Salta al contenuto principale


Josef Prusa Warns Open Hardware 3D Printing is Dead


It’s hard to overstate the impact desktop 3D printing has had on the making and hacking scene. It drastically lowered the barrier for many to create their own projects, and much of the prototyping and distribution of parts and tools that we see today simply wouldn’t be possible via traditional means.

What might not be obvious to those new to the game is that much of what we take for granted today in the 3D printing world has its origins in open source hardware (OSHW). Unfortunately, [Josef Prusa] has reason to believe that this aspect of desktop 3D printing is dead.

If you’ve been following 3D printing for awhile, you’ll know how quickly the industry and the hobby have evolved. Just a few years ago, the choice was between spending the better part of $1,000 USD on a printer with all the bells and whistles, or taking your chances with a stripped-down clone for half the price. But today, you can get a machine capable of self calibration and multi-color prints for what used to be entry-level prices. According to [Josef] however, there’s a hidden cost to consider.

A chart showing the growth in patents after 2020(Data from Espacenet International Database by European Patent Organization, March 2025) – Major Point made by Prusa on the number of patents from certain large-name companies
From major development comes major incentives. In 3D printing’s case, we can see the Chinese market dominance. Printers can be sold for a loss, and patents are filed when you can rely on government reimbursements, all help create the market majority we see today. Despite continuing to improve their printers, these advantages have made it difficult for companies such as Prusa Research to remain competitive.

That [Josef] has become disillusioned with open source hardware is unfortunately not news to us. Prusa’s CORE One, as impressive as it is, marked a clear turning point in how the company released their designs. Still, [Prusa]’s claims are not unfounded. Many similar issues have arisen in 3D printing before. One major innovation was even falsely patented twice, slowing adoption of “brick layering” 3D prints.

Nevertheless, no amount of patent trolling or market dominance is going to stop hackers from hacking. So while the companies that are selling 3D printers might not be able to offer them as OSHW, we feel confident the community will continue to embrace the open source principles that helped 3D printing become as big as it is today.

Thanks to [JohnU] for the tip.


hackaday.com/2025/08/13/josef-…



I data breach agli hotel italiani


@Informatica (Italy e non Italy 😁)
Questa estate è stata caratterizzata da una serie di data breach abbastanza interessanti, tra cui quelli a carico di alcuni hotel italiani. Cosa è successo Dal 5 agosto sono stati […]
L'articolo I data breach agli hotel italiani proviene da Edoardo Limone.

edoardolimone.com/2025/08/13/i…

Maronno Winchester reshared this.


Cybersecurity & cyberwarfare ha ricondiviso questo.


Vulnerabilità critica in Fortinet: aggiornare subito FortiOS, FortiProxy e FortiPAM

📌 Link all'articolo : redhotcyber.com/post/vulnerabi…

#redhotcyber #hacking #cti #ai #online #it #cybercrime #cybersecurity #technology #news #cyberthreatintelligence #innovation #privacy

reshared this



New trends in phishing and scams: how AI and social media are changing the game



Introduction


Phishing and scams are dynamic types of online fraud that primarily target individuals, with cybercriminals constantly adapting their tactics to deceive people. Scammers invent new methods and improve old ones, adjusting them to fit current news, trends, and major world events: anything to lure in their next victim.

Since our last publication on phishing tactics, there has been a significant leap in the evolution of these threats. While many of the tools we previously described are still relevant, new techniques have emerged, and the goals and methods of these attacks have shifted.

In this article, we will explore:

  • The impact of AI on phishing and scams
  • How the tools used by cybercriminals have changed
  • The role of messaging apps in spreading threats
  • Types of data that are now a priority for scammers


AI tools leveraged to create scam content

Text


Traditional phishing emails, instant messages, and fake websites often contain grammatical and factual errors, incorrect names and addresses, and formatting issues. Now, however, cybercriminals are increasingly turning to neural networks for help.

They use these tools to create highly convincing messages that closely resemble legitimate ones. Victims are more likely to trust these messages, and therefore, more inclined to click a phishing link, open a malicious attachment, or download an infected file.

Example of a phishing email created with DeepSeek
Example of a phishing email created with DeepSeek

The same is true for personal messages. Social networks are full of AI bots that can maintain conversations just like real people. While these bots can be created for legitimate purposes, they are often used by scammers who impersonate human users. In particular, phishing and scam bots are common in the online dating world. Scammers can run many conversations at once, maintaining the illusion of sincere interest and emotional connection. Their primary goal is to extract money from victims by persuading them to pursue “viable investment opportunities” that often involve cryptocurrency. This scam is known as pig butchering. AI bots are not limited to text communication, either; to be more convincing, they also generate plausible audio messages and visual imagery during video calls.

Deepfakes and AI-generated voices


As mentioned above, attackers are actively using AI capabilities like voice cloning and realistic video generation to create convincing audiovisual content that can deceive victims.

Beyond targeted attacks that mimic the voices and images of friends or colleagues, deepfake technology is now being used in more classic, large-scale scams, such as fake giveaways from celebrities. For example, YouTube users have encountered Shorts where famous actors, influencers, or public figures seemingly promise expensive prizes like MacBooks, iPhones, or large sums of money.

Deepfake YouTube Short
Deepfake YouTube Short

The advancement of AI technology for creating deepfakes is blurring the lines between reality and deception. Voice and visual forgeries can be nearly indistinguishable from authentic messages, as traditional cues used to spot fraud disappear.

Recently, automated calls have become widespread. Scammers use AI-generated voices and number spoofing to impersonate bank security services. During these calls, they claim there has been an unauthorized attempt to access the victim’s bank account. Under the guise of “protecting funds”, they demand a one-time SMS code. This is actually a 2FA code for logging into the victim’s account or authorizing a fraudulent transaction.
media.kasperskycontenthub.com/…Example of an OTP (one-time password) bot call

Data harvesting and analysis


Large language models like ChatGPT are well-known for their ability to not only write grammatically correct text in various languages but also to quickly analyze open-source data from media outlets, corporate websites, and social media. Threat actors are actively using specialized AI-powered OSINT tools to collect and process this information.

The data so harvested enables them to launch phishing attacks that are highly tailored to a specific victim or a group of victims – for example, members of a particular social media community. Common scenarios include:

  • Personalized emails or instant messages from what appear to be HR staff or company leadership. These communications contain specific details about internal organizational processes.
  • Spoofed calls, including video chats, from close contacts. The calls leverage personal information that the victim would assume could not be known to an outsider.

This level of personalization dramatically increases the effectiveness of social engineering, making it difficult for even tech-savvy users to spot these targeted scams.

Phishing websites


Phishers are now using AI to generate fake websites too. Cybercriminals have weaponized AI-powered website builders that can automatically copy the design of legitimate websites, generate responsive interfaces, and create sign-in forms.

Some of these sites are well-made clones nearly indistinguishable from the real ones. Others are generic templates used in large-scale campaigns, without much effort to mimic the original.

Phishing pages mimicking travel and tourism websites
Phishing pages mimicking travel and tourism websites

Often, these generic sites collect any data a user enters and are not even checked by a human before being used in an attack. The following are examples of sites with sign-in forms that do not match the original interfaces at all. These are not even “clones” in the traditional sense, as some of the brands being targeted do not offer sign-in pages.

These types of attacks lower the barrier to entry for cybercriminals and make large-scale phishing campaigns even more widespread.

Login forms on fraudulent websites
Login forms on fraudulent websites

Telegram scams


With its massive popularity, open API, and support for crypto payments, Telegram has become a go-to platform for cybercriminals. This messaging app is now both a breeding ground for spreading threats and a target in itself. Once they get their hands on a Telegram account, scammers can either leverage it to launch attacks on other users or sell it on the dark web.

Malicious bots


Scammers are increasingly using Telegram bots, not just for creating phishing websites but also as an alternative or complement to these. For example, a website might be used to redirect a victim to a bot, which then collects the data the scammers need. Here are some common schemes that use bots:

  • Crypto investment scams: fake token airdrops that require a mandatory deposit for KYC verification

Telegram bot seemingly giving away SHIBARMY tokens
Telegram bot seemingly giving away SHIBARMY tokens


  • Phishing and data collection: scammers impersonate official postal service to get a user’s details under the pretense of arranging delivery for a business package.

Phishing site redirects the user to an "official" bot.
Phishing site redirects the user to an “official” bot.


  • Easy money scams: users are offered money to watch short videos.

Phishing site promises easy earnings through a Telegram bot.
Phishing site promises easy earnings through a Telegram bot.

Unlike a phishing website that the user can simply close and forget about when faced with a request for too much data or a commission payment, a malicious bot can be much more persistent. If the victim has interacted with a bot and has not blocked it, the bot can continue to send various messages. These might include suspicious links leading to fraudulent or advertising pages, or requests to be granted admin access to groups or channels. The latter is often framed as being necessary to “activate advanced features”. If the user gives the bot these permissions, it can then spam all the members of these groups or channels.

Account theft


When it comes to stealing Telegram user accounts, social engineering is the most common tactic. Attackers use various tricks and ploys, often tailored to the current season, events, trends, or the age of their target demographic. The goal is always the same: to trick victims into clicking a link and entering the verification code.

Links to phishing pages can be sent in private messages or posted to group chats or compromised channels. Given the scale of these attacks and users’ growing awareness of scams within the messaging app, attackers now often disguise these phishing links using Telegram’s message-editing tools.

