Il gigante delle telecomunicazioni sudcoreano SK Telecom segnalato un attacco informatico , grazie alla quale gli aggressori hanno avuto accesso a informazioni riservate relative alle carte USIM degli abbonati. L’incidente è avvenuto nella notte tra il 19 e il 20 aprile 2025, quando la maggior parte delle organizzazioni operava in modalità limitata, fornendo agli hacker criminali un vantaggio tattico.

L’azienda, che serve oltre 34 milioni di clienti e controlla quasi la metà del mercato della telefonia mobile in Corea del Sud, ha rilevato tracce di codice dannoso nei suoi sistemi intorno alle 23:00. ora locale. SK Telecom ha dichiarato in una nota che, una volta scoperta la potenziale fuga di notizie, il malware è stato immediatamente rimosso e le apparecchiature sospettate di essere compromesse sono state isolate.

Al momento, secondo i rappresentanti dell’azienda, non ci sono casi confermati di abuso di informazioni rubate. Tuttavia, l’incidente è stato rapidamente segnalato alla Korea Internet and Security Agency (KISA) e alla Personal Information Protection Commission per un esame.

La natura e la portata della compromissione sono ancora oggetto di indagine. Tuttavia, è già noto che i dati memorizzati sulle schede USIM (microchip contenenti identificativi univoci dell’abbonato, numeri di telefono, chiavi di autenticazione e, in alcuni casi, persino messaggi e contatti) sono a rischio. Queste informazioni possono essere utilizzate per la sorveglianza, il monitoraggio della geolocalizzazione e gli attacchi di scambio di SIM.

In risposta all’incidente, SK Telecom ha rafforzato le misure per prevenire transazioni non autorizzate tramite SIM card. I blocchi ora si applicano a tutte le attività sospette relative all’autenticazione e al trasferimento dei numeri. Se vengono rilevati tali tentativi, il servizio potrebbe essere sospeso automaticamente.

Ai clienti viene offerto di attivare uno speciale servizio di protezione USIM, che elimina la possibilità di trasferire un numero su un’altra scheda SIM senza il permesso dell’utente. Nessun gruppo di hacker ha ancora rivendicato la responsabilità dell’attacco.

L’indagine è in corso e SK Telecom promette di tenere aggiornati gli abbonati sulla situazione non appena saranno disponibili nuove informazioni.

L'articolo Violato SK Telecom: rischio sorveglianza e SIM swap per milioni di abbonati proviene da il blog della sicurezza informatica.

If you’ve ever fumbled through circuit simulation and ended up with a flatline instead of a sine wave, this video from [saisri] might just be the fix. In this walkthrough she demonstrates simulating a Colpitts oscillator using NI Multisim 14.3 – a deceptively simple analog circuit known for generating stable sine waves. Her video not only shows how to place and wire components, but it demonstrates why precision matters, even in virtual space.

You’ll notice the emphasis on wiring accuracy at multi-node junctions, something many tutorials skim over. [saisri] points out that a single misconnected node in Multisim can cause the circuit to output zilch. She guides viewers step-by-step, starting with component selection via the “Place > Components” dialog, through to running the simulation and interpreting the sine wave output on Channel A. The manual included at the end of the video is a neat bonus, bundling theory, waveform visuals, and circuit diagrams into one handy PDF.

If you’re into precision hacking, retro analogue joy, or just love watching a sine wave bloom onscreen, this is worth your time. You can watch the original video here.

youtube.com/embed/KTavIVdAses?…

hackaday.com/2025/04/22/virtua…

Mechanize, una startup lanciata dal ricercatore di intelligenza artificiale Tamay Besiroglu, ha attirato critiche fin dal primo giorno, sia per il suo obiettivo radicale sia per i suoi legami con il rispettato istituto di ricerca Epoch, fondato dallo stesso Besiroglu. In un post su X, ha affermato che la missione della startup è “automatizzare completamente tutto il lavoro” e “automatizzare completamente l’economia”. Non si tratta di un’esagerazione: l’idea è quella di sostituire tutti i lavoratori, dagli impiegati agli analisti, con agenti di intelligenza artificiale. E se tutto questo vi sembra satira o una scena di Black Mirror, non siete i soli.

Mechanize intende fornire dati, metodi di valutazione e ambienti digitali che consentiranno l’automazione di praticamente qualsiasi professione.

Besiroglu stima che il mercato potenziale valga la bellezza di 60 trilioni di dollari, la somma di tutti gli stipendi del mondo. Per iniziare, la startup si concentrerà sui lavori impiegatizi: mansioni che non richiedono lavoro fisico o robot. Ma la direzione del movimento è ovvia: verso la completa sostituzione del lavoro umano.

La reazione alla startup è stata dura, soprattutto tra coloro che stimano il lavoro di Epoch. Uno dei direttori dell’istituto commentò ironicamente il giorno dell’annuncio: “Il miglior regalo di compleanno è una crisi nelle comunicazioni”. Gli utenti hanno espresso rammarico che un’organizzazione che si è affermata come analista indipendente nel campo dell’intelligenza artificiale possa ora essere associata all’idea di macchine che sostituiscono gli esseri umani.

Un commentatore ha scritto: “L’automazione del lavoro è, ovviamente, un boccone appetitoso per le aziende. Ma per la maggior parte delle persone rappresenterà una perdita enorme“.

