Il Cyberpandino ha compiuto l’impensabile: attraversare continenti, deserti e catene montuose fino a raggiungere il traguardo del Mongol Rally. Un’impresa folle e visionaria, nata dall’idea di spingersi oltre i limiti della tecnologia e della resistenza umana, a bordo di un piccolo mezzo che ha dimostrato di avere il cuore grande quanto la sua missione. Concludere questa avventura non è stato solo un traguardo sportivo, ma un simbolo della capacità di trasformare una sfida impossibile in una leggenda vivente e noi di Red Hot Cyber abbiano subito sposato l’idea di Matteo e Roberto.

Il viaggio è stato un susseguirsi di ostacoli e meraviglie: strade dissestate, confini complessi, notti fredde sotto le stelle e giornate interminabili in cui la meta sembrava lontanissima. Ogni chilometro percorso è stato una conquista, ogni problema meccanico una lezione di resilienza, ogni incontro con le persone lungo la strada un ricordo indelebile.

Il Cyberpandino non ha semplicemente viaggiato: ha intrecciato storie, culture ed emozioni lungo tutta la sua rotta.

Arrivare al traguardo è stato come vivere un sogno a occhi aperti. L’ultima tappa non è stata solo un punto geografico, ma un simbolo della forza di volontà e della passione che hanno alimentato questa impresa. Non c’erano scorciatoie, non c’era un percorso, ma solo la destinazione e la determinazione di dimostrare che anche un’idea folle può diventare realtà quando viene portata avanti con coraggio e creatività.

Ora, però, comincia una nuova sfida: tornare indietro. Perché se l’andata è stata un’avventura verso l’ignoto, il ritorno rappresenta la prova della vera forza. Non si tratta soltanto di ripercorrere le stesse strade, ma di affrontare ancora una volta i chilometri con la consapevolezza che la missione principale è stata completata. È il momento di guardare al viaggio non più come a una sfida, ma come a un racconto già inciso nella memoria collettiva.

Il Mongol Rally ha messo alla prova uomini e mezzi, ma soprattutto ha rivelato quanto grande possa essere lo spirito umano quando incontra l’imprevedibilità della strada. Il Cyberpandino ha dimostrato che la grandezza non risiede nella potenza dei motori o nella perfezione della tecnologia, ma nella capacità di non arrendersi mai, di saper sorridere anche quando tutto sembra remare contro.

E così la missione si conclude, con il cuore pieno e la strada ancora davanti.

Il Cyberpandino ha scritto una pagina epica, un’ode alla follia positiva che trasforma il viaggio in leggenda.

Non importa quanto lungo sarà il ritorno: ciò che conta è che la bandiera è stata piantata e il traguardo conquistato. Questa non è stata solo un’avventura, ma una dichiarazione al mondo intero: che anche i sogni più assurdi, se guidati con passione, possono diventare storia e realtà.

Di seguito la lettera consegnata al traguardo ai partecipanti.
Hai fatto centro, e il Rally è davvero iniziato. Sono già due cose meravigliose.

È stato estremamente divertente vedervi tu e le vostre piccole belve navigare fino alla fine del pianeta. E vedere che lo spirito dell’Avventurista scorre ancora forte nelle vene di questa follia, dopo tutti questi anni, è meraviglioso. Non mi sorprende. Ancora una volta.

Il Mongol Rally è un’impresa davvero sanguinosa, e senza sembrare uno di quei tizi sdolcinati che lavorano in una stanza di meditazione circondata da candele, è un viaggio di cui parlerai con nostalgia per il resto dei tuoi giorni. Con un po’ di fortuna, annoiando a morte chiunque ti ascolti.

Spero che tu ti sia goduto ogni momento. E, prima o poi, anche i momenti di merda – quando hai rotto un semiasse in mezzo al nulla, o quando hai bucato tutte e quattro le gomme in una giornata sola, o quando sei rimasto bloccato tra due posti di frontiera senza poter andare né avanti né indietro, o quando hai perso il passaporto – diventeranno i momenti migliori. Certamente meglio di “Ehi, ci siamo seduti su un’autostrada e abbiamo attraversato l’intera via senza che succedesse assolutamente nulla”. Non è proprio un gran aneddoto da raccontare al pub.

La vita normale può sembrare un bel colpo basso dopo aver completato qualcosa di così enorme. Quindi la domanda che devi farti ora è: qual è il prossimo passo?

Ti lascio riflettere su questo mentre ti godi la gloria dell’essere un veterano del Mongol Rally. Grazie per averne fatto parte. Siamo orgogliosi di averti con noi. Qui c’è la tua toppa ufficiale dell’evento. Oltre a rendere infinitamente più cool qualsiasi cosa ci sia attaccata (soprattutto te), è garantito che ti terrà in vita per sempre. Forse. Deve essere indossata in ogni occasione da ora in avanti.

Saluti,
Firmato Tom

Tom
Fondatore degli Adventurists e capo delle lettere insolitamente ispiratrici
L'articolo Il Cyberpandino taglia il traguardo! L’importante è il percorso, non la destinazione proviene da il blog della sicurezza informatica.

To anyone who remembers Y2K, Sony’s MiniDisc format will probably always feel futuristic. That goes double for Sony’s MZ-RH1, the last MiniDisk recorder ever released, back in 2006. It’s barely larger than the diminutive disks, and its styling is impeccable. There’s a reason they’ve become highly collectible and sell for insane sums on e-Bay.

Unfortunately, they come with a ticking time-bomb of an Achilles heel: the first-generation OLED screens. Failure is not a question of if, but when, and many units have already succumbed. Fortunately enterprising hacker [Sir68k] has come up with replacement screen to keep these two-decade old bits of the future alive.
Replacement screens glowing brightly, and the custom firmware showing track info, something you’d never see on a stock RH1.
Previous revisions required some light surgery to get the twin OLED replacement screens to fit, but as of the latest incarnation (revision F+), it’s now a 100% drop-in replacement for the original Sony part. While it is a drop-in, don’t expect it to be easy. The internals are very densely packed, and fairly delicate — both in the name of miniaturization. You’ll need to break out the micro-screwdrivers for this one, and maybe some magnifiers if your eyes are as old as ours. At least Sony wasn’t gluing cases together back in 2006, and [Sir68k] does provide a very comprehensive repair guide.

He’s even working on new firmware, to make what many considered best MD recorder better than ever. It’s not ready yet, but when it is [Sir68k] promises to open-source the upgrade. The replacement screens are sadly not open source hardware, but they’re a fine hack nonetheless.

We may see more MiniDisc hacks as the format’s apparent revival continues. Things like adding Bluetooth to the famously-cramped internals, or allowing full data transfer — something Sony was unwilling to allow until the RH1, which is one of the reasons these units are so desirable.

hackaday.com/2025/08/20/revivi…

Google, Kairos Power e la Tennessee Valley Authority (TVA) hanno stipulato un accordo per la fornitura di energia nucleare ai data center negli Stati Uniti. L’accordo rientra nella strategia dei due colossi tecnologici volta a trovare fonti sostenibili di energia pulita per soddisfare la crescente domanda di potenza di calcolo dovuta allo sviluppo dell’intelligenza artificiale.

Kairos Power sta costruendo un reattore da 50 megawatt in Tennessee che alimenterà la rete TVA, che a sua volta fornirà energia ai data center di Google in Alabama e Tennessee. Non ci sarà alcuna fornitura diretta a Google; l’azienda riceverà certificati di attribuzione che dimostreranno di aver immesso una quantità equivalente di energia pulita nella rete per compensare l’uso di gas e altri combustibili fossili.

Grazie all’accordo, TVA diventa la prima azienda statunitense disposta ad acquistare energia elettrica da un reattore di quarta generazione, una tecnologia che promette una maggiore efficienza del combustibile e meno rifiuti rispetto alle centrali nucleari esistenti.

