Le ore che abbiamo oggi non bastano: preparazione, correzioni, inclusione restano scoperte.
La qualità cala già alla situazione attuale ~> non scioperare significa accettarlo come normale.
Lo #sciopero non è tempo (o denaro) perso: è l’unico modo per cambiare condizioni che da sole non miglioreranno.
Aiutateci.
Aiutatevi.
Ma Gianluca likes this.
reshared this
There are all manner of musical synthesis techniques, from the early electromechanical instruments through analogue tape systhesis, the all-electronic waveform synthesisers of the 1960s onwards, and Yamaha’s FM systhesis of the 1980s, to name but a few. One of the attributes of such a machine lies in how many voices it has, or in simple terms, how many notes it can play simultaneously. Electronic complexity limited those early synths, but what happens on an FPGA where vast numbers of circuits can be made with little extra cost? [Tsuneo.Ohnaka] is pushing the envelope a little, by cramming 10240 individually controllable oscillators onto a Terasic DE10-nano FPGA board.
While this thing can in theory generate 10240 different notes at once, in practice that doesn’t mean it has 10240 voices. Instead he calls it a spectrum engine, in that with such a large number of oscillators all with individually controllable frequency, phase, and amplitude, he’s made the part of all those Fourier transform maths where all the different frequencies are combined, in hardware. It’s as though you had a sound card which wasn’t based around a DAC fed with samples, instead all those spectrum points you’d derive from a Fourier transform. Because it’s a massive parallel array of real oscillators it all happens concurrently, instantaneously in real time, and is not held back by the processing constraints of a microprocessor. Think of it as something akin to a software defined radio transmitter, but for the world of audio synthesis.
In that light, it can emulate all those other forms of audio synthesis driven by software, but without the software overhead of generating the waveforms. It’s certainly a different approach to generating audio from a computer, and he’s posted a cacophonic demo video below of it as an 80-voice polyphonic synthesiser. We like it.
youtube.com/embed/WKS1PJMm2nE?…
🚨 HOT TAKE 🚨: I think nobody should ever ever ever use the expression "threat actor" except in technical reports or writeups designed to be read among industry insiders.
In news articles let's just use "hacker." I don't see a need to use the boring and for average people confusing "threat actor."
Cybersecurity & cyberwarfare reshared this.
I’m a hacker. I’m not a threat actor. Attacker? Exploit vendor? A threat actor is also the entity and not necessarily just its engineers but the company itself.
Depending on the context when I talk to “mere mortals” even at work I use “attackers”, “offensive companies”, “criminals”, depending on what matches the context best. (I consider the last two to be refinement on the purpose of the exploits being developed and “attacker” to be the generic term)
NEW: AI evaluation startup Braintrust confirmed a data breach affecting one of its AWS accounts, which contained API keys used by customers for accessing cloud-based AI models.
The startup asked all its customers to revoke and replace their API keys "out of an abundance of caution."
techcrunch.com/2026/05/06/ai-e…
Braintrust, a startup that makes an “operating system for engineers building AI software,” notified customers that hackers broke into one of its Amazon cloud environments, and is asking customers to rotate their API keys.Lorenzo Franceschi-Bicchierai (TechCrunch)
Cybersecurity & cyberwarfare reshared this.
Palestra digitale a Vivero (Roma) - parte 2
PALESTRA DIGITALE - PARTE 2 - LABORATORIO DI AUTODIFESA DALLE BIG TECH
Presso Vivéro, via Antonio Raimondi 37 - Roma, il 12 maggio dalle 18,30.
Dopo la partecipatissima e stimolante serata passata insieme nel primo appuntamento della palestra digitale, continuiamo a costruire il percorso per liberarci dal dominio dei giganti del tech, riappropriarci degli strumenti digitali …
pillole.graffio.org/pillole/pa…
PALESTRA DIGITALE - PARTE 2 - LABORATORIO DI AUTODIFESA DALLE BIG TECH Presso Vivéro, via Antonio Raimondi 37 - Roma, il 12 maggio dalle 18,30. Dopo la...pillole.graffio.org
reshared this
I heard more from Disc-Soft, the maker of Daemon Tools, which was backdoored by suspected Chinese-language hackers and used to compromise thousands of users.
Disc-Soft tells me the backdoor was "limited to the free DAEMON Tools Lite" and v12.6 removes the backdoor; investigation ongoing.
My earlier story: techcrunch.com/2026/05/05/kasp…
The cybersecurity company says it's seen thousands of infection attempts, and at least a dozen successful hacks after users installed malicious versions of the popular Windows software.Zack Whittaker (TechCrunch)
reshared this
This cracks me up because kids just think up these things so brilliantly, but also this proves that age verification laws are complete dogshit and don't even work.
techcrunch.com/2026/05/06/some…
A new survey found that kids find it easy to bypass age checks, despite a rise in age verification laws around the world.Zack Whittaker (TechCrunch)
reshared this
age verification has nothing to do with age. It's has everything to do with collecting your biometrics. You can change a password but you can't change your face.
I'm a time when more and more people are waking up and fighting against global oligarchy, the oligarchs want to know exactly who is mounting resistance.
🚀 Gli speaker della RHC Conference 2026
📍𝗤𝘂𝗮𝗻𝗱𝗼: Martedì 19 Maggio con ingresso dalle ore 8:45
📍𝗗𝗼𝘃𝗲: Teatro Italia, Via Bari 18, Roma (Metro Piazza Bologna)
📍𝗣𝗿𝗼𝗴𝗿𝗮𝗺𝗺𝗮: redhotcyber.com/linksSk2L/prog…
📍𝗜𝘀𝗰𝗿𝗶𝘇𝗶𝗼𝗻𝗲 conferenza di Martedì 19 Maggio: rhc-conference-2026.eventbrite…
#redhotcyber #rhcconference #conferenza #informationsecurity #ethicalhacking #dataprotection
Registrazione per l'evento Red Hot Cyber Conference 2026 del 19 Maggio 2026 presso il Teatro Italia di Roma, in Via Bari 18.Eventbrite
Cybersecurity & cyberwarfare reshared this.
It’s been a story of the last week or so if you follow the kind of news channels a Hackaday scribe does, that Google have quietly installed an LLM as part of the Chrome browser. Reports vary as to when they did this because there’s a lot of confusion online with their online Gemini features also present in the browser, but it seems Chrome users are noticing its effect through slower performance and hefty disk access. Given that Chrome is by far the most popular web browser, this means that billions of users will have downloaded the four gigabyte Gemini Nano model, and now have an LLM they didn’t know about. It will be used to provide advanced auto-correct and other text suggestion features that their online version of Gemini would presumably be overburdened with, and since it’s available through a set of in-browser APIs we expect that it will find its way into a lot of websites, online applications, and plugins.
It’s caused a bit of a fuss in some circles, and we think, with some justification. When billions of computers unwittingly install an extremely energy intensive software component the effect on global power consumption will be significant, with a consequent uptick in the carbon footprint of computing. It’s not a phenomenon restricted to Chrome, as an example Siri has used a local LLM on Apple devices for a while now. We’ve seen rumblings of discontent and talk of getting European climate regulators involved, but perhaps instead it’s time to have a conversation about local AI models. The key is not whether or not they are a good thing to have, but when and how they operate.
While many of us are sick to death of AI slop and have not been lured into AI psychosis by an over-reinforcing chatbot, the fact remains that LLMs can do some useful things, they’re here to stay whether we like it or not, and having one under your control on your own computer doesn’t have to be a bad thing. Install Llama.cpp on your machine, and you’ve got an LLM of your very own, upon which your usage data isn’t going to be sold, and your content isn’t going to reinforce the finest plagiarism device the world has ever seen.
The concerning development with the Chrome LLM is that not only has it been installed without the user’s consent, it runs without their consent too, and they can’t use it for anything except what Google Chrome wants it to be used for. Unlike the Llama.cpp mentioned above, it’s not under their control, instead it’s a compute-hungry monster ultimately controlled by Google. The prospect of a future in which multiple pieces of everyday software install their own similarly out-of-control multi-gigabyte CPU-munchers is a concerning one. Anyone who remembers Microsoft’s Clippy grabbing all the resources in a 1990s desktop as its stuttering animation played its course will know where this is going.
If local LLMs are an inevitability, what’s needed is a way to make them like any other application, one that the user chooses and installs themselves. Such an LLM could make its services available to applications such as a web browser if the user allows it to, but not run unless asked. It’s fairly obvious that installing Llama.cpp or similar is beyond many users, but it shouldn’t lie beyond the bounds of possibility to package something like it as an application they can install.
We know that the previous paragraph is pie-in-the-sky wishful thinking, and that as the person who knows computers in your family your next few Christmases will be spent wrestling with six different LLMs running on some elderly family member’s PC. But perhaps in Clippy lies the answer. If the consumer can learn to associate built-in AI features with their computer grinding to a halt just as they did with an office assistant thirty years ago, then perhaps they’ll demand change. We can hope.
reshared this
Converting the ignition of a fuel-air mixture into usable mechanical energy lies at the core of a dizzying number of internal combustion engines developed over the course of more than century. Although typical piston engines with a cylinder head and valve-train are the most common by far, and even rotary engines are quite well-known, the opposed-piston engine design is significantly more obscure. In a recent video by [driving 4 answers], this type of engine is covered and why it’s actually a pretty nifty ICE design with many benefits.
Above all, the design is mechanically far more simple, as it omits all the valves and timing-related hardware of the typical four-stroke ICE. Each ignition event pushes against two pistons at the same time, allowing for more of the kinetic energy to be converted into usable power, as well as enabling largely vibration-free operation in a more compact package, especially in the case of the Asender design that eliminates the second crankshaft of the Achates design. This makes the Asender rather similar to the 1914 Simpson’s design.
Despite these many advantages, opposed-piston engines have mostly led a quiet life in industrial and military applications, including tanks, submarines and airplanes. This is where the video also sees their continued use, but as a 2021 article in Autoweek suggests, we might be seeing more of these engines in everywhere from trucks to cars as well. Even if it’s only in hybrid cars where it would be in a generator role, there are many reasons why this ICE design would fit right into certain roles.
youtube.com/embed/3qxS2R_8E7I?…
reshared this
Il #NoDietDay esiste dal 1992 per ricordarci una cosa semplice: il controllo maniacale a tavola fa male a tutti: non solo a chi sta a dieta, non solo a chi è diabetico, non solo a chi conta le calorie come si contano i pacchetti TCP 🤣
Una piccola deroga ogni tanto non rompe niente, anzi, perché restare in apnea sulle regole finché non si esplode non lo vedo sostenibile alla lunga.
Ci meritiamo più indulgenza verso noi stessi, più educazione verso il nostro animo e più gentilezza verso le nostre azioni. Il famoso atto di ribellione gentile del post dei bigliettini, no?
..e siccome con questo post dolce ho già la glicemia alta, il gelato alla nocciola me lo assaggio dalle labbra del Signor Baci. Direttamente 😘
Cybersecurity & cyberwarfare reshared this.
Fuck tha Police - Gli agenti di polizia 🦘australiani 🦘 possono essere rintracciati a causa di una falla di sicurezza nei taser e nelle telecamere indossabili
I taser e le telecamere indossabili con tecnologia Bluetooth, utilizzati da migliaia di agenti di polizia australiani, possono inavvertitamente rivelare la loro posizione in tempo reale a qualsiasi criminale in possesso di un telefono o di un computer portatile.