Non si tratta del primo scandalo che riguarda Epoch. In precedenza si sapeva che OpenAI aveva partecipato alla creazione di uno dei suoi benchmark, che è stato poi utilizzato per presentare il nuovo modello GPT. Molti hanno visto in questo una collaborazione occulta che ha minato la fiducia nella piattaforma.

Nell’annunciare il lancio di Mechanize, Besiroglu ha subito evidenziato l’elenco degli investitori: tra questi figurano Nat Friedman, Patrick Collison, Daniel Gross, Jeff Dean e altre figure di spicco del settore tecnologico. Sebbene non tutti abbiano confermato la loro partecipazione, Marcus Abramowitz di AltX ha apertamente riconosciuto l’investimento, definendo il team “eccezionale” e aggiungendo che nessuno riflette più di loro sul futuro dell’intelligenza artificiale.

In risposta alle accuse secondo cui il progetto sarebbe antiumano, Besiroglu afferma che l’automazione di massa porterà a una “crescita economica esplosiva“, a un aumento del tenore di vita e all’emergere di benefici che oggi sono difficili anche solo da immaginare. Egli sostiene che in un mondo in cui gli agenti svolgono tutto il lavoro, i redditi delle persone continueranno a crescere, perché gli esseri umani diventeranno più preziosi in quei ruoli in cui le macchine sono impotenti. E se i salari dovessero scendere, non sarebbe un grosso problema: ci sarebbero ancora affitti, dividendi e prestazioni sociali. L’unica speranza rimasta è che l’intelligenza artificiale inizi a pagare le tasse.

Nonostante il suo radicalismo, l’idea alla base di Mechanize si basa su un problema tecnico molto reale: gli agenti di intelligenza artificiale non funzionano ancora bene.

Non ricordano le informazioni, non portano a termine i compiti e non sanno come pianificare a lungo termine. Ma è proprio questo il problema che la startup vuole risolvere. E non è il solo: Microsoft, Salesforce e OpenAI stanno sviluppando le proprie piattaforme di agenti, mentre decine di altre startup stanno creando soluzioni altamente specializzate per automatizzare analisi, vendite e formazione di modelli.

Quindi sì, Mechanize sta effettivamente assumendo. Per ora ancora esseri umani.

L'articolo Obiettivo: Eliminare il lavoro Umano. La startup AI che fa tremare il mondo proviene da il blog della sicurezza informatica.

Nel pomeriggio del 19 aprile, una notifica Telegram proveniente dai nostri sistemi di telemetria ci segnala la registrazione di un nuovo dominio: breached.fi. I record DNS risultano correttamente configurati. Il dubbio che si tratti dell’ennesimo dominio scam ci assale.

Sì, il dubbio è più che legittimo: da quando Breach Forums è andato offline il 15 aprile, ne abbiamo viste e sentite di tutti i colori. Si è parlato di un sequestro da parte dell’FBI nel contesto di una presunta operazione internazionale, dell’arresto di IntelBroker, fino alla comparsa di un nuovo “BreachForums” con registrazione a pagamento, rivelatosi poco dopo uno scam clamoroso.

Dopo il nostro articolo pubblicato il 15 aprile, abbiamo scelto di non intervenire ulteriormente, ma abbiamo continuato a monitorare l’evolversi della situazione, valutando con attenzione le fonti e confrontandoci all’interno del nostro gruppo DarkLab.

Nei giorni successivi si è scatenato un vero e proprio tam-tam mediatico: annunci da “strilloni da mercato medievale”, dichiarazioni contrastanti e versioni discordanti. Ognuno ha cercato di imporre la propria narrazione.

Per questo abbiamo deciso di fare ordine. Abbiamo selezionato solo le informazioni che riteniamo più attendibili e, come si fa in ogni seria attività di Cyber Threat Intelligence, abbiamo esaminato con metodo e rigore l’affidabilità delle fonti.

La truffa del dominio breachedforums.cc

La prima falsità emersa in questa vicenda riguarda l’attivazione del dominio breachedforums.cc, che inizialmente invitava gli utenti a registrarsi, facendo credere che il “nuovo” BreachForums fosse diventato a pagamento. Dopo poche ore, però, compare un banner che annuncia la messa in vendita del dominio. La prima truffa è servita.

Il presunto DDoS da parte di DarkStorm

Alle 09:56 UTC, DarkStorm annuncia sul proprio canale Telegram di aver lanciato un attacco DDoS contro BreachForums. Peccato che a quell’ora il sito fosse già irraggiungibile da diverse ore non a causa di un Denial of Service, bensì perché i record DNS erano stati eliminati. In altre parole, il dominio non esisteva più.

Inoltre, fonti dirette e affidabili in contatto con il nostro team DarkLab ci confermano che nessun attacco DDoS è mai stato eseguito e che DarkStorm non ha avuto alcun ruolo nella scomparsa di BreachForums. Una dichiarazione a effetto, dunque, ma totalmente priva di fondamento.

Il presunto arresto di IntelBroker e i chiarimenti da parte di Rey di HellCat

Da più fonti viene strillata la notizia dell’arresto di IntelBroker (insieme ad altri presunti admin di BreachForums), ma nessuna conferma ufficiale viene rilasciata.