Le aziende IT sono sempre più interessate all’energia nucleare. Amazon, Meta e Microsoft hanno già firmato i propri contratti in questo settore. La scorsa settimana, l’operatore di data center Equinix ha firmato un accordo per l’acquisto di 500 MW da Oklo e ha ordinato 20 reattori a Radiant Nuclear.

Mike Laufer, CEO di Kairos Power, ha affermato che la partnership con Google e TVA è “importante per rendere la tecnologia nucleare avanzata competitiva a livello commerciale”.

Kairos progetta piccoli reattori modulari (SMR), ciascuno con una potenza inferiore a 300 MW. Possono essere prodotti in serie e trasportati in loco. Hermes 2, il nuovo impianto dell’azienda che utilizza sali di fluoruro fusi per il raffreddamento, ha ricevuto l’approvazione per la costruzione dalla Commissione di Regolamentazione Nucleare degli Stati Uniti nel novembre 2024.

Il progetto Hermes è sostenuto dal Dipartimento dell’Energia degli Stati Uniti, che sta investendo circa 300 milioni di dollari attraverso il programma Advanced Reactor Demonstration. Questo fa parte di un’iniziativa governativa volta ad accelerare l’introduzione di nuove tecnologie nucleari, dato che il Paese ha avviato solo tre reattori negli ultimi 20 anni.

L’accordo con Google è il primo passo del piano di Kairos di fornire fino a 500 MW di capacità. L’azienda spera di avere il suo primo reattore commerciale operativo entro il 2030, seguito dai successivi entro il 2035.

L’accordo contribuirà a soddisfare le esigenze dell’economia digitale rafforzando al contempo la rete energetica con una “generazione solida e senza emissioni di carbonio“, ha affermato Amanda Peterson Corio, responsabile dei programmi energetici dei data center di Google.

L’introduzione di nuove tecnologie rappresenta un elemento cruciale per il progresso e lo sviluppo di qualsiasi società. Come evidenziato in numerosi studi e rapporti, l’adozione rapida e efficiente di tecnologie innovative può avere un impatto significativo sulla crescita economica, sull’occupazione e sulla qualità della vita dei cittadini. In questo senso, è fondamentale che gli attori istituzionali, le imprese e i soggetti accademici collaborino per creare un ambiente favorevole all’innovazione, riducendo le barriere normative e burocratiche che possono rallentare l’introduzione di nuove tecnologie.

Tuttavia, l’introduzione di nuove tecnologie richiede anche una attenta valutazione degli impatti sociali e ambientali che possono derivare dalla loro adozione. È essenziale, pertanto, che gli sforzi di innovazione siano accompagnati da una analisi approfondita delle possibili conseguenze, al fine di prevenire o mitigare eventuali effetti negativi. Ciò richiede un approccio interdisciplinare e una forte collaborazione tra esperti di diverse aree, dalle scienze ingegneristiche alle scienze sociali.

L'articolo L’AI ha voglia di Nucleare! Google, Kairos Power e TVA insieme per una energia sostenibile proviene da il blog della sicurezza informatica.

Il ricercatore BobDaHacker ha scoperto che la convalida dei punti premio dell’App di McDonalds veniva gestita solo lato client, consentendo agli utenti di richiedere articoli gratuiti come i nuggets anche senza punti sufficienti. BobDaHacker ha segnalato il problema ma un ingegnere informatico lo ha liquidarlo come “troppo impegnativo”, sebbene il bug sia stato corretto giorni dopo, probabilmente dopo che l’ingegnere stesso lo aveva esaminato.

Successivamente il ricercatore ha analizzato a fondo i sistemi di McDonald’s e ha scoperto vulnerabilità nel Design Hub, una piattaforma utilizzata per le risorse del brand da team in 120 paesi. Questa piattaforma si basava su una password lato client per la protezione.

Dopo aver segnalato il problema, l’azienda ha intrapreso una revisione di tre mesi per implementare accessi corretti per dipendenti e partner. Tuttavia, rimaneva un difetto significativo: semplicemente sostituendo “login” con “register” nell’URL, era possibile accedere a un endpoint aperto.

L’API forniva inoltre indicazioni agli utenti su eventuali campi mancanti, rendendo la creazione di un account incredibilmente semplice. Ancora più preoccupante era il fatto che le password venivano inviate via email in chiaro, una pratica estremamente rischiosa nel 2025.

Test successivi hanno confermato che l’endpoint era ancora accessibile, consentendo l’accesso non autorizzato a materiali riservati destinati esclusivamente all’uso interno, ha affermato BobDaHacker .

I file JavaScript nel Design Hub hanno rivelato ulteriori dettagli: le chiavi API e i segreti di Magicbell esposti consentivano di elencare gli utenti e inviare notifiche di phishing tramite l’infrastruttura di McDonald’s. Questi sono stati ruotati dopo la segnalazione. Anche gli indici di ricerca di Algolia erano elencabili, esponendo dati personali come nomi, indirizzi email e richieste di accesso.

Anche i portali dei dipendenti si sono dimostrati altrettanto vulnerabili. Gli account base dei membri del team di McDonalds potevano accedere a TRT, uno strumento aziendale, per cercare i dati globali dei dipendenti, comprese le email dei dirigenti, e persino utilizzare una funzione di “impersonificazione”.

Il panel Global Restaurant Standards (GRS) non disponeva di autenticazione per le funzioni di amministrazione, consentendo a chiunque di iniettare HTML tramite API. Per dimostrarlo, il ricercatore ha modificato brevemente la homepage in “Sei stato Shreked” prima di ripristinarla.

Ulteriori problemi includevano un accesso non configurato correttamente, l’esposizione di documenti interni al personale di basso livello e exploit nell’app sperimentale per ristoranti di CosMc, come l’utilizzo illimitato di coupon e l’iniezione arbitraria di dati sugli ordini.

Ricordiamo che il mese scorso una grave vulnerabilità di sicurezza nel sistema di assunzione basato sull’intelligenza artificiale di McDonald’s ha esposto i dati personali di 64 milioni di candidati tramite una debole sicurezza basata sulla password “123456”.

L'articolo McDonald’s hackerato da BobDaHacker! Meglio lui che i criminali informatici veri proviene da il blog della sicurezza informatica.

Interested in playing with ultra-wideband (UWB)? [Jaryd] recently put together a fairly comprehensive getting started guide featuring the AI Thinker BU03 that looks like a great place to start. These modules can be used to determine distance between two of them to an accuracy in the order of 10 centimeters, and they can do so in any orientation and with obstacles in the line of sight. It is possible to create a network of these UWB modules to get multiple distance measurements at once and enable real-time 3D tracking for your project.

[Jaryd] gathers up nine UWB modules and uses a Raspberry Pi Pico for command and control purposes. He explains how to nominate the “tag” (the device being tracked) and the “base stations” (which help in locating the tag). He reports having success at distances of up to about 10 meters and in favorable circumstances all the way up to as much as 30 meters.

If you don’t know anything about UWB and would like a primer on the technology be sure to check out What Is Ultra Wideband?

youtube.com/embed/fpTaFBbadyE?…

hackaday.com/2025/08/19/using-…

As one of the oldest programming languages still in common use today, and essential for the first wave of Artificial Intelligence research during the 1950s and 60s, Lisp is often the focus of interpreters that can run on very low-powered systems. Such is the case with [Robert van Engelen]’s TinyLisp, which only takes 99 lines of C code and happily runs on the Z80-based Sharp PC-G850V(S) pocket computer with its 2.3 kB of internal RAM and native C support.

