Bluetooth Earrings Pump Out The Tunes
When you think of a Bluetooth speaker, you’re probably picturing a roughly lunchbox-sized device that pumps out some decent volume for annoying fellow beachgoers, hikers, or public transport users. [Matt Frequencies] has developed something in an altogether different form factor—tiny Bluetooth speakers you can dangle from your earlobes! They’re called Earrays, and they’re awesome.
The build started with [Matt] harvesting circuit boards from a pair of off-the-shelf Bluetooth earbuds. These are tiny, and perfect for picking up a digital audio stream from a smartphone or other device, but they don’t have the grunt to drive powerful speakers. Thus, [Matt] hooked them up to a small Adafruit PAM8302A amplifier board, enabling them to drive some larger speaker drivers that you can actually hear from a distance. These were then installed in little 3D printed housings that are like a tiny version of the speaker arrays you might see hanging from the rigging at a major dance festival. Throw on a little earring hook, and you’ve got a pair of wearable Bluetooth speakers that are both functional, fashionable, and very audible!
[Matt] has continued to develop the project, even designing a matching pendant and a charging base to make them practical to use beyond a proof-of concept. Despite the weight of the included electronics, they’re perfectly wearable, as demonstrated by [DJ Kaizo Trap] modelling the hardware in the images seen here.
We’ve seen plenty of great LED earrings over the years, but very few jewelry projects in the audio space thus far. Perhaps that will change in future—if you pursue such goals, let us know!
La nave spia russa Yantar ha monitorato per mesi i cavi sottomarini
La nave oceanografica russa Yantar, spesso descritta in Occidente come una “nave spia”, ha completato un viaggio di tre mesi lungo le coste europee, durante il quale ha seguito rotte che coincidono con alcune delle principali infrastrutture di comunicazione e approvvigionamento energetico.
L’analisi del Financial Times, basata su immagini satellitari e dati del Sistema di Identificazione Automatica (AIS), indica che l’imbarcazione si è soffermata in aree strategiche come il Mare d’Irlanda e l’arcipelago delle Svalbard, zone in cui transitano cavi sottomarini vitali per la NATO.
Un’unità segreta del Ministero della Difesa russo
Lo Yantar appartiene alla Flotta del Nord ma opera sotto la supervisione della Direzione Generale per la Ricerca in Acque Profonde (GUGI), un’unità del Ministero della Difesa russo creata durante la Guerra Fredda e considerata altamente riservata. Secondo fonti citate dal quotidiano britannico, il GUGI agisce in stretta connessione con l’intelligence militare russa (GRU), piuttosto che con la Marina, che fornisce solo supporto tecnico.
La base principale dell’unità si trova a Olenya Guba, nella regione di Murmansk, lungo la costa del Mare di Barents, sorvegliata da decenni dalla CIA. Le difese del sito sono state recentemente rafforzate con barriere navali e sistemi di disturbo dei segnali GPS, che rendono difficile anche la navigazione civile nelle vicinanze.
La nave è dotata di veicoli sottomarini telecomandati e bracci meccanici in grado di collegarsi ai cavi posati sui fondali marini, consentendo intercettazioni o potenziali operazioni di sabotaggio. Gli esperti ritengono che il suo obiettivo principale sia l’individuazione dei nodi in cui convergono più linee, così da massimizzare l’impatto di un eventuale attacco.
Il Financial Times sottolinea che, dopo l’invasione russa dell’Ucraina nel 2022, la Yantar ha ridotto i viaggi di lunga durata, probabilmente per timore di un’escalation con i paesi occidentali o a causa delle sanzioni. Tuttavia, nel novembre 2024 ha ripreso le missioni estese, completando un percorso di 97 giorni attraverso zone infrastrutturali critiche dell’Atlantico europeo.
Infrastrutture a rischio
Le reti di cavi sottomarini hanno un ruolo centrale nella sicurezza e nell’economia globale. Nel Regno Unito, il 99% delle comunicazioni digitali transita attraverso cavi in fibra ottica sui fondali, mentre i gasdotti sottomarini forniscono circa il 75% dell’approvvigionamento nazionale. Le stesse linee sono cruciali anche per le transazioni finanziarie internazionali e le comunicazioni militari tra Stati Uniti e Regno Unito.
La vulnerabilità di queste infrastrutture è al centro delle preoccupazioni delle marine occidentali. Secondo David Fields, ex addetto navale britannico a Mosca, la strategia russa punta a colpire rapidamente le reti critiche, causando blackout, interruzioni di corrente o blocchi delle comunicazioni, con conseguenze politiche e sociali potenzialmente destabilizzanti.
Il Segretario alla Difesa britannico John Healey ha denunciato pubblicamente la “crescente aggressività russa”, dopo che la Yantar è stata avvistata due volte nelle acque territoriali britanniche nell’ultimo anno. Nel frattempo, Londra ha intensificato i pattugliamenti e avviato lo sviluppo del sistema Atlantic Bastion, progettato per monitorare i fondali marini. L’Irlanda, considerata un punto vulnerabile perché fuori dalla NATO, ha stanziato 60 milioni di euro per un sistema sonar in grado di rilevare minacce subacquee.
Episodi collegati
Le attività russe hanno attirato attenzione anche in altre aree. In Finlandia, la Procura nazionale ha incriminato il capitano e due membri dell’equipaggio della petroliera Eagle S, accusati di aver danneggiato deliberatamente i cavi elettrici tra Finlandia ed Estonia.
L’imbarcazione, parte della cosiddetta “flotta ombra” russa, è stata inserita nella lista nera dell’India.
L'articolo La nave spia russa Yantar ha monitorato per mesi i cavi sottomarini proviene da il blog della sicurezza informatica.
Whither the Chip Shortage?
Do you remember the global chip shortage? Somehow it seems so long ago, but it’s not even really been three years yet. Somehow, I had entirely forgotten about it, until two random mentions about it popped up in short succession, and brought it all flooding back like a repressed bad dream.
Playing the role of the ghost-of-chip-shortage-past was a module for a pair of FPV goggles. There are three versions of the firmware available for download at the manufacturer’s website, and I had to figure out which I needed. I knew it wasn’t V1, because that was the buggy receiver PCB that I had just ordered the replacement for. So it was V2 or V3, but which?
Digging into it, V2 was the version that fixed the bug, and V3 was the redesign around a different microcontroller chip, because they couldn’t get the V2 one during the chip shortage.
I saw visions of desperate hackers learning new toolchains, searching for alternative parts, finding that they could get that one chip, but that there were only 20 of them left and they were selling for $30 instead of $1.30. I know a lot of you out there were designing through these tough couple years, and you’ve all probably got war stories.
And yet here we are, definitively post-chip-shortage. How can you be sure? A $30 vape pen includes a processor that we would have killed for just three years ago. The vape includes a touchscreen, just because. And it even has a Bluetooth LE chip that it’s not even using. My guess is that the hardware designers just put it in there hoping that the firmware team would get around to using it for something.
This vape has 16 MB of external SPI Flash! During the chip shortage, we couldn’t even get 4 MB SPI flash.
It’s nice to be on the other side of the chip shortage. Just order whatever parts you want and you get them, but don’t take for granted how luxurious that feels. Breathe easy, and design confidently. You can finally use that last genuine STM32F103 blue pill board without fear of it being the last one on earth.
(Featured image is not an actual photo of the author, although he does sometimes have that energy.)
This article is part of the Hackaday.com newsletter, delivered every seven days for each of the last 200+ weeks. It also includes our favorite articles from the last seven days that you can see on the web version of the newsletter. Want this type of article to hit your inbox every Friday morning? You should sign up!
Bringing Bluetooth to the Zune
The Zune might have joined the portable media player game too late to ever really be competition for the iPod, but that doesn’t mean it didn’t pick up some devoted fans along the way. Some of them are still breathing new life into the device, such as [The Director of Legal Evil Emeritus] at the Louisville Hackerspace, with this project that gives it Bluetooth capability.
As far as media players go, there’s still some solid reasons to rock a Zune. Compared to other devices of the era, it offers a better DAC, an FM tuner, and no iTunes reliance. The goal of this project was to bring a bit of modern functionality without having to do any modification of the Zune itself. As the player supported docks with IR remotes, this build involves using an ESP32 to listen to the Bluetooth signal coming from the speakers, interpret any button presses, and forward them along to the Zune’s dock.
There is a dedicated scene for these old music players, but this build is unique for not needing to crack open the case and splice in a Bluetooth module. Even then, those typically don’t have the ability to interact with things like this speaker with its integrated control buttons.
We don’t often seen Zune hacks come our way — the last time Microsoft’s player graced these pages was in 2010, when the Open Zune Development Kit was released.
Thanks to [JAC_101] for the tip!
An LED Sphere For Your Desk
The Las Vegas Sphere is great and all, but few of us can afford the expense to travel to out there to see it on the regular. If you’re looking for similar vibes you can access at home, you might enjoy the desk toy that [AGBarber] has designed.
The scale is small — the sphere measures just 98 mm (3.6 inches) in diameter — but that just means it’s accessible enough to be fun. The build is based around various sizes of WS2812B addressable LED rings, and contains 120 individual RGB LEDs in total. They’re wrapped up in a 3D printed housing which does a great job of diffusing the light. Transparent filament was used to print parts that light up with a richly-saturated glow with few visible hotspots. Commanding the LEDs is an ESP8266 microcontroller in the form of a Wemos D1 Mini, which provides plenty of grunt to run animations as well as great wireless connectivity options. [AGBarber] relied on their own Pixel Spork library to handle all the cool lighting effects. Files are on GitHub for the curious.
Maybe you don’t like spheres, and icosahedrons are more your speed. Well, we’ve featured those too—with 2,400 LEDs, no less.
youtube.com/embed/cquZKZue7UM?…
Identità digitali italiane in vendita: pacchetti KYC a 300 dollari sul Dark Web
Recentemente, un avviso sul noto forum underground “DarkForum” ha riacceso i riflettori sul crescente e pericoloso mercato della compravendita di documenti d’identità rubati o falsificati.
L’annuncio, che offre un “pacchetto privato di documenti italiani” al costo di circa 300 dollari (circa 280-300 euro), rivela come l’identità digitale sia diventata una merce di scambio fondamentale per il crimine finanziario.
L’obiettivo esplicito di questi pacchetti è superare i processi di KYC (Know Your Customer o “Conosci il tuo cliente”). Il KYC è lo standard di verifica dell’identità imposto a banche, piattaforme di criptovalute e servizi di pagamento per prevenire il riciclaggio di denaro e il finanziamento del terrorismo. Aggirare questi controlli con documenti falsi o autentici rubati permette ai criminali di operare nell’anonimato.
Il Contenuto di un Pacchetto: Non Solo la Carta d’Identità
Un “pacchetto KYC” completo venduto su questi canali non include solo una copia scannerizzata di un documento d’identità, ma è spesso una combinazione di dati e immagini realizzate per ingannare i sofisticati sistemi di verifica.
“Questi set di documenti sono la chiave di volta per i truffatori,” spiega un analista di sicurezza informatica. “Non basta avere una foto della patente. Spesso includono anche prove di residenza, come bollette o estratti conto, e, nel caso di frodi più elaborate, persino un ‘selfie KYC’ della vittima ignara che tiene in mano il proprio documento. Questi documenti vengono tipicamente sottratti tramite attacchi di phishing, malware o violazioni di database“, spiega Dark Lab il gruppo di intelligence delle minacce di Red Hot Cyber che ha rilevato questo post nei mercati underground.