Le forze di polizia di tutto il paese sono state avvertite della falla di sicurezza. Ma nonostante i rischi per la sicurezza, soprattutto per gli agenti in borghese, nelle unità tattiche o che portano a casa la propria attrezzatura, nessuno sembra aver preso provvedimenti.
abc.net.au/news/2026-05-04/pol…
A security flaw means the location of devices used by police, potentially including undercover officers and those travelling home, is visible to anyone with a phone or laptop.Grace Tobin (ABC News)
reshared this
Iran-linked APT MuddyWater used ransomware-style tactics to mask espionage, combining phishing, credential theft, data exfiltration, and extortion without encryption.Pierluigi Paganini (Security Affairs)
Cybersecurity & cyberwarfare reshared this.
If you watched the Mickey Mouse Club way back when, you might remember Professor Wonderful, who was, in reality, physics professor [Julius Sumner Miller]. He also had his own show, “Why Is It So?” along with appearances on talk shows. We recently ran across one of the shows from 1962 where [Miller] uses electromagnets to break a lamp.
[Miller] moved to Australia, and this episode is from the Australian version of “Why Is It So?” As you might expect, given the topic, the professor covers Oersted and Faraday.
We enjoyed not only the science but also the historical anecdotes. The professor’s delivery is interesting and entertaining, too. If you ever need to determine if an incandescent lamp is operating on AC or DC, the professor will show you how to employ a horseshoe magnet and, in fact, remotely destroys the lamp in the process.
Once that’s done, the topic changes to chimneys and straws. Towards the end, the professor moves to acoustics, playing music and visualizing waveforms with sugar.
While we haven’t seen a science show like this in a long time, we suppose there are many YouTube channels if you look for them. We’ve covered the great professor before. In the United States, he’s not as well remembered as Mr. Wizard, but we admire everyone who passes knowledge along to the next generation.
youtube.com/embed/nDDIRju4TpM?…
WhatsApp nel mirino: nuove falle mettono a rischio gli utenti
📌 Link all'articolo : redhotcyber.com/post/whatsapp-…
A cura di Carolina Vivianti
#redhotcyber #news #whatsapp #cybersecurity #bugdisicurezza #vulnerabilita
Due nuovi bug di sicurezza su WhatsApp, scopri come proteggere la tua privacy e la tua sicurezza online, aggiorna subito l'appCarolina Vivianti (Red Hot Cyber)
Cybersecurity & cyberwarfare reshared this.
👁️ Il nuovo rapporto dell'Unione Internazionale delle Telecomunicazioni (ITU), dall'Ufficio delle Nazioni Unite per la Riduzione del Rischio di Disastri (UNDRR): "Quando i sistemi digitali falliscono: i rischi nascosti del nostro mondo digitale"
⬇️⬇️⬇️⬇️⬇️
poliverso.org/display/0477a01e…
Quando i sistemi digitali falliscono: cosa ci dicono gli esperti
Siamo pronti ad affrontare tempeste solari, interruzioni dei cavi sottomarini, guasti ai satelliti e fenomeni meteorologici estremi che potrebbero sconvolgere le reti di comunicazione e potenzialmente scatenare una "pandemia digitale"?
Un nuovo rapporto – "Quando i sistemi digitali falliscono: i rischi nascosti del nostro mondo digitale" – delinea scenari di rischio sulla Terra, in mare e nello spazio, analizzando la fragilità dei sistemi digitali interconnessi e offrendo una tabella di marcia per la preparazione.
Esperti riuniti dall'Unione Internazionale delle Telecomunicazioni (ITU), dall'Ufficio delle Nazioni Unite per la Riduzione del Rischio di Disastri (UNDRR) e dall'Innovation Hub per la Tecnologia e gli Affari Globali della Scuola di Affari Internazionali di Parigi, Sciences Po, chiedono un'azione coordinata tra i paesi per migliorare la resilienza digitale e proteggere i servizi essenziali come l'assistenza sanitaria, la finanza e la risposta alle emergenze.
itu.int/hub/publication/s-rep-…
@Informatica (Italy e non Italy)
When digital systems fail - an expert report - ITU
Are we ready for solar storms, submarine cable cuts, satellite disruptions, and extreme weather to disrupt communication networks and potentially trigger a "digital pandemic"? A new report - "When digital systems fail: The hidden risks of our digita…ITU
reshared this
Siamo pronti ad affrontare tempeste solari, interruzioni dei cavi sottomarini, guasti ai satelliti e fenomeni meteorologici estremi che potrebbero sconvolgere le reti di comunicazione e potenzialmente scatenare una "pandemia digitale"?
Un nuovo rapporto – "Quando i sistemi digitali falliscono: i rischi nascosti del nostro mondo digitale" – delinea scenari di rischio sulla Terra, in mare e nello spazio, analizzando la fragilità dei sistemi digitali interconnessi e offrendo una tabella di marcia per la preparazione.
Esperti riuniti dall'Unione Internazionale delle Telecomunicazioni (ITU), dall'Ufficio delle Nazioni Unite per la Riduzione del Rischio di Disastri (UNDRR) e dall'Innovation Hub per la Tecnologia e gli Affari Globali della Scuola di Affari Internazionali di Parigi, Sciences Po, chiedono un'azione coordinata tra i paesi per migliorare la resilienza digitale e proteggere i servizi essenziali come l'assistenza sanitaria, la finanza e la risposta alle emergenze.
itu.int/hub/publication/s-rep-…
@Informatica (Italy e non Italy)
Are we ready for solar storms, submarine cable cuts, satellite disruptions, and extreme weather to disrupt communication networks and potentially trigger a "digital pandemic"? A new report - "When digital systems fail: The hidden risks of our digita…ITU
reshared this
Gli hacker ringraziano: Accesso root ai firewall di Palo Alto Networks senza autenticazione
📌 Link all'articolo : redhotcyber.com/post/gli-hacke…
A cura di Bajram Zeqiri
#redhotcyber #news #cybersecurity #hacking #vulnerabilita #firewall #panos #paloaltonetworks
Una vulnerabilità critica nel sistema operativo firewall PAN-OS di Palo Alto Networks sta permettendo agli hacker di effettuare attacchi informatici. Scopri di più sulla vulnerabilità e come proteggertiBajram Zeqiri (Red Hot Cyber)
Cybersecurity & cyberwarfare reshared this.
Through our daily threat hunting, we noticed that, beginning in July 2025, a series of malicious wheel packages were uploaded to PyPI (the Python Package Index). We shared this information with the public security community, and the malware was removed from the repository. We submitted the samples to Kaspersky Threat Attribution Engine (KTAE) for analysis. Based on the results, we believe the packages may be linked to malware discussed in a Threat Intelligence report on OceanLotus.
While these wheel packages do implement the features described on their PyPI web pages, their true purpose is to covertly deliver malicious files. These files can be either .DLL or .SO (Linux shared library), indicating the packages’ ability to target both Windows and Linux platforms. They function as droppers, delivering the final payload – a previously unknown malware family that we have named ZiChatBot. Unlike traditional malware, ZiChatBot does not communicate with a dedicated command and control (C2) server, but instead uses a series of REST APIs from the public team chat app Zulip as its C2 infrastructure.
To conceal the malicious package containing ZiChatBot, the attacker created another benign-looking package that included the malicious package as a dependency. Based on these facts, we confirm that this campaign is a carefully planned and executed PyPI supply chain attack.
The attacker created three projects on PyPI and uploaded malicious wheel packages designed to imitate popular libraries, tricking users into downloading them. This is a clear example of a supply chain attack via PyPI. See below for detailed information about the fake libraries and their corresponding wheel packages.
The packages added by the attacker and listed on PyPI’s download pages are:
uuid32-utils library for generating a 32-character random string as a UUIDcolorinal library for implementing cross-platform color terminal texttermncolor library for ANSI color format for terminal outputThe key metadata for these packages are as follows:
| Pip install command | File name | First upload date | Author / Email |
| pip install uuid32-utils | uuid32_utils-1.x.x-py3-none-[OS platform].whl | 2025-07-16 | laz**** / laz****@tutamail.com |
| pip install colorinal | colorinal-0.1.7-py3-none-[OS platform].whl | 2025-07-22 | sym**** / sym****@proton.me |
| pip install termncolor | termncolor-3.1.0-py3-none-any.whl | 2025-07-22 | sym**** / sym****@proton.me |
Based on the distribution information on the PyPI web page, we can see that it offers X86 and X64 versions for Windows, as well as an x86_64 version for Linux. The colorinal project, for example, provides the following download options:
Distribution information of the colorinal project
The uuid32-utils and colorinal libraries employ similar infection chains and malicious payloads. As a result, this analysis will focus on the colorinal library as a representative example.
A quick look at the code of the third library, termncolor, reveals no apparent malicious content. However, it imports the malicious colorinal library as a dependency. This method allows attackers to deeply conceal malware, making the termncolor library appear harmless when distributing it or luring targets.
The termncolor library imports the malicious colorinal library
During the initial infection stage, the Python code is nearly identical across both Windows and Linux platforms. Here, we analyze the Windows version as an example.
Once a Python user downloads and installs the colorinal-0.1.7-py3-none-win_amd64.whl wheel package file, or installs it using the pip tool, the ZiChatBot’s dropper (a file named terminate.dll) will be extracted from the wheel package and placed on the victim’s hard drive.
After that, if the colorinal library is imported into the victim’s project, the Python script file at [Python library installation path]\colorinal-0.1.7-py3-none-win_amd64\colorinal\__init__.py will be executed first.
The __init__.py script imports the malicious file unicode.py
This Python script imports and executes another script located at [python library install path]\colorinal-0.1.7-py3-none-win_amd64\colorinal\unicode.py. The is_color_supported() function in unicode.py is called immediately.
The code loads the dropper into the host Python process
The comment in the is_color_supported() function states that the highlighted code checks whether the user’s terminal environment supports color. The code actually loads the terminate.dll file into the Python process and then invokes the DLL’s exported function envir, passing the UTF-8-encoded string xterminalunicod as a parameter. The DLL acts as a dropper, delivering the final payload, ZiChatBot, and then self-deleting. At the end of the is_color_supported() function, the unicode.py script file is also removed. These steps eliminate all malicious files in the library and deploy ZiChatBot.
For the Linux platform, the wheel package and the unicode.py Python script are nearly identical to the Windows version. The only difference is that the dropper file is named “terminate.so”.
From the previous analysis, we learned that the dropper is loaded into the host Python process by a Python script and then activated. The main logic of the dropper is implemented in the envir export function to achieve three objectives:
ZiChatBot.The dropper first decrypts sensitive strings using AES in CBC mode. The key is the string-type parameter “xterminalunicode” of the exported function. The decrypted strings are “libcef.dll”, “vcpacket”, “pkt-update”, and “vcpktsvr.exe”.
Next, the malware uses the same algorithm to decrypt the embedded data related to ZiChatBot. It then decompresses the decrypted data with LZMA to retrieve the files vcpktsvr.exe and libcef.dll associated with ZiChatBot. The malware creates a folder named vcpacket in the system directory %LOCALAPPDATA%, and places these files into it.