This link in this phishing message does not lead to the URL shown
This link in this phishing message does not lead to the URL shown

New ways to evade detection

Integrating with legitimate services


Scammers are actively abusing trusted platforms to keep their phishing resources under the radar for as long as possible.

  • Telegraph is a Telegram-operated service that lets anyone publish long-form content without prior registration. Cybercriminals take advantage of this feature to redirect users to phishing pages.

Phishing page on the telegra.ph domain
Phishing page on the telegra.ph domain


  • Google Translate is a machine translation tool from Google that can translate entire web pages and generate links like https://site-to-translate-com.translate.goog/… Attackers exploit it to hide their assets from security vendors. They create phishing pages, translate them, and then send out the links to the localized pages. This allows them to both avoid blocking and use a subdomain at the beginning of the link that mimics a legitimate organization’s domain name, which can trick users.

Localized phishing page
Localized phishing page


  • CAPTCHA protects websites from bots. Lately, attackers have been increasingly adding CAPTCHAs to their fraudulent sites to avoid being flagged by anti-phishing solutions and evade blocking. Since many legitimate websites also use various types of CAPTCHAs, phishing sites cannot be identified by their use of CAPTCHA technology alone.

CAPTCHA on a phishing site
CAPTCHA on a phishing site

Blob URL


Blob URLs (blob:example.com/…) are temporary links generated by browsers to access binary data, such as images and HTML code, locally. They are limited to the current session. While this technology was originally created for legitimate purposes, such as previewing files a user is uploading to a site, cybercriminals are actively using it to hide phishing attacks.

Blob URLs are created with JavaScript. The links start with “blob:” and contain the domain of the website that hosts the script. The data is stored locally in the victim’s browser, not on the attacker’s server.

Blob URL generation script inside a phishing kit
Blob URL generation script inside a phishing kit

Hunting for new data


Cybercriminals are shifting their focus from stealing usernames and passwords to obtaining irrevocable or immutable identity data, such as biometrics, digital signatures, handwritten signatures, and voiceprints.

For example, a phishing site that asks for camera access supposedly to verify an account on an online classifieds service allows scammers to collect your biometric data.

Phishing for biometrics
Phishing for biometrics

For corporate targets, e-signatures are a major focus for attackers. Losing control of these can cause significant reputational and financial damage to a company. This is why services like DocuSign have become a prime target for spear-phishing attacks.

Phishers targeting DocuSign accounts
Phishers targeting DocuSign accounts

Even old-school handwritten signatures are still a hot commodity for modern cybercriminals, as they remain critical for legal and financial transactions.

Phishing for handwritten signatures
Phishing for handwritten signatures

These types of attacks often go hand-in-hand with attempts to gain access to e-government, banking and corporate accounts that use this data for authentication.

These accounts are typically protected by two-factor authentication, with a one-time password (OTP) sent in a text message or a push notification. The most common way to get an OTP is by tricking users into entering it on a fake sign-in page or by asking for it over the phone.

Attackers know users are now more aware of phishing threats, so they have started to offer “protection” or “help for victims” as a new social engineering technique. For example, a scammer might send a victim a fake text message with a meaningless code. Then, using a believable pretext – like a delivery person dropping off flowers or a package – they trick the victim into sharing that code. Since the message sender indeed looks like a delivery service or a florist, the story may sound convincing. Then a second attacker, posing as a government official, calls the victim with an urgent message, telling them they have just been targeted by a tricky phishing attack. They use threats and intimidation to coerce the victim into revealing a real, legitimate OTP from the service the cybercriminals are actually after.

Fake delivery codes
Fake delivery codes

Takeaways


Phishing and scams are evolving at a rapid pace, fueled by AI and other new technology. As users grow increasingly aware of traditional scams, cybercriminals change their tactics and develop more sophisticated schemes. Whereas they once relied on fake emails and websites, today, scammers use deepfakes, voice cloning and multi-stage tactics to steal biometric data and personal information.
Here are the key trends we are seeing:

  • Personalized attacks: AI analyzes social media and corporate data to stage highly convincing phishing attempts.
  • Usage of legitimate services: scammers are misusing trusted platforms like Google Translate and Telegraph to bypass security filters.
  • Theft of immutable data: biometrics, signatures, and voiceprints are becoming highly sought-after targets.
  • More sophisticated methods of circumventing 2FA: cybercriminals are using complex, multi-stage social engineering attacks.


How do you protect yourself?


  • Critically evaluate any unexpected calls, emails, or messages. Avoid clicking links in these communications, even if they appear legitimate. If you do plan to open a link, verify its destination by hovering over it on a desktop or long-pressing on a mobile device.
  • Verify sources of data requests. Never share OTPs with anyone, regardless of who they claim to be, even if they say they are a bank employee.
  • Analyze content for fakery. To spot deepfakes, look for unnatural lip movements or shadows in videos. You should also be suspicious of any videos featuring celebrities who are offering overly generous giveaways.
  • Limit your digital footprint. Do not post photos of documents or sensitive work-related information, such as department names or your boss’s name, on social media.

securelist.com/new-phishing-an…



Running Guitar Effects on a PlayStation Portable


A red Sony PSP gaming console is shown, displaying the lines “Audio Mechanica,” “Brek Martin 2006-2025,” and “Waiting for Headphones.”

If your guitar needs more distortion, lower audio fidelity, or another musical effect, you can always shell out some money to get a dedicated piece of hardware. For a less conventional route, though, you could follow [Brek Martin]’s example and reprogram a handheld game console as a digital effects processor.

[Brek] started with a Sony PSP 3000 handheld, with which he had some prior programming experience, having previously written a GPS maps program and an audio recorder for it. The PSP has a microphone input as part of the connector for a headset and remote, though [Brek] found that a Sony remote’s PCB had to be plugged in before the PSP would recognize the microphone. To make things a bit easier to work with, he made a circuit board that connected the remote’s hardware to a microphone jack and an output plug.

[Brek] implemented three effects: a flanger, bitcrusher, and crossover distortion. Crossover distortion distorts the signal as it crosses zero, the bitcrusher reduces sample rate to make the signal choppier, and the flanger mixes the current signal with its variably-delayed copy. [Brek] would have liked to implement more effects, but the program’s lag would have made it impractical. He notes that the program could run more quickly if there were a way to reduce the sample chunk size from 1024 samples, but if there is a way to do so, he has yet to find it.

If you’d like a more dedicated digital audio processor, you can also build one, perhaps using some techniques to reduce lag.

youtube.com/embed/MlPtfeSyyak?…


hackaday.com/2025/08/13/runnin…



Aggiornamento Critico per Google Chrome: Patch per varie Vulnerabilità


Un aggiornamento critico di sicurezza è stato rilasciato da Google Chrome, il quale risolve sei vulnerabilità di sicurezza che potrebbero essere sfruttate per eseguire codice arbitrario sui sistemi coinvolti. È stato quindi distribuito un aggiornamento di sicurezza in emergenza.

L’aggiornamento alla versione stabile 139.0.7258.127/.128 per Windows e Mac e 139.0.7258.127 per Linux contiene patch per diverse falle di sicurezza di elevata gravità che pongono rischi significativi per i dati degli utenti e l’integrità del sistema.

L’aggiornamento di sicurezza prende di mira tre vulnerabilità di elevata gravità che potrebbero causare l’esecuzione di codice arbitrario. Il CVE-2025-8879 rappresenta una vulnerabilità di heap buffer overflow nella libreria libaom, che gestisce le operazioni di codifica e decodifica video.

Questo tipo di vulnerabilità consente agli aggressori di scrivere dati oltre i limiti di memoria allocati, sovrascrivendo potenzialmente informazioni critiche del sistema. Invece il CVE-2025-8880 risolve una condizione di competizione nel motore JavaScript V8 di Google, segnalata dal ricercatore di sicurezza Seunghyun Lee.

Le condizioni di competizione si verificano quando più processi tentano di accedere simultaneamente a risorse condivise, creando un comportamento imprevedibile che gli aggressori possono sfruttare.

La terza falla di gravità elevata, CVE-2025-8901, riguarda una vulnerabilità di scrittura fuori dai limiti in ANGLE (Almost Native Graphics Layer Engine), che traduce le chiamate API OpenGL ES in API supportate dall’hardware.

Il team di sicurezza di Chrome ha utilizzato diverse metodologie di rilevamento avanzate per identificare queste vulnerabilità, tra cui AddressSanitizer per rilevare bug di danneggiamento della memoria, MemorySanitizer per letture di memoria non inizializzate e UndefinedBehaviorSanitizer per rilevare comportamenti indefiniti nel codice C/C++.

L’aggiornamento incorpora anche i meccanismi di integrità del flusso di controllo e i risultati dei framework di test libFuzzer e AFL (American Fuzzy Lop).

L'articolo Aggiornamento Critico per Google Chrome: Patch per varie Vulnerabilità proviene da il blog della sicurezza informatica.



Verso un ferragosto col botto! 36 RCE per il Microsoft Patch Tuesday di Agosto


Agosto Patch Tuesday: Microsoft rilascia aggiornamenti sicurezza che fixano 107 vulnerabilità nei prodotti del suo ecosistema. L’aggiornamento include correzioni per 90 vulnerabilità, classificate come segue: 13 sono critiche, 76 sono importanti, una è moderata e una è bassa.