Le Frodi Sostenute dall’Anonimato
L’identità rubata viene impiegata per una serie di attività illecite, creando gravi problemi per le vittime:
- Riciclaggio di Denaro: La destinazione principale è l’apertura di conti “muli” su exchange di criptovalute o servizi di trasferimento di denaro. Utilizzando l’identità rubata, i criminali possono convertire fondi di origine illecita (provenienti da ransomware, truffe informatiche, ecc.) in valuta pulita, rendendo il tracciamento quasi impossibile;
- Furto d’Identità Finanziario: I documenti permettono di aprire conti bancari o linee di credito, contrarre prestiti o richiedere carte a nome della vittima, lasciandola con debiti e un profilo creditizio rovinato;
- Evasione di Restrizioni: Vengono usati per aggirare i divieti imposti da piattaforme online, permettendo agli utenti bannati di ricreare nuovi profili per perpetrare ulteriori truffe.
La Risposta delle Autorità e La Difesa del Cittadino
Le autorità investigative, monitorano costantemente questi annunci. La vendita e l’acquisto di tali pacchetti costituiscono reato, con pene severe per furto d’identità e riciclaggio di denaro.
Per i cittadini, la prevenzione è l’unica vera difesa. Gli esperti raccomandano di:
- Non condividere mai copie di documenti d’identità tramite email o canali non crittografati;
- Diffidare di richieste inaspettate di “aggiornare i documenti” o di inviare “selfie con la carta d’identità” da parte di siti web o app non verificati;
- Utilizzare password forti e l’autenticazione a due fattori (2FA) per tutti gli account online, in particolare quelli finanziari, per ridurre il rischio di violazioni.
Il mercato nero dei documenti d’identità è un promemoria costante di come i nostri dati personali siano l’asset più prezioso per il crimine organizzato, e di come la prudenza digitale sia ormai essenziale quanto la sicurezza fisica.
L'articolo Identità digitali italiane in vendita: pacchetti KYC a 300 dollari sul Dark Web proviene da il blog della sicurezza informatica.
UNIX for a Legacy TI
Although now mostly known as a company who cornered the market on graphing calculators while only updating them once a decade or so, there was a time when Texas Instruments was a major force in the computing world. In the late 70s and early 80s they released a line of computers called the TI-99 to compete (unsuccessfully) with various offerings from Commodore, and these machines were fairly robust for the time. They did have limited memory but offered a 16-bit CPU and plenty of peripherals, and now there’s even a UNIX-like OS that they can run.
This version of UNIX is called UNIX99 and is the brainchild of AtariAge forum member [mrvan] who originally wasn’t looking to develop a full operating system for this computer but rather a set of standard C libraries to help with other projects. Apparently the step from that to a UNIX-flavored OS wasn’t too big so this project was born. While the operating system doesn’t have a UNIX certification, it has most of the tools any of us would recognize on similar machines. The OS has support for most of the TI-99 hardware, file management, a basic user account system, and a command shell through which scripts can be written and executed.
That being said, the limitations of the hardware do come through in the operating system. There’s no multitasking, for example, and the small amount of memory is a major hurdle as well. But that’s what makes this project all the more impressive, and [mrvan] isn’t stopping here. He’s working on a few other improvements to this platform, and we look forward to seeing future releases. UNIX itself is extremely influential in the computing world, and has been used a the model for other homebrew UNIX-like operating systems on similar platforms of this era such as the Z80.
Thanks to [Stephen] for the tip!
Photo courtesy of Rama & Musée Bolo via Wikimedia Commons
The 19th Century Quantum Mechanics
While William Rowan Hamilton isn’t a household name like, say, Einstein or Hawking, he might have been. It turns out the Irish mathematician almost stumbled on quantum theory in the or around 1827. [Robyn Arianrhod] has the story in a post on The Conversation.
Famously, Newton worked out the rules for the motion of ordinary objects back in 1687. People like Euler and Lagrange kept improving on the ideas of what we call Newtonian physics. Hamilton produced an especially useful improvement by treating light rays and moving particles the same.
Sure, he was using it as an analogy. But fast forward a bit, and we find out that while light is like a wave, it is also like a particle. In 1924, de Broglie proposed that perhaps, then, matter could also be a particle or a wave. He was right, and this was the birth — or at least the conception — of what we now call quantum mechanics. This led to work from Schrödinger, Dirac, and others. Schrödinger, in particular, was intrigued with Hamilton’s analogies and joined them to de Broglie’s ideas. This led to his famous wave equation.
Hamilton did many other things, too. He was an amateur poet and developed the algebra of quaternions, although another mathematician, Benjamin Rodrigues, had written about an early version of them a few years earlier. He was also famous, or perhaps infamous, for being struck by inspiration while on a walk and carving an equation into a nearby bridge.
Active Probe Reaches 3 GHz
When you think of a scope probe, you usually think of what is basically a wire with a spring hook and an attenuator. Those are passive probes. [Kerry Wong] shows off a pre-release active probe that sidesteps some problems with those ordinary passive probes.
The trick is that passive probes have input capacitance that interferes with very high-frequency signals. They also tend to have less noise. Although the probe isn’t on the market yet, it is set to debut at a price lower than competitive probes. Still, be warned. The reason you don’t see them more often is that $1,000 is relatively inexpensive for an active probe.
Because the probe is pretty hefty, it comes with a tripod that can hold it while you use it. [Kerry] connects some probe adapters to a PCB with two square wave oscillators. Square waves are a good test waveform because they have odd-numbered harmonics that rise well above the target frequency.
The probe adapters are a little longer than you might like, which causes some ringing on the input signal. However, if you compare the results to a standard passive probe, you’ll quickly see the value of the active probe setup.
You can save some money if you roll your own, of course. Most of the ones we’ve seen don’t quite make 3 GHz, though.
youtube.com/embed/pN8wHRxeny4?…
Detecting Surveillance Cameras With The ESP32
These days, surveillance cameras are all around us, and they’re smarter than ever. In particular, many of them are running advanced algorithms to recognize faces and scan license plates, compiling ever-greater databases on the movements and lives of individuals. Flock You is a project that aims to, at the very least, catalogue this part of the surveillance state, by detecting these cameras out in the wild.
The system is most specifically set up to detect surveillance cameras from Flock Safety, though it’s worth noting a wide range of companies produce plate-reading cameras and associated surveillance systems these days. The device uses an ESP32 microcontroller to detect these devices, relying on the in-built wireless hardware to do the job. The project can be built on a Oui-Spy device from Colonel Panic, or just by using a standard Xiao ESP32 S3 if so desired. By looking at Wi-Fi probe requests and beacon frames, as well as Bluetooth advertisements, it’s possible for the device to pick up telltale transmissions from a range of these cameras, with various pattern-matching techniques and MAC addresses used to filter results in this regard. When the device finds a camera, it sounds a buzzer notifying the user of this fact.
Meanwhile, if you’re interested in just how prevalent plate-reading cameras really are, you might also find deflock.me interesting. It’s a map of ALPR camera locations all over the world, and you can submit your own findings if so desired. The techniques used by in the Flock You project are based on learnings from the DeFlock project. Meanwhile, if you want to join the surveillance state on your own terms, you can always build your own license plate reader instead!
[Thanks to Eric for the tip!]
Robot Bartender Is The Life of the Party
As the old saying goes, when the only tool you have is a 6 DOF industrial robotic arm, every problem looks like an opportunity to make it serve up adult beverages. [benkokes] found himself in this familiar predicament and did what any of us would do, but his process wasn’t without a few party fouls as well as a few head-scratchers.
One of the common problems that people who suddenly find themselves with an old industrial robot have is that there’s usually no documentation or instructions. This was true here with the added hiccup of the robot’s UI being set to Chinese. Luckily no one had changed the root password, and eventually he was able to get the robot up and working.
Getting it to make drinks was a different matter altogether. [benkokes] needed a custom tool to hold the cup as well as shake it, and 3D printed a claw-style end effector with a lid. Out of his multi-colored pack of party cups, however, the orange cups were different enough in dimension to cause problems for the shaking lid which was discovered when the robot spilled a drink all over the table.
Eventually, though, the robot was successfully serving drinks at a party. One of [benkokes]’s friends happened to be a puppet maker and was able to outfit it with a tailored tuxedo for the party as well, and he also programmed it to dance in between serving drinks, completing the AI revolution we have all been hoping for. Perhaps unsurprisingly, this is a common project for people who suddenly come to posses a large general-purpose industrial robot, while others build robots specifically for this task alone.
youtube.com/embed/gczwmDvI31E?…
Hackaday Podcast Episode 339: The Vape Episode, a Flying DeLorean, and DIY Science
Hackaday Editors Elliot Williams and Tom Nardi start this week’s episode off with an update on the rapidly approaching 2025 Supercon in Pasadena, California. From there they’ll talk about the surprisingly high-tech world of vapes, a flying DeLorean several years in the making, non-contact pulse monitoring, and the potential of backyard radio telescopes to do real astronomy. You’ll hear about a dodecahedron speaker, a page turning peripheral, and 3D printed tools for unfolding boxes. They’ll wrap things up by taking a look at the latest generation of wearable smart glasses, and wonder if putting a bank of batteries in your home is really with the hassle.
Check out the links below if you want to follow along, and as always, tell us what you think about this episode in the comments!
html5-player.libsyn.com/embed/…
Direct download in DRM-free MP3.
Where to Follow Hackaday Podcast
Places to follow Hackaday podcasts:
Episode 339 Show Notes:
News:
What’s that Sound?
- Think you know that sound? Fill out this form for a chance to win!
Interesting Hacks of the Week:
- When Low SRAM Keeps The DOOM Off Your Vape
- Full Scale Styrofoam DeLorean Finally Takes Flight
- Full-Scale Flying DeLorean Gets Closer To Liftoff
- Mega-CNC Router Carves Styrofoam Into A Full-Size Flying Delorean
- Heart Rate Measurement Via WiFi, The DIY Way
- Low-Cost, High-Gain: A Smart Electronic Eyepiece For Capturing The Cosmos
- How A Failed Video Format Spawned A New Kind Of Microscope
- Listening For The Next Wow! Signal With Low-Cost SDR
- The Wow! Signal And The Search For Extraterrestrial Intelligence
- Damage To Arecibo Leaves Gaping Hole In Astronomy
- Roofing Radio Telescope Sees The Galaxy
Quick Hacks:
- Elliot’s Picks:
- Dodecahedron Speaker Is Biblically Accurate
- Robot Balances Ball On A Plate
- This Device Is A Real Page Turner
- Tom’s Picks:
- Calculator Battery Mod Lets You Go The Distance
- For A Robot Claw, The Eyes Have It
- Mandrel Magic: Small Box Assembly With 3D Printing
Can’t-Miss Articles:
- Meta’s Ray-Ban Display Glasses And The New Glassholes
- How Regulations Are Trying To Keep Home Battery Installs Safe
hackaday.com/2025/09/26/hackad…
Set Phone to… Hyperspectral
While our eyes are miraculous little devices, they aren’t very sensitive outside of the normal old red, green, and blue spectra. The camera in your phone is far more sensitive, and scientists want to use those sensors in place of expensive hyperspectral ones. Researchers at Purdue have a cunning plan: use a calibration card.
The idea is to take a snap of the special card and use it to understand the camera’s exact response to different colors in the current lighting conditions. Once calibrated to the card, they can detect differences as small as 1.6 nanometers in light wavelengths. That’s on par with commercial hyperspectral sensors, according to the post.
You may wonder why you would care. Sensors like this are useful for medical diagnostic equipment, analysis of artwork, monitoring air quality, and more. Apparently, high-end whisky has a distinctive color profile, so you can now use your phone to tell if you are getting the cheap stuff or not.
We also imagine you might find a use for this in phone-based spectrometers. There is plenty to see in the hyperspectral world.
Active Directory nel mirino! Come i criminal hacker rubano NTDS.dit
Active Directory (AD) contiene le chiavi digitali dell’organizzazione: l’accesso non autorizzato a questo servizio espone informazioni sensibili e credenziali che possono condurre a una compromissione totale del dominio.