The full details on how TinyLisp was implemented and how to write it yourself can be found in the detailed article that’s part of the GitHub project. It supports static scoping, double-precision floating point and features 21 Lisp primitives along with a garbage collector. Two versions for the Sharp PC-G850 (using BCD (i.e. NaN) boxing) are provided, along with a number of generic implementations, using either double or single precision floating point types. A heavily commented version is probably the version to keep alongside the article while reading.

TinyLisp is – as the name implies – very tiny, and thus more full-featured Lisp implementations are widely available. This includes two versions – linked at the bottom of the Readme – also by [Robert] that use a gargantuan 1,000 lines of C, providing a more advanced garbage collector and dozens more Lisp primitives to handle things like exceptions, file loading, strings and debug features.

hackaday.com/2025/08/19/lisp-i…

Anyone who’s spent significant amounts of time salvaging old electronics has probably wished there were a way to take apart a circuit board without desoldering it. [Zeyu Yan] et al seem to have had the same thought, and so designed circuit boards that can be dissolved and recycled when they become obsolete.

The researchers printed the circuit boards out of water-soluble PVA, with hollow channels in place of interconnects. After printing the boards, they injected a eutectic gallium-indium liquid metal alloy into these channels, populated the boards with components, making sure that their leads were in contact with the liquid alloy, and finally closed off the channels with PVA glue, which also held the components in place. When the board is ready to recycle, they simply dissolve the board and glue in water. The electric components tend to separate easily from the liquid alloy, and both can be recovered and reused. Even the PVA can be reused: the researchers evaporated the solution left after dissolving a board, broke up the remaining PVA, and extruded it as new filament.

The researchers designed a FreeCAD plugin to turn single or multi-layer KiCad circuit layouts into printable files. They had to design a few special sockets to hold components in place, since no solder will be fastening them, but it does support both SMD and through-hole components. The traces have a bit more cross-sectional area than normal copper traces, which has the advantage of compensating for the liquid alloy’s higher resistance; their standard traces had no trouble dissipating heat when carrying 5 amps of current. As a proof of concept, they were able to make a Bluetooth speaker, an electronic fidget toy, and a flexible gripper arm.

This isn’t the first time these researchers have worked on reducing circuit board e-waste; they’ve made solderless and reusable circuit boards before. If you’re interested in more PVA printing, we’ve seen some unusual applications for it.

youtube.com/embed/mByUTr7ITZE?…

hackaday.com/2025/08/19/a-sold…

Il Procuratore Generale della Louisiana, Liz Murrill, ha intentato una causa contro Roblox, accusando l’azienda di aver permesso che la sua piattaforma diventasse un rifugio per predatori sessuali e distributori di contenuti a tema infantile. La causa sostiene che l’azienda viola le leggi statali non proteggendo adeguatamente gli utenti e non avvertendo i genitori dei rischi.

La causa sostiene che Roblox faciliti la distribuzione di materiale che sfrutta minori e non adotti misure concrete per colmare le lacune. Una delle argomentazioni è stata uno studio in cui una comunità di oltre 3.000 membri registrati è stata sorpresa a scambiare tale materiale e a cercare di estorcere materiale intimo a minori. Inoltre, incidenti reali sono già stati registrati in Louisiana. Ad esempio, nella parrocchia di Livingston, un giocatore di Roblox è stato arrestato per aver pubblicato contenuti proibiti. Per comunicare con gli adolescenti, ha utilizzato un software che modificava la voce per imitare il linguaggio di una ragazza.

Particolare attenzione è rivolta alla verifica dell’età. Roblox utilizza un sistema biometrico che richiede il caricamento di una foto di un documento d’identità, ma non viene attivato per i nuovi account. Secondo la procura, la piattaforma non verifica effettivamente l’età degli utenti e non coinvolge i genitori quando un bambino registra un nuovo profilo o cerca di aggirare le restrizioni.

Murrill ha affermato che l’azienda ha anteposto gli interessi commerciali alla sicurezza dei bambini, trasformando il parco giochi in uno spazio aperto agli abusi, motivo per cui lo Stato ha ritenuto necessario procedere penalmente.

Roblox ha già rilasciato una risposta ufficiale, affermando che le accuse di ignorare deliberatamente le minacce non sono vere. I rappresentanti dell’azienda hanno sottolineato che milioni di utenti utilizzano la piattaforma ogni giorno per giocare, imparare e altre attività costruttive. La dichiarazione afferma che nessuna protezione può essere garantita al 100% e che i trasgressori sono sempre alla ricerca di nuovi modi per aggirarla.

Tuttavia, l’azienda continua a implementare strumenti di rilevamento delle minacce aggiornati e ad aggiungere ulteriori livelli di protezione. Il CEO di Roblox, Dave Bazzucchi, aveva precedentemente esortato i genitori a prestare maggiore attenzione alle scelte di intrattenimento digitale dei propri figli e a prendere decisioni più consapevoli.

L'articolo Roblox sotto accusa in Louisiana: un rifugio per i predatori sessuali proviene da il blog della sicurezza informatica.

[Paul Maine] was experimenting with GNU Radio and an RTL-SDR dongle. He created an SSB receiver and, lucky for us, he documented it all in a video you can see below. He walks through how to generate SSB, too. If videos aren’t your thing, you can go back to the blog post from [Gary Schafer] that inspired him to make the video, which is also a wealth of information.

There is a little math — you almost can’t avoid it when talking about this topic. But [Paul] does a good job of explaining it all as painlessly as possible. The intuitive part is simple: An AM signal has most of its power in the carrier and half of what’s left in a redundant sideband. So if you can strip all those parts out and amplify just one sideband, you get better performance.

We love to play with GNU Radio. Sure, the GNU Radio Companion is just a fancy shell over some Python code, but we like how it maps software to blocks like you might use to design a traditional receiver.

If you want to try any of this out and don’t have a sufficient HF antenna or even an HF-capable SDR, no worries. [Paul] thoughtfully recorded some IQ samples off the air into a file. You can play back through your design to test how it works.

If you have never used GNU Radio, starting with audio isn’t a bad way to get your feet wet. That’s how we started our tutorial a decade ago. Still worth working through it if you are trying to get started.

youtube.com/embed/UWKj4QIwM8Q?…

hackaday.com/2025/08/19/roll-y…

At this point, atomic clocks are old news. They’ve been quietly keeping our world on schedule for decades now, and have been through several iterations with each generation gaining more accuracy. They generally all work under the same physical principle though — a radio signal stimulates a gas at a specific frequency, and the response of the gas is used to tune the frequency. This yields high accuracy and high precision — the spacing between each “tick” of an atomic clock doesn’t vary by much, and the ticks cumulatively track the time with very little drift.

All of this had [alnwlsn] thinking about whether he could make an “atomic” clock that measures actual radioactive decay, rather than relying on the hyperfine transition states of atoms. Frustratingly, most of the radioactive materials that are readily available have pretty long half-lives — on the order of decades or centuries. Trying to quantify small changes in the energy output of such a sample over the course of seconds or minutes would be impossible, so he decided to focus on the byproduct of decay — the particles being emitted.

He used a microcontroller to count clicks from a Geiger-Müller tube, and used the count to calculate elapsed time by multiplying by a calibration factor (the expected number of clicks per second). While this is wildly inaccurate in the short term (he’s actually used the same system to generate random numbers), over time it smooths out and can provide a meaningful reading. After one year of continuous operation, the counter was only off by about 26 minutes, or 4.4 seconds per day. That’s better than most mechanical wristwatches (though a traditional Rubidium atomic clock would be less than six milliseconds off, and NIST’s Strontium clock would be within 6.67×10^-11 seconds).