To establish persistence for ZiChatBot, the dropper creates the following auto-run entry in the registry:
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"pkt-update"="C:\Users\[User name]\AppData\Local\vcpacket\vcpktsvr.exe"
Once preparations are complete, the malware uses the XOR algorithm to decrypt the embedded shellcode with the three-byte key 3a7. It then searches the decrypted shellcode’s memory for the string Policy.dllcppage.dll and replaces it with its own file name, terminate.dll, and redirects execution to the shellcode’s memory space.
The shellcode employs a djb2-like hash method to calculate the names of certain APIs and locate their addresses. Using these APIs, it finds the dropper file with the name terminate.dll that was previously passed by the DLL before unloading and deleting it.
The Linux version of the dropper places ZiChatBot in the path /tmp/obsHub/obs-check-update and then creates an auto-run job using crontab. Unlike the Windows version, the Linux version of ZiChatBot only consists of one ELF executable file.
system("chmod +x /tmp/obsHub/obs-check-update")
system("echo \"5 * * * * /tmp/obsHub/obs-check-update" | crontab - ")
The Windows version of ZiChatBot is a DLL file (libcef.dll) that is loaded by the legitimate executable vcpktsvr.exe (hash: 48be833b0b0ca1ad3cf99c66dc89c3f4). The DLL contains several export functions, with the malicious code implemented in the cef_api_mash export. Once the DLL is loaded, this function is invoked by the EXE file. ZiChatBot uses the REST APIs from Zulip, a public team chat application, as its command and control server.
ZiChatBot is capable of executing shellcode received from the server and only supports this one control command. Once it runs, it initiates a series of sequential HTTP requests to the Zulip REST API.
In each HTTP request, an API authentication token is included as an HTTP header for server-side authentication, as shown below.
// Auth token:
TW9yaWFuLWJvdEBoZWxwZXIuenVsaXBjaGF0LmNvbTpVOFJFWGxJNktmOHFYQjlyUXpPUEJpSUE0YnJKNThxRw==
// Decoded Auth token
Morian-bot@helper.zulipchat.com:U8REXlI6Kf8qXB9rQzOPBiIA4brJ58qG
ZiChatBot utilizes two separate channel-topic pairs for its operations. One pair transmits current system information, and the other retrieves a message containing shellcode. Once the shellcode is received, a new thread is created to execute it. After executing the command, a heart emoji is sent in response to the original message to indicate the execution was successful.
We did not find any traditional infrastructure, such as compromised servers or commercial VPS services and their associated IPs and domains. Instead, the malicious wheel packages were uploaded to the Python Package Index (PyPI), a public, shared Python library. The malware, ZiChatBot, leverages Zulip’s public team chat REST APIs as its command and control server.
The “helper” organization that the attacker had registered on the Zulip service has now been officially deactivated by Zulip. However, infected devices may still attempt to connect to the service, so to help you locate and cure them, we recommend adding the full URL helper.zulipchat.com to your denylist.
The malware was uploaded in July 2025. Upon discovering these attacks, we quickly released an update for our product to detect the relevant files and shared the necessary information with the public security community. As a result, the malicious software was swiftly removed from PyPI, and the organization registered on the Zulip service was officially deactivated. To date, we have not observed any infections based on our telemetry or public reports.
Zulip has officially deactivated the “helper” organization
Based on the results from our KTAE system, the dropper used by ZiChatBot shows a 64% similarity to another dropper we analyzed in a TI report, which was linked to OceanLotus. Reverse engineering shows that both droppers use nearly identical algorithms and logic for to decrypt and decompress their embedded payloads.
Analysis results of dropper using KTAE system
As an active APT organization, OceanLotus primarily targets victims in the Asia-Pacific region. However, our previous reports have highlighted a growing trend of the group expanding its activities into the Middle East. Moreover, the attacks described in this report – executed through PyPI – target Python users worldwide. This demonstrates OceanLotus’s ongoing effort to broaden its attack scope.
In the first half of 2025, a public report revealed that the group launched a phishing campaign using GitHub. The recent PyPI-based supply chain attack likely continues this strategy. Although phishing emails are still a common initial infection method for OceanLotus, the group is also actively exploring new ways to compromise victims through diverse supply chain attacks.
Additional information about this activity, including indicators of compromise, is available to customers of the Kaspersky Intelligence Reporting Service. If you are interested, please contact intelreports@kaspersky.com.
Malicious wheel packages
termncolor-3.1.0-py3-none-any.whl
5152410aeef667ffaf42d40746af4d84
uuid32_utils-1.x.x-py3-none-xxxx.whl
0a5a06fa2e74a57fd5ed8e85f04a483a
e4a0ad38fd18a0e11199d1c52751908b
5598baa59c716590d8841c6312d8349e
968782b4feb4236858e3253f77ecf4b0
b55b6e364be44f27e3fecdce5ad69eca
02f4701559fc40067e69bb426776a54f
e200f2f6a2120286f9056743bc94a49d
22538214a3c917ff3b13a9e2035ca521
colorinal-0.1.7-py3-none-xxxx.whl
ba2f1868f2af9e191ebf47a5fab5cbab
Dropper for ZiChatBot
Backward.dll
c33782c94c29dd268a42cbe03542bca5
454b85dc32dc8023cd2be04e4501f16a
Backward.so
fce65c540d8186d9506e2f84c38a57c4
652f4da6c467838957de19eed40d39da
terminate.dll
1995682d600e329b7833003a01609252
terminate.so
38b75af6cbdb60127decd59140d10640
ZiChatBot
libcef.dll
a26019b68ef060e593b8651262cbd0f6
@Informatica (Italy e non Italy)
Il mese di maggio è appena iniziato e ci porta a dover fare una riflessione piuttosto amara, a dir la verità, circa gli attacchi che sono avvenuti nel primo quadrimestre […]
L'articolo Facciamo un punto sugli attacchi cyber proviene da Edoardo Limone.
L'articolo proviene dal blog dell'esperto di #Cybersecurity Edoardo
reshared this
Coinvolti il presidente dell'associazione, la madre e la moglie. Tutti risultano indagati per peculato, autoriciclaggio e riciclaggio
Con i soldi destinati ai bambini oncologici avrebbero pagato auto, cene e vini pregiati. Sono tre le persone indagate a Vercelli. Sono tutti legati all’Associazione Oncologica Pediatrica Odv, con sede in via Ariosto, nel cuore di Vercelli. Associazione «creata da genitori che hanno vissuto in prima persona la malattia oncologica del proprio figlio. Lavora a stretto contatto con il reparto di Oncologia dell’Ospedale Regina Margherita di Torino
reshared this
> il reparto di Oncologia dell’Ospedale Regina Margherita di Torino
Ma non è lo stesso ospedale del pandoro della ferragni?
Pattern matching in C#: scenari avanzati che probabilmente non conosci
#tech
spcnet.it/pattern-matching-in-…
@informatica
Pattern matching in C#: scenari avanzati che probabilmente non conosci
Il pattern matching in C# non è solo un modo più elegante di scrivere condizioni: è un cambio di paradigma nel modo in cui si ragiona sulla struttura dei dati. A partire da C# 7 e con evoluzioni significative nelle versioni successive, il pattern matching è diventato uno strumento potentissimo per scrivere codice più leggibile, manutenibile e talvolta anche più efficiente.In questo articolo esploreremo i pattern avanzati che molti sviluppatori .NET tendono a ignorare o a sottoutilizzare, partendo da un progetto concreto che dimostra ogni scenario.
Setup del progetto di esempio
Prima di tutto, creiamo un’applicazione console di test:dotnet new console -n PatternMatchingDemo cd PatternMatchingDemo
Definiamo i modelli comerecord, ideali per il pattern matching grazie alla loro natura value-based:namespace PatternMatchingDemo.Records; public record Address(string City, string Country); public record User(string Name, int Age, Address Address, List<string> Roles); public record Request(string Source, int Priority); public record Point(int X, int Y);
E popoliamo alcune collezioni di test:var users = new List<User> { new("Ali", 25, new Address("Milano", "Italy"), new List<string> { "Admin", "User" }), new("Sara", 17, new Address("Roma", "Italy"), new List<string> { "User" }), new("Kennedy", 65, new Address("London", "UK"), new List<string> { "Guest" }) }; var requests = new List<Request> { new("System", 10), new("User", 3), new("System", 2) };Property Pattern: matching annidato
Uno dei pattern più utili è il property pattern, che permette di verificare le proprietà di un oggetto direttamente nell’espressione di matching, incluse proprietà annidate:foreach (var user in users) { if (user is { Address.City: "Milano" }) { Console.WriteLine($"{user.Name} è di Milano"); } }
Il confronto tradizionale richiederebbe:if (user != null && user.Address != null && user.Address.City == "Milano")
La versione con property pattern è non solo più compatta, ma anche null-safe per definizione: seuserouser.Addresssono null, il pattern semplicemente non matcha.Pattern con
not: negazione eleganteforeach (var user in users) { if (user is not { Address.City: "Milano" }) { Console.WriteLine($"{user.Name} non è di Milano"); } }
Il keywordnotinverte il risultato del pattern, rendendo esplicito il significato senza bisogno di operatori logici aggiuntivi.Matching su casi multipli con
orforeach (var user in users) { if (user is { Address.City: "Milano" or "Roma" }) { Console.WriteLine($"{user.Name} vive in una grande città italiana"); } }
Il combinatoreorall’interno di un pattern è molto più leggibile di una serie di condizioni concatenate con||, specialmente quando le condizioni riguardano la stessa proprietà.Pattern Matching dentro LINQ
Il pattern matching si integra perfettamente con LINQ, permettendo query molto espressive:var adultiItaliani = users .Where(u => u is { Age: > 18, Address.Country: "Italy" }) .ToList(); foreach (var user in adultiItaliani) { Console.WriteLine($"{user.Name} è un adulto italiano"); }
Questa combinazione è particolarmente potente per filtrare DTO complessi, validare oggetti di dominio o implementare query su collezioni in memoria.Pattern relazionali e logici
I pattern relazionali (>,<,>=,<=) combinati con i pattern logici (and,or) permettono di esprimere range e condizioni composite in modo molto naturale:foreach (var user in users) { if (user.Age is > 18 and < 60) { Console.WriteLine($"{user.Name} è un adulto lavorativo"); } else if (user.Age is < 18 or > 60) { Console.WriteLine($"{user.Name} appartiene a una categoria di età speciale"); } }Switch Expression
La switch expression (introdotta in C# 8) è una versione compatta e restituisce un valore. Elimina la verbosità del tradizionaleswitchstatement:foreach (var user in users) { var categoria = user.Age switch { < 13 => "Bambino", < 20 => "Adolescente", < 60 => "Adulto", _ => "Senior" }; Console.WriteLine($"{user.Name} => {categoria}"); }
Rispetto allo switch classico, la versione expression è più concisa, obbliga a coprire tutti i casi (o aggiungere il wildcard_) e restituisce direttamente un valore senza variabili intermedie.Pattern Type + Condition
Il pattern di tipo permette di verificare il tipo di un oggetto e aggiungere una condizione contemporaneamente:object value = 150; // Modo tradizionale if (value is int number && number > 100) { Console.WriteLine("Numero grande (vecchio stile)"); } // Con pattern matching if (value is int and > 100) { Console.WriteLine("Numero grande (pattern matching)"); }
Questo è particolarmente utile quando si lavora conobject,dynamic, o con gerarchie di tipi complesse.List Pattern (C# 11+)
Introdotto in C# 11, il list pattern consente di matchare la struttura e il contenuto di array e liste:int[] nums = { 1, 2, 3 }; if (nums is [1, 2, 3]) { Console.WriteLine("Match esatto"); } if (nums is [1, .., 3]) { Console.WriteLine("Inizia con 1 e finisce con 3"); } if (nums is [_, _, _]) { Console.WriteLine("Array con esattamente 3 elementi"); }
Il slice pattern..è molto flessibile: può matchare zero o più elementi nel mezzo di una sequenza. Questo pattern è molto utile per validare payload di API che arrivano come array, controllare header HTTP, o verificare strutture di dati fisse.Positional Pattern
var point = new Point(10, 20); if (point is (10, 20)) { Console.WriteLine("Il punto è (10,20)"); } // Con switch expression var descrizione = point switch { (0, 0) => "Origine", (_, 0) => "Sull'asse X", (0, _) => "Sull'asse Y", _ => $"Punto generico ({point.X},{point.Y})" }; Console.WriteLine(descrizione);
Il positional pattern decostruisce l’oggetto usando il metodoDeconstruct(disponibile automaticamente per irecord) e permette di matchare ogni componente individualmente.Combined Pattern: la vera potenza
Combinare più pattern insieme permette di esprimere logica di business complessa in modo dichiarativo:foreach (var user in users) { if (user is { Age: > 18, Address.Country: "Italy", Roles: ["Admin", ..] }) { Console.WriteLine($"{user.Name} è un admin adulto italiano"); } }
Questo esempio combina property pattern annidato, relational pattern e list pattern in un’unica espressione. In scenari reali, questa tecnica è applicabile per authorization checks, validazione di DTO, o routing di request handler.Null Pattern
User? maybeUser = null; if (maybeUser is not null) { Console.WriteLine("L'utente esiste"); } else { Console.WriteLine("L'utente è null"); }
Il null pattern conis not nullè semanticamente più preciso di!= nullin contesti di nullable reference types, ed è la forma raccomandata nelle linee guida di C# moderno.Guard Clause nelle switch expression
int number = 7; var result = number switch { int n when n % 2 == 0 => "Pari", int n when n % 2 != 0 => "Dispari", _ => "Sconosciuto" }; Console.WriteLine(result);
La clausolawhenaggiunge una condizione aggiuntiva a un pattern. Utile quando il solo pattern non è sufficiente a discriminare i casi.Request Handling pattern
Un esempio pratico di uso combinato in un sistema di routing delle request:foreach (var request in requests) { var response = request switch { { Source: "System", Priority: > 5 } => "Richiesta di sistema critica", { Source: "User", Priority: <= 5 } => "Richiesta utente normale", _ => "Fallback generico" }; Console.WriteLine($"{request.Source} ({request.Priority}) => {response}"); }
Questo schema è applicabile in moltissimi contesti: event sourcing, command dispatcher, middleware pipeline, validazione di business rules.Considerazioni sulle performance
Oltre alla leggibilità, il pattern matching in C# è progettato per essere efficiente. Il compilatore ottimizza le switch expression in jump table o sequenze di confronto ottimizzate. Per tipi primitivi, le performance sono equivalenti o superiori a catene di if-else.Per scenari di alta performance con molti branch (es. parser, protocol handler), vale la pena misurare con BenchmarkDotNet, ma nella stragrande maggioranza dei casi applicativi il pattern matching non introduce overhead significativo.