Poche ore dopo, Rey (ndr: HellCat Group) interviene con una risposta molto chiara a un post su X, smentendo in modo netto le voci circolate.

Anche in questo caso, le informazioni raccolte dal nostro team DarkLab confermano che IntelBroker non è stato arrestato e che si tratta con ogni probabilità di una campagna di disinformazione.

Il nuovo BreachForum sarà presto on-line!

Arriviamo dunque al 20 Aprile alle ore 17.57 il nuovo dominio breached.fi viene attivato e i record DNS pubblicati. La home page è quella che tutti conosciamo di BF, contiene però solo un disclaimer da parte dell’admin Anastasia circa il fatto che il sito sarà completamente online tra il 23 e il 24 Aprile 2025. Rey di HellCat posta un messaggio sul suo profilo X invitando a visitare il nuovo sito.

Stay tuned – aggiorneremo questo articolo con ulteriori sviluppi.

L'articolo BreachForums è tornato? Tra domini truffa e il misterioso nuovo breached.fi proviene da il blog della sicurezza informatica.

Using steam to produce electricity or perform work via steam turbines has been a thing for a very long time. Today it is still exceedingly common to use steam in this manner, with said steam generated either by burning something (e.g. coal, wood), by using spicy rocks (nuclear fission) or from stored thermal energy (e.g. molten salt). That said, today we don’t use steam in the same way any more as in the 19th century, with e.g. supercritical and pressurized loops allowing for far higher efficiencies. As covered in a recent video by [Ryan Inis], a more recent alternative to using water is supercritical carbon dioxide (CO₂), which could boost the thermal efficiency even further.

In the video [Ryan Inis] goes over the basics of what the supercritical fluid state of CO2 is, which occurs once the critical point is reached at 31°C and 83.8 bar (8.38 MPa). When used as a working fluid in a thermal power plant, this offers a number of potential advantages, such as the higher density requiring smaller turbine blades, and the potential for higher heat extraction. This is also seen with e.g. the shift from boiling to pressurized water loops in BWR & PWR nuclear plants, and in gas- and salt-cooled reactors that can reach far higher efficiencies, as in e.g. the HTR-PM and MSRs.

In a 2019 article in Power goes over some of the details, including the different power cycles using this supercritical fluid, such as various Brayton cycles (some with extra energy recovery) and the Allam cycle. Of course, there is no such thing as a free lunch, with corrosion issues still being worked out, and despite the claims made in the video, erosion is also an issue with supercritical CO₂ as working fluid. That said, it’s in many ways less of an engineering issue than supercritical steam generators due to the far more extreme critical point parameters of water.

If these issues can be overcome, it could provide some interesting efficiency boosts for thermal plants, with the caveat that likely nobody is going to retrofit existing plants, supercritical steam (coal) plants already exist and new nuclear plant designs are increasingly moving towards gas, salt and even liquid metal coolants, though secondary coolant loops (following the typical steam generator) could conceivably use CO₂ instead of water where appropriate.

youtube.com/embed/z7dr6oKHqqM?…

hackaday.com/2025/04/22/how-su…

In the dark ages, before iOS and Android phones became ubiquitous, there was the PDA. These handheld computers acted as simple companions to a computer and could often handle calendars, email, notes and more. Their demise was spelled by the smartphone, but the nostalgia of having a simple handheld and romanticizing about the 90’s and 2000’s is still there. Fortunately for the nostalgic among our readers, [Ashtf] decided to give us a modern take on the classic PDAs.

The device is powered by an ESP32-S3 connected to two PCBs in a mini-laptop clamshell format. It features two displays, a main eInk for slow speed interaction and a little i2c AMOLED for more tasks which demand higher refresh then an eInk can provide. Next to the eInk display is a capacitive slider. For input, there is also a QWERTY keyboard with back resin printed keycaps and white air dry clay pressed into embossed lettering in the keys and finally sealed using nail polish to create a professional double-shot looking keycap. The switches are the metal dome kind sitting on the main PCB. The clamshell is a rather stylish clear resin showcasing the device’s internals and even features a quick-change battery cover!

The device’s “operating system” is truly where the magic happens. It features several apps including a tasks app, file wizard, and text app. The main purpose of the device is on the go note taking so much time has been taken with the excellent looking text app! It also features a docked mode which displays tasks and time when it detects a USB-C cable is connected. Plans exist in the future to implement a calender, desktop sync and even Bluetooth keybaord compatibility. The device’s previous iteration is on GitHub with future plans to expand functionality and availability, so stay tuned for more coverage!

This is not the first time we have covered [Ashtf’s] PDA journey, and we are happy to see the revisions being made!

youtube.com/embed/VPQ2q7yVjZs?…

hackaday.com/2025/04/22/eink-p…

Back in the day, one of the few reasons to prefer compact cassette tape to vinyl was the fact you could record it at home in very good fidelity. Sure, if you had the scratch, you could go out and get a small batch of records made from that tape, but the machinery to do it was expensive and not always easy to come by, depending where you lived. That goes double today, but we’re in the middle of a vinyl renaissance! [ronald] wanted to make records, but was unable to find a lathe, so decided to take matters into his own hands, and build his own vinyl record cutting lathe.