The end result is a probabilistic radiometric timepiece that has style (he even built a clock face with hands, rather than just displaying the time on an LCD). Better yet, it’s got a status page where you can check on on how it’s running. We’ve seen quite a few atomic clocks over the years, but this one is unique and a great entry into the 2025 One Hertz Challenge.

hackaday.com/2025/08/19/2025-o…

Radiation is a bad thing that we don’t want to be exposed to, or so the conventional wisdom goes. We’re most familiar with it in the context of industrial risks and the stories of nuclear disasters that threaten entire cities and contaminate local food chains. It’s certainly not something you’d want anywhere near your dinner, right?

You might then be surprised to find that a great deal of research has been conducted into the process of food irradiation. It’s actually intended to ensure food is safer for human consumption, and has become widely used around the world.

Drop It Like It’s Hot

Food irradiation might sound like a process from an old science fiction movie, but it has a very real and very useful purpose. It’s a reliable way to eliminate pathogens and extend shelf life, with only a few specific drawbacks. Despite being approved by health organizations worldwide and used commercially since the 1950s, it remains one of the most misunderstood technologies in our food system.
The basic concept is simple—radiation can kill pathogens while leaving the food unharmed. Credit: IAEA
The fundamental concept behind food irradiation is simple. Food is exposed to ionizing radiation in controlled doses in order to disrupt the DNA of harmful microorganisms, parasites, and insects. The method is both useful in single serving contexts, such as individual meal rations, as well as in bulk contexts, such as shipping large quantities of wheat. Irradiation can outright kill bacteria in food that’s intended for human consumption, or leave pests unable to reproduce, ensuring a shipment of grain doesn’t carry harmful insects across national borders.

It’s important to note that food irradiation doesn’t make the food itself radioactive. This process doesn’t make food radioactive any more than a chest X-ray makes your body radioactive, since the energy levels involved simply aren’t high enough. The radiation passes through the food, breaking the chemical bonds that make up the genetic material of unwanted organisms. It effectively sterilizes or kills them, ideally without significantly changing the food itself. It also can be used to reduce sprouting of some species like potatoes or onions, and also delay ripening of fruits post-harvest, thanks to its effect on microbes and enzymes that influence these processes.

The concept of food irradiation dates back a long way, far beyond what we would typically call the nuclear age. At the dawn of the 20th century, there was some interest in using then-novel X-rays to deal with pests in food and aid with preservation. A handful of patents were issued, though these had little impact outside the academic realm.

It was only in the years after World War II that things really kicked off in earnest, with the US Army in particular investing a great deal of money to investigate the potential benefits of food irradiation (also known as radurization). With the aid of modern, potent sources of radiation, studies were undertaken at laboratories at the Quartermaster Food and Container Institute, and later at the Natick R&D Command. Much early research focused on meats—specifically beef, poultry, and pork products. A technique was developed which involved cooking food, portioning it, and sealing it in vacuum packs. It would then be frozen and irradiated at a set minimum dose. This process was developed to the point that refrigeration became unnecessary in some cases, and avoided the need to use potentially harmful chemical preservatives in food. These were all highly desirable attributes which promised to improve military logistics.

youtube.com/embed/pe6AKh_tLys?…

Food irradiation eventually spread beyond research and into the mainstream.

The technology would eventually spread beyond military research. By the late 1950s, a German effort was irradiating spices at a commercial level. By 1985, the US Food and Drug Administration had approved irradiation of pork, which became a key target for radurization in order to deal with trichinosis parasites. In time, commercialized methods would be approved in a number of countries to control insects in fruits, vegetables, and bulk foods like legumes and grain, and to prevent sprouting during transport. NASA even began using irradiated foods for space missions in the 1970s, recognizing that traditional food preservation methods aren’t always practical when you’re orbiting Earth. This space-age application highlights one of irradiation’s key advantages—it works without chemicals and eliminates the need for ongoing refrigeration to avoid spoilage. That’s a huge benefit for space missions which can save a great deal of weight by not taking a fridge with them. It also helps astronauts avoid foodborne illnesses, which are incredibly impractical in the confines of a spaceship. Irradiated food has also been used in hospitals to protect immune-compromised patients from another potential source of infection.

How It’s Done

A truck-mounted food irradiator, used in a demonstration tour around the United States in the late 1960s. Credit: US Department of Energy
Three main types of radiation are used commercially to treat food. Gamma rays from cobalt-60 or cesium-137 sources penetrate deeply into food, and it’s possible to use these isotopes to produce uniform and controlled doses of radiation. Cobalt-60 is more commonly used, as it is easier to obtain and can be used with less risks. Isotope sources can’t be switched “off,” so are stored in water pools when not in use to absorb their radiation output. Electron beams, generated by linear accelerators, offer precise control of dosage, but have limited penetration depth into food, limiting their use cases to specific foods. X-rays, produced when high-energy electrons strike a metal target, combine the benefits of both gamma rays and electron beams. They have excellent penetration and can be easily controlled by switching the X-ray source on and off. The choice depends on the specific application, with factors like food density, package size, and required dose uniformity all playing roles. Whatever method is used, there’s generally no real risk of food becoming irradiated. That’s because the X-rays, electron beams, and gamma rays used for irradiation are all below the energy levels that would be required to actually impact the nucleus of the atoms in the food. Instead, they’re only strong enough to break chemical bonds. It is thus important to ensure the irradiation process does not cause harmful changes in whatever material the food is stored in; much research has gone into finding safe materials that are compatible with the irradiation process.
A chamber used for gamma ray food irradiation with cobalt-60. Credit: Swimmaaj
The dosage levels used in food irradiation are carefully calibrated and measured in units in Grays (Gy) or more typically, kiloGrays (kGy). Low doses of 0.1 to 1 kGy can inhibit sprouting in potatoes and onions or delay ripening in fruits. Medium doses of 1 to 10 kGy eliminate insects and reduce pathogenic bacteria. High doses above 10 kGy can sterilize foods for long-term storage or for space-or hospital-based use, though these doses are not as widely used for commercial food products.

By and large, irradiation does not have a major effect on a food’s taste, appearance, or texture. Studies have shown that irradiation can cause some minor changes to food’s nutritional content, as noted by the World Health Organization. However, while irradiation can highly degrade vitamins in a pure solution, in food items, losses are typically on the order of a few percent at most. The losses are often comparable to or less than those from traditional processing methods like canning or freezing. Changes to carbohydrates, proteins, and lipids are usually very limited. The US FDA, World Health Organization, and similar authorities in many countries have approved food irradiation in many contexts, with studies bearing out its overall safety.
The Radura logo is used to mark foods that have been treated with irradiation. Credit: US FDA
In some extreme cases, though, irradiation can cause problems. In 2008, Orijen cat foods were recalled in Australia after the irradiated product was found to be causing illness in cats. This was not a result of any radioactive byproduct. Instead, the issue was that the high dose (>50 kGy) of radiation used had depleted vitamin A content in the food. Since pets are often fed a very limited diet, this led to nutrient deficiencies and the unfortunate deaths of a number of animals prior to being recalled.

The regulatory landscape varies significantly worldwide, both in dose levels and in labelling. While the United States allows irradiation of various foods including spices, fruits, vegetables, grains, and meats, rules mandate that irradiated products are clearly identified. The distinctive radura symbol—a stylized flower in a circle—must appear alongside text stating “treated with radiation” or “treated by irradiation.” Some countries have embraced the technology more fully; others less so. EU countries primarily allow radiation treatments for herbs and spices only, while in Brazil, just about any food may be irradiated to whatever dose deemed necessary, though doses above 10 kGy should have a legitimate technological purpose.