In particolare, nessuna di queste vulnerabilità è elencata come vulnerabilità zero-day attivamente sfruttata, il che offre un certo sollievo agli amministratori IT. Le vulnerabilità rientrano in diverse categorie, tra cui Esecuzione di codice remoto (RCE), Elevazione dei privilegi (EoP), Divulgazione di informazioni, Spoofing, Denial of Service (DoS) e Manomissione.

Il 12 agosto 2025, Microsoft ha rilasciato i suoi aggiornamenti di sicurezza mensili Patch Tuesday, risolvendo un numero significativo di vulnerabilità nel suo ecosistema di prodotti.

Le vulnerabilità di esecuzione di codice remoto dominano il Patch Tuesday di questo mese, con 36 vulnerabilità corrette, 10 delle quali classificate come Critiche. Queste falle potrebbero consentire agli aggressori di eseguire codice arbitrario, compromettendo potenzialmente interi sistemi.

Le principali vulnerabilità di esecuzione di codice remoto includono:

  • DirectX Graphics Kernel (CVE-2025-50176 , critico) : un difetto di type confusion nel Graphics Kernel consente l’esecuzione di codice locale da parte di un aggressore autorizzato.
  • Microsoft Office ( CVE-2025-53731 , CVE-2025-53740 , Critico) : molteplici vulnerabilità di tipo use-after-free in Microsoft Office consentono ad aggressori non autorizzati di eseguire codice localmente.
  • Componente grafico di Windows ( CVE-2025-50165 , critico) : un dereferenziamento di puntatore non attendibile nel componente grafico di Microsoft consente ad aggressori non autorizzati di eseguire codice su una rete.
  • Microsoft Word ( CVE-2025-53733 , CVE-2025-53784 , Critico) : difetti in Microsoft Word, tra cui la conversione errata del tipo numerico e problemi di tipo use-after-free, consentono l’esecuzione di codice locale.
  • Windows Hyper-V (CVE-2025-48807, Critico) : una restrizione impropria dei canali di comunicazione in Hyper-V consente l’esecuzione di codice locale.
  • Microsoft Message Queuing (MSMQ) (CVE-2025-50177, Critico; CVE-2025-53143, CVE-2025-53144, CVE-2025-53145, Importante) : diverse vulnerabilità, tra cui difetti di tipo use-after-free e di confusione dei tipi, interessano MSMQ, consentendo l’esecuzione di codice basato sulla rete.
  • GDI+ ( CVE-2025-53766 , Critico) : un heap buffer overflow in Windows GDI+ consente l’esecuzione di codice basato sulla rete.
  • Servizio Routing e Accesso Remoto di Windows (RRAS) (CVE-2025-49757, CVE-2025-50160, CVE-2025-50162, CVE-2025-50163, CVE-2025-50164, CVE-2025-53720, Importante) : heap buffer overflow basati su heap in RRAS consentono l’esecuzione di codice basato sulla rete.
  • Microsoft Excel (CVE-2025-53741, CVE-2025-53759, CVE-2025-53737, CVE-2025-53739, Importante) : heap buffer overflow e i problemi di tipo use-after-free in Excel consentono l’esecuzione di codice locale.

L'articolo Verso un ferragosto col botto! 36 RCE per il Microsoft Patch Tuesday di Agosto proviene da il blog della sicurezza informatica.


Cybersecurity & cyberwarfare ha ricondiviso questo.


Aggiornamento Critico per Google Chrome: Patch per varie Vulnerabilità

📌 Link all'articolo : redhotcyber.com/post/aggiornam…

#redhotcyber #hacking #cti #ai #online #it #cybercrime #cybersecurity #technology #news #cyberthreatintelligence #innovation #privacy

reshared this


Cybersecurity & cyberwarfare ha ricondiviso questo.


Charon Ransomware targets Middle East with APT attack methods
securityaffairs.com/181098/mal…
#securityaffairs #hacking


Cybersecurity & cyberwarfare ha ricondiviso questo.


I’m on my way to GopherCon UK!

If you want to chat about Go and security, catch me and @roland there, exceptionally in the same physical space!



Vulnerabilità RCE critica in Microsoft Teams: aggiornamento urgente necessario


Nell’ambito degli aggiornamenti di sicurezza di agosto 2025 del tipo Patch Tuesday, è stata aggiornata una vulnerabilità critica di Remote Code Execution (RCE) nel software di collaborazione Teams prodotto da Microsoft.

La falla critica, monitorata come CVE-2025-53783, potrebbe consentire a un aggressore non autorizzato di leggere, scrivere e persino eliminare messaggi e dati degli utenti eseguendo codice su una rete. Un aggressore potrebbe sfruttare questa falla per sovrascrivere dati critici o eseguire codice dannoso nel contesto dell’applicazione Teams.

Microsoft sostiene che un exploit funzionante per questo bug potrebbe comportare conseguenze significative per la segretezza, l’integrità e l’accessibilità dei dati di un utente, consentendo all’attaccante di acquisire i diritti di lettura, scrittura e cancellazione dei dati.

La vulnerabilità è un heap buffer overflow, un tipo di debolezza di corruzione della memoria in cui un’applicazione può essere costretta a memorizzare dati oltre lo spazio di memoria allocato.

L’azienda sottolinea che lo sfruttamento di questa falla presenta un elevato grado di complessità (AC: H), che richiede all’aggressore di raccogliere informazioni specifiche sull’ambiente di destinazione.

Inoltre, per un attacco riuscito è necessaria l’interazione dell’utente, il che significa che il bersaglio dovrebbe probabilmente cliccare su un collegamento dannoso o aprire un file creato appositamente.

All’atto della dichiarazione, la falla di sicurezza non era stata resa pubblica né sfruttata in modo attivo. Secondo la stima di Microsoft sulla possibilità di sfruttamento, quest’ultimo è considerato “Meno plausibile”.

L’azienda ha già rilasciato una correzione ufficiale e invita utenti e amministratori ad applicare gli ultimi aggiornamenti di sicurezza per mitigare il rischio.

Questa vulnerabilità di Teams è stata una delle 107 falle risolte nella versione Patch Tuesday di questo mese , che includeva anche una correzione per una vulnerabilità zero-day divulgata pubblicamente in Windows Kerberos.

L'articolo Vulnerabilità RCE critica in Microsoft Teams: aggiornamento urgente necessario proviene da il blog della sicurezza informatica.



29.000 server Exchange a rischio. L’exploit per il CVE-2025-53786 è sotto sfruttamento


29.000 server Exchange sono vulnerabili al CVE-2025-53786, che consente agli aggressori di muoversi all’interno degli ambienti cloud Microsoft, portando potenzialmente alla compromissione completa del dominio.

Il CVE-2025-53786 consente agli aggressori che hanno già ottenuto l’accesso amministrativo ai server Exchange locali di aumentare i privilegi nell’ambiente cloud connesso di un’organizzazione falsificando o manipolando token attendibili e richieste API. Questo attacco non lascia praticamente alcuna traccia, rendendolo difficile da rilevare.

La vulnerabilità riguarda Exchange Server 2016, Exchange Server 2019 e Microsoft Exchange Server Subscription Edition nelle configurazioni ibride.

La vulnerabilità è correlata alle modifiche apportate nell’aprile 2025, quando Microsoft ha rilasciato linee guida e un hotfix per Exchange nell’ambito della Secure Future Initiative. In quell’occasione, l’azienda è passata a una nuova architettura con un’applicazione ibrida separata che ha sostituito l’identità condivisa non sicura utilizzata in precedenza dai server Exchange locali ed Exchange Online.

In seguito, i ricercatori hanno scoperto che questo schema lasciava aperta la possibilità di attacchi pericolosi. Alla conferenza Black Hat , Outsider Security dimostrò un simile attacco post-exploit.

Inizialmente non l’ho considerata una vulnerabilità perché il protocollo utilizzato per questi attacchi era stato progettato tenendo conto delle caratteristiche discusse nel rapporto e mancava semplicemente di importanti controlli di sicurezza”, afferma Dirk-Jan Mollema di Outsider Security.

Sebbene gli esperti Microsoft non abbiano trovato alcun segno di sfruttamento del problema in attacchi reali, la vulnerabilità è stata contrassegnata come “Sfruttamento più probabile“, il che significa che l’azienda prevede che gli exploit appariranno presto.

Come avvertono gli analisti di Shadowserver , ci sono 29.098 server Exchange sulla rete che non hanno ricevuto le patch. Di conseguenza, sono stati trovati più di 7.200 indirizzi IP negli Stati Uniti, oltre 6.700 in Germania e più di 2.500 in Russia.

Il giorno dopo la divulgazione del problema, la Cybersecurity and Infrastructure Security Agency (CISA) degli Stati Uniti ha emesso una direttiva di emergenza ordinando a tutte le agenzie federali (inclusi i dipartimenti del Tesoro e dell’Energia) di affrontare urgentemente la minaccia.

In un bollettino di sicurezza separato , i rappresentanti della CISA hanno sottolineato che la mancata correzione di CVE-2025-53786 potrebbe portare alla “completa compromissione di un cloud ibrido e di un dominio on-premise”.

Come spiegato da Mollema, gli utenti di Microsoft Exchange che hanno già installato l’hotfix menzionato e seguito le raccomandazioni di aprile dell’azienda dovrebbero essere protetti dal nuovo problema. Tuttavia, coloro che non hanno ancora implementato le misure di protezione sono ancora a rischio e dovrebbero installare l’hotfix e seguire anche le istruzioni di Microsoft ( 1 , 2 ) sull’implementazione di un’app ibrida di Exchange separata.