Conclusione
Il pattern matching in C# è uno strumento che va ben oltre il sempliceiso lo switch. Combinando property pattern, list pattern, relational pattern e switch expression, è possibile scrivere logica complessa in modo dichiarativo e leggibile.La chiave per sfruttarlo al meglio è conoscere tutti i tipi di pattern disponibili e riconoscere le situazioni in cui possono sostituire costrutti più verbosi. Un codice che legge come il problema che risolve è un codice di qualità superiore.
Il codice sorgente di esempio è disponibile su GitHub: github.com/elmahio-blog/Patter…
Fonte originale: Pattern matching in C#: Advanced scenarios you didn’t know — elmah.io Blog
Pattern matching in C#: Advanced scenarios you didn't know
Master advanced C# pattern matching! Explore nested property patterns, list patterns, and switch expressions to write cleaner, readable code.Ali Hamza Ansari (elmah.io Blog - .NET Technical tutorials/guides and new features)
reshared this
ShinyHunters colpisce le scuole: 3,65 TB di dati rubati da piattaforma didattica
📌 Link all'articolo : redhotcyber.com/post/shinyhunt…
A cura di Inva Malaj del gruppo DarkLab
#redhotcyber #news #cybersecurity #hacking #shinyhunters #canvaslms #furtodidati #instructure
Canvas LMS violata: analisi dell’attacco a Instructure, del ruolo di ShinyHunters, dei rischi per studenti e scuole e dei collegamenti con i precedenti incidenti su Salesforce.Inva Malaj (Red Hot Cyber)
Cybersecurity & cyberwarfare reshared this.
Amica che lavora in AWS conferma che tra gli ingegneri del software sui colleghi (lo è anche lei) l'uso dell'AI genera mostri.
Ingegnere sbarbino: "L'AI mi ha risolto il problema in un secondo!"
Lei (team lead): "Bene, e come funziona la soluzione?"
IS: "Non lo so, ma funziona!"
Lei: "E chi lo manuterrà questo codice che non si sa come funzioni?"
Così a ripetizione. 🍿
reshared this
a me è capitato (sempre in ambito sviluppo SW) un dialogo del tipo:
Io: "Ma che è 'sta roba?"
Collega Giovane: "[risposta a caso]"
Io: "Ma non funzionae non funzionerà mai perchè è sbagliato"
CG: "Ma ChatGPT era così convinto..."
oppure (successo oggi stesso):
Collega Giovane: ho scritto questo script di shell che fa la cosa X puoi darci un'occhiata per capire cosa non funziona?
Io: Ci provo, ma non sono stato mai molto bravo con lo shell scripting
CG: ah, neanche io: lo ho fatto con l'AI
Io: #mannaggia [ imprecazioni varie sottovoce ]
L'Unione europea sta preparando il suo più grande programma di finanziamento di sempre per la resilienza democratica. Nell'ambito del Quadro finanziario pluriennale (QFP) dell'UE 2028-2034, il programma AgoraEU rappresenta il fulcro di questo lavoro fondamentale per il blocco dei 27 paesi. Il suo budget proposto ammonta a 8,6 miliardi di euro, ovvero più del doppio del budget previsto per l'attuale ciclo del QFP, a prezzi correnti.
Emergono due risultati:
Il rapporto di @Mark Scott
reshared this
Apple si distingue come l’unica grande azienda tecnologica a non aver puntato sulle AI, limitando sia gli investimenti per le infrastrutture sia quelli per lo sviluppo di modelli linguistici; ma Apple non sente davvero il bisogno di investire in questa tecnologia, e lascia che siano le altre aziende a farlo, anche per conto suo.
La strategia sembra dare risultati, almeno finora. La scorsa settimana Apple ha presentato i risultati dell’ultimo trimestre, nel corso del quale ha registrato un aumento su base annua del 17 per cento delle vendite nette, anche grazie al successo di novità come il MacBook Neo.
reshared this
WELCOME TO THE FREE MONTHLY EDITION of Digital Politics. I'm Mark Scott, and many of you were likely traveling to RightsCon this week in Zambia. It looks like that global digital rights conference was canceled due to pressure from China.
I don't typically promote my day job. But this report outlining how the European Union's next seven-year budget can support digital democratic resilience has taken up a lot of my last six months. Enjoy.
— Protection for children online runs counter to long-standing fundamental privacy rights. It's time to acknowledge those opposing forces in digital policymaking.
— AI-enabled deepfakes are flooding the US mid-term elections. But it's the use of large language models to track voter behavior that is the real concern.
— Half of Americans polled remain wary of how artificial intelligence is going to affect daily life.
Let's get started:
IF TECH POLICY WAS THE MOVIE ZOOLANDER, then online child safety would be "so hot right now." Age verification required for app stores and digital services abound. Everyone under the sun wants an Australia-style child social media ban. Regulators from the EU, United Kingdom and United States are falling over themselves to announce child-focused investigations or inquiries.
Yet these efforts — often based on legitimate concerns about how minors can be protected in the digital world — run counter to long-term data protection rules aimed at giving us all greater control over our online data. In many cases, privacy and child safety policymaking are pulling in the opposite directions. Often, officials who drafted a country's data protection oversights are not in contact with those pursuing child online safety goals.
It's creating a digital policymaking mess that 1) does not end up protecting kids online; 2) fundamentally erodes digital privacy rights at a time of mass data collection and surveillance; and 3) leads to regulatory confusion that puts individuals at risk (at the same time) of both being surveilled more and made less safe online.
In short, the current status-quo is not working. Let's break down the three tensions that remain unanswered.
Thanks for reading the free monthly version of Digital Politics. Paid subscribers receive at least one newsletter a week. If that sounds like your jam, please sign up here.
Here's what paid subscribers read in April:
— Hungary's election shows the limits of misinformation/disinformation; Washington's digital trade policy is more joined up than you may think; How many Australian teenagers have been kick off social media? More here.
— The EU-US digital relationship is still on life support; What Ireland got wrong with its upcoming AI summit; Europe issued more than $1.3 billion in data protection fines in 2025. More here.
— How China, the EU and US are approaching the global AI race; Why Brussels is prioritizing kids and marketplaces under the Digital Services Act; Which US states are leading the way on digital legislation? More here.
— Europe and the US have two opposing takes on digital sovereignty; How the US FISA renewal fails to understand its global impact; AI models are getting "smarter" faster than ever before. More here.
A central component of many child safety regimes is age verification and assurance. These efforts often rely on third-party companies collecting people's sensitive data (ie: passport details, credit card information and other data points to confirm they are older than 18-years old) before they can access specific digital services. As countries enact age verification/assurance provisions, a cottage industry of these providers have sprouted up to give the likes of Meta, TikTok and Netflix the ability to meet these legal requirements to check people's ages.
Much of this data is inherently sensitive, under the definition of most countries' data protection rules. That distinction matters. It means that companies must collect the minimal amount of data required; that such information must be gathered for specific purposes (and not re-used for other efforts); and that, once that task is complete, the data should be deleted. That trifecta is the mainstay of Western privacy standards.
But the age verification/assurance requirements run directly counter to those principles. In many cases, companies hold onto this sensitive data — and even collect more of it than technically necessary — to cover their backs in case regulators come knocking to check for compliance. That is a totally defensible corporate move. But it represents a potential data protection violation, under most countries' rules, because it fails the "trifecta" principle, outlined above.
Case in point: Spain's data protection authority fined Yoti, a British age verification service, $1.1 million in March. That levy related to unlawfully processing people's biometric data; processing that data without the right consent; and holding onto that data for too long. Yoti rejected those findings. But it's ironic that this fine occurred in a country that is aggressively seeking to ban teenagers from social media — a pledge that will require hefty age verification to ensure compliance.
This contradiction plays into the second stumbling block that few policymakers want to acknowledge. The ability to continually check that minors are not using barred digital services inevitably requires the creation of extensive digital infrastructure. That involves the likes of third-party age verification services like Yoti (and others), as well as internal corporate systems within app stores and social media giants to demonstrate that they are complying with these rules.