Overall, food irradiation is a a scary-sounding technology that actually makes food a lot safer. It’s not something we think about on the regular, but it has become an important part of the international food supply nonetheless. Where there are pests to prevent and pathogens to quash, irradiation can prove a useful tool to preserve the quality of food and protect those that eat it.

hackaday.com/2025/08/19/food-i…

People have long been interested in very low frequency (VLF) radio signals. But it used to be you pretty much had to build your own receiver which, luckily, wasn’t as hard as building your own VHF or UHF gear. But there is a problem. These low frequencies have a very long wavelength and, thus, need very large antennas to get any reception. [Electronics Unmessed] says he has an answer.

These days, if you want to explore any part of the radio spectrum, you can probably do it easily with a software-defined radio (SDR). But the antenna is the key part that you are probably lacking. A small antenna will not work well at all. While the video covers a fairly common idea: using a loop antenna, his approach to loops is a bit different using a matching transformer, and he backs his thoughts up with modeling and practical results.

Of course, transformers also introduce loss, but — as always — everything is a trade-off. Running hundreds of feet of wire in your yard or even in a loop is not always a possibility. This antenna looks like it provides good performance and it would be simple to duplicate.

Early radio was VLF. Turns out, VLF may provide an unexpected public service in space.

youtube.com/embed/1x8rcep6mRE?…

hackaday.com/2025/08/19/the-vl…

When we last brought you word of the SS United States, the future of the storied vessel was unclear. Since 1996, the 990 foot (302 meter) ship — the largest ocean liner ever to be constructed in the United States — had been wasting away at Pier 82 in Philadelphia. While the SS United States Conservancy was formed in 2009 to support the ship financially and attempt to redevelop it into a tourist attraction, their limited funding meant little could be done to restore or even maintain it. In January of 2024, frustrated by the lack of progress, the owners of the pier took the Conservancy to court and began the process of evicting the once-great liner.
SS United States docked at Pier 82 in Philadelphia
It was hoped that a last-minute investor might appear, allowing the Conservancy to move the ship to a new home. But unfortunately, the only offer that came in wasn’t quite what fans of the vessel had in mind: Florida’s Okaloosa County offered $1 million to purchase the ship so they could sink it and turn it into the world’s largest artificial reef.

The Conservancy originally considered it a contingency offer, stating that they would only accept it if no other options to save the ship presented themselves. But by October of 2024, with time running out, they accepted Okaloosa’s offer as a more preferable fate for the United States than being scrapped.

It at least means the ship will remain intact — acting not only as an important refuge for aquatic life, but as a destination for recreational divers for decades to come. The Conservancy has also announced plans to open a museum in Okaloosa, where artifacts from the ship will be on display.

Laying a Behemoth to Rest

Sinking a ship is easy enough, it happens accidentally all the time. But intentionally sinking a ship, technically referred to as scuttling, in such a way that it sits upright on the bottom is another matter entirely. Especially for a ship the size of the SS United States, which will officially become both the largest intact ocean liner on the seafloor (beating out HMHS Britannic and her sister RMS Titanic) and the largest artificial reef in the world (taking the title from the USS Oriskany) when it eventually goes down.

The SS United States is currently in Mobile, Alabama, where it is being prepared for scuttling by Modern American Recycling Services and Coleen Marine. After a complete survey of the ship’s structural state, holes will be strategically cut throughout the hull. These will let the ship take on water in a more predictable way during the sinking, and also allow access to the inside of the hull for both sea life and divers. Internally, hatches and bulkheads will be removed for the same reason, though areas deemed too dangerous for recreational divers may be sealed off for safety.

At the same time, the ship must be thoroughly cleaned before it makes its final plunge into the waters off of Florida’s coast. Any remaining fuel or lubricants must be removed, as will any loose paint. Plastics that could break down, and anything that might contain traces of toxins such as lead or mercury, will also be stripped from the ship. In the end, the goal is to have very little left beyond the hull itself and machinery that’s too large to remove.
The forward funnel of the SS United States is removed and loaded onto a barge.
Finally, there’s the issue of depth. While the final resting place of the SS United States has yet to be determined, the depth is limited by the fact that Okaloosa wants to encourage recreational divers to visit. The upper decks of the ship must be located at a depth that’s reasonable for amateur divers to reach safely, but at the same time, the wreck can’t present a hazard to navigation for ships on the surface.

Once on the bottom, the goal is to have the upper decks of the ship at a depth of approximately 55 feet (17 m), making it accessible to even beginner divers. Unfortunately, the ship’s iconic swept-back funnels stand 65 feet (20 m) off the deck. While the tips of the funnels breaking through the surface of the water might make for a striking visual, it would of course be completely impractical.

youtube.com/embed/56zZtvcc7Qk?…

As such, the funnels and mast of the United States have just recently been removed. But thankfully, they aren’t being sent off to the scrapper. Instead, they will become key components of what the Conservancy is calling the “SS United States Museum and Visitor Experience.”

Honoring America’s Flagship

While the SS United States will welcome visitors willing to get their feet wet, not everyone who wants to explore the legacy of the ship will have to strap on a scuba tank. As part of the deal to purchase the ship, Okaloosa County has been working with the Conservancy to develop a museum dedicated to the ship and the cultural milieu in which she was developed and built.

Naturally, the museum will house many artifacts from the ship’s career. The Conservancy is already in the process of recalling many of the items in their collection which were loaned out while the ship was docked in Philadelphia. But uniquely, the building will also incorporate parts of the ship itself, including the funnels, mast, anchor, and at least one of the propellers.
Concept art for the SS United States Museum and Visitor Experience by Thinc Design.
Combined with some clever architecture by Thinc Design, the idea is for the museum’s structure to invoke the look of the ship itself. The Conservancy has released a number of concept images that depict various approaches being considered, the most striking of which essentially recreates the profile of the great liner with its bow extended out over the Florida waters.

A Bittersweet Farewell

To be sure, this is not the fate that the SS United States Conservancy had in mind when they purchased the ship. Over the years, they put forth a number of proposals that would have seen the ship either turned into a static attraction like the Queen Mary or returned to passenger service. But the funding always fell through, and with each year that passed the ship’s condition only got worse, making its potential restoration even more expensive.
Image Credit: SS United States Conservancy
It’s an unfortunate reality that many great ships have ended up being sold for scrap. Consider the RMS Olympic; despite being the last surviving ship of her class after the sinking of her sisters Titanic and Britannic, and having a long and storied career that included service as a troop ship during the First World War, she ended up having her fittings auctioned off before ultimately being torn to pieces in the late 1930s. It was an ending so unceremonious that the exact date of her final demolition has been lost to time. Meanwhile her sunken sisters, safe from the scrapper’s reach on the sea floor, continue to be studied and explored to this day.

In an ideal world, the SS United States would be afforded the same treatment as the USS New Jersey — it would be lovingly restored and live on as a museum ship for future generations to appreciate. But failing that, it would seem that spending the next century or so playing host to schools of fish and awestruck scuba divers is a more fitting end to America’s flagship than being turned into so many paperclips.

hackaday.com/2025/08/19/how-to…

Su un popolare forum dedicato alle fughe di dati è apparso un annuncio pubblicitario per la vendita di un database che presumibilmente contiene 15,8 milioni di account PayPal con indirizzi email e password in chiaro. L’autore della pubblicazione afferma che le informazioni sono recenti e sono state ottenute a maggio di quest’anno. L’azienda stessa ha negato tali affermazioni, affermando che si tratta di un incidente risalente al 2022 e che non si sono verificati nuovi attacchi informatici.

Tuttavia, l’annuncio della vendita ha suscitato interesse a causa delle dimensioni del database dichiarato, ma non è ancora possibile verificarne l’autenticità. I ricercatori di Cybernews osservano che il frammento fornito è troppo piccolo per una verifica indipendente. Inoltre, il prezzo dell’intero archivio si è rivelato sospettosamente basso per un insieme così ampio di login e password, il che potrebbe indicare una qualità discutibile del materiale.