Tra gli asset più critici c’è il file NTDS.dit, che memorizza l’insieme dei dati di dominio e gli hash delle password. Questo articolo ricostruisce un caso reale in cui attori ostili hanno ottenuto privilegi elevati, hanno estratto NTDS.dit e hanno tentato la sua esfiltrazione eludendo controlli comuni.
Il valore strategico di NTDS.dit
In un ambiente Windows dominato da Active Directory, il file NTDS.dit (NT Directory Services Directory Information Tree) rappresenta il database centrale del dominio: contiene account utente, policy di gruppo, oggetti computer e — elemento cruciale — gli hash delle password di tutti gli account, compresi quelli con privilegi di Domain Administrator.
Il furto di questo file permette ad un attaccante, una volta in possesso dell’hive di sistema (SYSTEM) per decrittare il contenuto, di estrarre gli hash, attaccarli offline e impersonare qualunque identità all’interno del dominio. In pratica si ottiene la “mappa” dell’identità digitale dell’organizzazione.
Gli aggressori, riporta la ricerca di Trellix, dopo aver acquisito privilegi amministrativi su un host, sfruttano spesso strumenti nativi (ad esempio vssadmin) per creare Volume Shadow Copy e aggirare i lock sui file, copiando così NTDS.dit senza interrompere i processi AD. Successivamente riparano il file con esentutl e ricavano credenziali con utilità come SecretsDump, Mimikatz o anche con semplici comandi di copia. Queste operazioni possono risultare sorprendentemente silenziose per molte difese tradizionali, motivo per cui il rilevamento basato sul comportamento di rete è fondamentale.
Sequenza dell’attacco: estrazione e esfiltrazione di NTDS.dit
L’analisi del caso mostra una catena di azioni tipica: accesso iniziale, raccolta di hash, uso di hash per autenticarsi, movimento laterale e quindi estrazione di NTDS.dit insieme all’hive di registro SYSTEM, indispensabile per ottenere la Boot Key necessaria alla decrittazione.
Fasi principali illustrate:
- Raccolta degli hash — Gli avversari ottengono hash delle password tramite metodi come DCSync o estraendoli dalla memoria del processo
lsass.exe(ad esempio con Mimikatz), operazione che richiede privilegi elevati sull’host compromesso. - Autenticazione tramite hash rubati — Con la tecnica “Pass the Hash” (MITRE ID: T1550.002) è possibile autenticarsi come l’utente compromesso, sfruttando NTLM o algoritmi AES (es.
/ntlm,/aes128,/aes256) per connettersi a risorse di rete o avviare processi remoti. - Espansione della compromissione — Le credenziali ottenute vengono usate per eseguire strumenti come PSExec e raggiungere altri sistemi, ampliando la superficie d’attacco e ripetendo il ciclo di furto credenziali e movimento laterale.
- Dump ed esfiltrazione di NTDS.dit e SYSTEM — Per copiare NTDS.dit pur con AD attivo, gli aggressori possono:
- creare una snapshot del volume tramite Volume Shadow Copy Service (VSS) e prelevare il file dalla copia;
- utilizzare utility PowerShell (es. Invoke-NinjaCopy o simili) per copiare file in uso;
- sfruttare strumenti di sistema come
NTDSUtil.exeoDSDBUtil.exeper esportare dati.
Dalla snapshot gli attaccanti prelevano NTDS.dit e l’hive SYSTEM, li posizionano in una cartella di staging, li verificano con editor esadecimali o strumenti di parsing AD e quindi li archiviano per l’esfiltrazione verso server esterni.
Raccomandazioni operative
Dall’analisi emergono indicazioni concrete per la mitigazione: monitorare e bloccare movimenti SMB e trasferimenti di file inconsueti, controllare e limitare l’uso di strumenti di amministrazione remota come PsExec, rafforzare la protezione degli account con privilegi elevati e abilitare controlli per rilevare creazioni di Volume Shadow Copy e altre tecniche note per aggirare i lock sui file.
L'articolo Active Directory nel mirino! Come i criminal hacker rubano NTDS.dit proviene da il blog della sicurezza informatica.
This Week in Security: Randomness is Hard, SNMP Shouldn’t Be Public, and GitHub Malware Delivery
Randomness is hard. To be precise, without dedicated hardware, randomness is impossible for a computer. This is actually important to keep in mind when writing software. When there’s not hardware providing true randomness, most rnd implementations use a seed value and a pseudo random number generator (PRNG). A PRNG is a function that takes a seed value, and turns it into a seemingly random value, and also produces a new seed for the next time a random value is needed. This could be as simple as a SHA256 sum, where the hash output is split to become the next seed and the random value.
The PRNG approach does still have a challenge. Where does the initial seed come from? There are a few common, if flawed, approaches, and one of the most common is to use the system clock. It’s not a bulletproof solution, but using the microsecond counter since the last system boot is often good enough, because there are a lot of them to choose from — the entropy is high. With that brief background in mind, let’s talk about what happens in VBScript. The Randomize call is used to seed that initial value, but Randomize has some quirks.
The first is a great feature: calling Randomize a second time with the same seed doesn’t reset the PRNG engine back to the same initial state. And second, when called without a value, Randomize uses the number of system ticks since midnight as the PRNG seed. There are 64 ticks per second, giving five-and-a-half million possible seeds, or 22 bits of entropy. This isn’t great on its own, but Randomize internally typecasts that number of ticks into a narrower value, with a maximum possible of time-based seeds set at 65,536, which is a lot easier to brute-force.
We don’t know the exact application where the researchers at Doyensec found VBScript generating secure tokens, but in their Proof of Concept (PoC) test run, the generated token could be found in four guesses. It’s a terrible security fail for basically any use, and it’s a deceptively easy mistake to make.
GoAnywhere Exploit
The folks at WatchTowr have a report on a blistering 10.0 CVE in the GoAnywhere Managed File Transfer (MFT) product. This vulnerability was first published on September 18, and the WatchTowr crew took a look at it, and had questions. This bug is a deserialization attack that can land even without any authentication. It can result in command injection, and the latest update from GoAnywhere vendor Forta vaguely indicates that it is being used for attacks in the wild. But this is particularly odd: before the vulnerable interface deserializes, it first checks for a valid signature. And WatchTowr researchers couldn’t find a leak of a valid private key. So how was the vulnerability in use in the wild?
Lucky for us, there’s a part two to this story, but not all of the mysteries are explained. This CVE is indeed being exploited in the wild, with the earliest known exploit being September 10th. Since there was a full week between the earliest known compromise and the release of the patch, it seems unfortunate that it took WatchTowr this long to confirm that this vulnerability was actually exploited in the wild.
Cisco and Public SNMP
Two million Cisco systems are at risk from CVE-2025-20352. This is a remotely accessible flaw in the handling of Simple Network Management Protocol traffic. The attack does require valid credentials, but the attack works using SNMPv1, v2, or v3. While SNMPv3 has more secure user credentials, the earlier SNMP versions just used “community strings”, a text based password that was often set to “public”.
This vulnerability seems to lead to either a crash or a Remote Code Exploitation (RCE). It’s not entirely clear how difficult it is to achieve RCE, but it’s noteworthy that RCE here is run as root, a level of access not usually available even to administrators of Cisco equipment. So far there’s no indication that this was used in the wild, but now that some information and a patch is available, it’s likely not going to take long for someone to reverse-engineer the vulnerability and weaponize it.
More Spilled Tea
Remember the Tea Spilling from a couple months ago? The Tea app had an unsecured Firebase database. It turns out that wasn’t an isolated incident. [Mike Oude Reimer] has been working on OpenFirebase, an auditing tool for FireBase installs. And to prove the point, did an audit on 400 of the most popular Android apps from a trio of categories in the play store, and found 150 Firebase servers that granted unintended access of some sort. That’s a bit stunning, that over one in three Android apps have insecure Firebase servers associated with them.
Github Malware Delivery
There’s a malware campaign that has happened in the last couple weeks, based around Search Engine Optimization and GitHub repositories. The instructions peddle malicious commands to users looking for popular software on the Mac, like LastPass and others. I was prepared to write about how Ad Blocking is really a form of security protection, as these campaigns are often delivered via advertising, but this one seems to primarily be based on real search engine placement.
This isn’t the only malware campaign that takes advantage of GitHub’s reputation as a trusted source of software. A phishing campaign was also recently spotted, where spam messages were added as GitHub issues, with the spammers tagging their victims, and offering fake Y Combinator sponsorships. Since the messages were sent via GitHub, most spam blockers treated them as legitimate. This campaign was a bit more clever than most, making use of domain typo-squatting, with the y-comblnator.com domain used as part of the campaign. The goal here being draining the crypto accounts of people sufficiently fooled by the messages.
Bits and Bytes
Is nothing sacred? In addition to GitHub, malware appears to be distributed via Steam, in updates to games. The most recent example was the Block Blasters game, which was on Steam for nearly two months before shipping malicious code.
How can you figure out whether an image is AI, or has been manipulated with AI or other tools? There’s quite a few approaches, but one of the interesting ones is to look at the JPEG artifacting. If part of the image has ever been compressed via JPEG, this results in blocky artifacts that are hard for the human eye to spot, but easy to see with the right tools.
And finally, in a blast from the past, Supermicro has another pair of vulnerabilities that could allow malicious firmware on server Baseboard Management Controller (BMCs). The way these images are signed is slightly odd, with the various portions of the file signed independently. The attack is to treat these sections like cards in a deck, and shuffle malicious slices into the stack. The verification routine thinks all the important pieces are signed, but during a real boot, the malicious code runs instead. Patches coming soon.
Steamboat Willie Still Tests Copyright
If you know anything about Mickey Mouse, you’ll be able to tell us that his first outing was in 1928’s Steamboat Willie — an animated short that sees our hero as the hapless pilot of a riverboat battling an assortment of animals and his captain. It entered the public domain last year, meaning that it and the 1928 incarnation of Mickey are now free of any copyright obligation to the media giant.
There’s an interesting development from Florida on that front though as it seems Disney may have been testing this through legal means, and now a law firm wants to see them in court over their proposed use of the film in an advert.
Of course here at Hackaday we don’t cover the dry subject of Florida legal news as a rule, but we are interested in the world of copyright as it applies to many other things that do come under our eye. As we understand it the law firm is requesting the judge assert their protection from trademark claims over the use of Disney’s 1928 Willie, given that there have been claims from the entertainment giant against others doing the same thing.
It’s hardly surprising that a large corporation might seek to use legal muscle and trademark law to de facto extend the term of Mickey’s protection beyond the defined copyright expiration date, so for once it’s refreshing to see them come up against someone unafraid of a courtroom.
We hope that common sense will prevail, and this undermining of a cherished right (not to mention prior case law) is not allowed to succeed. Meanwhile if you’d like a 1928 Mickey that Disney have shied away from coming after, look no further than the EFF.
A Ham-Adjacent Portable Radio Repeater
Although ham radio offers a wide array of bands to transmit on, not to mention plenty of modes to communicate with, not everyone wants or needs to use all of this capability. For those needing simple two-way communication services like FRS or GMRS are available (in North America) with much less stringent licensing requirements, and GMRS even allows repeaters to be used to extend their range beyond the typical mile or so. [Dave] aka [N8DAV] has built an off-grid simplex repeater that can travel around with him wherever he goes.
The repeater itself is based on a pre-built simplex repeater module, which means that it has to record an incoming signal and then play it back on the same frequency. Compared to a split frequency repeater which uses different frequencies for transmit and receive this can be a bit cumbersome but simplifies the design and the use. A Baofeng UV-5R is used to perform the actual radio duties paired to a 40 watt amplifier to extend the range as much as possible. It’s all packed into a Pelican-like case and set up with a large battery that could power it for a number of days, making it useful for camping, rescue, or other off-grid activities.