“In questo caso, non è sufficiente applicare semplicemente una patch; sono necessari ulteriori passaggi manuali per migrare a un servizio principale dedicato”, ha spiegato Mollema. “L’urgenza dal punto di vista della sicurezza è determinata dall’importanza per gli amministratori di isolare le risorse di Exchange on-premise da quelle ospitate nel cloud. Nella vecchia configurazione, il sistema Exchange ibrido aveva pieno accesso a tutte le risorse di Exchange Online e SharePoint”.

Lo specialista ha inoltre sottolineato ancora una volta che lo sfruttamento di CVE-2025-53786 avviene dopo la compromissione, ovvero l’aggressore deve compromettere in anticipo l’ambiente locale o i server Exchange e disporre dei privilegi di amministratore.

L'articolo 29.000 server Exchange a rischio. L’exploit per il CVE-2025-53786 è sotto sfruttamento proviene da il blog della sicurezza informatica.


Cybersecurity & cyberwarfare ha ricondiviso questo.


Vulnerabilità RCE critica in Microsoft Teams: aggiornamento urgente necessario

📌 Link all'articolo : redhotcyber.com/post/vulnerabi…

#redhotcyber #hacking #cti #ai #online #it #cybercrime #cybersecurity #technology #news #cyberthreatintelligence #innovation

reshared this


Cybersecurity & cyberwarfare ha ricondiviso questo.


Hackers leak 2.8M sensitive records from #Allianz #Life in #Salesforce data breach
securityaffairs.com/181093/dat…
#securityaffairs #hacking

Cybersecurity & cyberwarfare ha ricondiviso questo.


29.000 server Exchange a rischio. L’exploit per il CVE-2025-53786 è sotto sfruttamento

📌 Link all'articolo : redhotcyber.com/post/29-000-se…

#redhotcyber #hacking #cti #ai #online #it #cybercrime #cybersecurity #technology #news #cyberthreatintelligence #innovation #privacy

reshared this



That’s no Moon, er, Selectric


If you learned to type anytime in the mid-part of the 20th century, you probably either had or wanted an IBM Selectric. These were workhorses and changed typing by moving from typebars to a replaceable wheel. They were expensive, though worth it since many of them still work (including mine). But few of us could afford the $1,000 or more that these machines cost back in the day, especially when you consider that $1,000 was enough to buy a nice car for most of that time. [Tech Tangents] looks at something different: a clone Selectric from the sewing machine and printer company Juki.

The typewriter was the brainchild of [Thomas O’Reilly]. He sold typewriters and knew that a $500 compatible machine would sell. He took the prototype to Juki, which was manufacturing typewriters for Olivetti at the time.

Although other typewriters used typeballs, none of them were actual clones and didn’t take IBM typeballs. Juki even made their own typeballs. You’d think IBM might have been upset, but they were already moving towards the “wheelwriter,” which used a daisywheel element. Juki would later make a Xerox-compatible daisywheel printer, again at a fraction of the cost of the original.

Even the Juki manual was essentially a rip-off of the IBM Selectric manual. Sincerest form of flattery, indeed. It did appear that the ribbon was not a standard IBM cartridge. That makes them hard to find compared to Selectric ribbons, but they are nice since they have correction tape built in. The video mentions that you can find them on eBay and similar sites.

There were a few other cost savings. First, the Juki was narrower than most Selectrics. It also had a plastic case, although if you have ever had to carry a Selectric up a few flights of stairs, you might consider that a feature.

The Juki in the video doesn’t quite work, but it is a quirky machine with an odd history. Today, you can print your own typeballs. We wonder if these would be amenable to computer control like the Selectrics?

youtube.com/embed/EQMOWNUJq7U?…


hackaday.com/2025/08/12/thats-…



Creating a New Keyboard Flex for an Old Calculator


[Menadue] had a vintage Compucorp 326 calculator with an aging problem. Specifically, the flex cable that connects the button pad had turned corroded over time. However, thanks to the modern PCB industrial complex, replacing the obscure part was relatively straightforward!

The basic idea was simple enough: measure the original flex cable, and recreate it with the flat-flex PCB options available at many modern PCB houses that cater to small orders and hobbyists. [Menadue] had some headaches, having slightly misjudged the pitch of the individual edge-connector contacts. However, he figured that if lined up just right, it was close enough to still work. With the new flex installed, the calculator sprung into life…only several keys weren’t working. Making a new version with the correct pitch made all the difference, however, and the calculator was restored to full functionality.

It goes to show that as long as your design skills are up to scratch, you can replace damaged flex-cables in old hardware with brand new replacements. There’s a ton of other cool stuff you can do with flex PCBs, too.

youtube.com/embed/QmJaNzWDqbY?…


hackaday.com/2025/08/12/creati…


Cybersecurity & cyberwarfare ha ricondiviso questo.


SAP fixed 26 flaws in August 2025 Update, including 4 Critical
securityaffairs.com/181085/unc…
#securityaffairs #hacking


LEDs That Flow: A Fluid Simulation Business Card


Flip card

Fluid-Implicit-Particle or FLIP is a method for simulating particle interactions in fluid dynamics, commonly used in visual effects for its speed. [Nick] adapted this technique into an impressive FLIP business card.

The first thing you’ll notice about this card is its 441 LEDs arranged in a 21×21 matrix. These LEDs are controlled by an Raspberry Pi RP2350, which interfaces with a LIS2DH12TR accelerometer to detect card movement and a small 32Mb memory chip. The centerpiece is a fluid simulation where tilting the card makes the LEDs flow like water in a container. Written in Rust, the firmware implements a FLIP simulation, treating the LEDs as particles in a virtual fluid for a natural, flowing effect.

This eye-catching business card uses clever tricks to stay slim. The PCB is just 0.6mm thick—compared to the standard 1.6mm—and the 3.6mm-thick 3.7V battery sits in a cutout to distribute its width across both sides of the board. The USB-C connection for charging and programming uses clever PCB cuts, allowing the plug to slide into place as if in a dedicated connector.

Inspired by a fluid simulation pendant we previously covered, this board is just as eye-catching. Thanks to [Nick] for sharing the design files for this unique business card. Check out other fluid dynamics projects we’ve featured in the past.


hackaday.com/2025/08/12/leds-t…


Cybersecurity & cyberwarfare ha ricondiviso questo.


August 2025 #Patch #Tuesday fixes a #Windows Kerberos Zero-Day
securityaffairs.com/181077/hac…
#securityaffairs #hacking #Windows

Cybersecurity & cyberwarfare ha ricondiviso questo.


The Go 1.25 change I am most excited about is the new synctest package.

How I think about it is as a way to deflake tests by simulating an infinitely fast processor (because time doesn’t move until all work is done), and then shorten them by compressing time (because time jumps once it moves).

hachyderm.io/@golang/115018033…

in reply to Filippo Valsorda

More favorites from go.dev/doc/go1.25:

- go doc -http
- waitgroup analyzer
- experimental encoding/json/v2
- trace flight recorder
- CrossOriginProtection, of course
- 3x faster RSA keygen
- no more SHA-1 in TLS 1.2
- hash.Cloner and XOF
- more os.Root methods
- WaitGroup.Go (!)
- testing.T.Output

in reply to Filippo Valsorda

I can't wait for synctest. Both the time and the go routines bits. We are gonna wait a few days before starting the upgrade so I need to be patient

Cybersecurity & cyberwarfare ha ricondiviso questo.


Vulnerabilità nel sistema di accesso online per concessionari auto: un ricercatore trova falle di sicurezza

📌 Link all'articolo : redhotcyber.com/post/vulnerabi…

#redhotcyber #hacking #cti #ai #online #it #cybercrime #cybersecurity #technology #news #cyberthreatintelligence #innovation #privacy

reshared this



3D-Printing A Full-Sized Kayak In Under A Day


If you want to get active out on the water, you could buy a new kayak, or hunt one down on Craigslist, Or, you could follow [Ivan Miranda]’s example, and print one out instead.

[Ivan] is uniquely well positioned to pursue a build like this. That’s because he has a massive 3D printer which uses a treadmill as a bed. It’s perfect for building long, thin things, and a kayak fits the bill perfectly. [Ivan] has actually printed a kayak before, but it took an excruciating 7 days to finish. This time, he wanted to go faster. He made some extruder tweaks that would allow his treadmill printer to go much faster, and improved the design to use as much of the belt width as possible. With the new setup capable of extruding over 800 grams of plastic per hour, [Ivan] then found a whole bunch of new issues thanks to the amount of heat involved. He steps through the issues one at a time until he has a setup capable of extruding an entire kayak in less than 24 hours.

This isn’t just a dive into 3D printer tech, though. It’s also about watercraft! [Ivan] finishes the print with a sander and a 3D pen to clean up some imperfections. The body is also filled with foam in key areas, and coated with epoxy to make it watertight. It’s not the easiest craft to handle, and probably isn’t what you’d choose for ocean use. It’s too narrow, and wounds [Ivan] when he tries to get in. It might be a floating and functional kayak, just barely, for a smaller individual, but [Ivan] suggests he’ll need to make changes if he were to actually use this thing properly.