[ronald’s] record cutting lathe looks quite professional.It seems like it should be a simple problem, at least in concept: wiggle an engraving needle to scratch grooves in plastic. Of course for a stereo record, the wiggling needs to be two-axis, and for stereo HiFi you need that wiggling to be very precise over a very large range of frequencies (7 Hz to 50 kHz, to match the pros). Then of course there’s the question of how you’re controlling the wiggling of this engraving needle. (In this case, it’s through a DAC, so technically this is a CNC hack.) As often happens, once you get down to brass tacks (or diamond styluses, as the case may be) the “simple” problem becomes a major project.

The build log discusses some of the challenges faced–for example, [ronald] started with locally made polycarbonate disks that weren’t quite up to the job, so he has resigned himself to purchasing professional vinyl blanks. The power to the cutting head seems to have kept creeping up with each revision: the final version, pictured here, has two 50 W tweeters driving the needle.

That necessitated a better amplifier, which helped improve frequency response. So it goes; the whole project took [ronald] fourteen months, but we’d have to say it looks like it was worth it. It sounds worth it, too; [ronald] provides audio samples; check one out below. Every garage band in Queensland is going to be beating a path to [ronald’s] door to get their jam sessions cut into “real” records, unless they agree that physical media deserved to die.
hackaday.com/wp-content/upload…

Despite the supposedly well-deserved death of physical media, this isn’t the first record cutter we have featured. If you’d rather copy records than cut them, we have that too. There’s also the other kind of vinyl cutter, which might be more your speed.

hackaday.com/2025/04/22/diy-re…

We all know periscopes serve for observation where there’s no direct line-of-sight, but did you know they can allow you to peer through history? That’s what [msylvain59] documented when he picked up a British military night vision periscope, snagged from a German surplus shop for just 49 euros. Despite its Cold War vintage and questionable condition, the unit begged for a teardown.

The periscope is a 15-kilo beast: industrial metal, cryptic shutter controls, and twin optics that haven’t seen action since flares were fashionable. One photo amplifier tube flickers to greenish life, the other’s deader than a disco ball in 1993. With no documentation, unclear symbols, and adjustment dials from hell, the teardown feels more like deciphering a British MoD fever dream than a Sunday project. And of course, everything’s imperial.

Despite corrosion, mysterious bulbs, and non-functional shutters, [msylvian59] uncovers a fascinating mix of precision engineering and Cold War paranoia. There’s a thrill in tracing light paths through mil-spec lenses (the number of graticules seen that are etched on the optics) and wondering what secrets they once guarded. This relic might not see well anymore, but it sure makes us look deeper. Let us know your thoughts in the comments or share your unusual wartime relics below.

youtube.com/embed/KlguQYJqs-E?…

hackaday.com/2025/04/22/britis…

As computers have gotten smaller and less expensive over the years, so have their components. While many of us got our start in the age of through-hole PCBs, this size reduction has led to more and more projects that need the use of surface-mount components and their unique set of tools. These tools tend to be more elaborate than what would be needed for through-hole construction but [Tobi] has a new project that goes into some details about how to build surface-mount projects without breaking the bank.

The project here is interesting in its own right, too: a display module upgrade for the classic Game Boy based on an RP2350B microprocessor. To get all of the components onto a PCB that actually fits into the original case, though, surface-mount is required. For that [Tobi] is using a small USB-powered hotplate to reflow the solder, a Pinecil, and a healthy amount of flux. The hotplate is good enough for a small PCB like this, and any solder bridges can be quickly cleaned up with some extra flux and a quick pass with a soldering iron.

The build goes into a lot of detail about how a process like this works, so if you’ve been hesitant to start working with surface mount components this might be a good introduction. Not only that, but we also appreciate the restoration of the retro video game handheld complete with some new features that doesn’t disturb the original look of the console. One of the other benefits of using the RP2350 for this build is that it’s a lot simpler than using an FPGA, but there are perks to taking the more complicated route as well.

youtube.com/embed/T_xiCUMRSr8?…

hackaday.com/2025/04/22/game-b…

Over the course of more than a decade, physical media has gradually vanished from public view. Once computers had an optical drive except for ultrabooks, but these days computer cases that even support an internal optical drive are rare. Rather than manuals and drivers included on a data CD you now get a QR code for an online download. In the home, DVD and Blu-ray (BD) players have given way to smart TVs with integrated content streaming apps for various services. Music and kin are enjoyed via smart speakers and smart phones that stream audio content from online services. Even books are now commonly read on screens rather than printed on paper.

With these changes, stores selling physical media have mostly shuttered, with much audiovisual and software content no longer pressed on discs or printed. This situation might lead one to believe that the end of physical media is nigh, but the contradiction here comes in the form of a strong revival of primarily what used to be considered firmly obsolete physical media formats. While CD, DVD and BD sales are plummeting off a cliff, vinyl records, cassette tapes and even media like 8-track tapes are undergoing a resurgence, in a process that feels hard to explain.

How big is this revival, truly? Are people tired of digital restrictions management (DRM), high service fees and/or content in their playlists getting vanished or altered? Perhaps it is out of a sense of (faux) nostalgia?