For those wondering why [Dave] is using his ham call sign instead of his GMRS one, all of the equipment in this build will work in either the UHF ham bands or the channels reserved for GMRS with minor adjustments, so it’s perfectly possible to use the setup for one’s preferred license. And, for those in other parts of the world without GMRS there’s a similar class of radio called UHF CB which might be able to support similar builds, but be sure to check your local jurisdiction’s laws before hooking something like this up. For an even longer-range radio repeater using similar equipment we’d recommend looking to the skies.
youtube.com/embed/_S3fQOkPa9s?…
Thanks to [Red] for the tip!
Un attacco informatico ucraino paralizza il sistema di pagamento russo SBP
Gli specialisti informatici dell’intelligence di difesa dell’Ucraina hanno portato a termine con successo un attacco che ha paralizzato il sistema di pagamento nazionale russo SBP. Fonti della DIU hanno condiviso la notizia con Militarnyi. Secondo loro, l’attacco era mirato alle infrastrutture utilizzate per finanziare le organizzazioni che sostengono l’aggressione contro l’Ucraina.
A seguito di un attacco DDOS su larga scala al sistema SBP e al provider TransTeleCom, un numero significativo di russi ha perso la possibilità di effettuare trasferimenti istantanei e pagare gli acquisti online. Gli abitanti di Ekaterinburg si sono lamentati in massa sui social media per le interruzioni del servizio, poiché le persone non erano in grado di pagare i mezzi di trasporto o di fare rifornimento alle stazioni di servizio.
L’attacco informatico ha causato anche interruzioni nell’accesso a Internet e alla televisione interattiva. Centinaia di migliaia di abbonati di provider locali in diverse regioni della Federazione Russa sono rimasti senza comunicazione. Secondo l’intelligence ucraina, le conseguenze dell’attacco hanno avuto un impatto significativo sull’economia russa.
“Le perdite economiche stimate a seguito dell’attacco DDOS al sistema di pagamento SBP ammontano fino a 30 milioni di dollari”, ha sottolineato la DIU.
Sui social network di Ekaterinburg sono comparse numerose lamentele riguardo all’impossibilità di pagare online i trasporti pubblici o i pagamenti alle stazioni di servizio.
L'articolo Un attacco informatico ucraino paralizza il sistema di pagamento russo SBP proviene da il blog della sicurezza informatica.
Altro che cervello e quaderni! ChatGPT domina i banchi di scuola
L’utilizzo di ChatGPT è aumentato vertiginosamente con l’inizio del nuovo anno scolastico in Occidente, con la generazione di token che ha raggiunto livelli record. Secondo OpenRouter , il popolare chatbot OpenAI ha elaborato 78,3 miliardi di token il 18 settembre, il livello più alto dal calo estivo.
A giugno 2025, quando la maggior parte delle scuole era in vacanza, l’utilizzo medio giornaliero è sceso a 36,7 miliardi di token. A titolo di confronto, a maggio 2025, tra esami e finali, la media era vicina agli 80 miliardi al giorno.
Le statistiche di OpenRouter, che monitorano l’attività di 2,5 milioni di utenti, mostrano come i modelli cambino radicalmente a seconda del calendario accademico. Sebbene i dati riflettano una sola piattaforma, vengono utilizzati attivamente da ricercatori e investitori per analizzare le dinamiche di adozione degli LLM.
Come sottolinea Futurism, studi, tra cui uno della Rutgers University, hanno già confermato una forte correlazione tra la popolarità di ChatGPT e il processo educativo. Questo è facilmente osservabile osservando la grafica interattiva di OpenRouter .
L’attività diminuisce costantemente durante le vacanze primaverili ed estive, mentre aumenta con l’inizio delle lezioni. Pertanto, gli studenti costituiscono una parte significativa del pubblico di ChatGPT.
Tra i modelli monitorati da OpenRouter, ChatGPT 4.1 Mini è in testa, con 26,9 miliardi di token minati il 18 settembre. Il nuovo GPT-5 ha visto 18,7 miliardi di token minati lo stesso giorno. Anche altre versioni, come GPT-4o Mini e GPT-5 Mini, hanno dato un contributo significativo.
Questi dati confermano che gli strumenti di intelligenza artificiale sono sempre più utilizzati negli istituti scolastici. Gli studenti utilizzano il chatbot OpenAI per scrivere, cercare informazioni e supportare l’apprendimento. Non si tratta solo dei rischi associati all’imbroglio. Molti educatori ritengono utile insegnare agli studenti come interagire con tali sistemi e utilizzarli in modo responsabile.
Come ogni nuova tecnologia, l’intelligenza artificiale si sta rapidamente integrando nella vita quotidiana dei giovani. La discussione è già andata oltre la questione se ChatGPT debba essere utilizzato o meno. La questione chiave ora è come integrarlo correttamente nel processo educativo, in modo che l’intelligenza artificiale completi l’apprendimento anziché sostituirlo.
L'articolo Altro che cervello e quaderni! ChatGPT domina i banchi di scuola proviene da il blog della sicurezza informatica.
The New Raspberry Pi 500+: Better Gaming with Less Soldering Required
When Raspberry Pi released the Pi 500, as essentially an RPi 5 integrated into a chiclet keyboard, there were rumors based on the empty spots on the PCB that a better version would be released soon. This turned out to be the case, with [Jeff Geerling] now taking the new RPi 500+ to bits for some experimentation and keyboard modding.
The 500’s case was not designed to be opened, but if you did, you’d find that there was space allocated for a Power-Over-Ethernet section as well as an M.2 slot, albeit with all of the footprints unpopulated. Some hacking later and enterprising folk found that soldering the appropriate parts on the PCB does in fact enable a working M.2 slot. What the 500+ thus does is basically do that soldering work for you, while sadly not offering a PoE feature yet without some DIY soldering.
Perhaps the most obvious change is the keyboard, which now uses short-travel mechanical switches – with RGB – inside an enclosure that is now fortunately easy to open, as you may want to put in a different NVMe drive at some point. Or, if you’re someone like [Jeff] you want to use this slot to install an M.2 to Oculink adapter for some external GPU action.
After some struggling with eGPU devices an AMD RX 7900 XT was put into action, with the AMD GPU drivers posing no challenge after a kernel recompile. Other than the Oculink cable preventing the case from closing and also losing the M.2 NVMe SSD option, it was a pretty useful mod to get some real gaming and LLM action going.
With the additions of a presoldered M.2 slot and a nicer keyboard, as well as 16 GB RAM, you have to decide whether the $200 asking price is worth it over the $90 RPi 500. In the case of [Jeff] his kids will have to make do with the RPi 500 for the foreseeable future, and the RPi 400 still finds regular use around his studio.
youtube.com/embed/Dv3RRAx7G6E?…
Commodore 64: Dal mito degli anni ’80 al 2025! Vendute 10.000 nuove console
Commodore Corporation BV è stata recentemente acquisita da fan ed ex dipendenti. Ora, il nuovo marchio Commodore ha annunciato un traguardo significativo: il primo computer Commodore 64 Ultimate in 30 anni ha superato le 10.000 unità vendute.
L’account X ufficiale dell’azienda ha pubblicato i dati di vendita e ringraziato la community per il supporto. Come mostra il grafico pubblicato, le vendite sono iniziate in modo molto attivo il 12 luglio di quest’anno.
Da agosto, il trend è stato più uniforme, ma stabile. La cronologia mostra anche le date di uscita della trilogia video “Let’s Buy Commodore”, che ha ottenuto centinaia di migliaia di visualizzazioni (un episodio ha superato le 400.000 visualizzazioni). Il management dell’azienda ha monitorato attentamente l’impatto della campagna video sulle vendite.
Nella prima settimana dopo il lancio del nuovo prodotto, Commodore raccolse oltre 2 milioni di dollari. Ciò coincise con la pubblicazione del video “Making History: Signing the Commodore Contract + C64 Ultimate Production Update”, che vide un ulteriore incremento delle vendite. Fu allora che molti si resero conto che l’azienda era davvero in via di guarigione.
Subito dopo il traguardo delle 10.000 unità vendute, Commodore ha ricordato a tutti che c’è ancora tempo per preordinare il primo lotto tramite commodore.net ed essere tra i primi acquirenti quest’anno.
Il Commodore 64 Ultimate, basato su una piattaforma FPGA e dotato della “prima scheda madre con tastiera trasparente al mondo”, ha un prezzo di partenza di 299 dollari. È stato anche precisato che la Founders Edition sarà un’edizione unica.
Non è ancora stato annunciato un sostituto per chi se l’è perso, ma è previsto un modello simile.
youtube.com/embed/S2fGP59mJ5M?…
Anche se non avete intenzione di immergervi in una versione moderna dell’iconico C64, questa notizia merita di essere accolta positivamente. Commodore si sta posizionando come Founder’s Sandbox, una piattaforma per nuovi progetti informatici. La roadmap dell’azienda prevede fino a 12 importanti release nei prossimi quattro anni, il che ha già incuriosito la comunità degli appassionati di tecnologia retrò e moderna.
Le vendite del Commodore 64 Ultimate hanno superato le 10.000 unità, dimostrando che l’interesse per i computer retrò rimane forte e che il marchio rilanciato è in grado non solo di attingere alla nostalgia, ma anche di diventare una forza trainante per nuovi progetti tecnologici.
Il Commodore 64 originale (noto anche come C64) fu lanciato nel gennaio 1982 e divenne rapidamente il computer domestico più popolare dell’epoca. Il computer era dotato di un processore MOS Technology 6510/8500 a 8 bit con frequenza di 1,023 MHz nella versione NTSC e 0,985 MHz nella versione PAL.
Oltre a 64 KB di RAM, erano disponibili 20 KB di memoria di sola lettura, incluso un interprete BASIC. Inoltre, il dispositivo offriva supporto hardware per grafica a colori e audio. Il chip grafico VIC-II supportava una risoluzione di 320×200 pixel, 16 colori e sprite hardware. Il tutto era completato da interfacce per joystick, porte video/audio, uno slot per cartucce ROM e una porta seriale IEEE-488 (per unità disco o stampanti).
L'articolo Commodore 64: Dal mito degli anni ’80 al 2025! Vendute 10.000 nuove console proviene da il blog della sicurezza informatica.
Vertical Solar Panels are Out Standing
If you’re mounting solar panels, everybody knows the drill, right? Point them south, angled according to latitude. It’s easy. In a video which demonstrates that [Everyday Dave] is truly out standing in his field, we hear a different story. [Dave] has a year’s worth of data in his Solar Panel Showdown that suggests there are good reasons to mount your panels vertically.
Specifically, [Dave] is using bifacial solar panels– panels that have cells on both sides. In his preferred orientation, one side faces South, while the other faces North. [Dave] is in the Northern Hemisphere, so those of you Down Under would have to do the opposite, pointing one face North and the other South.
Since [Dave] is far from the equator, the N/S vertical orientation beats the pants off of East-West facing panels, especially in winter. What’s interesting is how much better the bifacial panels do compared to the “standard” tilted orientation. While peak power in the summer is much better with the tilted bifacial panels (indeed, even the tilted single-sided panels), in winter the vertical N/S panels blow them out of the water. (Especially when snow gets involved. Vertical panels don’t need sweeping!)
Even in the summer, though, there are advantages: the N/S panels may produce less power overall, but they give a trickle earlier and later in the day than the tilted orientation. Still, that extra peak power really shows, and over a six-month period from solstice-to-solstice, the vertical panels only produced 77% what the tilted bifacial panels did (while tilted single-sided panels produced 90%).
Is it worth it? That depends on your use case. If most of the power is going to A/C, you’ll need the extra in the warmer months. In that case, you want to tilt the panels. If you have a steady, predictable load, though, having even production winter/summer might be more to your liking– in that case you can join [Dave] in sticking solar panels straight up and down.