Secondo un portavoce di PayPal, gli aggressori si riferiscono a un attacco di credential stuffing del 2022 che ha colpito 35.000 utenti. L’azienda è stata poi indagata negli Stati Uniti e all’inizio del 2025 ha accettato di pagare 2 milioni di dollari per risolvere le accuse delle autorità di regolamentazione di New York secondo cui PayPal avrebbe violato i requisiti di sicurezza informatica.

Il database pubblicato, come sostengono i venditori, contiene non solo indirizzi email e password, ma anche campi aggiuntivi, URL correlati e cosiddette varianti, che consentono di utilizzare le informazioni in attacchi automatizzati al servizio. Se alcuni record fossero davvero recenti, ciò potrebbe semplificare le campagne di Credential Stuffing contro utenti in tutto il mondo. Allo stesso tempo, l’autore del post ammette che tra le righe sono presenti numerose ripetizioni e password già compromesse.

Gli esperti non escludono che la fonte di questi dati non sia PayPal stessa, ma i dispositivi infetti dei clienti. Negli ultimi anni, sul darknet sono stati attivamente promossi degli infostealer : programmi dannosi come RedLine, Raccoon o Vidar, che raccolgono password salvate, cookie del browser, dati di compilazione automatica e persino portafogli crittografici dai sistemi infetti. Tali software creano database sotto forma di un collegamento tra un indirizzo URL, un login e una password, che coincide perfettamente con il formato del “dump” presentato. Tali insiemi di informazioni hanno già causato perdite su larga scala, comprese quelle relative a Snowflake .

PayPal sottolinea che non sono mai state registrate gravi violazioni dei sistemi aziendali e che le affermazioni degli hacker non sono supportate da fatti.

Tuttavia, si consiglia agli utenti di non trascurare la protezione: utilizzare password complesse e univoche e abilitare l’autenticazione a più fattori, che rimane una barriera fondamentale per gli intrusi anche in caso di furto di credenziali di accesso e password.

L'articolo Il database di PayPal, in vendita con 15,8 milioni di account: cosa c’è da sapere proviene da il blog della sicurezza informatica.

Summary

In September 2024, we detected malicious activity targeting financial (trading and brokerage) firms through the distribution of malicious .scr (screen saver) files disguised as financial documents via Skype messenger. The threat actor deployed a newly identified Remote Access Trojan (RAT) named GodRAT, which is based on the Gh0st RAT codebase. To evade detection, the attackers used steganography to embed shellcode within image files. This shellcode downloads GodRAT from a Command-and-Control (C2) server.

GodRAT supports additional plugins. Once installed, attackers utilized the FileManager plugin to explore the victim’s systems and deployed browser password stealers to extract credentials. In addition to GodRAT, they also used AsyncRAT as a secondary implant to maintain extended access.

GodRAT is very similar to the AwesomePuppet, another Gh0st RAT-based backdoor, which we reported in 2023, both in its code and distribution method. This suggests that it is probably an evolution of AwesomePuppet, which is in turn likely connected to the Winnti APT.

As of this blog’s publication, the attack remains active, with the most recent detection observed on August 12, 2025. Below is a timeline of attacks based on detections of GodRAT shellcode injector executables. In addition to malicious .scr (screen saver) files, attackers also used .pif (Program Information File) files masquerading as financial documents.

Technical details

Malware implants

Shellcode loaders

We identified the use of two types of shellcode loaders, both of which execute the shellcode by injecting it into their own process. The first embeds the shellcode bytes directly into the loader binary, and the second reads the shellcode from an image file.

A GodRAT shellcode injector file named “2024-08-01_2024-12-31Data.scr” (MD5 d09fd377d8566b9d7a5880649a0192b4) is an executable that XOR-decodes embedded shellcode using the following hardcoded key: “OSEDBIU#IUSBDGKJS@SIHUDVNSO*SKJBKSDS#SFDBNXFCB”. A new section is then created in the memory of an executable process, where the decoded shellcode is copied. Then the new section is mapped into the process memory and a thread is spawned to execute the shellcode.

Another file, “2024-11-15_23.45.45 .scr” (MD5 e723258b75fee6fbd8095f0a2ae7e53c), serves as a self-extracting executable containing several embedded files as shown in the image below.

Content of self-extracting executable

Among these is “SDL2.dll” (MD5 512778f0de31fcce281d87f00affa4a8), which is a loader. The loader “SDL2.dll” is loaded by the legitimate executable Valve.exe (MD5 d6d6ddf71c2a46b4735c20ec16270ab6). Both the loader and Valve.exe are signed with an expired digital certificate. The certificate details are as follows:

• Serial Number: 084caf4df499141d404b7199aa2c2131
• Issuer Common Name: DigiCert SHA2 Assured ID Code Signing CA
• Validity: Not Before: Friday, September 25, 2015 at 5:30:00 AM; Not After: Wednesday, October 3, 2018 at 5:30:00 PM
• Subject: Valve

The loader “SDL2.dll” extracts shellcode bytes hidden within an image file “2024-11-15_23.45.45.jpg”. The image file represents some sort of financial details as shown below.

The loader allocates memory, copies the extracted shellcode bytes, and spawns a thread to execute it. We’ve also identified similar loaders that extracted shellcode from an image file named “2024-12-10_05.59.18.18.jpg”. One such loader (MD5 58f54b88f2009864db7e7a5d1610d27d) creates a registry load point entry at “HKCU\Software\Microsoft\Windows\CurrentVersion\Run\MyStartupApp” that points to the legitimate executable Valve.exe.

Shellcode functionality

The shellcode begins by searching for the string “godinfo,” which is immediately followed by configuration data that is decoded using the single-byte XOR key 0x63. The decoded configuration contains the following details: C2 IP address, port, and module command line string. The shellcode connects to the C2 server and transmits the string “GETGOD.” The C2 server responds with data representing the next (second) stage of the shellcode. This second-stage shellcode includes bootstrap code, a UPX-packed GodRAT DLL and configuration data. However, after downloading the second-stage shellcode, the first stage shellcode overwrites the configuration data in the second stage with its own configuration data. A new thread is then created to execute the second-stage shellcode. The bootstrap code injects the GodRAT DLL into memory and subsequently invokes the DLL’s entry point and its exported function “run.” The entire next-stage shellcode is passed as an argument to the “run” function.

GodRAT

The GodRAT DLL has the internal name ONLINE.dll and exports only one method: “run”. It checks the command line parameters and performs the following operations:

1. If the number of command line arguments is one, it copies the command line from the configuration data, which was “C:\Windows\System32\curl.exe” in the analyzed sample. Then it appends the argument “-Puppet” to the command line and creates a new process with the command line “C:\Windows\System32\curl.exe -Puppet”. The parameter “-Puppet” was used in AwesomePuppet RAT in a similar way. If this fails, GodRAT tries to create a process with the hardcoded command “%systemroot%\system2\cmd.exe -Puppet”. If successful, it suspends the process, allocates memory, and writes the shellcode buffer (passed as a parameter to the exported function “run”) to the allocated memory. A thread is then created to execute the shellcode, and the current process exits. This is done to execute GodRAT inside the curl.exe or cmd.exe process.
2. If the number of command line arguments is greater than one, it checks if the second argument is “-Puppet.” If true, it proceeds with the RAT’s functionality; otherwise, it acts as if the number of command line arguments is one, as described in the previous case.

The RAT establishes a TCP connection to the C2 server on the port from the configuration blob. It collects the following victim information: OS information, local hostname, malware process name and process ID, user account name associated with malware process, installed antivirus software and whether a capture driver is present. A capture driver is probably needed for capturing pictures, but we haven’t observed such behavior in the analyzed sample.