A Deserved End

Ask anyone who ever has had to use any type of physical media and they’ll be able to provide a list of issues with various types of physical media. Vinyl always was cumbersome, with clicking and popping from dust in the grooves, and gradual degradation of the record with a lifespan in the hundreds of plays. Audio cassettes were similar, with especially Type I cassettes having a lot of background hiss that the best Dolby noise reduction (NR) systems like Dolby B, C and S only managed to tame to a certain extent.

Add to this issues like wow and flutter, and the joy of having a sticky capstan roller resulting in tape spaghetti when you open the tape deck, ruining that precious tape that you had only recently bought. These issues made CDs an obvious improvement over both audio formats, as they were fully digital and didn’t wear out from merely playing them hundreds of times.

Although audio CDs are better in many ways, they do not lend themselves to portability very well unlike tape, with anti-shock read buffers being an absolute necessity to make portable CD players at all feasible. This same issue made data CDs equally fraught with issues, especially if you went into the business of writing your own (data or audio) CDs on CD-Rs. Burning coasters was exceedingly common for years. Yet the alternative was floppies – with LS-120 and Zip disks never really gaining much market share – or early Flash memory, whether USB sticks (MB-sized) or those inside MP3 players and early digital cameras. There were no good options, but we muddled on.

On the video side VHS had truly brought the theater into the home, even if it was at fuzzy NTSC or PAL quality with astounding color bleed and other artefacts. Much like audio cassette tapes, here too the tape would gradually wear out, with the analog video signal ensuring that making copies would result in an inferior copy.

Rewinding VHS tapes was the eternal curse, especially when popping in that tape from the rental store and finding that the previous person had neither been kind, nor rewound. Even if being able to record TV shows to watch later was an absolute game changer, you better hope that you managed to appease the VHS gods and had it start at the right time.

It could be argued that DVDs were mostly perfect aside from a lack of recording functionality by default and pressed DVDs featuring unskippable trailers and similar nonsense. One can also easily argue here that DVDs’ success was mostly due to its DRM getting cracked early on when the CSS master key leaked. DVDs would also introduce region codes that made this format less universal than VHS and made things like snapping up a movie during an overseas vacation effectively impossible.

This was a practice that BDs doubled-down on, and with the encryption still intact to this day, it means that unlike with DVDs you must pay to be allowed to watch BDs which you previously bought, whether this cost is included in the dedicated BD player, or the license cost for a BD video player for on the PC.

Thus, when streaming services gave access to a very large library for a (small) monthly fee, and cloud storage providers popped up everywhere, it seemed like a no-brainer. It was like paying to have the world’s largest rental store next door to your house, or a data storage center for all your data. All you had to do was create an account, whip out the credit card and no more worries.

Combined with increasingly faster and ubiquitous internet connections, the age of physical media seemed to have come to its natural end.

The Revival

US vinyl record sales 1995-2020. (Credit: Ippantekina with RIAA data)
Despite this perfect landscape where all content is available all the time via online services through your smart speakers, smart TVs, smart phones and so on, the number of vinyl record sales has surged the past years despite its reported death in the early 2000s. In 2024 the vinyl records market grew another few percent, with more and more new record pressing plants coming online. In addition to vinyl sales, UK cassette sales also climbed, hitting 136,000 in 2023. CD sales meanwhile have kept plummeting, but not as strongly any more.

Perhaps the most interesting part is that most of newly released vinyl are new albums, by artists like Taylor Swift, yet even the classics like Pink Floyd and Fleetwood Mac keep selling. As for the ‘why’, some suggest that it’s the social and physical experience of physical media and the associated interactions that is a driving factor. In this sense it’s more of a (cultural) statement, as a rejection of the world of digital streaming. The sleeve of a vinyl record also provides a lot of space for art and other creative expressions, all of which provides a collectible value.

Although so far CD sales haven’t really seen a revival, the much lower cost of producing these shiny discs could reinvigorate this market too for many of the same reasons. Who doesn’t remember hanging out with a buddy and reading the booklet of a CD album which they just put into the player after fetching it from their shelves? Maybe checking the lyrics, finding some fun Easter eggs or interesting factoids that the artists put in it, and having a good laugh about it with your buddy.

As some responded when asked, they like the more intimate experience of vinyl records along with having a physical item to own, while streaming music is fine for background music. The added value of physical media here is thus less about sound quality, and more about a (social) experience and collectibles.

On the video side of the fence there is no such cheerful news, however. In 2024 sales of DVDs, BDs and UHD (4K) BDs dropped by 23.4% year-over-year to below $1B in the US. This compares with a $16B market value in 2005, underlining a collapsing market amidst brick & mortar stores either entirely removing their DVD & BD section, or massively downsizing it. Recently Sony also announced the cessation of its recordable BD, MD and MiniDV media, as a further indication of where the market is heading.

Despite streaming services repeatedly bifurcating themselves and their libraries, raising prices and constantly pulling series and movies, this does not seem to hurt their revenue much, if at all. This is true for both audiovisual services like Netflix, but also for audio streaming services like Spotify, who are seeing increasing demand (per Billboard), even as digital track sales are seeing a pretty big drop year-over-year (-17.9% for Week 16 of 2025).