These results probably apply at latitudes similar to [Dave] who is in cloudy and snowy Ohio, which is perhaps not the ideal place for solar experimentation. If you’re not an Ohio-like distance from the equator, you might find an East-West array is the best bang for the buck. Of course if you really want to max out power from each individual cell, you can’t beat sun tracking regardless of where you are.
youtube.com/embed/I-Fz5T5c0OQ?…
Hovercraft Suitcase Gives Your Luggage a Smooth Ride
The wheels on roller suitcases are one of their primary failure points. After the destruction of the wheel mount on her DIY suitcase, [Laura Kampf] wondered if it would be better to dispense with wheels altogether.
To give her suitcase a lift, [Kampf] decided to turn it into a hovercraft so it couldn’t be stopped by pavement or puddles. The first task was finding an appropriate fan, and a compact leaf blower donated it’s body to makerdom for the project. After reducing the blower to it’s constituent components and finding a secret turbo switch, work began on the momentum curtain.
“Nose-holing” the arrangement and size of the holes to pipe air through the stapled tarp and tape skirt seemed to be the bulk of the trial-and-error in this one. Based on other hovercraft designs [Kampf] found, keeping the holes near the center of the inflated portion gave better lift. In the end, the carry-on is able to lift a decent amount even on its lowest setting, resulting in a suitcase that is “not embarrassing” for travel. No word yet on what TSA thinks.
If you’re looking for another unexpected lift off, how about a full-sized flying Delorean replica? We’ve also covered some of the reasons why we don’t see more of these all terrain wonders.
youtube.com/embed/dbtdgSodOpw?…
Tube Furnace is the Real Hotness
We aren’t sure what [theglassman] is working on, but based on his recent projects, we think it is probably something interesting. He’s been decapping ICs, growing oxide on silicon substrates, and has built a tube furnace capable of reaching 1200 °C.
What would you do with something that can melt cast iron? We aren’t sure, but maybe you’ll tell us in the comments. We do have a fair idea of what [theglassman] is doing, though.
The core of the oven is a quartz tube. Insulation is via refractory cement and alumina ceramic wool. The heating itself is classic Nichrome wire and a tiny thermocouple. The real key, though, is to the proper controller. [theglassman] suggests a ramp/soak controller. These allow you to program sequences that heat up and then stop, which, if done properly, can prevent your fragile quartz tube from cracking.
Naturally, you need the tube furnace to grow oxides on silicon. It is less clear why he’s decapping ICs. We were nervous about his process of boiling down sulfuric acid (fuming nitrate works better, anyway, if you just want to remove the epoxy). If you want to remove everything like he does, sodium hydroxide will also work well.
Obviously, we need to keep an eye on [theglassman]. We are curious what he’s working towards. Maybe making a custom transistor? Or, dare we hope, a homemade IC?
Surprisingly Refined Perpetual Motion Device Teardown
Perpetual motion devices are either a gag, a scam, or as in the case of this particular toy that [Big Clive] bought on AliExpress, a rather fascinating demonstration of a contact-free inductive sensor combined with a pulsed magnet boost for the metal ball. A cool part about the device is that it comes with a completely clear enclosure, so you can admire its internals while it’s operating. Less cool was that after unboxing the device wasn’t working as the detector wasn’t getting the 12 V it needs to operate, requiring a bit of repairing first.
Based on the label on the bottom of the device with the creative model identifier P-toy-002, its standby current is 10 µA which ramps up to 3 A when it’s operating. This makes sense when you look at the two core components: the industrial inductive detector, and a rather big electromagnet that’s driven by a bank of three 10 mF, 35V capacitors, turning it into something akin to a coilgun. Annoyingly, an attempt was made to erase most of the IC package markings.
The circuitry isn’t too complex, fortunately, with an adjustable electromagnet coil voltage circuit combined with a MOSFET to provide the pulse, and a 78L12 regulator to generate the 12 VDC from the coil’s voltage rail for the sensor that is monitored by a MCU.
youtube.com/embed/0mpxdDQHYDQ?…
How Water Vapor Makes Smartphones Faster
Once upon a time, home computers were low-powered enough that they barely needed any cooling at all. An Amiga 500 didn’t even have a heatsink on the CPU, while the early Macintosh got by with a single teeny little fan.
Modern smartphones are far more powerful than these ancient machines, packed with multi-core processors running at speeds of many gigahertz. Even still, they’ve generally been able to get by without any active cooling devices. However, as manufacturers continue to push the envelope of performance, they’ve had to scramble for ways to suck heat out of these handheld computers. Vapor chamber cooling has risen as a solution to this problem, using simple physics to keep your handset humming along at maximum speed for longer.
Cool Runnings
Keeping a smartphone cool is a unique challenge compared to other computing devices. In a desktop or laptop computer, designers can rely on fans, heatsinks, and even water cooling loops with radiators to get heat out of a device. However, for a phone, these methods aren’t so practical. Any air vents would be quickly blocked by pocket lint, and even the slimmest fan or heatsink would add a huge amount of bulk, which is unacceptable for a handheld device.
Thus far, smartphones have largely avoided heating issues in two ways. Firstly, by using low-power chipsets that simply don’t generate a lot of heat in the first place. Secondly, by thermally coupling the main chips to metal heat spreaders and sometimes the smartphone’s external housing, to effectively create a simple heatsink. However, smartphones continue to grow more powerful, generating more heat during demanding tasks like recording high-resolution video. Thus, engineers have had to find new ways to dump greater amounts of heat without compromising the aesthetics and usability of their devices.
Enter vapor chamber cooling. Picture a sealed metal cavity built into a smartphone, inside which is a small amount of water-based coolant. The phone’s chipset is thermally coupled to the cavity, such that the heat is absorbed by the coolant inside. Thanks to the physical properties of water, notably its huge specific heat value, it’s able to absorb a great deal of heat energy, particularly as it passes through the phase-change regime as the fluid turns from a liquid into a gas. As it heats up and vaporizes, the coolant spreads to fill the entire cavity, spreading the heat into the whole thermal mass of the casing where it can be released into the surroundings. As heat is released, the vapor cools back into a liquid, and the cycle can begin again. The idea is exactly the same as is used in heat pipes—where a liquid is heated beyond its phase change point into a vapor, and used to spread heat to other areas of a sealed cavity.
The vapor chamber has benefits over traditional metal heatsinks. The liquid coolant is very effective at evaporating and spreading heat around the entire chamber, wicking heat away from hot chips more quickly. Traditional heatsinks can end up with a hotspot over individual chips, whereas the vapor chamber is more effective at distributing the heat over a wider area.
The intention behind this is to allow phones to run at maximum performance for longer. Whether you’re shooting video or playing a game, it’s no good if your phone has to start throttling clock rates to stay cool in the middle of a task. The vapor chamber simply helps engineers suck more heat out of a phone’s chipset and get rid of it faster.
One drawback is that vapor chambers are obviously far more complex to manufacture than traditional heatsinks. Rather than a flat metal heat spreader, you have a delicate chamber into which coolant must be injected, and then the chamber must be sealed. The coolant must be able to soak up a great deal of heat, as well as safely deal with many cycles of vaporization and condensation, without causing any corrosion or damage to the chamber in the process. The entire vapor chamber must be able to survive the rough-and-tumble life of a handheld device that’s stuffed into pockets and thrown into bags every day of its life.
Vapor chambers have been around for a while now, first showing up in the Galaxy S7 in 2016. They’ve gradually become more popular, though, and these days, you’ll find a vapor chamber in phones like the Google Pixel 9 Pro, the Samsung Galaxy S25+, and the Apple iPhone 17 Pro and Pro Max. They’re still largely the preserve of flagship devices, perhaps as much due to their high-tech appeal and higher cost than traditional cooling solutions. Still, as the smartphone arms race continues, and these parts become more common, expect the technology to trickle down to more humble models in the years to come.
Trapped Soul in Time for Halloween
While it is sort of disturbing, it is one of the best uses for a round LCD we’ve seen lately. What is it? Just [vishalsoniindia]’s SoulCage — a pendant that appears to have a poor soul trapped inside of it. Just in time for the upcoming spooky holiday. You can see the device in operation in the short video below.
The heart (sorry, unintentional pun) of the device is an ESP32-S3 round display. That means the rest of it is software, a battery, and a 3D printed case. There’s a switch, too, to select a male or female image as well as shut the device off when not in use.
In particular, a switch was added to put a regulator in shutdown mode, the USB to serial converter needed a change, and a battery level detection circuit was cut. When off, the device draws about one microamp, so battery life should be very long in storage. In operation, the 85 mA draw provides approximately 11 hours of use per full charge. Plenty of time for a holiday party.
Spy Tech: The NRO and Apollo 11
When you think of “secret” agencies, you probably think of the CIA, the NSA, the KGB, or MI-5. But the real secret agencies are the ones you hardly ever hear of. One of those is the National Reconnaissance Office (NRO). Formed in 1960, the agency was totally secret until the early 1970s.
If you have heard of the NRO, you probably know they manage spy satellites and other resources that get shared among intelligence agencies. But did you know they played a major, but secret, part in the Apollo 11 recovery? Don’t forget, it was 1969, and the general public didn’t know anything about the shadowy agency.
Secret Hawaii
Captain Hank Brandli was an Air Force meteorologist assigned to the NRO in Hawaii. His job was to support the Air Force’s “Star Catchers.” That was the Air Force group tasked with catching film buckets dropped from the super-secret Corona spy satellites. The satellites had to drop film only when there was good weather.
In the 1960s, civilian weather forecasting was not as good as it is now. But Brandli had access to data from the NRO’s Defense Meteorological Satellite Program (DMSP), then known simply as “417”. The high-tech data let him estimate the weather accurately over the drop zones for five days, much better than any contemporary civilian meteorologist could do.
When Apollo 11 headed home, Captain Brandli ran the numbers and found there would be a major tropical storm over the drop zone, located at 10.6° north by 172.5° west, about halfway between Howland Island and Johnston Atoll, on July 24th. The storm was likely to be a “screaming eagle” storm rising to 50,000 feet over the ocean.
In the movies, of course, spaceships are tough and can land in bad weather. In real life, the high winds could rip the parachutes from the capsule, and the impact would probably have killed the crew.
What to Do?
With the clock ticking, Brandli started looking for an acceptable way to raise the alarm. The Navy was in charge of NASA weather forecasting, so the first stop was DoD chief weather officer Captain Sam Houston, Jr. He was unaware of Corona, but he knew about DMSP.
Brandli was able to show Houston the photos and convince him that there was a real danger. Houston reached out to Rear Admiral Donald Davis, commanding the Apollo 11 recovery mission. He just couldn’t tell the Admiral where he got the data. In fact, he couldn’t even show him the photos, because he wasn’t cleared for DMSP.
Career Gamble
The forecast was correct. There were severe thunderstorms at the original site, but Apollo 11 splashed down in a calm sea about 1.7 miles from the target, as you can see below. Houston received a Navy Commendation medal, although he wasn’t allowed to say what it was for until 1995.
In hindsight, NASA has said they were also already aware of the weather situation due to the Application Technology Satellite 1, launched in 1966. Although the weather was described as “suitable for splashdown”, mission planners say they had planned to move the landing anyway.
youtube.com/embed/iZKwuY6kyAY?…
Modern Times
Weather forecasting, too, has gotten better. Studies show that even in 1980, a seven-day forecast might be, at best, 45 or 50% accurate. Today, they are nearly 80%. Some of that is better imaging. Some of it is better models and methods, too, of course.
However, thanks to one — or maybe a few — meteorologists, the Apollo 11 crew returned safely to Earth to enjoy their ticker-tape parades. After, of course, their quarantine.