Overall, it’s a project that shows you can 3D print big things quite quickly with the right printer, and that maritime engineering principles are key for producing viable watercraft. Video after the break.

youtube.com/embed/9DpMkYDCq9Y?…


hackaday.com/2025/08/12/3d-pri…



Vulnerabilità nel sistema di accesso online per concessionari auto: un ricercatore trova falle di sicurezza


È stata individuata una vulnerabilità nel sistema di accesso online per i concessionari di una delle più grandi case automobilistiche al mondo: è bastato scavare un po’ nel codice della pagina. Il ricercatore di sicurezza Eaton Zwer di Harness ha riferito di essere riuscito a sfruttare la vulnerabilità per creare un account amministrativo con diritti di accesso completi al portale interno del produttore. La violazione ha consentito di ottenere dati riservati dei clienti, informazioni sul veicolo e persino di controllare da remoto le funzioni dell’auto, incluso lo sblocco.

Zwer, che in precedenza aveva individuato bug nei sistemi delle case automobilistiche , scoprì il problema per caso, durante un progetto personale svolto nel fine settimana. Scoprì che, al caricamento della pagina di login, il browser del cliente caricava un codice errato che poteva essere modificato per bypassare tutti i meccanismi di autenticazione. Ciò rese possibile la creazione di un account di “amministratore nazionale” che dava accesso a oltre 1.000 concessionarie negli Stati Uniti.

Attraverso questa interfaccia, era possibile visualizzare i dati personali dei clienti, inclusi i recapiti e alcune informazioni finanziarie, nonché gestire i servizi relativi ai veicoli. Tra le altre cose, ciò includeva il monitoraggio in tempo reale dei veicoli aziendali e trasportati, l’utilizzo di sistemi telematici e persino l’annullamento delle spedizioni dei veicoli.

Uno degli elementi più inquietanti del sistema era lo strumento di ricerca clienti, che richiedeva solo nome e cognome per accedere alle informazioni su un’auto specifica e sul suo proprietario. Zver ha utilizzato come esempio il numero di telaio di un’auto parcheggiata in strada e ha confermato che questo era sufficiente per associare l’auto a una persona specifica. Secondo lui, era possibile avviare la procedura di trasferimento dell’auto sotto il controllo di un altro utente semplicemente confermando la propria intenzione, senza alcuna verifica. Ha testato questo scenario con il consenso di un amico ed è riuscito a controllare efficacemente l’auto di qualcun altro tramite un’app mobile.

Non meno pericolosa era la possibilità di accedere ai sistemi collegati di altri concessionari utilizzando un unico login. Grazie al meccanismo SSO (Single Sign-On), l’account amministratore creato poteva non solo spostarsi tra diverse parti dell’infrastruttura, ma anche imitare l’accesso di un altro utente. Ciò consentiva l’accesso ai diritti, ai dati e ai sistemi del dipendente preso di mira a sua insaputa: un meccanismo simile era già stato utilizzato in precedenza nel portale dei concessionari.

Il ricercatore ha definito l’architettura una “bomba a orologeria“, osservando che gli utenti potevano visualizzare e utilizzare informazioni critiche, tra cui accordi, lead e analisi interne, senza essere scoperti. L’azienda avrebbe corretto la vulnerabilità entro una settimana dalla divulgazione privata del problema nel febbraio 2025. Tuttavia, un’indagine ha dimostrato che l’exploit non era mai stato utilizzato prima: Zwer sarebbe stato il primo a scoprire e segnalare le falle nel sistema.

Secondo Zver, la radice del problema era ancora una volta qualcosa di banale: falle nel sistema di autenticazione API. Solo due vulnerabilità hanno messo a nudo l’intero mondo interno della rete di concessionari. Zver ritiene che questo sia un ulteriore promemoria: non appena il controllo degli accessi crolla, crolla tutto.

L'articolo Vulnerabilità nel sistema di accesso online per concessionari auto: un ricercatore trova falle di sicurezza proviene da il blog della sicurezza informatica.



2025 One Hertz Challenge: Abstract Aircraft Sculpture Based On Lighting Regulations


The 2025 One Hertz Challenge is really heating up with all kinds of projects that do something once every second. [The Baiko] has given us a rather abstract entry that looks like a plane…if you squint at it under the right conditions.

It’s actually quite an amusing abstract build. If you’ve ever seen planes flying in the night sky, you’ve probably noticed they all have similar lights. Navigation lights, or position lights as they are known, consist of a red light on the left side and a green light on the right side. [The Baiko] assembled two such LEDs on a small sliver of glass along with an ATtiny85 microcontroller.

Powered by a coin cell, they effectively create a abstract representation of a plane in the night sky, paired with a flashing strobe that meets the requirements of the contest. [The Baiko] isn’t exactly sure of the total power draw, but notes it must be low given the circuit has run for weeks on a 30 mAh coin cell.

It’s an amusing piece of PCB art, though from at least one angle, it does appear the red LED might be on the wrong side to meet FAA regulations. Speculate on that in the comments.

In any case, we’ve had a few flashers submitted to the competition thus far, and you’ve got until August 19 to get your own entry in!

2025 Hackaday One Hertz Challenge


hackaday.com/2025/08/12/2025-o…


Cybersecurity & cyberwarfare ha ricondiviso questo.


Dutch #NCSC: #Citrix #NetScaler zero-day breaches critical orgs
securityaffairs.com/181070/hac…
#securityaffairs #hacking

Cybersecurity & cyberwarfare ha ricondiviso questo.


NEW: Two hackers broke into the computer of a hacker allegedly working for the North Korean spy group known as "Kimsuky."

The hackers then leaked a treasure trove of stolen data, exposing a North Korean spy operation against South Korean targets.

“Kimsuky, you’re not a hacker. You are driven by financial greed, to enrich your leaders, and to fulfill their political agenda. You steal from others and favour your own. You value yourself above the others: You are morally perverted,” the two wrote in their Phrack magazine article. “You hack for all the wrong reasons.”

techcrunch.com/2025/08/12/hack…



Design Review: LattePanda Mu NAS Carrier


It is a good day for design review! Today’s board is the MuBook, a Lattepanda Mu SoM (System-on-Module) carrier from [LtBrain], optimized for a NAS with 4 SATA and 2 NVMe ports. It is cheap to manufacture and put together, the changes are non-extensive but do make the board easier to assemble, and, it results in a decent footprint x86 NAS board you can even order assembled at somewhere like JLCPCB.

This board is based on the Lite Carrier KiCad project that the LattePanda team open-sourced to promote their Mu boards. I enjoy seeing people start their project from a known-working open-source design – they can save themselves lots of work, avoid reinventing the wheel and whole categories of mistakes, and they can learn a bunch of design techniques/tips through osmosis, too. This is a large part of why I argue everyone should open-source their projects to the highest extent possible, and why I try my best to open-source all the PCBs I design.

Let’s get into it! The board’s on GitHub as linked, already containing the latest changes.

Git’ting Better


I found the very first review item when downloading the repo onto my computer. It took a surprising amount of time, which led me to believe the repo contains a fair bit of binary files – something quite counterproductive to keep in Git. My first guess was that the repo had no .gitignore for KiCad, and indeed – it had the backups/ directory with a heap of hefty .zips, as well as a fair bit of stuff like gerbers and footprint/symbol cache files. I checked in with [LtBrain] that these won’t be an issue to delete, and then added a .gitignore from the Blepis project.

This won’t make the repo easier to check out in the future, sadly – the hefty auto-generated files are still in the repo history. However, at least it won’t grow further as KiCad puts new archives into the backups/ directory, and, it’s good to keep .gitignore files in your KiCad repos so you can easily steal them every time you start a new project.

Apart from that, a .gitignore also makes working with your repository way way easier! When seeing changes overview in git status or GitHub Desktop, it’s way nicer to, and you even get a shot at reviewing changes in your commits to make sure you’re not adding something you don’t want in the repository. Oh, and, you don’t risk leaking your personal details as much, since things like auto-generated KiCad lockfiles will sometimes contain your computer name or your user name.

Now that the PCB Git-ability has been improved, let’s take a look at the board, first and foremost; the schematic changes here are fairly minimal, and already reviewed by someone else.

Cheap With Few Compromises


There’s plenty of PCIe, USB3, and SATA on this board – as such, it has to be at least four layers, and this one is. The SIG-GND-GND-SIG arrangement is only slightly compromised by a VDC (12 V to 15 V) polygon on one of the layers, taking up about 30% of space, and used to provide input power to Mu and also onboard 3.3 V and 5 V regulators.

Of course, with so many interfaces, you’ll also want to go small – you’ll have to fit a lot of diffpairs on the board, and you don’t want them flowing too close to each other to avoid interference. This board uses approximately 0.1 mm / 0.1 mm clearances, which, thankfully, work well enough for JLCPCB – the diffpairs didn’t even need to be redrawn much. Apart from that, the original design used 0.4 mm / 0.2 mm vias. Problem? JLC has a $30 surcharge for such vias for a board of this size. No such thing for 0.4 mm / 0.3 mm vias, surprisingly, even though the annular ring is way smaller.

I went and changed all 0.4 mm / 0.2 mm vias to 0.4 mm / 0.3mm vias, and that went surprisingly well – no extra DRC errors. The hole-to-copper distance is set to be pretty low in this project, to 0.15 mm, because that’s inherited from LattePanda carrier files, so I do hope that JLC doesn’t balk at those vias during the pre-production review. Speaking of DRC, I also set all courtyard errors to “ignore” – not only does this category have low signal-to-noise ratio, the LattePanda module courtyard also would raise problems at all items placed under the module, even though there’s plenty of space as long as you use a DDR socket tall enough.

One thing looked somewhat critical to me, though – the VDC polygon, specifically, the way it deprived quite a few diffpairs from GND under them.