Perhaps this latter statistic is indicative that the idea of ‘buying’ a music album or film which – courtesy of DRM – is something that you’re technically only leasing, is falling out of favor. This is also illustrated by the end of Apple’s iPod personal music player in favor of its smart phones that are better suited for streaming music on the go. Meanwhile many series and some movies are only released on certain streaming platforms with no physical media release, which incentivizes people to keep those subscriptions.

To continue the big next-door-rental-store analogy, in 2025 said single rental store has now turned into fifty stores, each carrying a different inventory that gets either shuffled between stores or tossed into a shredder from time to time. Yet one of them will have That New Series, which makes them a great choice, unless you like more rare and older titles, in which case you get to hunt the dusty shelves over at EBay and kin.

It’s A Personal Thing

Humans aren’t automatons that have to adhere to rigid programming. They have each their own preferences, ideologies and wishes. While for some people the DRM that has crept into the audiovisual world since DVDs, Sony’s MiniDisc (with initial ATRAC requirement), rootkits on audio CDs, and digital music sales continues to be a deal-breaker, others feel no need to own all the music and videos they like and put them on their NAS for local streaming. For some the lower audio quality of Spotify and kin is no concern, much like for those who listened to 64 kbit WMA files in the early 2000s, while for others only FLACs ripped from a CD can begin to appease their tastes.

Reading through the many reports about ‘the physical media’ revival, what jumps out is that on one hand it is about the exclusivity of releasing something on e.g. vinyl, which is also why sites like Bandcamp offer the purchase of a physical album, and mainstream artists more and more often opt for this. This ties into the other noticeable reason, which is the experience around physical media. Not just that of handling the physical album and operating of the playback device, but also that of the offline experience, being able to share the experience with others without any screens or other distractions around. Call it touching grass in a socializing sense.

As I mentioned already in an earlier article on physical media and its purported revival, there is no reason why people cannot enjoy both physical media as well as online streaming. If one considers the rental store analogy, the former (physical media) is much the same as it always was, while online streaming merely replaces the brick & mortar rental store. Except that these new rental stores do not take requests for tapes or DVDs not in inventory and will instead tell you to subscribe to another store or use a VPN, but that’s another can of worms.

So far optical media seems to be still in freefall, and it’s not certain whether it will recover, or even whether there might be incentives in board rooms to not have DVDs and BDs simply die. Here the thought of having countless series and movies forever behind paywalls, with occasional ‘vanishings’ might be reason enough for more people to seek out a physical version they can own, or it may be that the feared erasure of so much media in this digital, DRM age is inevitable.

Running Up That Hill

Original Sony Walkman TPS-L2 from 1979.
The ironic thing about this revival is that it seems influenced very much by streaming services, such as with the appearance of a portable cassette player in Netflix’s Stranger Things, not to mention Rocket Raccoon’s original Sony Walkman TPS-L2 in Marvel’s Guardians of the Galaxy.

After many saw Sony’s original Walkman in the latter movie, there was a sudden surge in EBay searches for this particular Walkman, as well as replicas being produced by the bucket load, including 3D printed variants. This would seem to support the theory that the revival of vinyl and cassette tapes is more about the experiences surrounding these formats, rather than anything inherent to the format itself, never mind the audio quality.

As we’re now well into 2025, we can quite confidently state that vinyl and cassette tape sales will keep growing this year. Whether or not new (and better) cassette mechanisms (with Dolby NR) will begin to be produced again along with Type II tapes remains to be seen, but there seems to be an inkling of hope there. It was also reported that Dolby is licensing new cassette mechanisms for NR, so who knows.

Meanwhile CD sales may stabilize and perhaps even increase again, in the midst of still a very uncertain future optical media in general. Recordable optical media will likely continue its slow death, as in the PC space Flash storage has eaten its lunch and demanded seconds. Even though PCs no longer tend to have 5.25″ bays for optical drives, even a simple Flash thumb drive tends to be faster and more durable than a BD. Here the appeal of ‘cloud storage’ has been reduced after multiple incidents of data loss & leaks in favor of backing up to a local (SSD) drive.

Finally, as old-school physical audio formats experience a revival, there just remains the one question about whether movies and series will soon only be accessible via streaming services, alongside a veritable black market of illicit copies, or whether BD versions of movies and series will remain available for sale. With the way things are going, we may see future releases on VHS, to match the vibe of vinyl and cassette tapes.

In lieu of clear indications from the industry on what direction things will be heading into, any guess is probably valid at this point. The only thing that seems abundantly clear at this point is that physical media had to die first for us to learn to truly appreciate it.

hackaday.com/2025/04/22/why-ph…

La guerra commerciale tra Stati Uniti e Cina ha raggiunto un nuovo punto di tensione, con Pechino che il 4 aprile ha imposto restrizioni all’esportazione di sette terre rare e magneti chiave. Ora è necessaria una licenza speciale per esportare questi materiali strategici, il che rallenta notevolmente le consegne. La decisione è stata una risposta diretta ai dazi statunitensi, che di recente hanno raggiunto un picco senza precedenti del 245%.

La situazione è particolarmente preoccupante per gli Stati Uniti, poiché più della metà delle terre rare di cui il Paese ha bisogno proviene dalla Cina.

Tuttavia, un gruppo di aziende americane ha già trovato una possibile soluzione al problema: trasformare le apparecchiature dismesse dei data center in una fonte affidabile ed ecologica di risorse preziose.

