way, in fact its about as utilitarian as it gets in a peripheral. But for me a keyboard is a tool, and just like my Vernier caliper or my screwdrivers I demand that it does its job repeatably and flawlessly for many years to come. So its unglamorous nature is its strength, because I’ve paid for the engineering which underlies it rather than the bells and whistles that adorn some others. Without realising it you’ll be seeing a lot of this peripheral in my work over the coming years.

hackaday.com/2025/12/12/review…

Hackaday Editors Elliot Williams and Al Williams met up to cover the best of Hackaday this week, and they want you to listen in. There were a hodgepodge of hacks this week, ranging from home automation with RF, volumetric displays in glass, and some crazy clocks, too.

Ever see a typewriter that uses an ink pen? Elliot and Al hadn’t either. Want time on a supercomputer? It isn’t free, but it is pretty cheap these days. Finally, the guys discussed how to focus on a project like Dan Maloney, who finally got a 3D printer, and talked about Maya Posch’s take on LLM intelligence.

Check out the links below if you want to follow along, and as always, tell us what you think about this episode in the comments!

html5-player.libsyn.com/embed/…

Download the human-generated podcast in mostly mono, but sometimes stereo, MP3.

Where to Follow Hackaday Podcast

Places to follow Hackaday podcasts:

• iTunes
• Spotify
• Stitcher
• RSS
• YouTube
• Check out our Libsyn landing page

Episode 349 Show Notes:

News:

• Failed 3D Printed Part Brings Down Small Plane

What’s that Sound?

• What is that sound? Al didn’t guess, but if you can, you could win a coveted Hackaday Podcast T-Shirt.

Interesting Hacks of the Week:

• Bridging RTL-433 To Home Assistant
  
  • GitHub – merbanan/rtl_433: Program to decode radio transmissions from devices on the ISM bands (and other frequencies)

  
  

• The Key To Plotting
• Reverse Sundial Still Tells Time
• Trace Line Clock Does It With Magnets
• Volumetric Display With Lasers And Bubbly Glass
  
  • Wiremap, A Volumetric Display

  
  

• The Engineering That Makes A Road Cat’s Eye Self-Cleaning

Quick Hacks:

• Elliot’s Picks:
  
  • Production KiCad Template Covers All Your Bases
  • RP2350 Done Framework Style
    
    • github.com/semitov/SemiTOV-MCL

    
    

  • Neat Techniques To Make Interactive Light Sculptures

  
  

• Al’s Picks:
  
  • Super Simple Deadbuggable Bluetooth Chip
  • LED Hourglass Is A Great Learning Project
  • Your Supercomputer Arrives In The Cloud

  
  

Can’t Miss Articles:

• Ask Hackaday: Solutions, Or Distractions?
• Why LLMs Are Less Intelligent Than Crows
  
  • What Is ChatGPT Doing … and Why Does It Work?

  
  

hackaday.com/2025/12/12/hackad…

Una presunta banca dati contenente informazioni sensibili su 18 milioni di cittadini statunitensi over 65 è apparsa in vendita su un noto forum del dark web.

L’inserzionista, che usa lo pseudonimo “Frenshyny”, sostiene di aver sottratto i dati direttamente dal portale governativo irs.gov, che gestisce, tra le altre cose, documentazione fiscale e informazioni sui piani pensionistici 401(k).

Disclaimer: Questo rapporto include screenshot e/o testo tratti da fonti pubblicamente accessibili. Le informazioni fornite hanno esclusivamente finalità di intelligence sulle minacce e di sensibilizzazione sui rischi di cybersecurity. Red Hot Cyber condanna qualsiasi accesso non autorizzato, diffusione impropria o utilizzo illecito di tali dati. Al momento, non è possibile verificare in modo indipendente l’autenticità delle informazioni riportate, poiché l’organizzazione coinvolta non ha ancora rilasciato un comunicato ufficiale sul proprio sito web. Di conseguenza, questo articolo deve essere considerato esclusivamente a scopo informativo e di intelligence.

Cosa conterrebbe il database

L’annuncio elenca una quantità impressionante di dati personali, indicati come:

• Nome e cognome
• Età
• Stato e città
• Indirizzo
• Codice postale
• Numero di telefono
• Email

Si tratterebbe, secondo il venditore, di informazioni relative ai beneficiari dei 401(k) Benefit Funds, il celebre piano di risparmio previdenziale statunitense attivo dagli anni ’80.

La quantità – 18 milioni di record – suggerisce una compromissione estremamente ampia, che se confermata implicherebbe il più grande data breach mai registrato sul sistema pensionistico privato statunitense.

Il contesto del forum

L’annuncio è pubblicato in una sezione dedicata alla vendita di database rubati. Il venditore si presenta come membro “V.I.P.” del forum, sottolineando una certa reputazione nella community e offrendo la possibilità di contattarlo su Telegram per “prove e prezzi”.

Il post contiene inoltre una lunga descrizione del funzionamento dei piani 401(k), probabilmente inserita per rendere più credibile la provenienza dei dati.

Perché questo leak sarebbe estremamente pericoloso

Se autentico, un database di tale portata esporrebbe milioni di cittadini anziani a:

• Frodi finanziarie su larga scala, incluse truffe relative alla previdenza.
• Furti d’identità, grazie al pacchetto completo di informazioni personali.
• Attacchi di social engineering mirati, particolarmente efficaci su persone più vulnerabili.
• Accesso fraudolento a conti o servizi collegati ai piani pensionistici.

Gli over 65 sono tra i bersagli preferiti dei criminali informatici, e possedere dati verificati li rende estremamente appetibili per campagne fraudolente.

Un nuovo segnale del boom del cyber-crimine finanziario

L’apparizione di questo presunto database conferma una tendenza ormai consolidata: il settore finanziario e previdenziale è diventato uno dei principali target per i threat actors.

Dati come quelli contenuti nei registri pensionistici, infatti, hanno un valore particolarmente alto nei mercati clandestini.

Se verificata, questa vendita rappresenterebbe l’ennesimo colpo alla sicurezza dei sistemi governativi statunitensi e un rischio enorme per milioni di pensionati.

L'articolo Banca dati IRS con 18 milioni di record 401(k) in vendita nel dark web proviene da Red Hot Cyber.