The collected data is zlib (deflate) compressed and then appended with a 15-byte header. Afterward, it is XOR-encoded three times per byte. The final data sent to the C2 server includes a 15-byte header followed by the compressed data blob. The header consists of the following fields: magic bytes (\x74\x78\x20) , total size (compressed data size + header size), decompressed data size, and a fixed DWORD (1 for incoming data and 2 for outgoing data). The data received from the C2 is only XOR-decoded, again three times per byte. This received data includes a 15-byte header followed by the command data. The RAT can perform the following operations based on the received command data:

• Inject a received plugin DLL into memory and call its exported method “PluginMe”, passing the C2 hostname and port as arguments. It supports different plugins, but we only saw deployment of the FileManager plugin
• Close the socket and terminate the RAT process
• Download a file from a provided URL and launch it using the CreateProcessA API, using the default desktop (WinSta0\Default)
• Open a given URL using the shell command for opening Internet Explorer (e.g. “C:\Program Files\Internet Explorer\iexplore.exe” %1)
• Same as above but specify the default desktop (WinSta0\Default)
• Create the file “%AppData%\config.ini”, create a section named “config” inside this file, and, create in that section a key called “NoteName” with the string provided from the C2 as its value

GodRAT FileManager plugin

The FileManager plugin DLL has the internal name FILE.dll and exports a single method called PluginMe. This plugin gathers the following victim information: details about logical drives (including drive letter, drive type, total bytes, available free bytes, file system name, and volume name), the desktop path of the currently logged-on user, and whether the user is operating under the SYSTEM account. The plugin can perform the following operations based on the commands it receives:

• List files and folders at a specified location, collecting details like type (file or folder), name, size, and last write time
• Write data to an existing file at a specified offset
• Read data from a file at a specified offset
• Delete a file at a specified path
• Recursively delete files at a specified path
• Check for the existence of a specified file. If the file exists, send its size; otherwise, create a file for writing.
• Create a directory at a specified path
• Move an existing file or directory, including its children
• Open a specified application with its window visible using the ShellExecuteA API
• Open a specified application with its window hidden using the ShellExecuteA API
• Execute a specified command line with a hidden window using cmd.exe
• Search for files at a specified location, collecting absolute file paths, sizes, and last write times
• Stop a file search operation
• Execute 7zip by writing hard-coded 7zip executable bytes to “%AppData%\7z.exe” (MD5 eb8d53f9276d67afafb393a5b16e7c61) and “%AppData%\7z.dll” (MD5 e055aa2b77890647bdf5878b534fba2c), and then runs “%AppData%\7z.exe” with parameters provided by the C2. The utility is used to unzip dropped files.

Second-stage payload

The attackers deployed the following second-stage implants using GodRAT’s FileManager plugin:

Chrome password stealer

The stealer is placed at “%ALLUSERSPROFILE%\google\chrome.exe” (MD5 31385291c01bb25d635d098f91708905). It looks for Chrome database files with login data for accessed websites, including URLs and usernames used for authentication, as well as user passwords. The collected data is saved in the file “google.txt” within the module’s directory. The stealer searches for the following files:

• %LOCALAPPDATA%\Google\Chrome\User Data\Default\Login Data – an SQLite database with login and stats tables. This can be used to extract URLs and usernames used for authentication. Passwords are encrypted and not visible.
• %LOCALAPPDATA%\Google\Chrome\User Data\Local State – a file that contains the encryption key needed to decrypt stored passwords.

MSEdge password stealer

The stealer is placed at “%ALLUSERSPROFILE%\google\msedge.exe” (MD5 cdd5c08b43238c47087a5d914d61c943). The collected data is stored in the file “edge.txt” in the module’s directory. The module attempts to extract passwords using the following database and file:

• %LOCALAPPDATA%\Microsoft\Edge\User Data\Default\Login Data – the “Login Data” SQLite database stores Edge logins in the “logins” table.
• %LOCALAPPDATA%\Microsoft\Edge\User Data\Local State – this file contains the encryption key used to decrypt saved passwords.

AsyncRAT

The DLL file (MD5 605f25606bb925d61ccc47f0150db674) is an injector and is placed at “%LOCALAPPDATA%\bugreport\LoggerCollector.dll” or “%ALLUSERSPROFILE%\bugreport\LoggerCollector.dll”. It verifies that the module name matches “bugreport_.exe”. The loader then XOR-decodes embedded shellcode using the key “EG9RUOFIBVODSLFJBXLSVWKJENQWBIVUKDSZADVXBWEADSXZCXBVADZXVZXZXCBWES”. After decoding, it subtracts the second key “IUDSY86BVUIQNOEWSUFHGV87QCI3WEVBRSFUKIHVJQW7E8RBUYCBQO3WEIQWEXCSSA” from each shellcode byte.

A new memory section is created, the XOR-decoded shellcode is copied into it, and then the section is mapped into the current process memory. A thread is started to execute the code in this section. The shellcode is used to reflectively inject the C# AsyncRAT binary. Before injection, it patches the AMSI scanning functions (AmsiScanBuffer, AmsiScanString) and the EtwEventWrite function to bypass security checks.
AsyncRAT includes an embedded certificate with the following properties:

• Serial Number: df:2d:51:bf:e8:ec:0c:dc:d9:9a:3e:e8:57:1b:d9
• Issuer: CN = marke
• Validity: Not Before: Sep 4 18:59:09 2024 GMT; Not After: Dec 31 23:59:59 9999 GMT
• Subject: CN = marke

GodRAT client source and builder

We discovered the source code for the GodRAT client on a popular online malware scanner. It had been uploaded in July 2024. The file is named “GodRAT V3.5_______dll.rar” (MD5 04bf56c6491c5a455efea7dbf94145f1). This archive also includes the GodRAT builder (MD5 5f7087039cb42090003cc9dbb493215e), which allows users to generate either an executable file or a DLL. If an executable is chosen, users can pick a legitimate executable name from a list (svchost.exe, cmd.exe, cscript.exe, curl.exe, wscript.exe, QQMusic.exe and QQScLauncher.exe) to inject the code into. When saving the final payload, the user can choose the file type (.exe, .com, .bat, .scr and .pif). The source code is based on Gh0st RAT, as indicated by the fact that the auto-generated UID in “GodRAT.h” file matches that of “gh0st.h”, which suggests that GodRAT was originally just a renamed version of Gh0st RAT.

GodRAT.h

gh0st.h

Conclusions

The rare command line parameter “puppet,” along with code similarities to Gh0st RAT and shared artifacts such as the fingerprint header, indicate that GodRAT shares a common origin with AwesomePuppet RAT, which we described in a private report in 2023. This RAT is also based on the Gh0st RAT source code and is likely connected with Winnty APT activities. Based on these findings, we are highly confident that GodRAT is an evolution of AwesomePuppet. There are some differences, however. For example, the C2 packet of GodRAT uses the “direction” field, which was not utilized in AwesomePuppet.

Old implant codebases, such as Gh0st RAT, which are nearly two decades old, continue to be used today. These are often customized and rebuilt to target a wide range of victims. These old implants are known to have been used by various threat actors for a long time, and the GodRAT discovery demonstrates that legacy codebases like Gh0st RAT can still maintain a long lifespan in the cybersecurity landscape.