Un esperimento unico nel suo genere riunisce i giganti della tecnologia Western Digital e Microsoft con Critical Materials Recycling e PedalPoint Recycling. I partecipanti al progetto hanno riciclato quasi 23 tonnellate di hard disk e server usati. Invece dei tradizionali acidi aggressivi che distruggono la struttura dei materiali, gli specialisti hanno utilizzato un metodo innovativo di delicata dissoluzione chimica. La nuova tecnologia consente di separare con cura i componenti delle apparecchiature senza danneggiare i metalli preziosi o creare rifiuti tossici.

Gli esperti sono riusciti a estrarre dai rifiuti neodimio, praseodimio e disprosio: elementi delle terre rare che sono di fondamentale importanza per l’industria moderna. Inoltre, il processo garantiva l’estrazione di oro, rame, alluminio e acciaio ad alta purezza. Stanno già entrando nelle catene di produzione delle aziende che realizzano veicoli elettrici, componenti per l’energia eolica ed elettronica avanzata.

Il metodo di dissoluzione senza acidi (ADR) dimostra infatti un’efficienza impressionante: il 90% delle terre rare e dei metalli di base può essere estratto dalla materia prima e il tasso complessivo di recupero del materiale raggiunge l’80% in peso. La ricerca dimostra che la nuova strategia di riciclaggio riduce le emissioni di gas serra del 95% rispetto all’estrazione e alla raffinazione dei metalli tradizionali.

Per l’esperimento, Microsoft ha fornito vecchie apparecchiature provenienti dai suoi data center sparsi nel Paese. Secondo il vicepresidente aziendale Chuck Graham, i risultati hanno superato le aspettative: ora sanno come rendere lo smaltimento delle unità disco esaurite il più redditizio e rispettoso dell’ambiente possibile e addirittura come implementare questa pratica ovunque.

L’importanza del progetto va ben oltre la responsabilità ambientale delle aziende. La domanda di dischi rigidi cresce di pari passo con lo sviluppo dell’intelligenza artificiale. Organizzare un ciclo completo di produzione di ossido di terre rare all’interno del Paese rafforza la sicurezza nazionale e riduce la dipendenza dall’instabilità dei mercati globali. Nel contesto del crescente confronto tra i due Paesi, si tratta di una questione di sopravvivenza per l’intero settore tecnologico statunitense: niente di più, niente di meno.

L'articolo Stati Uniti A Caccia Di Spazzatura! I Vecchi Data Center sono preziosi dopo il Ban delle Terre rare della Cina proviene da il blog della sicurezza informatica.

As we were looking into a cyberincident in April 2025, we uncovered a rather sophisticated backdoor. It targeted various large organizations in Russia, spanning the government, finance, and industrial sectors. While our investigation into the attack associated with the backdoor is still ongoing, we believe it is crucial to share our preliminary findings with the community. This will enable organizations that may be at risk of infection from the backdoor to take swift action to protect themselves from this threat.

Impersonating a ViPNet update

Our investigation revealed that the backdoor targets computers connected to ViPNet networks. ViPNet is a software suite for creating secure networks. We determined that the backdoor was distributed inside LZH archives with a structure typical of updates for the software product in question. These archives contained the following files:

• action.inf: a text file
• lumpdiag.exe: a legitimate executable
• msinfo32.exe: a small malicious executable
• an encrypted file containing the payload (the name varies between archives)

The ViPNet developer confirmed targeted attacks against some of their users and issued security updates and recommendations for customers (page in Russian).

Malware execution

After analyzing the contents of the archive, we found that the action.inf text file contained an action to be executed by the ViPNet update service component (itcsrvup64.exe) when processing the archive:

[ACTION]action=extra_command
extra_command=lumpdiag.exe --msconfig
As evident from the file content above, when processing extra_command, the update service launches lumpdiag.exe with an --msconfig argument. We mentioned earlier that this is a legitimate file. However, it is susceptible to the path substitution technique. This allows attackers to execute the malicious file msinfo32.exe while lumpdiag.exe is running.

Downloadable payload

The msinfo32.exe file is a loader that reads the encrypted payload file. The loader processes the contents of the file to load the backdoor into memory. This backdoor is versatile: it can connect to a C2 server via TCP, allowing the attacker to steal files from infected computers and launch additional malicious components, among other things. Kaspersky solutions detect this threat as HEUR:Trojan.Win32.Loader.gen.

Multi-layered security is key to preventing sophisticated cyberattacks

The complexity of cyberattacks carried out by APT groups has significantly increased over the years. Attackers can target organizations in highly unusual and unexpected ways. To prevent sophisticated targeted attacks, it is essential to employ multi-layered, defense-in-depth security against cyberthreats. This is the type of security architecture implemented in our Kaspersky NEXT product line, capable of protecting businesses from attacks similar to the one described in this article.

Indicators of compromise

The full list of indicators of compromise is available to subscribers of our Kaspersky Threat Intelligence service.