Radio Shack Rebirth May Have Gone Awry in Alleged Ponzi-Like Scheme
Oh, Radio Shack. What a beautiful place you once were, a commercial haven for those seeking RC cars, resistors, and universal remotes. Then, the downfall, as you veered away from your origins, only to lead to an ultimate collapse. More recently, the brand was supposed to return to new heights online… only to fall afoul of the Securities and Exchange Commission. (via Yahoo Finance, Bloomberg)
The Radio Shack brand was picked up a few years ago by a company known as Retail Ecommerce Ventures (REV). The company’s modus operandi was to take well-known but beleaguered brands and relaunch them as online-only operations. Beyond Radio Shack, REV also owned a number of other notable brand names, like Pier 1, Modell’s Sporting Goods, and Dress Barn.
Unfortunately, the Radio Shack rebirth probably won’t reach the stellar heights of the past. Namely, because REV has been accused of operating a Ponzi-like scheme by the SEC. Despite huge boasts allegedly made to investors, none of REV’s portfolio of brands were actually making profits, and the SEC has charged that the company was paying investor returns with cash raised from other investors — unsustainable, and a major no-no, legally speaking.
We were cautiously optimistic when we heard about the REV buyout back in 2020, but at this point, it’s probably best to come to terms with the fact that Radio Shack won’t be coming back. The name will linger in our hearts for some time to come, but the business we knew is long gone. Sometimes it’s better to look to the future than to try and recreate the magic of the past, especially if you’re doing inappropriate things with other people’s money in the process.
Massive npm infection: the Shai-Hulud worm and patient zero
Introduction
The modern development world is almost entirely dependent on third-party modules. While this certainly speeds up development, it also creates a massive attack surface for end users, since anyone can create these components. It is no surprise that malicious modules are becoming more common. When a single maintainer account for popular modules or a single popular dependency is compromised, it can quickly turn into a supply chain attack. Such compromises are now a frequent attack vector trending among threat actors. In the last month alone, there have been two major incidents that confirm this interest in creating malicious modules, dependencies, and packages. We have already discussed the recent compromise of popular npm packages. September 16, 2025 saw reports of a new wave of npm package infections, caused by the self-propagating malware known as Shai-Hulud.
Shai-Hulud is designed to steal sensitive data, expose private repositories of organizations, and hijack victim credentials to infect other packages and spread on. Over 500 packages were infected in this incident, including one with more than two million weekly downloads. As a result, developers who integrated these malicious packages into their projects risk losing sensitive data, and their own libraries could become infected with Shai-Hulud. This self-propagating malware takes over accounts and steals secrets to create new infected modules, spreading the threat along the dependency chain.
Technical details
The worm’s malicious code executes when an infected package is installed. It then publishes infected releases to all packages the victim has update permissions for.
Once the infected package is installed from the npm registry on the victim’s system, a special command is automatically executed. This command launches a malicious script over 3 MB in size named bundle.js, which contains several legitimate, open-source work modules.
Key modules within bundle.js include:
- Library for interacting with AWS cloud services
- GCP module that retrieves metadata from the Google Cloud Platform environment
- Functions for TruffleHog, a tool for scanning various data sources to find sensitive information, specifically secrets
- Tool for interacting with the GitHub API
The JavaScript file also contains network utilities for data transfer and the main operational module, Shai-Hulud.
The worm begins its malicious activity by collecting information about the victim’s operating system and checking for an npm token and authenticated GitHub user token in the environment. If a valid GitHub token is not present, bundle.js will terminate. A distinctive feature of Shai-Hulud is that most of its functionality is geared toward Linux and macOS systems: almost all malicious actions are performed exclusively on these systems, with the exception of using TruffleHog to find secrets.
Exfiltrating secrets
After passing the checks, the malware uses the token mentioned earlier to get information about the current GitHub user. It then runs the extraction function, which creates a temporary executable bash script at /tmp/processor.sh and runs it as a separate process, passing the token as an argument. Below is the extraction function, with strings and variable names modified for readability since the original source code was illegible.
The extraction function, formatted for readability
The bash script is designed to communicate with the GitHub API and collect secrets from the victim’s repository in an unconventional way. First, the script checks if the token has the necessary permissions to create branches and work with GitHub Actions. If it does, the script gets a list of all the repositories the user can access from 2025. In each of these, it creates a new branch named shai-hulud and uploads a shai-hulud-workflow.yml workflow, which is a configuration file for describing GitHub Actions workflows. These files are automation scripts that are triggered in GitHub Actions whenever changes are made to a repository. The Shai-Hulud workflow activates on every push.
The malicious workflow configuration
This file collects secrets from the victim’s repositories and forwards them to the attackers’ server. Before being sent, the confidential data is encoded twice with Base64.
This unusual method for data collection is designed for a one-time extraction of secrets from a user’s repositories. However, it poses a threat not only to Shai-Hulud victims but also to ordinary researchers. If you search for “shai-hulud” on GitHub, you will find numerous repositories that have been compromised by the worm.
Open GitHub repositories compromised by Shai-Hulud
The main bundle.js script then requests a list of all organizations associated with the victim and runs the migration function for each one. This function also runs a bash script, but in this case, it saves it to /tmp/migrate-repos.sh, passing the organization name, username, and token as parameters for further malicious activity.
The bash script automates the migration of all private and internal repositories from the specified GitHub organization to the user’s account, making them public. The script also uses the GitHub API to copy the contents of the private repositories as mirrors.
We believe these actions are intended for the automated theft of source code from the private repositories of popular communities and organizations. For example, the well-known company CrowdStrike was caught in this wave of infections.
The worm’s self-replication
After running operations on the victim’s GitHub, the main bundle.js script moves on to its next crucial stage: self-replication. First, the script gets a list of the victim’s 20 most downloaded packages. To do this, it performs a search query with the username from the previously obtained npm token:
registry.npmjs.org/-/v1/search…
Next, for each of the packages it finds, it calls the updatePackage function. This function first attempts to download the tarball version of the package (a .TAR archive). If it exists, a temporary directory named npm-update-{target_package_name} is created. The tarball version of the package is saved there as package.tgz, then unpacked and modified as follows:
- The malicious
bundle.jsis added to the original package. - A postinstall command is added to the
package.jsonfile (which is used in Node.js projects to manage dependencies and project metadata). This command is configured to execute the malicious script vianode bundle.js. - The package version number is incremented by 1.
The modified package is then re-packed and published to npm as a new version with the npm publish command. After this, the temporary directory for the package is cleared.
The updatePackage function, formatted for readability
Uploading secrets to GitHub
Next, the worm uses the previously mentioned TruffleHog utility to harvest secrets from the target system. It downloads the latest version of the utility from the original repository for the specific operating system type using the following link:
github.com/trufflesecurity/tru… version}/{OS-specific file}
The worm also uses modules for AWS and Google Cloud Platform (GCP) to scan for secrets. The script then aggregates the collected data into a single object and creates a repository named “Shai-Hulud” in the victim’s profile. It then uploads the collected information to this repository as a data.json file.
Below is a list of data formats collected from the victim’s system and uploaded to GitHub:
{
"application": {
"name": "",
"version": "",
"description": ""
},
"system": {
"platform": "",
"architecture": "",
"platformDetailed": "",
"architectureDetailed": ""
},
"runtime": {
"nodeVersion": "",
"platform": "",
"architecture": "",
"timestamp": ""
},
"environment": {
},
"modules": {
"github": {
"authenticated": false,
"token": "",
"username": {}
},
"aws": {
"secrets":
[] },
"gcp": {
"secrets":
[] },
"truffleHog": {
"available": false,
"installed": false,
"version": "",
"platform": "",
"results": [
{}
]
},
"npm": {
"token": "",
"authenticated": true,
"username": ""
}
}
}
Infection characteristics
A distinctive characteristic of the modified packages is that they contain an archive named package.tar. This is worth noting because packages usually contain an archive with a name that matches the package itself.
Through our research, we were able to identify the first package from which Shai-Hulud began to spread, thanks to a key difference. As we mentioned earlier, after infection, a postinstall command to execute the malicious script, node bundle.js, is written to the package.json file. This command typically runs immediately after installation. However, we discovered that one of the infected packages listed the same command as a preinstall command, meaning it ran before the installation. This package was ngx-bootstrap version 18.1.4. We believe this was the starting point for the spread of this infection. This hypothesis is further supported by the fact that the archive name in the first infected version of this package differed from the name characteristic of later infected packages (package.tar).
While investigating different packages, we noticed that in some cases, a single package contained multiple versions with malicious code. This was likely possible because the infection spread to all maintainers and contributors of packages, and the malicious code was then introduced from each of their accounts.
Infected libraries and CrowdStrike
The rapidly spreading Shai-Hulud worm has infected many popular libraries that organizations and developers use daily. Shai-Hulud has infected over 500 popular packages in recent days, including libraries from the well-known company CrowdStrike.
Among the infected libraries were the following:
- @crowdstrike/commitlint versions 8.1.1, 8.1.2
- @crowdstrike/falcon-shoelace versions 0.4.1, 0.4.2
- @crowdstrike/foundry-js versions 0.19.1, 0.19.2
- @crowdstrike/glide-core versions 0.34.2, 0.34.3
- @crowdstrike/logscale-dashboard versions 1.205.1, 1.205.2
- @crowdstrike/logscale-file-editor versions 1.205.1, 1.205.2
- @crowdstrike/logscale-parser-edit versions 1.205.1, 1.205.2
- @crowdstrike/logscale-search versions 1.205.1, 1.205.2
- @crowdstrike/tailwind-toucan-base versions 5.0.1, 5.0.2
But the event that has drawn significant attention to this spreading threat was the infection of the @ctrl/tinycolor library, which is downloaded by over two million users every week.
As mentioned above, the malicious script exposes an organization’s private repositories, posing a serious threat to their owners, as this creates a risk of exposing the source code of their libraries and products, among other things, and leading to an even greater loss of data.
Prevention and protection
To protect against this type of infection, we recommend using a specialized solution for monitoring open-source components. Kaspersky maintains a continuous feed of compromised packages and libraries, which can be used to secure your supply chain and protect development from similar threats.
For personal devices, we recommend Kaspersky Premium, which provides multi-layered protection to prevent and neutralize infection threats. Our solution can also restore the device’s functionality if it’s infected with malware.
For corporate devices, we advise implementing a comprehensive solution like Kaspersky Next, which allows you to build a flexible and effective security system. This product line provides threat visibility and real-time protection, as well as EDR and XDR capabilities for investigation and response. It is suitable for organizations of any scale or industry.
Kaspersky products detect the Shai-Hulud threat as HEUR:Worm.Script.Shulud.gen.
In the event of a Shai-Hulud infection, and as a proactive response to the spreading threat, we recommend taking the following measures across your systems and infrastructure:
- Use a reliable security solution to conduct a full system scan.
- Audit your GitHub repositories:
- Check for repositories named
shai-hulud. - Look for non-trivial or unknown branches, pull requests, and files.
- Audit GitHub Actions logs for strings containing
shai-hulud.