Redraw, Nudge, Compromise


Remember, you want a ground polygon all along the underside of the differential pair, from start to finish, without interruptions – that ground polygon is where ground return current flows, and it’s also crucial in reaching the right differential pair impedance. The VDC polygon did interrupt a good few pairs, however.

Most of those interruptions were fixed easily by lifting the VDC polygon. Highlighting the net (` keyboard key) showed that there’s only really 4 consumers of the VDC power input, and all of them were above the overwhelming majority of the diffpairs. REFCLKs for M.2 sockets had to be rerouted to go over ground all throughout, though, and I also added a VDC cutout to pull gigabit Ethernet IC PCIe RX/TX pairs over VDC for most of their length.

This polygon carries a fair bit of current, a whole N100 (x86) CPU’s worth and then some, and remember – inner layers are half as thick, only 0. 5oz instead of 1 oz you get for outer layers by default. So, while we can cut into it, the VDC path has to be clear enough. A lot of items on VDC, like some gigabit controller power lines, ended up being moved from the VDC polygon layer to the opposite inner layer – now, they’re technically on the layer under PCIe and gigabit Ethernet pairs, but it’s a better option than compromising VDC power delivery. I also moved some VDC layer tracks to B.Cu and F.Cu; remember, with high-speed stuff you really want to minimize the number of inner layer tracks.

Loose Ends


With the vias changed and polygon redrawn, only a few changes remained. Not all diffpair layer crossings had enough vias next to them, and not all GND pads had vias either – particularly on the Mu and M.2 slots, what’s with high-speed communications and all, you have to make sure that all GND pads have GND vias on them. Again, highlight GND net (`) and go hunting. Afterwards, check whether you broke any polygons on inner layers – I sure did accidentally make a narrow passage on VDC even more narrow with my vias, but it didn’t take much to fix. Remember, it’s rare that extra vias cost you extra, so going wild on them is generally safe.

The SATA connector footprint from Digikey was faulty – instead of plated holes for through-hole pins, it had non-plated holes. Not the kind of error I’ve ever seen with easyeda2kicad, gotta say. As an aside, it was quite a struggle to find the proper datasheet on Digikey – I had to open like five different PDFs before I found one with footprint dimension recommendations.

A few nets were NC – as it turned out, mostly because some SATA ports had conflicting names; a few UART testpoints were present in the schematic but not on the board, so I wired them real quick, too. DRC highlighted some unconnected tracks – always worth fixing, so that KiCad can properly small segments into longer tracks, and so that your track moves don’t then result in small track snippets interfering with the entire plan. Last but not least, the BIOS sheet in the schematic was broken for some reason; KiCad said that it was corrupted. Turned out that instead of BIOS.kicad_sch, the file was named bios.kicad_sch – go figure.

Production Imminent


These changes helped [LtBrain] reduce PCB manufacturing cost, removed some potential problems for high-speed signal functioning, and fixed some crucial issues like SATA port mounting pins – pulling an otherwise SMD-pad SATA port off the board is really easy on accident! They’re all on GitHub now, as you’d expect, and you too can benefit from this board now.



Continuous-Path 3D Printed Case is Clearly Superior


[porchlogic] had a problem. The desire was to print a crystal-like case for an ESP32 project, reminiscent of so many glorious game consoles and other transparent hardware of the 1990s. However, with 3D printing the only realistic option on offer, it seemed difficult to achieve a nice visual result. The solution? Custom G-code to produce as nice a print as possible, by having the hot end trace a single continuous path.

The first job was to pick a filament. Transparent PLA didn’t look great, and was easily dented—something [porchlogic] didn’t like given the device was intended to be pocketable. PETG promised better results, but stringing was common and tended to reduce the visual appeal. The solution to avoid stringing would be to stop the hot end lifting away from the print and moving to different areas of the part. Thus, [porchlogic] had to find a way to make the hot end move in a single continuous path—something that isn’t exactly a regular feature of common 3D printing slicer utilities.

The enclosure itself was designed from the ground up to enable this method of printing. Rhino and Grasshopper were used to create the enclosure and generate the custom G-code for an all-continuous print. Or, almost—there is a single hop across the USB port opening, which creates a small blob of plastic that is easy to remove once the print is done, along with strings coming off the start and end points of the print.

Designing an enclosure in this way isn’t easy, per se, but it did net [porchLogic] the results desired. We’ve seen some other neat hacks in this vein before, too, like using innovative non-planar infill techniques to improve the strength of prints.

youtube.com/embed/2Sy50BrlDMo?…

Thanks to [Uxorious] and [Keith Olson] for the tip!


hackaday.com/2025/08/12/contin…



Remembering James Lovell: the Man Who Cheated Death in Space


Many people have looked Death in the eye sockets and survived to tell others about it, but few situations speak as much to the imagination as situations where there’s absolutely zero prospect of rescuers swooping in. Top among these is the harrowing tale of the Apollo 13 moon mission and its crew – commanded by James “Jim” Lovell – as they found themselves stranded in space far away from Earth in a crippled spacecraft, facing near-certain doom.

Lovell and his crew came away from that experience in one piece, with millions tuning into the live broadcast on April 17 of 1970 as the capsule managed to land safely back on Earth, defying all odds. Like so many NASA astronauts, Lovell was a test pilot. He graduated from the US Naval Academy in Maryland, serving in the US Navy as a mechanical engineer, flight instructor and more, before being selected as NASA astronaut.

On August 7, 2025, Lovell died at the age of 97 at his home in Illinois, after a dizzying career that saw a Moon walk swapped for an in-space rescue mission like never seen before.

Joining The Navy

The USS Shangri-La underway in 1970. (Credit: US Navy)The USS Shangri-La underway in 1970. (Credit: US Navy)
James Arthur Lovell Jr. was born in Cleveland, Ohio, on March 25, 1928. He was the sole child, with his father dying in a car accident when he was five years old. After this he and his mother lived with a relative in Indiana, before moving to Wisconsin where Lovell attended Juneau High School. He attained the Boy Scouts’ highest rank of Eagle Scout, while also displaying an avid interest in rocketry including the building of flying models.

After graduating from high school, Lovell studied engineering under the US Navy’s Flying Midshipman program from 1946 to 1948, which focused on training new naval aviators. This was a sponsored program by the US Navy, with the student required to enlist as Apprentice Seaman and to serve in the Navy for five years, including one year of active duty.

As this program was being rolled back in the wake of the end of WW2, Lovell saw himself and others like him pressured to transfer out, with Lovell applying at the US Naval Academy in Annapolis, Maryland. Here he would continue his engineering studies, graduating with a Bachelor of Science degree in the Spring of 1952.

After graduation he was commissioned as an ensign in the US Navy, got selected for naval aviation training and was later assigned to the Essex-class aircraft carrier USS Shangri-La during the 1950s where he flew many missions, racking up a reported total of 107 carrier landings. Once back ashore he became a flight instructor for Navy pilots.

To Space And Beyond


With NASA selecting its future astronauts from the military’s test pilots for a variety of reasons, it was only a matter of time before Lovell would be in the running for the first group of astronauts considering his performance in the Navy. Although he got put on the list of potential astronauts for Project Mercury, he narrowly missed joining the Mercury Seven. After applying for the second group, however, he ended up being selected for Mercury’s successor project: Project Gemini.
The Pacific Ocean as seen from the Gemini 7 capsule on 8 December 1965 by astronauts Borman and Lovell. (Credit NASA)The Pacific Ocean as seen from the Gemini 7 capsule on 8 December 1965 by astronauts Borman and Lovell. (Credit NASA)
Lovell would fly on two Gemini missions, Gemini 7 and Gemini 12, with the latter seeing Lovell being joined by Edwin “Buzz” Aldrin as the pilot. Before embarking on Gemini 7, Lovell and his fellow astronaut Frank F. Borman were given the advice by Pete Conrad – who had previously spent eight days on Gemini 5 – to take books along for the ride. Considering that Gemini 7 was an endurance mission lasting nearly two weeks, this turned out to be very good advice, indeed.
Edwin "Buzz" Aldrin performing an EVA during the first day of the 4-day Gemini 12 mission. (Credit: NASA)Edwin “Buzz” Aldrin performing an EVA during the first day of the 4-day Gemini 12 mission. (Credit: NASA, James Lovell)
The four-day Gemini 12 mission would be the last mission in the project, taking place during November of 1966. During this mission Aldrin demonstrated a number of extra-vehicular activities (EVAs), showing that humans could perform activities outside of the spacecraft, thus clearing the way for Project Apollo.

Lucky Apollo 13


Although Lovell is generally associated with Apollo 13, his third spaceflight was on Apollo 8 which launched on December 21st of 1968. This was the first manned Apollo mission to make it to the Moon following Apollo 7 which stayed in Earth’s orbit. During Apollo 8 the crew of three – Borman, Lovell and Anders – completed ten orbits around Earth’s companion, making it the first time that humans had laid eyes on the far side of the Moon and were able to observe an Earthrise.
The famous 'Earthrise' photo by William Anders taken during Apollo 8. (Source: NASA)The famous ‘Earthrise’ photo by William Anders taken during Apollo 8. (Source: NASA)
With the Apollo program in constant flux, Apollo 8’s mission profile was changed from a more conservative Earth orbit-bound test with the – much delayed lunar module (LM) – to the very ambitious orbiting of the Moon. This put the Apollo program back on track, however, as it skipped a few intermediate steps. After Apollo 9 demonstrated the full lunar EVA suit in space as well as docking with the LM in Earth orbit, Apollo 10 was the wet dress rehearsal for the first true Moon landing with Neil Armstrong and Buzz Aldrin taking the honors.