But what this growing digital infrastructure demonstrates is that what may begin as child safety-focused efforts can quickly snowball into a more expansive data collection effort that may fall afoul of countries' existing privacy regimes. Those rules specifically require companies to only use people's data for the purposes initially outlined to those individuals. Say, to check their age before using a digital service. What those firms can not then do is use the same personal information for other purposes — without going back to people to get their separate consent.
Security experts, for instance, discovered that a verification provider for the likes of LinkedIn, Roblox and Chat-GPT also provided separate surveillance services for US and Canadian authorities. That included the ability to run almost 270 separate verification checks, including comparing facial recognition results against specific government watchlists. Persona, the company, denied it had used the verification data for government-related work. Though the cybersecurity researchers said there were few, if any, specific limitations if the firm decided to do so in the future.
The third friction is both philosophical and practical.
Under Western privacy standards, individuals have the right to access their data, delete it (where necessary), object to it being collected in the first place and correct it if the information is wrong. It's a basic democratic safeguard to empower people to control how their data is collected, stored and used.
Yet the child-focused age verification infrastructure, as described above, fundamentally breaks the direct connection between individuals and companies that collect this information. If I'm using, say, TikTok, that platform may then outsource its age verification/assurance work to a third-party contractor that remains anonymous to the end user (aka: me). It's hard to object about your data being collected if you don't know who to complain to in the first place.
This may sound too academic. But it has real-world implications.
IDMerit, a global identity verification company, with operations in more than a hundred countries was found to have left one billion records from 26 countries — including people's date of births, home addresses and personal ID numbers — unprotected in an online database. Because IDMerit (which focuses on the financial services industry) provided its verification services to other companies, few, if any, of the people involved were aware of the firm's existence — and therefore could not directly engage with the company over how it mishandled their data.
Extrapolate that data breach onto the emerging digital infrastructure around child online safety, and the gap between individuals' rights and unaccountable (leaking?) databases becomes even more pronounced.
What is described above is not theoretical. It is already underway — and pits legitimate privacy concerns against equally valid online child safety discussions. This is not a question of one policy topic taking precedent over another. We're living in gray zone somewhere in between.
But in the rush to protect children from digital threats, the impact on other valid policy areas is woefully missing. Privacy rights — including those involving children — are overridden by the policy incentive to "do something" around child online safety.
That is a political decision by elected officials. But we should acknowledge that it comes with significant downsides.
THE US IS THE KNOCK-OUT global leader when it comes to AI. But wariness among its citizens about how the emerging technology will affect daily life has been creeping upward over the last five years.
Currently, 50 percent of those polled by the Pew Research Center said they were more concerned than excited about the increased use of AI in daily life. That compares to just 10 percent who were more excited and concerned.
WHEN AN AI DEEPFAKE VIDEO OF JAMES TALARICO, the Democratic Senate nominee for Texas, started doing the rounds on social media in March, alarm bells started to ring. In the one-minute video, the faked video pictured a life-like Talarico speaking directly to camera — repeating old social media posts that he had written, often years before. The post ran with a "AI generated" disclaimer. But it was small enough for most would-be voters to easily miss it.
The word "AI slop" has entered public conversation for a reason. Ahead of the US mid-term elections in November, concerns are high that the vote will be consumed with AI-generated attack ads and other social media posts that will make it almost impossible to discern fact from fiction. It does not help that Donald Trump continues to use AI to depict himself and his enemies.
But we are missing the true use case of artificial intelligence in the upcoming November election. And it should be engendering a lot more worry compared to the legitimate concern of the "AI-slopification" of the mid-terms.
The real election-related use case for AI is discerning how best to convince people to vote one way or another. It comes on the back of ongoing mass data collection of US citizens' personal data (often via commercial data brokers) and the increasing use of sophisticated AI systems in all aspects of daily life. Combined, these trends are likely to provide political consultants and politicians powerful levers to pull in what is already turning out to be one of the most divisive American elections in recent memory.
There are party political divides on how willing people are to use these AI-powered tools. A survey from the American Association of Political Consultants found that 64 percent of Republican consultants used AI in their daily work versus 49 percent of their Democratic counterparts. That's not a meaningful difference. But it does demonstrate Republicans' slight advantage in using the latest technology to reach would-be voters.
Thanks for getting this far. Enjoyed what you've read? Why not receive weekly updates on how the worlds of technology and politics are colliding like never before. The first two weeks of any paid subscription are free.
Subscribe
Email sent! Check your inbox to complete your signup.
No spam. Unsubscribe anytime.
So what does this AI-fueled political advocacy actually look like?
One service called Resonate includes a dataset of thousands of data points pulled from millions of American citizens. It uses machine learning techniques to understand voter behavior, craft targeted social media messaging and predict how individuals may vote. Another, EyesOver, pulls in data from multiple social media sites and then uses AI to predict how that sentiment may affect specific political campaigns or activities.
Much of this is traditional political consultancy dressed up to look like shiny AI-powered wizardry. But it's undeniable that with large language models becoming exponentially more powerful, the ability for these services to gleam greater insight into voter behavior — fueled by vast amount of data on individual voters — is expanding rapidly.
The most novel use of AI in this year's US mid-term elections is something called "silicon sampling." Companies are rapidly using AI systems to simulate voter populations instead of using polling to identify people's electoral intentions. In one case, Aaru used census data to replicate voter districts and then created AI agents to act like voters. Another firm, MiroFish, relied on open-source AI models to forecast public opinion by equally simulating actual voters through the combination of multiple datasets.
On paper, this use case is more economic than traditional analogue polling. But the reliance on large language models to simulate voters' intentions has some serious downsides. At the top of that list is the inherent bias that AI simulations create due to the inequalities baked into the models upon which they rely. These AI systems are only as good as the data that builds them. All current next-generation models are still biased in ways that almost certainly under-represent minority groups. That makes it likely that such AI simulations will also undercount minority voters in whatever AI-powered polling is run via these firms' glitzy dashboards.
Much of this is the realm of political consultants, not would-be voters. And compared to the inner workings of AI-powered surveys and metrics, the visual nature of the threat posed by AI deepfakes can feel more urgent and tangible. But that does not mean this AI political wonkery is less of a threat.
Most AI-enabled divisive political content is flagged almost as soon as it is published. Such material is inevitably high-profile. The response to it is equally highly-public. That is not the case for most back-office political consultancy work that relies more and more on opaque, data-hungry AI systems which now drive how political campaigns interact with voters.
It is just not public enough to garner most people's attention. But the fact that such AI systems now form part of much of mid-term political campaigns should be a reminder that this emerging technology — like in much of our lives — is increasingly central to how political operations work.
— The European Commission claimed that Meta's Instagram and Facebook failed to identify, assess and mitigate risks to minors under the EU's Digital Services Act. More here.
— New Mexico's Attorney General proposed a series of significant changes to Meta's business model and platform design as part of remedies proposed in a second trial against the social media giant that started on May 4. More here.
— A group of academics tested how social media and online streaming may be associated with varying levels of addictiveness. Across two survey groups, they did not find meaningful increases in addiction compared to the general population. More here.
— Researchers polled Australian teenagers about how the country's social media ban had affected them. They found that most were still on the platforms, but they would leave if their friends did too. More here.
— The European Parliament published an analysis on how Google's AI-powered snippets at the top of search queries affected publishers' revenue and overall media freedom. More here.
It’s nice to hide away in our little corner of the internet and talk tech, safely away from the turmoil of world events. Sometimes though, geopolitics intrude even into our space, and Reuters are here reporting on a new concern that will probably affect many Hackaday readers. Conflict in the Gulf of Arabia, and in particular raids on Saudi petrochemical plants, is threatening PCB production far away in China.
Most of us probably have a mental image of tankers sailing through the Strait of Hormuz laden with Gulf crude, off to be processed by refineries somewhere else in the world. Certainly a load of oil takes just that route, but for the Saudis and other oil-producing nations in the region, it also makes economic sense to site petrochemical industries at source. They export the much more valuable refined products, among which is the polymer resin used in PCB production. The Reuters report says that consequent to this and a rise in copper prices, the cost of a PCB in China has risen by 40%. Naturally this doesn’t sound like good news.
Here at Hackaday, when it comes to component shortages this isn’t our first rodeo. We’re in the middle of a memory shortage due to AI companies, and the COVID-era chip shortage is still fresh in our minds. Unfortunately, this type of thing as been a regular of the technology world for decades. Here we are with another one, and should we be worried? In the short term it’s certainly a concern as the Gulf conflict is still searching for an end to its uneasy stalemate, but remembering previous shortages we think that global industry will adapt and expand other sources where necessary. Just as with the similar IC encapsulation resin shortage back in the ’90s, it may eventually be the panic more than the shortage which becomes responsible for the price hikes.
We’ve taken an abstract look at global electronic supply chains before.
Header image: Gabriela P., CC BY 4.0.
Critical Vulnerability in PAN-OS (CERT-EU Security Advisory 2026-006)
On 6 May 2026, Palo Alto published a security advisory addressing a critical vulnerability affecting PAN-OS. This vulnerability allows an unauthenticated attacker to execute arbitrary code with root privileges.
Palo Alto observed limited exploitation of this vulnerability. It is strongly recommended updating affected appliances as soon as patches will be available, and to apply workarounds and mitigation in the meantime.
reshared this
ISW Special Report:
🇷🇺 🇺🇦 #Russia is engaged in a deliberate, sophisticated, and systematic campaign to repopulate occupied areas of #Ukraine with Russian citizens as part of a broader effort to consolidate control and forcibly integrate these territories into the Russian state.
understandingwar.org/research/…
Russia is engaged in a deliberate, sophisticated, and systematic campaign to repopulate occupied areas of Ukraine with Russian citizens.Stefaniia Bern (Institute for the Study of War)
reshared this
Apache fixed several flaws in HTTP Server, including CVE-2026-23918 (CVSS score of 8.8), a double-free bug in HTTP/2 that could allow remote code execution.Pierluigi Paganini (Security Affairs)
Cybersecurity & cyberwarfare reshared this.
La violenza online non è casuale. È coordinata. Di genere. Razziale. In Canada: stereotipi xenofobi e razzisti alimentano l'odio online contro le donne appartenenti a minoranze razziali e le persone LGBTQI+
L'ultima ricerca di #AmnestyInternational mostra che l'odio online colpisce donne migranti appartenenti a minoranze razziali e persone LGBTQI+ con narrazioni razziste, sessiste e colonialiste, e come questo danno si ripercuota anche nella vita reale
amnesty.org/en/latest/news/202…
Amnesty exposes a playbook of toxic tropes and tactics spreading across social media as anti-immigrant rhetoric rises both online and offline.Amnesty International
reshared this
"La giornalista del Washington Post Hannah Natanson è stata minacciata, trascinata in tribunale e ha visto l’FBI perquisire casa sua all’alba, sequestrandole telefono, computer e strumenti di lavoro. Non era l’indagata. Era la giornalista.
La sua “colpa” sarebbe questa: aver raccontato come l’amministrazione di Donald Trump, con Elon Musk e il progetto DOGE, volesse smantellare lo Stato dall’interno. Tagli, epurazioni, licenziamenti via mail comunicati all’improvviso, agenzie svuotate, servizi pubblici indeboliti, migliaia di lavoratori espulsi e la macchina pubblica trasformata in un laboratorio ideologico.
Quel lavoro, costruito con oltre mille fonti federali, protette e ascoltate, oggi ha vinto il Pulitzer Prize per il Public Service, il riconoscimento più importante del giornalismo americano.