- Check for repositories named
Indicators of compromise
Files:
bundle.js
shai-hulud-workflow.yml
Strings:
shai-hulud
Hashes:
C96FBBE010DD4C5BFB801780856EC228
78E701F42B76CCDE3F2678E548886860
Network artifacts:
https://webhook.site/bb8ca5f6-4175-45d2-b042-fc9ebb8170b7
Compromised packages:
@ahmedhfarag/ngx-perfect-scrollbar
@ahmedhfarag/ngx-virtual-scroller
@art-ws/common
@art-ws/config-eslint
@art-ws/config-ts
@art-ws/db-context
@art-ws/di
@art-ws/di-node
@art-ws/eslint
@art-ws/fastify-http-server
@art-ws/http-server
@art-ws/openapi
@art-ws/package-base
@art-ws/prettier
@art-ws/slf
@art-ws/ssl-info
@art-ws/web-app
@basic-ui-components-stc/basic-ui-components
@crowdstrike/commitlint
@crowdstrike/falcon-shoelace
@crowdstrike/foundry-js
@crowdstrike/glide-core
@crowdstrike/logscale-dashboard
@crowdstrike/logscale-file-editor
@crowdstrike/logscale-parser-edit
@crowdstrike/logscale-search
@crowdstrike/tailwind-toucan-base
@ctrl/deluge
@ctrl/golang-template
@ctrl/magnet-link
@ctrl/ngx-codemirror
@ctrl/ngx-csv
@ctrl/ngx-emoji-mart
@ctrl/ngx-rightclick
@ctrl/qbittorrent
@ctrl/react-adsense
@ctrl/shared-torrent
@ctrl/tinycolor
@ctrl/torrent-file
@ctrl/transmission
@ctrl/ts-base32
@nativescript-community/arraybuffers
@nativescript-community/gesturehandler
@nativescript-community/perms
@nativescript-community/sentry
@nativescript-community/sqlite
@nativescript-community/text
@nativescript-community/typeorm
@nativescript-community/ui-collectionview
@nativescript-community/ui-document-picker
@nativescript-community/ui-drawer
@nativescript-community/ui-image
@nativescript-community/ui-label
@nativescript-community/ui-material-bottom-navigation
@nativescript-community/ui-material-bottomsheet
@nativescript-community/ui-material-core
@nativescript-community/ui-material-core-tabs
@nativescript-community/ui-material-ripple
@nativescript-community/ui-material-tabs
@nativescript-community/ui-pager
@nativescript-community/ui-pulltorefresh
@nstudio/angular
@nstudio/focus
@nstudio/nativescript-checkbox
@nstudio/nativescript-loading-indicator
@nstudio/ui-collectionview
@nstudio/web
@nstudio/web-angular
@nstudio/xplat
@nstudio/xplat-utils
@operato/board
@operato/data-grist
@operato/graphql
@operato/headroom
@operato/help
@operato/i18n
@operato/input
@operato/layout
@operato/popup
@operato/pull-to-refresh
@operato/shell
@operato/styles
@operato/utils
@teselagen/bio-parsers
@teselagen/bounce-loader
@teselagen/file-utils
@teselagen/liquibase-tools
@teselagen/ove
@teselagen/range-utils
@teselagen/react-list
@teselagen/react-table
@teselagen/sequence-utils
@teselagen/ui
@thangved/callback-window
@things-factory/attachment-base
@things-factory/auth-base
@things-factory/email-base
@things-factory/env
@things-factory/integration-base
@things-factory/integration-marketplace
@things-factory/shell
@tnf-dev/api
@tnf-dev/core
@tnf-dev/js
@tnf-dev/mui
@tnf-dev/react
@ui-ux-gang/devextreme-angular-rpk
@ui-ux-gang/devextreme-rpk
@yoobic/design-system
@yoobic/jpeg-camera-es6
@yoobic/yobi
ace-colorpicker-rpk
airchief
airpilot
angulartics2
another-shai
browser-webdriver-downloader
capacitor-notificationhandler
capacitor-plugin-healthapp
capacitor-plugin-ihealth
capacitor-plugin-vonage
capacitorandroidpermissions
config-cordova
cordova-plugin-voxeet2
cordova-voxeet
create-hest-app
db-evo
devextreme-angular-rpk
devextreme-rpk
ember-browser-services
ember-headless-form
ember-headless-form-yup
ember-headless-table
ember-url-hash-polyfill
ember-velcro
encounter-playground
eslint-config-crowdstrike
eslint-config-crowdstrike-node
eslint-config-teselagen
globalize-rpk
graphql-sequelize-teselagen
json-rules-engine-simplified
jumpgate
koa2-swagger-ui
mcfly-semantic-release
mcp-knowledge-base
mcp-knowledge-graph
mobioffice-cli
monorepo-next
mstate-angular
mstate-cli
mstate-dev-react
mstate-react
ng-imports-checker
ng2-file-upload
ngx-bootstrap
ngx-color
ngx-toastr
ngx-trend
ngx-ws
oradm-to-gql
oradm-to-sqlz
ove-auto-annotate
pm2-gelf-json
printjs-rpk
react-complaint-image
react-jsonschema-form-conditionals
react-jsonschema-form-extras
react-jsonschema-rxnt-extras
remark-preset-lint-crowdstrike
rxnt-authentication
rxnt-healthchecks-nestjs
rxnt-kue
swc-plugin-component-annotate
tbssnch
teselagen-interval-tree
tg-client-query-builder
tg-redbird
tg-seq-gen
thangved-react-grid
ts-gaussian
ts-imports
tvi-cli
ve-bamreader
ve-editor
verror-extra
voip-callkit
wdio-web-reporter
yargs-help-output
yoo-styles
Solar-Powered RC Boat Has Unlimited Range
For RC aircraft there are generally legal restrictions that require the craft to stay within line of sight of the operator, but an RC boat or car can in theory go as far as the signal will allow — provided there is ample telemetry to let the operator navigate. [Thingify] took this idea to the extreme with a remote-controlled boat that connects to a satellite internet service and adds solar panels for theoretically unlimited range, in more ways than one.
The platform for this boat is a small catamaran, originally outfitted with an electric powertrain running on a battery. Using a satellite internet connection not only allows [Thingify] to receive telemetry and pilot the craft with effectively unlimited range, but it’s a good enough signal to receive live video from one of a pair of cameras as well. At that point, the main limiting factor of the boat was the battery, so he added a pair of flexible panels on a custom aluminum frame paired with a maximum power point tracking charge controller to make sure the battery is topped off. He also configured it to use as much power as the panels bring in, keeping the battery fully charged and ready for nightfall where the boat will only maintain its position and wait for the sun to rise the next morning.
With this setup [Thingify] hopes to eventually circumnavigate Lake Alexandrina in Australia. Although he has a few boat design issues to work out first; on its maiden voyage the boat capsized due to its high center of gravity and sail-like solar panels. Still, it’s an improvement from the earlier version of the craft we saw at the beginning of the year, and we look forward to his next iteration and the successful voyage around this lake.
youtube.com/embed/UjFrFAIM2Aw?…
L’IA non è (ancora) la nostra miligore amica. ACN all’incontro di AGN e AIPSA
I sistemi di Intelligenza Artificiale, ad esempio quelli di tipo generativo, possono essere usati per manipolare dati, informazioni e sistemi informatici, produrre falsità e disinformazione.
Ovviamente l’Intelligenza Artificiale può rappresentare un pericolo dal punto di vista della gestione sicura dei sistemi informatici, ma il fatto che possa rappresentare un pericolo cognitivo per i singoli utenti non è ancora abbastanza esplorato. Eppure, siamo tutti d’accordo che fake e deepfake possono manipolare le nostre percezioni ed essere usati come strumento di disinformazione e propaganda, leve della guerra cognitiva.
Le stesse IA possono essere hackerate, manipolandone i dati di addestramento, rimuovendo le regole di censura, riprogrammando quelle esistenti per scopi illeciti e criminali.
In aggiunta, poiché sono molti i Paesi che hanno abbastanza dati, potenza di calcolo e algoritmi, le IA sono un rischio emergente alla sovranità digitale visto che il loro impiego può servire a creare nuove armi informatiche, come i malware polimorfi, ma anche a individuare più facilmente le vulnerabilità sia dei sistemi umani sia di quelli software e, secondo alcuni studi, di hackerare sistemi informatici senza il feedback umano.
Di tutto questo ho parlato al convegno organizzato da AGM SOLUTIONS in collaborazione con AIPSA Associazione Italiana Professionisti Security Aziendale a Milano, con un titolo molto bello: “L’AI non è ancora la nostra migliore amica”.
In questa occasione ho potuto confrontarmi con colleghi e amici come Andrea Agosti, Alessandro Manfredini, Matteo Macina e Alessandro Piva e Cristian Fassi grazie alla moderazione di Gianni Rusconi e agli auspici di Matteo Franzosi. Il loro punto di vista è stato per me molto stimolante.
Coffee by Command: The Speech2Touch Voice Hack
If you were to troll your colleagues, you can label your office coffee maker any day with a sticker that says ‘voice activated’. Now [edholmes2232] made it actually come true. With Speech2Touch, he grafts voice control onto a Franke A600 coffee machine using an STM32WB55 USB dongle and some clever firmware hacking.
The office coffee machine has been a suspect for hacking for years and years. Nearly 35 years ago, at Cambridge University, a webcam served a live view of the office coffee pot. It made sure nobody made the trip to the coffee pot for nothing. The funny, but in fact useless HTTP status 418 was brought to life to state that the addressed server using the protocol was in fact a teapot, in answer to its refusal to brew coffee. Enter this hack – that could help you to coffee by shouting from your desk – if only your arms were long enough to hold your coffee cup in place.
Back to the details. The machine itself doesn’t support USB keyboards, but does accept a USB mouse, most likely as a last resort in case the touchscreen becomes irresponsive. That loophole is enough: by emulating touchscreen HID packets instead of mouse movement, the hack avoids clunky cursors and delivers a slick ‘sci-fi’ experience. The STM32 listens through an INMP441 MEMS mic, hands speech recognition to Picovoice, and then translates voice commands straight into touch inputs. Next, simply speaking to it taps the buttons for you.
It’s a neat example of sidestepping SDK lock-in. No reverse-engineering of the machine’s firmware, no shady soldering inside. Instead, it’s USB-level mischief, modular enough that the same trick could power voice control on other touchscreen-only appliances.
It’s a Bird! It’s a Plane! It’s… an Air Breathing Satellite?!
The big problem with Low Earth Orbit is, oddly enough, air resistance. Sure, there’s not enough air to breathe in space, but there is enough to create drag when you’re whipping around the planet at 28,000 km/h (17,000 mph) or more. Over time, that adds up to a decaying orbit. [Eager Space] recently did a video summarizing a paradoxical solution: go even lower, and let the air work for you.
So called air-breathing satellites would hang out in very low earth orbit– still well above the Karman line, but below 300 km (186 miles)– where atmospheric drag is too dominant for the current “coast on momentum” satellite paradigm to work. There are advantages to going so low, chiefly for communications (less latency) and earth observation (higher resolutions). You just need to find a way to fight that drag and not crash within a couple of orbits.
It turns out this space isn’t totally empty (aside from the monoatomic oxygen) as missions have been at very low orbits using conventional, Xenon-fueled ion engines to counter drag. The xenon runs out pretty quick in this application, though, and those satellites all had fairly short lifetimes.
That’s where the air-breathing satellites come in. You don’t need a lot of thrust to stabilize against drag, after all, and the thin whisps of air at 200 km or 300 km above ground level should provide ample reaction mass for some kind of solar-electric ion engine. The devil is in the details, of course, and [Eager Space] spends 13 minutes discussing challenges (like corrosive monoatomic oxygen) and various proposals.
Whoever is developing these satellites, they could do worse than talk to [Jay Bowles], whose air-breathing ion thrusters have been featured here several times over the years.
youtube.com/embed/vEfatzhHhvg?…
Meter Mods Make Radioactive Prospecting More Enjoyable
While we often get a detailed backstory of the projects we cover here at Hackaday, sometimes the genesis of a build is a bit of a mystery. Take [maurycyz]’s radiation survey meter modifications, for instance; we’re not sure why such a thing is needed, but we’re pretty glad we stumbled across it.
To be fair, [maurycyz] does give us a hint of what’s going on here by choosing the classic Ludlum Model 3 to modify. Built like a battleship, these meters would be great for field prospecting except that the standard G-M tube isn’t sensitive to gamma rays, the only kind of radiation likely not to be attenuated by soil. A better choice is a scintillation tube, but those greatly increase the background readings, making it hard to tease a signal from the noise.