After Apollo 12 delivered its second batch of astronauts to the lunar surface, it was finally time for Lovell as the commander and Fred Haise as the LM pilot to add their footprints to the lunar regolith as part of the Apollo 13 mission. After two successful Moon landings, when Apollo 13 took off from the landing pad on April 11, 1970, it seemed that this was going to be mostly a routine mission.

After making it about 330,000 km from Earth, the Apollo 13 crew was going through their well-practiced schedule, with only one active issue bothering them and ground control in Houston. This issue involved the pressure sensor in one of the service module (SM) oxygen tanks. Ground control requested that the crew try activating the stirring fans in the oxygen tanks to see whether de-stratifying the contents of the affected oxygen tank might fix the odd readings.

Ninety-five seconds after Command Module (CM) pilot John Swigert activated these fans the three astronauts heard a loud bang, accompanied by electrical power fluctuations and the attitude control thrusters automatically engaging. After briefly losing communications with Earth, Swigert called back to Houston with the now famous “Houston, we have had a problem.” phrase.

youtube.com/embed/MdvoA-sjs0A?…

As indicated by the resulting investigations, one of the oxygen tanks (Oxygen Tank 2) that fed the fuel cells for power generation had turned into a bomb owing to manufacturing and handling defects years prior. The resulting explosion also caused the loss of Oxygen Tank 1 and ultimately putting all of the CM’s fuel cells out of commission. With the CM’s batteries rapidly draining, the Apollo 13 astronauts only had minutes to put a plan together with Houston, to use the LM as their lifeboat and to devise a way to plan a course back to Earth after a fly-by of the Moon.

As these immediate concerns were addressed and Apollo 13 found itself on a course that should take it safely back to Earth, two new issues cropped up. The first was that of potable water, as normally the CM’s fuel cells would create all the water that they’d need during the mission. With the CM and its fuel cells out of commission, they had to strictly ration their limited supply, all the way down to 200 mL per person per day.
The adapted carbon dioxide scrubber on Apollo 13. (Credit: NASA)The adapted carbon dioxide scrubber on Apollo 13. (Credit: NASA)
The other issue concerned the carbon dioxide levels. Although the LM carried sufficient oxygen, CO2 scrubbers were required to keep the levels of this gas at healthy levels, even as the crew kept adding to it with their breathing. The lithium hydroxide pellet-based scrubbers in the CM and LM were up to their individual tasks, but the LM was equipped only for the 45 hours that two astronauts would spend on the lunar surface, not keep three astronauts alive for the time that it’d take to travel back to Earth.

Annoyingly, the CM and LM scrubber canisters had different dimensions that prevented the astronauts from simply availing themselves of the CM scrubbers. This was fortunately nothing that some solid arts and crafts experience can’t fix, and the CM canisters were made to work using plastic manual covers, duct tape and whatever else was needed to bridge the gaps.

With all the essentials dealt with as well as possible considering the circumstances, the three astronauts set in for a very long and very cold wait. As most systems were shut down to preserve every bit of energy there was little any of them could do against the cold of space itself seeping into the LM even as moisture condensed on all surfaces.

Before nearing Earth, Lovell and his crew were tasked with configuring the LM’s navigation computer in preparation for final approach, as well as starting the CM up from its cold shutdown. With every step of this re-entry and required separation of the SM, CM and ultimately the LM being completely unlike the normal procedure that they had trained for, there existed significant uncertainty about how well it all would work.

Fortunately everything went off relatively without any issues and on April 17 of 1970 all three Apollo 13 astronauts made a soft splash back on Earth. This would also be Lovell’s fourth and final spaceflight.

Retirement

Apollo 13's capsule splashing down on April 17 1970. (Credit: NASA)Apollo 13’s capsule splashing down on April 17 1970. (Credit: NASA)
Lovell would retire from the Navy and the space program on March 1, 1973. For decades afterwards he’d serve as CEO, president and similar roles for a range of companies before retiring in 1991, only staying on the board of directors for a number of corporations including the Astronautics Corporation of America. With the fame that Apollo 13 had brought him and his two fellow astronauts none of them ever fully left the public eye.

A number of films and documentaries were made about the Apollo 13 mission, which was termed a ‘successful failure’. Lovell would make a number of cameos, with the 1995 film Apollo 13 based on Lovell’s book Lost Moon being one of the most notable examples.

With Lovell’s death, Fred Haise is now the last remaining member of Apollo 13 to still be alive, after Jack Swigert died from cancer in 1982.

Although a lot has been said already about Apollo 13 nearly ending in tragedy, including its auspicious number in many Western cultures, it’s impossible to deny that this mission’s crew were among the luckiest imaginable. In the dark and cold of Space, trapped between Earth and the Moon, they found themselves among the best friends imaginable to together solve a puzzle, even as their own lives were on the line.

If the oxygen tank had exploded on the return trip from the Moon, all astronauts would have likely perished. Similarly, if any of the other events during the mission had played out slightly differently, or if another emergency had occurred on top of the existing ones, things might have turned out very differently.

If there’s anything to be learned from Lovell’s life, it is probably that ‘luck’ is relative, and that team work goes a very long way.


hackaday.com/2025/08/12/rememb…



Come previsto, il bug di WinRAR è diventato un’arma devastante per i cyber criminali


Come era prevedibile, il famigerato bug scoperto su WinRar, viene ora sfruttato attivamente dai malintenzionati su larga scala, vista la diffusione e la popolarità del software.

Gli esperti di ESET hanno segnalato che la vulnerabilità di WinRAR (CVE-2025-8088) recentemente risolta è stata utilizzata come 0-day negli attacchi di phishing ed è stata utilizzata per installare il malware RomCom.

La vulnerabilità era correlata al directory traversal ed è stata risolta a fine luglio con il rilascio di WinRAR versione 7.13. Il problema consentiva l’utilizzo di archivi appositamente preparati e la decompressione dei file lungo un percorso specificato dagli aggressori.

Durante la decompressione di un file, le versioni precedenti di WinRAR, le versioni Windows di RAR, UnRAR, il codice sorgente di UnRAR portatile e la libreria UnRAR.dll potevano utilizzare il percorso di un archivio appositamente preparato anziché quello specificato dall’utente”, hanno spiegato gli sviluppatori dell’archiviatore . “Le versioni Unix di RAR, UnRAR, il codice sorgente di UnRAR portatile e la libreria UnRAR, così come RAR per Android, non erano vulnerabili.

Pertanto, sfruttando questo bug, gli aggressori potrebbero creare archivi che decomprimono file eseguibili dannosi nella cartella di avvio di Windows situata in:

  • %APPDATA%\Microsoft\Windows\Start Menu\Programmi\Esecuzione automatica (locale per l’utente);
  • %ProgramData%\Microsoft\Windows\Start Menu\Programmi\Esecuzione automatica (per tutti gli utenti).

Dopo il successivo accesso, tale file viene eseguito automaticamente, consentendo all’aggressore di eseguire codice sull’host remoto.

Questo problema è stato scoperto dagli esperti ESET nel luglio 2025 e ora segnalano che, anche prima del rilascio della patch, CVE-2025-8088 è stato utilizzato negli attacchi come vulnerabilità zero-day.

Secondo i ricercatori, la vulnerabilità è stata sfruttata in attacchi di phishing mirati volti a diffondere malware del gruppo di hacker RomCom (noto anche come Storm-0978, Tropical Scorpius e UNC2596), tra cui varianti di SnipBot, RustyClaw e Mythic.

Secondo quanto riferito, la campagna aveva come obiettivo aziende finanziarie, manifatturiere, della difesa e della logistica in Canada e in Europa.

Il gruppo RomCom è stato precedentemente collegato ad attacchi ransomware, furto di dati a scopo di riscatto e campagne di furto di credenziali. RomCom è noto per lo sfruttamento di vulnerabilità zero-day e l’utilizzo di malware personalizzati per rubare dati e persistere nei sistemi.

ESET sottolinea che la stessa vulnerabilità è stata recentemente sfruttata da un altro aggressore ed è stata scoperta in modo indipendente dalla società russa BI.ZONE. Inoltre, il secondo aggressore ha iniziato a sfruttare la vulnerabilità CVE-2025-8088 pochi giorni dopo il RomCom.

L'articolo Come previsto, il bug di WinRAR è diventato un’arma devastante per i cyber criminali proviene da il blog della sicurezza informatica.


Cybersecurity & cyberwarfare ha ricondiviso questo.


Come previsto, il bug di WinRAR è diventato un’arma devastante per i cyber criminali

📌 Link all'articolo : redhotcyber.com/post/come-prev…

#redhotcyber #hacking #cti #ai #online #it #cybercrime #cybersecurity #technology #news #cyberthreatintelligence #innovation #privacy

reshared this



When a Badge Misses the Mark: WHY 2025


The largest European hacker camp this year was in the Netherlands — What Hackers Yearn (WHY) 2025 is the latest in the long-running series of four-yearly events from that country, and 2025 saw a move from the Flevoland site used by SHA2017 and MCH2021, back to just north of Alkmaar in Noord-Holland, where the OHM2013 event took place. WHY has found itself making the news in the Dutch technical media for all the wrong reasons over the last few days, after serious concerns were raised about the fire safety of its badge.
The cell supplied with a WHY 2025 badge, with very clear fire safety warningThis is the cell supplied with the WHY badge, complete with manufacturer’s warning.
The concerns were raised from the RevSpace hackerspace in Leidschendam, and centre around the design of the battery power traces on the PCB between the battery holders and the power supply circuitry. Because the 18650 cells supplied with that badge lack any protection circuitry, bridging the power traces could be a fire risk.