Il Pulitzer ha premiato proprio questo: aver squarciato il velo di segretezza sulla demolizione del governo federale, raccontandone con precisione il caos e le conseguenze reali e tangibili sulla vita di milioni di persone.
Mentre il potere intimidiva, lei indagava. Mentre cercavano di spaventarla, lei continuava a pubblicare.
Mentre provavano a zittirla, il suo lavoro faceva luce.
Il giornalismo non è un crimine. Il giornalismo è luce nel buio."
reshared this
Europol punta a diventare una potente forza di polizia con ampi poteri di sorveglianza. Ma nel tentativo di raggiungere questo obiettivo nella lotta contro la criminalità transfrontaliera, l'agenzia sembra aver agito in modo scorretto, come rivela questa inchiesta: piattaforme segrete di analisi dei dati hanno messo a rischio cittadini innocenti, una questione che rimane irrisolta ancora oggi.
reshared this
Il 7 e 8 maggio, al Circo Massimo, all’interno del Villaggio della Salute, il #GarantePrivacy sarà presente con uno spazio informativo dedicato al diritto all’oblio oncologico. Sarà un’occasione aperta a tutti per ricevere informazioni e orientamento su come esercitare tale diritto nei confronti di banche, assicurazioni, datori di lavoro e nell’ambito delle procedure di adozione
reshared this
The online landscape is filled with various traps lying in wait for users. One such threat involves websites that can’t be strictly classified as phishing, yet whose activities are inherently unsafe. These sites often operate on the fringes of the law, even if they aren’t directly violating it. Sometimes they use a cleverly crafted Terms of Service document as a loophole. These agreements might include clauses such as no-refund policies or forced automatic subscription renewals.
Fake online stores, dubious financial platforms, and various online services that mimic legitimate business operations are all categorized as suspicious. Unlike actual phishing sites, which aim to steal sensitive data like banking credentials or passwords, these suspicious sites represent a far more cunning trap. Their goal is manipulation: tricking the victim into willingly paying for non-existent goods and services or signing them up for a subscription that’s nearly impossible to cancel. Beyond financial gain, these sketchy websites may also hunt for personal data to sell later on the dark web.
Our solutions categorize them as having an “undefined trust level”. This article explains what these sites look like, how to identify them, and what you can do to stay safe.
One of the biggest risks associated with making a purchase from an untrusted website that seems to be an online store is the financial loss and falling victim to fraud. Fake shops will entice you with attractive deals to get you hooked. After you pay, you may never receive what you paid for, or you may receive some cheap piece of unusable junk instead of the item you ordered. Investment or “guaranteed income” programs are another type of classic scam — they promise rapid returns, and once they take your deposits, they disappear without a trace.
Visiting or buying from untrusted suspicious websites can expose you to various risks that go beyond a single bad purchase. Fraudulent websites often collect your personal information even if you do not end up making a purchase. By completing a form or signing up for a “free offer”, you may be providing the scammer with access to your information.
Personal data collection can happen in a fairly straightforward and obvious way — for instance, through a standard order delivery form. In this scenario, attackers end up with sensitive information like the user’s full name, shipping and billing addresses, phone number, email address, and, of course, payment details. As we’ve previously discussed, fraudsters sell this kind of information, and there’re countless ways it can be used down the line. For example, this data might be leveraged for spam campaigns or more serious threats like stalking or targeted attacks.
A further danger comes from threats to your device’s security. Some of these fraudulent websites are made with the intention of infecting your device, by installing malware or spyware on your device without you knowing, causing it to leak passwords or crashing the whole system.
Let’s take a closer look at the different types of shady sites out there and how interacting with them can lead to financial loss, data leaks, the unauthorized use of personal information, and other consequences.
It’s worth noting that rogue websites can masquerade as legitimate ones in almost any industry. The first type of fraudulent site we’ll look at is fake online stores. These can appear as clones of real brand websites or as standalone stores. Usually, the scam follows one of two paths: the buyer either receives a counterfeit or poor-quality product, or they receive nothing at all. These sites lure victims in with suspiciously low prices and “exclusive” deals. Often, users are subjected to psychological pressure: the time to make a purchase decision is purposefully limited, provoking the victim, as with any other scam, into making an impulse purchase.
Another common type of shady site includes online exchanges and trading platforms. These primarily target cryptocurrency, as the lack of legislative regulation for digital currency in certain countries makes them a magnet for fraudsters. These suspicious sites often lure victims with supposedly favorable exchange rates or other enticing gimmicks. If the user attempts to exchange cryptocurrency, their tokens are gone for good. Beyond simple exchanges, rogue sites offer investment services and even display a fake balance growth to appear credible. However, withdrawing funds is impossible; when the victim tries to cash out, they’re prompted to pay some fee or fictional tax.
Subscription traps are also worth noting, offering everything from psychological tests to online video streaming platforms. The hallmark of these sites is that they deliberately withhold critical information, such as recurring charges, or hide the fact it even exists. Typically, the scheme works like this: a user is offered a subscription for a nominal fee, like $1. While that seems attractive, the next charge – perhaps only a week later – might be as much as $50. This information is intentionally obscured, buried in fine print or tucked away in the Terms of Service where it’s harder to find. Legitimate services always clearly disclose subscription terms and provide an easy way to cancel before a trial period ends. Scam services, on the other hand, do everything possible to distract the user from the actual terms of use and subscription.
Shady sites can also masquerade as providers of mediation services, such as legal or real estate assistance. In reality, the service is either never delivered or provided in a stripped-down, incomplete form. For example, a user might be prompted to pay for a service that’s normally provided for free. The danger here lies not only in losing money for non-existent services but also in the significant risk of exposing personal data, such as ID details, taxpayer identification numbers, social security numbers, or driver’s license information. Once in the hands of attackers, this data can become a tool for executing further scams or targeted attacks.
On the whole, suspicious sites are fairly difficult to distinguish from legitimate, trustworthy services. Masquerading as a legitimate business is the primary goal of these sites, and the fraudulent schemes they employ are not always obvious. Nevertheless, there are protective measures as well as certain indicators that can help you suspect a site is unsafe for purchases or financial transactions.
Despite the increasingly convincing attempts to create fake shops, the majority of them still lack the quality of real online stores, and there are many signs that may give them away. Some of these signs can be caught by the eye while others require a bit of technical investigation. By combining visual inspection, technical checks, and trusted online tools, you can protect yourself from financial loss or data theft.
You don’t need to be a cybersecurity expert to catch many red flags just by observing the site’s domain, visuals, language and behavior. For instance, scam sites often have strange or randomly generated names, filled with numbers, underscores, hyphens, or meaningless words, like best-shop43.com. In addition, such vague top-level domains as .xyz, .top, or .shop are also frequently used in scams because they’re cheap and easy to register.
Furthermore, most fake stores sites look unprofessional, with poor visuals, pixelated images, mismatched fonts, or copied templates. Many fraudulent websites borrow layouts or logos from other brands or free templates, which makes them appear generic and sketchy.
Another major giveaway lies in the content itself. Be aware of persuasive language, unrealistic promises, or emotional triggers such as No KYC, Risk-free returns, 100% guaranteed income, Up to 300% profit, or Passive income with zero effort. Unrealistic deals are another red flag. If the products are listed at extremely low prices, continuous countdown timers, and “limited time only” messages that are often used to pressure you into making a quick purchase, it’s a clear tell of a fraudulent website.
Legitimate businesses always provide verifiable contact details, such as a physical address, company name, and customer support. On the contrary, scam sites hide this information. You may also notice the non-functioning pages, broken or suspicious links leading to unrelated external sites which indicate poor maintenance or malicious intent.
Another important signal is the website’s social media presence. Legitimate online businesses usually maintain at least one active social media account to promote their products and communicate with customers. In most cases, these businesses have long-established social media accounts with harmonized posting history and engagement from real users, consistency between the brand website and social media profiles (same name, logo, and links). The links to social media profiles from the website are usually direct. In contrast, fraudulent or deceptive websites often lack any meaningful social media presence or display signs of superficial or artificial activity. This may include missing social media accounts altogether, social media icons that lead to non-existent, inactive, or unrelated pages, or recently created profiles with very few posts and minimal user engagement. In some cases, comment sections are disabled or dominated by spam and automated content, suggesting an attempt to avoid public interaction rather than engage with customers.
Lastly, the payment options offered by the site can also tell a lot about its legitimacy. Be extremely cautious if a website only accepts cryptocurrency, wire transfers, or third-party P2P payments. These payment methods are irreversible and are preferred by scammers. Legitimate e-commerce platforms typically offer secure and reversible payment options, such as credit cards or trusted payment gateways that include buyer protection policies.
However, the absence or existence of any of these factors alone does not necessarily indicate malicious intent. It should be evaluated in combination with technical, linguistic, and behavioral indicators, rather than treated as a standalone signal of legitimacy.
Looking into technical signs can reveal whether a website is trustworthy or potentially fraudulent.
One of the first things to check is the domain age. Scam websites are often short-lived, appearing only for a few weeks or months before disappearing once users start reporting them. To check when the domain was created, use a WHOIS lookup. If it’s less than six months old, be cautious — especially for e-commerce or investment sites, where legitimacy and trust take time to build.
Let’s take a look at the registration details for the popular online marketplace Amazon. As we can see from the WHOIS information, it was registered in 1994.
Meanwhile, a reported suspicious online store was created a couple of months ago.
Legitimate websites usually operate on stable hosting platforms and remain on the same IP addresses or networks for long periods. In contrast, fraudulent websites often move between servers (in most cases using a cheap shared hosting service) or reuse infrastructure already associated with abuse. Checking the IP address reputation can reveal if the website or the hosting server has previously been linked to suspicious activities. Even if the website looks legitimate, a poor IP reputation can expose it.
In addition to that, looking at the infrastructure behavior over time can reveal patterns about its legitimacy. Websites associated with fraudulent activity often show short lifespans, sudden spikes in activity, or rapid appearance and disappearance, which indicates a coordinated campaign rather than a legitimate business.
Another important clue is hidden ownership. When the WHOIS details show “Redacted for Privacy” or leaves the organization name blank, it may indicate that the website owner is deliberately hiding their identity.
We should point out that while this can raise suspicion during investigations, hidden WHOIS data is not inherently malicious. Many legitimate businesses use privacy protection services for valid reasons. These may include protection from spam and phishing after public email addresses are taken from WHOIS databases, personal safety for small business owners, and brand protection to prevent competitors or malicious actors from targeting the registrant. This means that some businesses can use services like WHOIS Privacy Protection, Domains By Proxy, or PrivacyGuardian.org to remove the WHOIS data while still operating transparently on their websites through clear contact details, customer support channels, and legal pages (e.g. terms of use).
Therefore, hidden ownership should be treated as a contextual risk indicator, not a standalone proof of fraud. It becomes more suspicious when combined with other signals such as newly registered domains, and lack of legal information.
Next, you can check the security headers of the website. Legitimate websites are usually well maintained and include several key HTTP headers for protection. Some examples include:
These headers form the “digital hygiene” of a website. Their absence doesn’t always mean a site is malicious, but it does suggest a lack of security awareness or professional maintenance — both strong reasons to be cautious.
You should also check the SSL certificate. Scam sites may use self-signed or short-lived SSL certificates. You can inspect this by clicking the padlock icon in your browser’s address bar — if it says “not secure” or the certificate authority seems unfamiliar, that’s a red flag.