Hashes of msinfo32.exe

018AD336474B9E54E1BD0E9528CA4DB5
28AC759E6662A4B4BE3E5BA7CFB62204
77DA0829858178CCFC2C0A5313E327C1
A5B31B22E41100EB9D0B9A27B9B2D8EF
E6DB606FA2B7E9D58340DF14F65664B8

Paths to malicious files
%TEMP%\update_tmp*\update\msinfo32.exe
%PROGRAMFILES%\common files\infotecs\update_tmp\driv_*\*\msinfo32.exe
%PROGRAMFILESx86%\InfoTeCS\ViPNet Coordinator\ccc\update_tmp\DRIV_FSA\*\msinfo32.exe

securelist.com/new-backdoor-mi…

What’s sixty feet (18.29 meters for the rest of the world) across and superconducting? The International Thermonuclear Experimental Reactor (ITER), and probably not much else.

The last parts of the central solenoid assembly have finally made their way to France from the United States, making both a milestone in the slow development of the world’s largest tokamak, and a reminder that despite the current international turmoil, we really can work together, even if we can’t agree on the units to do it in.
The central solenoid is in the “doughnut hole” of the tokamak in this cutaway diagram. Image: US ITER.
The central solenoid is 4.13 m across (that’s 13′ 7″ for burger enthusiasts) sits at the hole of the “doughnut” of the toroidal reactor. It is made up of six modules, each weighing 110 t (the weight of 44 Ford F-150 pickup trucks), stacked to a total height of 59 ft (that’s 18 m, if you prefer). Four of the six modules have be installed on-site, and the other two will be in place by the end of this year.

Each module was produced ITER US, using superconducting material produced by ITER Japan, before being shipped for installation at the main ITER site in France — all to build a reactor based on a design from the Soviet Union. It doesn’t get much more international than this!

This magnet is, well, central to a the functioning of a tokamak. Indeed, the presence of a central solenoid is one of the defining features of this type, compared to other toroidal rectors (like the earlier stellarator or spheromak). The central solenoid provides a strong magnetic field (in ITER, 13.1 T) that is key to confining and stabilizing the plasma in a tokamak, and inducing the 15 MA current that keeps the plasma going.

When it is eventually finished (now scheduled for initial operations in 2035) ITER aims to produce 500 MW of thermal power from 50 MW of input heating power via a deuterium-tritium fusion reaction. You can follow all news about the project here.

While a tokamak isn’t likely something you can hack together in your back yard, there’s always the Farnsworth Fusor, which you can even built to fit on your desk.

hackaday.com/2025/04/22/whats-…

Nuove patch di sicurezza per il suo prodotto Enterprise Server sono state rilasciate recentemente da GitHub dopo aver scoperto diverse vulnerabilità di elevata gravità. La vulnerabilità più grave monitorata con il codice CVE-2025-3509 è una Remote Code Execution (RCE) che consente l’esecuzione di codice sfruttando le porte allocate dinamicamente durante gli aggiornamenti hot patch.

Le vulnerabilità, che espongono anche dati sensibili del repository e consentono attacchi cross-site scripting (XSS), interessano le versioni da 3.13.0 a 3.16.1 di GitHub Enterprise Server. Le patch sono ora disponibili per le versioni 3.13.14, 3.14.11, 3.15.6 e 3.16.2.

Gli aggressori con autorizzazioni di amministratore del sito o privilegi di modifica del repository potrebbero collegarsi a porte temporaneamente disponibili, aumentando potenzialmente i privilegi e assumendo il pieno controllo del sistema. Questa falla è sfruttabile solo in condizioni specifiche, come durante il processo di hot patching, limitandone la finestra di attacco.

Una vulnerabilità di media gravità (CVE-2025-3124) consente agli utenti non autorizzati di visualizzare i nomi dei repository privati ​​nella panoramica sulla sicurezza avanzata di GitHub. Ciò si verifica a causa di un controllo di autorizzazione mancante durante l’applicazione di specifici filtri. Sebbene il contenuto del repository rimanga protetto, l’esposizione dei nomi potrebbe aiutare gli aggressori a prendere di mira progetti sensibili.

Un’altra vulnerabilità XSS ad alto rischio (CVE-2025-3246) consente agli aggressori di iniettare codice HTML/CSS dannoso. Lo sfruttamento richiede l’accesso all’istanza di destinazione e l’interazione privilegiata dell’utente con il contenuto dannoso. GitHub ha mitigato questo problema migliorando la sanificazione dell’input e i protocolli di escape per gli elementi renderizzati con dati matematici.

Le Versioni interessate del prodotto sono le seguenti:

• 3.13.0–3.13.13 (corretto in 3.13.14)
• 3.14.0–3.14.10 (corretto in 3.14.11)
• 3.15.0–3.15.5 (corretto in 3.15.6)
• 3.16.0–3.16.1 (corretto in 3.16.2)

GitHub consiglia di aggiornare immediatamente alle ultime versioni. Gli amministratori dovrebbero inoltre verificare i permessi degli utenti e monitorare eventuali attività insolite durante l’applicazione di patch a caldo.

Tutte le vulnerabilità sono state segnalate tramite il programma Bug Bounty di GitHub, a sottolineare l’importanza delle iniziative di sicurezza promosse dalla community. L’azienda non ha divulgato prove di sfruttamento attivo, ma sottolinea l’importanza di una mitigazione proattiva, data la gravità di queste falle.

L'articolo Gravi falle in GitHub Enterprise Server: RCE e XSS colpiscono versioni recenti proviene da il blog della sicurezza informatica.