Indicator of Compromise

File hashes

cf7100bbb5ceb587f04a1f42939e24ab
d09fd377d8566b9d7a5880649a0192b4 GodRAT Shellcode Injector
e723258b75fee6fbd8095f0a2ae7e53c GodRAT Self Extracting Executable
a6352b2c4a3e00de9e84295c8d505dad
6c12ec3795b082ec8d5e294e6a5d6d01
bb23d0e061a8535f4cb8c6d724839883
160a80a754fd14679e5a7b5fc4aed672
2750d4d40902d123a80d24f0d0acc454
441b35ee7c366d4644dca741f51eb729
318f5bf9894ac424fd4faf4ba857155e GodRAT Shellcode Injector
512778f0de31fcce281d87f00affa4a8 GodRAT Shellcode Injector
6cad01ca86e8cd5339ff1e8fff4c8558 GodRAT Shellcode Injector
58f54b88f2009864db7e7a5d1610d27d GodRAT Shellcode Injector
64dfcdd8f511f4c71d19f5a58139f2c0 GodRAT FileManager Plugin(n)
8008375eec7550d6d8e0eaf24389cf81 GodRAT
04bf56c6491c5a455efea7dbf94145f1 GodRAT source code
5f7087039cb42090003cc9dbb493215e GodRAT Builder
31385291c01bb25d635d098f91708905 Chrome Password Stealer
cdd5c08b43238c47087a5d914d61c943 MSEdge Password Stealer
605f25606bb925d61ccc47f0150db674 Async RAT Injector (n)
961188d6903866496c954f03ecff2a72 Async RAT Injector
4ecd2cf02bdf19cdbc5507e85a32c657 Async RAT
17e71cd415272a6469386f95366d3b64 Async RAT

File paths

C:\users\[username]\downloads\2023-2024clientlist＆.scr
C:\users\[username]\downloads\2024-11-15_23.45.45 .scr
C:\Users\[username]\Downloads\2024-08-01_2024-12-31Data.scr
C:\Users\[username]\\Downloads\2025TopDataTransaction&.scr
C:\Users\[username]\Downloads\2024-2025Top&Data.scr
C:\Users\[username]\Downloads\2025TopClineData&1.scr
C:\Users\[username]\Downloads\Corporate customer transaction &volume.pif
C:\telegram desktop\Company self-media account application qualifications&.zip
C:\Users\[username]\Downloads\个人信息资料&.pdf.pif
%ALLUSERSPROFILE%\bugreport\360Safe2.exe
%ALLUSERSPROFILE%\google\chrome.exe
%ALLUSERSPROFILE%\google\msedge.exe
%LOCALAPPDATA%\valve\valve\SDL2.dll
%LOCALAPPDATA%\bugreport\LoggerCollector.dll
%ALLUSERSPROFILE%\bugreport\LoggerCollector.dll
%LOCALAPPDATA%\bugreport\bugreport_.exe

Domains and IPs

103[.]237[.]92[.]191 GodRAT C2
118[.]99[.]3[.]33 GodRAT С2
118[.]107[.]46[.]174 GodRAT C2
154[.]91[.]183[.]174 GodRAT C2
wuwu6[.]cfd AsyncRAT C2
156[.]241[.]134[.]49 AsyncRAT C2
https://holoohg.oss-cn-hongkong.aliyuncs[.]com/HG.txt AsyncRAT URL
47[.]238[.]124[.]68 AsyncRAT C2

securelist.com/godrat/117119/

More and more car manufacturers these days are becoming interested in the recurring revenue model, with Volkswagen’s ID.3 BEV being the latest to have an optional ‘motor power upgrade’ that you can pay for either monthly or with a ‘lifetime’ payment.

As the BBC reports, this option is now available in the UK, with customers offered the option to pay £16.50 per month or £165 annually, or opt to shell out £649 for what is reportedly a ‘car lifetime’ subscription.

It appears that this subscription service has been in the works for a while already, with it being offered first last year in countries like Denmark, following which it appears to be rolled out in other countries too. The software unlock changes the maximum motor output from 150 kW to 170 kW, which some users report as being noticeable.

Regardless of whether you find this to be a good deal, the concept of Car-As-A-Service (CAAS) has becoming increasingly prevalent, with the BBC article referencing BMW’s heated seats subscription and Mercedes’ acceleration subscription. Considering that all the hardware is already in the car that you purportedly purchased, this is sure to rub people the wrong way, not to mention that from a car tuning perspective this seems to suggest that third-party tuners don’t need to apply.

Thanks to [Robert Piston] for the tip.

hackaday.com/2025/08/19/volksw…

Proofpoint ha pubblicato il secondo volume del suo studio annuale “Human Factor 2025” , incentrato sul phishing e sugli attacchi basati su URL. L’analisi dei dati da maggio 2024 a maggio 2025 mostra che gli aggressori utilizzano sempre più spesso il social engineering in combinazione con i link, che sono diventati il principale vettore per attaccare gli utenti.

Secondo le statistiche, i link sono stati riscontrati quattro volte più spesso degli allegati con contenuti dannosi. Oltre il 55% degli SMS con tracce di phishing conteneva un URL e il numero di campagne con la tecnica ClickFix è aumentato di quasi il 400% in un anno. In totale, i ricercatori hanno registrato 3,7 miliardi di tentativi di furto di credenziali tramite link dannosi, contro gli 8,3 milioni di tentativi di distribuzione di malware, il che conferma che l’obiettivo principale degli aggressori oggi è compromettere gli account.

Particolarmente preoccupante è il crescente numero di attacchi che utilizzano servizi legittimi. Gli aggressori mascherano URL dannosi come documenti su OneDrive o Google Drive e creano anche pagine di autorizzazione false, indistinguibili da quelle reali. L’uso diffuso di modelli di intelligenza artificiale generativa consente loro di perfezionare all’infinito i modelli di email di phishing, aumentandone la persuasività.

Tra gli strumenti principali ci sono kit di phishing già pronti all’uso come CoGUI e Darcula. Il primo è attivamente utilizzato da gruppi di lingua cinese e si rivolge principalmente agli utenti in Giappone, il secondo viene utilizzato negli attacchi SMS , spesso spacciandosi per messaggi provenienti da agenzie governative o aziende postali. Entrambi gli strumenti possono aggirare la protezione e persino intercettare i codici MFA.

Una delle tendenze più evidenti è stata la diffusione del programma ClickFix . Alla vittima viene mostrata una falsa finestra di errore o un CAPTCHA, che la invita a eseguire manualmente i comandi. Questo installa RAT , infostealer e downloader sul dispositivo. Le campagne ClickFix sono diventate una pratica comune, utilizzata sia da gruppi motivati finanziariamente che da attori statali.

Separatamente, gli esperti notano la crescita degli attacchi ai dispositivi mobili. Secondo il rapporto, nel 2024, il numero di minacce URL negli SMS è aumentato del 2534%. Nel 2025, almeno il 55% degli SMS di phishing conteneva link e il 75% delle organizzazioni ha confermato di aver subito tali attacchi. I principali attacchi sono le frodi con “multe stradali” e false notifiche di consegna.

Anche gli attacchi di phishing tramite QR code stanno guadagnando terreno. Solo nei primi sei mesi del 2025, Proofpoint ha identificato quasi 4,2 milioni di casi di abuso di codici QR. Questo vettore è comodo per i criminali, poiché consente loro di aggirare il filtro del gateway di posta: la vittima scansiona il codice su uno smartphone e finisce su un sito falso per rubare password o dati di carte di credito.

Il rapporto conclude che gli attacchi più distruttivi oggi non sono rivolti ai sistemi, ma alle persone. Tali campagne non possono avere successo senza un clic da parte dell’utente, il che significa che la principale linea di difesa è proteggere tutti i canali di comunicazione: dalle email aziendali alla messaggistica istantanea e ai servizi SaaS. Proofpoint consiglia soluzioni di intelligenza artificiale multilivello in grado di rilevare anche i più piccoli segnali di phishing in qualsiasi flusso digitale.

L'articolo Clicchi sui link degli SMS? Ecco 4,2 milioni di motivi per non farlo proviene da il blog della sicurezza informatica.