You can check the security headers and the SSL certificate by sending an HTTP request programmatically or by using some online service.
Another indicator that provides insight into how well a website is done and managed is DNS configurations. Legitimate businesses typically use reliable DNS providers and maintain consistent DNS records. Missing the name server NS or mail exchange MX records may indicate poor setup. In addition to NS and MX, established websites often configure SPF and DMARC records to protect their brand from email spoofing and phishing. Something scam website developers won’t bother with because they don’t intend to build a long-standing reputation.
You can check the configurations of DNS records either programmatically or by using an online service.
Another recommendation is to pay attention to website behavior. If there are frequent redirects, pop-up ads, or background requests to unknown domains, this may indicate unsafe scripting or tracking.
We at Kaspersky have built an intelligent system for detecting suspicious web resources and added this new type of protection into many of our products, including Kaspersky Premium, Kaspersky for Android and iOS, and others. Our detection model is based on many factors, including but not limited to the following:
Kaspersky has been certified as a provider of effective protective technology for fake shop detection.
When a user tries to visit a site flagged as having an undefined trust level, our solutions show a warning to stop the visitor from becoming a victim of personal data leaks, financial losses or a bad purchase:
This component is on by default.
Moreover, there are several online tools and databases that can help assess a website’s legitimacy:
To protect yourself from such threats, it might a good idea to take some additional preventive measures. Always double-check the URL and domain name, especially when you are about to click a link or make a payment. Make sure the site uses HTTPS and has a trusted certificate.
You can use standard browser tools to verify site security. For example, in Google Chrome, clicking the site information button (the lock or settings icon in the address bar) displays details about the connection security and the site’s certificate.
In the Security section, you can check whether the site supports HTTPS – it should say “Connection is secure” – and view the site’s digital certificate.
Additionally, keep reliable security software with real-time protection running on your device to stop you from accessing dangerous websites. Do not download any files or enter your personal information on websites that look unprofessional or suspicious. And finally, remember the golden rule: if a deal seems too good to be true, it often is.
If you realize that you’re on a scam website, it’s important to perform certain post-incident actions immediately. First, contact your bank or payment provider as soon as possible to block the transaction or card. Then, change your passwords for the services which might have been compromised, and run a full antivirus scan on your device to detect and remove any potential threats. Lastly, consider reporting the website to the cybercrime agency in your country or to the consumer protection agency. Sharing your experience online by leaving a review or warning will give notice to potential customers alike.
By staying careful and taking quick actions, you can significantly reduce the chances of being a target and help make the internet a safer place for everyone.
To illustrate the types of suspicious sites prevalent in various regions around the world, we analyzed anonymized detection data from Kaspersky solutions for the “websites with an undefined trust level” category in January 2026. For each region, we identified the 10 most frequently encountered sites and calculated the share of each within that list. To maintain privacy, specific domains are not listed directly; instead, they’re described based on their functionality and characteristics.
First, let’s examine the sites that appear across multiple regions, indicating a high prevalence.
In 9 out of the 10 regions analyzed, we encountered a suspicious image processing platform (*a*o*.com). This site positions itself as a photo editing tool, but in reality, it serves as an intermediary server for uploading images used in phishing and other malicious campaigns. The scheme typically works like this: a victim clicks a link disguised as a harmless image, after which the server initiates a stealthy download of a malicious payload, executes JavaScript to steal session data, or redirects the visitor to a phishing page. By interacting with such a site, users risk exposing personal data under the guise of uploading images, falling victim to a phishing attack, or infecting their device with malware.
Percentage of the *a*o*.com domain detections by region, January 2026 (download)
This site has the largest share of detections in the Russian Federation, where it ranks first in the TOP 10 with a 40.80% share. It is also prevalent in Latin American countries (21.70%) and the CIS (14.64%), while it’s least common in Canada at 0.24%.
The next site appeared in 7 regions. It consists of a landing page for a fake antivirus solution presented as a browser extension (*n*s*.com). This extension redirects the user to a fake search engine page allowing it to collect data and track user activity, specifically search queries.
Percentage of the *n*s*.com domain detections by region, January 2026 (download)
This site is most frequently detected in South Asia, with a share of 33.31%. Its presence in Canada and Oceania is roughly equal (15.47% and 15.09%, respectively). We recorded the lowest number of detections in Africa, at 2.99%.
Another suspicious browser extension appeared in the TOP 10 in 6 out of the 10 regions. It’s a fake privacy-enhancing tool hosted at *w*a*.com. Instead of providing the advertised privacy features, this extension carries a high risk of intercepting browser data and is classified as a potentially unwanted application (PUA). It can modify browser settings, harvest user data, swap the default search engine for a fake one, and perform other malicious actions. Furthermore, it maintains full control over all browser traffic.
Percentage of the *w*a*.com domain detections by region, January 2026 (download)
This “service” has its largest share, 22.25%, in the Middle East and North Africa, and is also quite common in Canada (16.26%). It’s least frequently encountered in Latin America (5.38%) and East Asia (4.02%).
The site *o*r*.com appeared in five regional rankings. It’s a fake security service promising to provide online safety by warning users about malicious sites and dangerous search queries. This extension has the potential to steal cookies (including session cookies), inject advertisements, spoof login forms, and harvest browser history and search queries. We noted that this site made the TOP 10 in Africa (0.59%), the MENA (Middle East and North Africa) region (4.57%), Europe (5.61%), Canada (7.21%), and Oceania (1.93%).
In 4 out of the 10 regions, we identified several other recurring sites. One of them (*n*p*.xyz) mimics a repository for creative AI image generation prompts while capturing browser data. The domain hosting this site exhibits several red flags: it was recently registered, and the owner’s information is hidden. This site reached the TOP 10 in Africa (0.51%), the MENA region (7.04%), Latin America (22.54%, ranking first in that region), and South Asia (5.91%).
The second service (*i*s*.com) positions itself as a tool for safe searching, protecting the browser from threats, and verifying extensions. However, this is a typical browser hijacker, much like the others mentioned above. It made the TOP 10 in South Asia (8.03%), Oceania (17.97%), Europe (3.90%), and Canada (14.35%).
The third site (*h*t*.com) poses as a private browsing extension. In reality, it’s another potentially unwanted application designed for browser hijacking: it modifies settings, steals sensitive data (cookies, browser history, and queries), and can redirect the user to phishing pages. Users have specifically noted the difficulty involved in removing the extension. This site appears in the TOP 10 for the MENA region (10.17%), Canada (7.06%), Europe (3.81%), and Oceania (2.81%).
Another domain (*o*t*.com) that reached the TOP 10 in four regions is a service mimicking a browser extension for safe searching and web browsing. It’s dangerous because it injects ads and steals user data. It’s important to note that such extensions can be installed without explicit user consent – for example, via links embedded in other software. This service holds the number one spot in two regions: Canada (25.72%) and Oceania (30.92%), while also appearing in the TOP 10 for East Asia (8.01%) and Africa (0.88%).
Consequently, we can see that the majority of suspicious sites detected by our solutions worldwide are browser hijackers masquerading as security products. Nevertheless, other categories of sites also appear in the TOP 10.
Next, we’ll examine each region individually, focusing on descriptions of domains not previously covered. For clarity, the sites mentioned above will be marked as [MULTI-REGION], while those appearing in only two or three regions will include the names of those specific areas. We’ll observe several regional overlaps and similarities, allowing us to determine which types of suspicious sites are popular both within specific regions and globally.
Distribution of the TOP 10 suspicious websites in Africa, January 2026 (download)
The three most prevalent domains in African countries are found exclusively in this region. All of them – *i*r*.world (60.27%), *m*a*.com (22.84%), and *e*p*.com (9.36%) – are potentially fraudulent online trading platforms suspected of using forged licenses. These sites employ classic scam schemes where it’s impossible to withdraw any alleged earnings. In fifth place is a domain we’ll also see in the European TOP 10, *r*e*.com (1.46%): a platform marketed as a tool for retail and semi-professional traders. It charges for services available elsewhere for free. Eighth place is held by a site that also appears in the Russian TOP 10: *a*c*.com (0.56%). This is a dubious AI tool that claims to offer free subscriptions to a premium graphics editor. In ninth place is a domain that also surfaces in the Canadian TOP 10: *u*e*.com (0.53%), a browser extension of the “web protection” variety that we’ve encountered previously.
In summary, the African region is dominated by financial scams within the online trading and brokerage sectors. These include fake platforms that make it impossible to withdraw funds and use fake licenses and classic schemes to steal users’ money. Additionally, Africa sees paid tools that duplicate free services and questionable AI-based subscriptions. The primary threat in this region is financial loss through fraudulent investment-themed sites.
Distribution of the TOP 10 suspicious websites in the Middle East and North Africa, January 2026 (download)
In the MENA region, the site *a*v*.su holds the top spot with a 28.64% share; notably, this site also appears in the TOP 10 for Russia. It markets itself as a tool for building custom VoIP-PBX systems. However, it has an extremely low trust rating and is frequently associated with phishing, malware distribution, and hidden redirects. Using this service carries significant risks, including data leaks, malware infections, and financial loss.
Ranked seventh is *a*r*.foundation (6.32%), an AI bot allegedly designed for trading, which we also identified in the TOP 10 for Oceania. This service has been flagged as an investment scam operating as a pyramid scheme with the hallmarks of a Ponzi scheme.
The ranking is rounded out by two domains not found in any other region. The first one, *l*e*.pro (4.42%), is a spoof of a popular betting service. The second, *p*r*.group (2.21%), is a clone of a well-known broker. Both sites are scams.
In the MENA region, the landscape is dominated by fake VoIP services as well as counterfeits of financial and betting platforms, which attackers use to conduct phishing attacks, distribute malware, and perform hidden redirects. A significant portion of suspicious sites consists of fake online privacy tools and browser hijackers masquerading as security extensions. Ponzi schemes and cryptocurrency scams are also prominent. The primary risks for the region are data theft, malware installation, and financial loss.
Distribution of the TOP 10 suspicious websites in Latin America, January 2026 (download)
In Latin America, we identified five popular suspicious sites specific to this region, which is unusual compared to other areas where more overlaps are typically observed. Ranking third with a share of 10.81% is the fake betting platform *b*e*.net. In fifth place is *r*e*.club, an illegitimate clone of a well-known bookmaker, with a share of 7.82%.
Further down the list of local threats are *a*a*.com.br (7.02%), a Brazilian Ponzi scam; *s*a*.com (5.07%), which offers dubious investment programs; and *t*r*.com (4.53%), a potentially dangerous trading platform.
In Latin America, the most-visited suspicious sites are betting-themed scams, including both clones of legitimate sites and those built from scratch. Also prevalent are Ponzi schemes, fake investment programs, and dubious online brokers. A significant portion of these sites consists of browser hijackers posing as crypto platforms and AI bots. The primary threats in Latin American countries include financial loss through gambling and Ponzi schemes, as well as the theft of NFTs and other tokens.
Distribution of the TOP 10 suspicious websites in East Asia, January 2026 (download)
In the East Asian TOP 10, we see the highest concentration of domains that are absent from other regional rankings.