In short: their report names the cell holders as having tags too large for their pads on the PCB, a too-tight gap between positive and negative battery traces, protected only by soldermask, and the inadequacy of the badge’s short circuit protection. In the event that metal shorted these battery tags, or wore through the soldermask, the batteries would be effectively shorted, and traces or components could get dangerously hot.

The WHY organizers have responded with a printed disclaimer leaflet warning against misuse of the cells, and added a last-minute epoxy coating to the boards to offer additional protection. Some people are 3D-printing cases, which should also help reduce the risk of short-circuiting due to foreign metal objects. A powerbank with short-circuit protection would solve the problem as well. Meanwhile a group of hackers collecting aid for Ukraine are accepting the batteries as donations.

It’s understood that sometimes bugs find their way into any project, and in that an event badge is no exception. In this particular case, the original Dutch badge team resigned en masse at the start of the year following a disagreement with the WHY2025 organizers, so this badge has been a particularly hurried production. (Editor’s note: the group that brought the 18650 concerns to light has some overlap with the group that left the WHY2025 badge project.) Either way, we are fortunate that the issue was spotted before any regrettable incidents occurred.


hackaday.com/2025/08/12/when-a…



BreachForums sequestrato e trasformato in un honeypot dalle forze dell'ordine

Il famigerato mercato di criminalità informatica e fuga di dati, #BreachForums , è stato compromesso e ora opera presumibilmente come un honeypot controllato dalle forze dell'ordine internazionali. L'annuncio sorprendente è arrivato dal noto autore di minacce ShinyHunters tramite un messaggio firmato PGP pubblicato su Telegram. Secondo il messaggio, le forze dell'ordine francesi, in coordinamento con il Dipartimento di Giustizia degli Stati Uniti (DOJ) e l'FBI (Federal Bureau of Investigation), hanno preso il controllo della piattaforma, della sua infrastruttura e della sua chiave PGP ufficiale. Poco dopo la diffusione di questo avviso, il forum è andato offline, dando ulteriore peso alle affermazioni

dailydarkweb.net/breachforums-…

@Informatica (Italy e non Italy 😁)

Grazie a Michele Pinassi per la segnalazione

reshared this



Basta Dazi per 90 Giorni! Cina e USA raggiungono un accordo economico temporaneo


Il Governo della Repubblica Popolare Cinese (“Cina”) e il Governo degli Stati Uniti d’America (“USA”), secondo quanto riportato da l’agenzia di stampa Xinhua di Pechino del 12 agosto e sulla base della dichiarazione congiunta Cina-Stati Uniti sui colloqui economici e commerciali di Ginevra raggiunta il 12 maggio 2025, si sono accordati a sospendere l’applicazione della tariffa del 24% sui dazi per 90 giorni a partire dal 12 agosto 2025,

Le due parti hanno ricordato i loro impegni assunti nell’ambito della Dichiarazione congiunta di Ginevra e hanno concordato di adottare le seguenti misure dal 12 agosto 2025:

1. Gli Stati Uniti continueranno a modificare l’attuazione delle tariffe ad valorem aggiuntive sui beni cinesi (inclusi i beni provenienti dalla Regione amministrativa speciale di Hong Kong e dalla Regione amministrativa speciale di Macao) come stabilito nell’Ordine esecutivo n. 14257 del 2 aprile 2025 e sospenderanno nuovamente l’applicazione della tariffa del 24% per 90 giorni a partire dal 12 agosto 2025, mantenendo al contempo la restante tariffa del 10% imposta su tali beni come stabilito nell’Ordine esecutivo.

2. La Cina continuerà a (i) modificare l’attuazione delle tariffe ad valorem sui beni statunitensi come previsto dall’annuncio della Commissione fiscale n. 4 del 2025, sospendendo la tariffa del 24% per altri 90 giorni a partire dal 12 agosto 2025, mantenendo al contempo la restante tariffa del 10% su tali beni; e (ii) adottare o mantenere le misure necessarie per sospendere o annullare le contromisure non tariffarie contro gli Stati Uniti, come concordato nella Dichiarazione congiunta di Ginevra.

Questa dichiarazione congiunta si basa sugli incontri svolti durante i Colloqui economici e commerciali di Stoccolma tra Cina e Stati Uniti.

I colloqui si sono svolti nell’ambito della Dichiarazione congiunta di Ginevra. Il rappresentante cinese era il Vice Primo Ministro He Lifeng, mentre i rappresentanti statunitensi erano il Segretario al Tesoro Scott Besant e il Rappresentante per il Commercio degli Stati Uniti Jamison Greer.

L'articolo Basta Dazi per 90 Giorni! Cina e USA raggiungono un accordo economico temporaneo proviene da il blog della sicurezza informatica.


Cybersecurity & cyberwarfare ha ricondiviso questo.


Basta Dazi per 90 Giorni! Cina e USA raggiungono un accordo economico temporaneo

📌 Link all'articolo : redhotcyber.com/post/basta-daz…

Il Governo della Repubblica Popolare Cinese (“Cina”) e il Governo degli #StatiUniti d’America (“USA”), secondo quanto riportato da l’agenzia di stampa Xinhua di Pechino del 12 agosto e sulla base della dichiarazione congiunta #Cina-Stati Uniti sui colloqui economici e commerciali di Ginevra, raggiunta il 12 maggio 2025 sembra si siano accordati a sospendere nuovamente l’applicazione della tariffa del 24% sui dazi per 90 giorni a partire dal 12 agosto 2025,

A cura di Redazione RHC

#redhotcyber #hacking #cti #ai #online #it #cybercrime #cybersecurity #technology #news #cyberthreatintelligence

reshared this



Verso Skynet: la Johns Hopkins University migliora le simulazioni di guerra con l’intelligenza artificiale


La Johns Hopkins University nel Maryland si sta preparando ad aggiornare i suoi strumenti di wargame basati sull’intelligenza artificiale per aiutare il Pentagono a identificare i punti deboli degli avversari nei conflitti reali. Il lavoro, condotto presso l’ Applied Physics Laboratory (APL) dell’università , prevede l’aggiornamento di due sistemi, Generative Wargaming (GenWar) e Strategic AI Gaming Engine (SAGE), utilizzando dati proprietari per i programmi del Dipartimento della Difesa.

Il wargaming, utilizzato per mettere in pratica le decisioni in ambienti complessi e incerti, rimane uno strumento chiave per analizzare il comportamento umano in contesti complessi e incerti attraverso l’apprendimento esperienziale. Tuttavia, il wargaming tradizionale richiede facilitatori esperti e una progettazione complessa, il che riduce la velocità e la scalabilità del processo.

GenWar combina intelligenza artificiale generativa, modellazione, simulazione e competenze umane per creare ed eseguire scenari in pochi giorni anziché mesi, analizzare decine di futuri alternativi e concentrare gli esperti umani sugli scenari più significativi.

Secondo Andrew Mara, direttore del National Security Analysis Office dell’APL, il Pentagono è alla ricerca di soluzioni come questa da oltre un decennio. Ora, secondo lui, necessità e tecnologia si sono incontrate, e la combinazione di tecnologie all’avanguardia e un team esperto potrebbe cambiare la natura stessa del war gaming.

SAGE, attualmente in fase di beta testing con ex alti funzionari del Pentagono, fa un ulteriore passo avanti utilizzando l’intelligenza artificiale generativa per sostituire i giocatori umani. Questo gli consente di simulare più scenari, trovare risultati inaspettati e identificare schemi ricorrenti che potrebbero sfuggire all’attenzione umana.

James Miller, vicedirettore per le politiche e l’analisi dell’APL, ha osservato che il valore dell’intelligenza artificiale nel wargame sta nell’ampliare l’orizzonte delle possibili soluzioni, comprese quelle che gli esseri umani potrebbero non prendere in considerazione. Gli esperti possono quindi concentrarsi sui risultati chiave.

GenWar integra l’intelligenza artificiale non solo nel ciclo di gioco, ma anche nei processi di simulazione, consentendo agli utenti non tecnici di lavorare tramite un’interfaccia di chat. Analisti, pianificatori e operatori possono generare e valutare rapidamente decine di possibili linee d’azione, e il sistema fornisce una verifica fisica delle decisioni, ha spiegato APL.

APL ritiene che l’introduzione dell’intelligenza artificiale nei wargame consentirà a una più ampia gamma di specialisti di accedere a sofisticati strumenti analitici e di accelerare la preparazione a potenziali scenari di conflitto.

L'articolo Verso Skynet: la Johns Hopkins University migliora le simulazioni di guerra con l’intelligenza artificiale proviene da il blog della sicurezza informatica.



Cybersecurity & cyberwarfare ha ricondiviso questo.


Verso Skynet: la Johns Hopkins University migliora le simulazioni di guerra con l’intelligenza artificiale

📌 Link all'articolo : redhotcyber.com/post/verso-sky…

#redhotcyber #hacking #cti #ai #online #it #cybercrime #cybersecurity #technology #news #cyberthreatintelligence #innovation #privacy

reshared this