In first place, with an 18.77% share, is the fake broker *r*x*.com, which can be used to steal personal data or funds. Second place is held by a crypto-gaming site (16.44%) that we previously encountered in the Latin American TOP 10. Visitors to this site risk losing NFTs and other tokens. In third place is the domain *u*h*.net (11.61%), used for redirects or phishing. It can exploit a victim’s device as a proxy for malicious sites, install adware and malware, or hijack sessions. Following this is *s*m*.com (9.98%), a domain typically used as a browser-hijacking server and for phishing attacks, serving as a link in an infection chain.
Rounding out the local threats in East Asia are the following domains: *e*v*.com (9.37%), utilized in drive-by attacks; *a*k*.com (9.16%), an API-like domain associated with suspicious scripts and extensions; and *b*l*.com (4.38%), a domain potentially used for redirects and other malicious activities.
East Asia has a high concentration of region-specific fake brokers, crypto gaming platforms, and NFT marketplaces. These are primarily used for drive-by attacks, redirection to malicious domains, phishing, and the distribution of adware and malware, acting as a stage in the infection chain. The primary threats for this region include the loss of financial data, NFTs, and other tokens, as well as stealthy malware installation and session hijacking.
Distribution of the TOP 10 suspicious websites in South Asia, January 2026 (download)
In South Asian countries, we also observe a concentration of local suspicious sites specific to the region.
The second most popular site in the region is *a*s*.com (12.01%), a poor-reputation, high-risk microloan service typical of South Asia. By interacting with these sites, users risk not only losing significant funds but also compromising their overall security. Following this are *v*n*.com with a 9.47% share and *l*f*.com with 8.65%. These domains are employed in various fraudulent schemes, ranging from phishing to spam.
The TOP 10 also includes *s*o*.com (4.80%), a free video downloading service associated with a high risk of infection. The final site we analyzed in the South Asia region is *c*o*.site (1.89%), a pseudo-tool for local SEO optimization that carries the danger of data loss and a high risk of financial fraud through subscription sign-ups.
In summary, the region is dominated by fake antivirus extensions, microloan services, dubious video downloaders, and counterfeit SEO tools. The primary risks for South Asia include financial fraud, phishing and spam distribution, malware infection, and data theft.
When analyzing statistics for suspicious sites in CIS countries, we treat Russia as a separate region due to the unique characteristics of its online space which are not found in any other CIS member states. However, we’ve placed these two regions in the same section, as we’ve observed overlaps between them that are not seen in other parts of the world.
Distribution of the TOP 10 suspicious websites in the CIS, January 2026 (download)
The top two sites in the CIS TOP 10 also appear in the Russian TOP 10. The domain *r*a*.bar, which ranks first in the CIS (39.50%), holds the second spot in Russia (15.93%) and is a fake trading site. It’s worth noting that sites in the .bar domain zone are frequently used for scams. In second place in the CIS (15.29%) and sixth in Russia (3.75%) is the domain *p*o*.ru, which is often associated with bots for inflating follower counts and automating community management.
Domains from fourth to eighth place are specific only to the CIS region and don’t appear in the Russian TOP 10. These sites include:
The ranking concludes with sites that overlap with the Russian region. *a*.consulting (2.42%) is a fake clone of a binary options site, and *a*.lol (2.32%) is a domain suspected of phishing and malicious activity.
The CIS landscape is dominated by fake trading platforms (particularly crypto exchanges), promises of easy profits, play-to-earn scams, and dubious investment projects. We also observe many bots for inflating social metrics and automation, alongside domains dedicated to phishing and malware distribution. The primary threat in the CIS is the theft of private keys, digital wallets, and funds through investment schemes and lures involving online promotion.
Distribution of the TOP 10 suspicious websites in Russia, January 2026 (download)
The Russian TOP 10 includes three unique domains not found in the rankings of other regions. The first, *n*m*.top (7.84%), is an imitator of a well-known binary options broker. This suspicious site was recently registered and has a tellingly low rating on domain verification services. The second, *t*e*.ru (3.25%), claims to be an educational platform and has a dubious subscription system with a high probability of fraud involving difficulties in canceling subscriptions. The third site, *e*e*.org (3.14%), positions itself as a tool for a popular media platform, but it’s actually a scam that fails to provide its stated services.
Overall, the Russian landscape is characterized by fake binary options brokers, sketchy sites with fraudulent subscriptions posing as e-learning platforms, and VoIP services used to spread phishing and malware. There are also frequent instances of sites spoofing well-known legitimate services. The primary risks in Russia are scams related to the knowledge business sector, as well as the theft of money and personal data.
Distribution of the TOP 10 suspicious websites in Europe, January 2026 (download)
In the European region, we’ve found two unique domains. The first of these, *c*r*.org, has been identified as part of a chain for massive phishing and spam attacks, as well as other malicious activities. It accounts for a 16.08% share of the TOP 10. The second site, *o*n*.de, is an unofficial reseller with a poor reputation and a high likelihood of fraud. This domain ranks second to last in our statistics with a 5.95% share.
Among the sites not previously covered, the European TOP 10 includes one site that also appears in the Oceania TOP 10: *o*i*.com (6.61%). This is a classic cryptocurrency scam promising passive income.
A significant portion of suspicious sites in Europe consists of intermediary sites for phishing and spam, fake security extensions, and crypto scams. Unofficial sales services and paid trading tools are also on the list. The primary threats in the European region include session hijacking, data theft, spam, and investment fraud.
Distribution of the TOP 10 suspicious websites in Canada, January 2026 (download)
Canada has been designated as a separate region to illustrate prevailing trends within North America. The first four positions in the Canadian TOP 10 are held by multiregional domains discussed previously. In fifth place is *t*c*.com (10.88%), which also appears in the TOP 10 rankings for Oceania and South Asia. This is yet another browser extension masquerading as a security solution. Occupying the final spot is the domain *e*w*.com (0.17%), which is unique to the Canadian market. This site operates a dropshipping scam, offering products at prices significantly below market value. Customers typically either never receive their orders or get low-quality counterfeits.
The landscape of dubious websites in Canada is largely defined by fraudulent extensions capable of hijacking browser data, tracking user activity, spoofing search queries, harvesting cookies, and injecting ads. This is further compounded by dropshipping schemes involving counterfeit goods. The primary risks for users in Canada include data theft and financial loss from purchasing substandard products.
Distribution of the TOP 10 suspicious websites in Oceania, January 2026 (download)
The final region under consideration is Oceania. Notably, we didn’t identify a single domain unique to this region. Every site appearing in the TOP 10 represents a global threat that’s already been detailed in previous sections. To summarize the findings for this region: the primary threats consist of fake security extensions and privacy products designed for browser hijacking, tracking user activity, displaying advertisements, and stealing data. There’s a minimal presence of crypto Ponzi schemes in this area. The main risk for users in Oceania is the loss of privacy and confidentiality through unwanted apps.
Suspicious websites are particularly dangerous because they often masquerade as legitimate sites with high levels of persuasiveness. They mimic online stores, subscription-based streaming platforms, repair firms, and various other services. Unlike standard phishing sites, they employ more sophisticated manipulations to deceive users, tricking them into voluntarily handing over their personal data and transferring funds.
By examining the TOP 10 suspicious sites across the world’s major regions, we can draw several conclusions. On average, the most prevalent threats globally are fraudulent extensions masquerading as security solutions and privacy services. Their true purpose is to hijack browser data, track user activity, and display ads. We also frequently encounter phishing platforms for image processing and financial scams involving trading, cryptocurrency, betting, and microloans. Our statistics demonstrate that these sites not only employ classic fraudulent schemes centered on easy money but also adapt to contemporary trends targeting younger audiences and specific regional characteristics. The primary risks for users interacting with these sites are a combination of privacy threats and financial loss.
To help protect users from these shady sites, we’ve introduced the category of “websites with an undefined trust level” as part of the web filtering features in our solutions. However, it’s important to note that user awareness and individual responsibility play a significant role in ensuring safe web browsing. It’s essential for users to be able to recognize suspicious sites and remain vigilant toward any that appear untrustworthy.
@Informatica (Italy e non Italy)
Scommesse su guerre e tragedie, rischi di insider trading e minacce: perché la nuova frontiera della speculazione selvaggia deve preoccuparci
L'articolo Polymarket e i pericoli dei mercati predittivi proviene da Guerre di Rete.
L'articolo guerredirete.it/polymarket-e-i…
reshared this
Giancarlo Dessì
in reply to brozu ▪️ • • •Scuola - Gruppo Forum reshared this.
Giancarlo Dessì
in reply to Giancarlo Dessì • • •Scuola - Gruppo Forum reshared this.
brozu ▪️
in reply to Giancarlo Dessì • • •@scuola@a.gup.pe@poliverso.org @scuola@a.gup.pe@poliverso.org@poliverso.org @scuola@a.gup.pe@poliverso.org@a.gup.pe
Quindi stiamo muti e al gioco?
Non fraintendere, capisco cosa dici. Non dovrebbe essere così, ma nel mentre non si può stare muti.
Scuola - Gruppo Forum reshared this.
Giancarlo Dessì
in reply to brozu ▪️ • • •Scuola - Gruppo Forum reshared this.
brozu ▪️
in reply to Giancarlo Dessì • • •Morirò schiavo di questo sistema, ma con la coscienza pulita di non essermi rassegnato al cambiamento 😀
Scuola - Gruppo Forum reshared this.
Giancarlo Dessì
in reply to brozu ▪️ • • •Scuola - Gruppo Forum reshared this.
Giancarlo Dessì
in reply to Giancarlo Dessì • • •Scuola - Gruppo Forum reshared this.
brozu ▪️
in reply to Giancarlo Dessì • • •Io sono coordinatore quest’anno.
Confermo, non lo farò più.
Scuola - Gruppo Forum reshared this.
Giancarlo Dessì
in reply to brozu ▪️ • • •Scuola - Gruppo Forum reshared this.
brozu ▪️
in reply to Giancarlo Dessì • • •Scuola - Gruppo Forum reshared this.
Giancarlo Dessì
in reply to brozu ▪️ • • •Scuola - Gruppo Forum reshared this.
brozu ▪️
in reply to Giancarlo Dessì • • •@gian_d_gian concordo, ma si può non rispondere.
Dovrebbe essere illegale.
Scuola - Gruppo Forum reshared this.
Giancarlo Dessì
in reply to brozu ▪️ • • •Scuola - Gruppo Forum reshared this.
brozu ▪️
in reply to Giancarlo Dessì • • •@gian_d_gian infatti non ho detto che lo è. Ho detto dovrebbe esserlo.
Ed infatti ho anche risposto che non essendo obbligatorio non va detto e va fatto.
Scuola - Gruppo Forum reshared this.
Giancarlo Dessì
in reply to brozu ▪️ • • •reshared this
Scuola - Gruppo Forum e brozu ▪️ reshared this.
Giancarlo Dessì
in reply to Giancarlo Dessì • • •Scuola - Gruppo Forum reshared this.
brozu ▪️
in reply to Giancarlo Dessì • • •@gian_d_gian
Concordo…
Che faccio, dunque?
Sciopero.
Scuola - Gruppo Forum reshared this.
Giancarlo Dessì
in reply to brozu ▪️ • • •Scuola - Gruppo Forum reshared this.
brozu ▪️
in reply to Giancarlo Dessì • • •Credo che alcuna valenza pratica sia esagerato. Non sono io però a doverti convincere.
Scuola - Gruppo Forum reshared this.
Giancarlo Dessì
in reply to brozu ▪️ • • •Scuola - Gruppo Forum reshared this.