To get around this problem and make rockhounding a little more enjoyable, [maurycyz] added a little digital magic to the mostly analog Ludlum. An AVR128 microcontroller taps into the stream of events the meter measures via the scintillation tube, and a little code subtracts the background radiation from the current count rate, translating the difference into an audible tone. This keeps [maurycyz]’s eyes on the rocks rather than on the meter needle, and makes it easier to find weakly radioactive or deeply buried specimens.
If you’re not ready to make the leap to a commercial survey meter, or if you just want to roll your own, we’ve got plenty of examples to choose from, from minimalist to cyberpunkish.
3D Printed “Book” Demonstrates Mechanical Actions
A book of mechanical actions is a wondrous thing — mechanically inclined children have lost collective decades pouring over them over the generations. What could possibly be better? Why, if the mechanisms in the book were present, and moved! That’s exactly what [AxelMadeIt] produced for a recent video.
Being just four pages, you might argue this is but a pamphlet. But since it takes up a couple inches of shelf space, it certainly looks like a book from the outside, which is exactly what [AxelMadeIt] was going for. To get a more book-like spine, his hinge design sacrificed opening flat, but since the pages are single-sided, that’s no great sacrifice.
At only 6 mm (1/4″) thick, finding printable mechanisms that could actually fit inside was quite a challenge. If he was machining everything out of brass, that would be room for oodles of layers. But [Axel] wanted to print the parts for this book, so the mechanisms need to be fairly thick. One page has a Roberts linkage and a vault-locking mechanism, another has planetary gears, with angled teeth to keep them from falling out. Finally, the first page has a geneva mechanism, and an escarpment, both driven by a TPU belt drive.
All pages are driven from an electric motor that is buried in the last page of the “book”, along with its motor, battery, and a couple of micro-switches to turn it on when you open the book and off again when you reach the last page. Rather than a description of the mechanisms, like most books of mechanical actions, [Axel] used multi-material printing to put lovely poems on each page. A nice pro-tip is that “Futura”, a font made famous by flying to the moon, works very well when printed this way. If you just want to watch him flip through, jump to 8:00 in the video.
This reminds us of another project we once featured, which animated 2100 mechanical mechanisms. While this book can’t offer near that variety, it makes up for it in tactility.
youtube.com/embed/RgPqE28IUkw?…
Esce Kali Linux 2025.3! Nuova release con miglioramenti e nuovi strumenti
Gli sviluppatori di Kali Linux hanno rilasciato una nuova release, la 2025.3, che amplia le funzionalità della distribuzione e aggiunge dieci nuovi strumenti di penetration testing.
L’aggiornamento migliora i processi di deployment in ambienti virtuali, ripristina il supporto dei driver wireless per Raspberry Pi, rielabora diversi plugin e interrompe il supporto per l’architettura legacy ARMel.
Gli sviluppatori hanno completamente riprogettato il processo di creazione delle immagini virtuali, aggiornando l’integrazione con HashiCorp Packer e Vagrant. Gli script ora utilizzano lo standard versione 2, garantendo coerenza nella generazione dei template. I file di preconfigurazione per le installazioni automatizzate sono stati standardizzati e gli script Vagrant possono ora applicare impostazioni aggiuntive subito dopo l’avvio, eliminando la necessità di passaggi di routine durante la distribuzione dei laboratori.
Un’aggiunta importante è stato il ritorno di Nexmon per Broadcom e Cypress, incluso il Raspberry Pi 5. La patch abilita la modalità di monitoraggio e l’iniezione di pacchetti sui dispositivi in cui questa funzionalità non è disponibile nei driver standard. Allo stesso tempo, il supporto per l’architettura ARMel è stato abbandonato, a causa della decisione di Debian di terminare la manutenzione dopo il rilascio di “trixie”. Il team sta dedicando queste risorse alla preparazione del futuro supporto RISC-V.
Gli utenti di Xfce ora hanno a disposizione un pannello IP VPNriprogettato che consente loro di selezionare l’interfaccia da monitorare e di copiare rapidamente l’indirizzo della connessione specifica di cui hanno bisogno.
Sono stati aggiunti dieci nuovi strumenti al repository. Tra questi, le interfacce grafiche e console Caido per l’audit della sicurezza web, l’utility Detect It Easy per il riconoscimento dei tipi di file, la CLI Gemini con integrazione dell’agente AI direttamente nel terminale e krbrelayx per gli attacchi Kerberos.
Sono stati inoltre aggiunti ligolo-mp per il proxy del traffico, llm-tools-nmap per la scansione di rete utilizzando modelli linguistici, patchleaks per l’analisi delle patch e vwifi-dkms per la creazione di reti Wi-Fi fittizie.
La versione mobile di Kali NetHunter ha ricevuto importanti aggiornamenti. Il supporto per i dispositivi disponibili ora include il monitoraggio interno con frame injection nelle bande a 2,4 e 5 GHz. Il porting su Samsung Galaxy S10 ha prodotto un firmware compatibile con Broadcom, un kernel specializzato e una versione ARM64 stabile dell’utility Hijacker.
- Caido – The client side of caido (the graphical/desktop aka the main interface) – a web security auditing toolkit
- Caido-cli – The server section of caido – a web security auditing toolkit
- Detect It Easy (DiE) – File type identification
- Gemini CLI – An open-source AI agent that brings the power of Gemini directly into your terminal
- krbrelayx – Kerberos relaying and unconstrained delegation abuse toolkit
- ligolo-mp – Multiplayer pivoting solution
- llm-tools-nmap – Enables LLMs to perform network discovery and security scanning tasks using the nmap
- mcp-kali-server – MCP configuration to connect AI agent to Kali
- patchleaks – Spots the security fix and provides detailed description so you can validate – or weaponize – it fast
- vwifi-dkms – Setup “dummy” Wi-Fi networks, establishing connections, and disconnecting from them
Il modulo per auto CARsenal è stato aggiornato con un pacchetto e sono state aggiunte nuove funzionalità, la cui attivazione richiede la riesecuzione dello script di installazione.
Pertanto, Kali Linux 2025.3 combina un’infrastruttura di virtualizzazione riprogettata, driver per schede wireless aggiornati e una serie di nuove utilità, rendendo la distribuzione ancora più comoda e pertinente per gli specialisti dei test di sicurezza.
L'articolo Esce Kali Linux 2025.3! Nuova release con miglioramenti e nuovi strumenti proviene da il blog della sicurezza informatica.
FLOSS Weekly Episode 848: Open the Podbay Doors, Siri
This week Jonathan and Rob chat with Paulus Schoutsen about Home Assistant, ESPHome, and Music Assistant, all under the umbrella of the Open Home Foundation. Watch to see Paulus convince Rob and Jonathan that they need to step up their home automation games!
youtube.com/embed/seDhc3XnP0w?…
Did you know you can watch the live recording of the show right on our YouTube Channel? Have someone you’d like us to interview? Let us know, or contact the guest and have them contact us! Take a look at the schedule here.
play.libsyn.com/embed/episode/…
Direct Download in DRM-free MP3.
If you’d rather read along, here’s the transcript for this week’s episode.
Places to follow the FLOSS Weekly Podcast:
Theme music: “Newer Wave” Kevin MacLeod (incompetech.com)
Licensed under Creative Commons: By Attribution 4.0 License
hackaday.com/2025/09/24/floss-…
Retrotechtacular: The Ferguson System
Of the many great technological leaps made in the middle of the 20th century, one of the ones with perhaps the greatest impact on our modern life takes a back seat behind the more glamorous worlds of electronics, aeronautics, or computing. But the ancestor of the modern tractor has arguably had more of an impact on the human condition in 2025 than that of the modern computer, and if you’d been down on the farm in the 1940s you might have seen one.
The Ferguson system refers to the three-point implement linkage you’ll find on all modern tractors, the brainchild of the Irish engineer Harry Ferguson. The film below the break is a marketing production for American farmers, and it features the Ford-built American version of the tractor known to Brits and Europeans as the Ferguson TE20.
As the four-wheeled machines grew in size and their implements moved beyond the size of their horse-drawn originals, they started to encounter a new set of problems which the film below demonstrates in detail. In short, a plough simply dragged by a tractor exerts a turning force on the machine, giving the front a tendency to lift and the rear a lack of traction. The farmers of the 1920s and 1930s attempted to counter this by loading their tractors with extra weights, at the expense of encumbering them and compromising their usefulness. Ferguson solved this problem by rigidly attaching the plough to the tractor through his three-point linkage while still allowing for flexibility in its height. The film demonstrates this in great detail, showing the hydraulic control and the feedback provided through a valve connected to the centre linkage spring.
A modern tractor is invariably much larger than the TE20, will have all-wheel drive, a wider-spaced three-point linkage for much larger implements, and a much more sophisticated transmission. But the principle is exactly the same, and in use it provides an identical level of utility to the original. While the TE20 is most likely to appear in over-restored-form at a tractor show in 2025 running on an odd mix of paraffin and petrol they can still sometimes be found at work, and albeit a few decades ago now I’ve even taken a turn on one myself. What struck me at the time was how small a machine it is compared to the heavyweight drawbar tractors it replaced; the effect of the three point linkage on ground pressure was such that it simply didn’t need the extra size. It’s equivalent to what we today would refer to as a yard tractor or an orchard tractor, the last one I drove being used for ground maintenance at a sports pitch. I have to admit that if I saw one in need of TLC at the right price I’d be sorely tempted.
So next time you see a tractor, take a look at its three-point linkage and think for a moment of those 1940s machines it’s derived from. It’s likely almost everything you eat has at some point been touched by that piece of machinery.
youtube.com/embed/47erWWuarco?…
CrowdStrike: la Sicurezza Informatica entra nell’era degli agenti AI
Al Fal.Con 2025, la conferenza annuale che raduna migliaia di esperti di cybersecurity da tutto il mondo, CrowdStrike ha messo in chiaro un concetto: la difesa informatica sta entrando in una nuova era, quella degli “agenti AI”.
Dall’endpoint all’agente: l’evoluzione della difesa digitale
Per anni CrowdStrike ha guidato il settore con la protezione degli endpoint e il modello di Endpoint Detection and Response. Oggi lo stesso approccio viene traslato sull’intelligenza artificiale. Con l’acquisizione della startup Pangea, l’azienda vuole blindare ogni aspetto dell’AI aziendale: dai modelli agli agenti virtuali, fino alle semplici conversazioni con un chatbot.
Nasce così il concetto di AI Detection and Response (AIDR), una sorta di “antivirus del futuro” capace di intercettare attacchi sofisticati come i prompt injection e di prevenire abusi o utilizzi rischiosi dei sistemi generativi.
Il SOC “agentico”: quando gli analisti non sono più da soli
Il CEO George Kurtz ha parlato di un vero cambio di paradigma per i Security Operations Center. Oggi gli attacchi non si misurano più in giorni o ore, ma in secondi. Per questo CrowdStrike propone il SOC agentico: non più una squadra di analisti sommersi dagli alert, ma un ambiente dove agenti digitali intelligenti lavorano al fianco delle persone, analizzano anomalie, prendono decisioni e agiscono in autonomia.
Protagonista di questa rivoluzione per Crowdstrike è Charlotte AI, il sistema che orchestra gli agenti e ne coordina le azioni. Non solo: grazie a Agent Works, ogni azienda potrà creare i propri agenti personalizzati con un’interfaccia no-code, come se stesse “assumendo” nuovi colleghi digitali specializzati in sicurezza.
Enterprise Graph: il gemello digitale dell’impresa
Il CTO Elia Zaitsev ha poi presentato l’Enterprise Graph, un modello che ricostruisce in tempo reale l’intera infrastruttura aziendale – utenti, asset, identità e dati – offrendo una visione unificata e interrogabile in linguaggio naturale. Un approccio che permette di passare in pochi istanti dall’individuazione di una vulnerabilità alla generazione automatica di un piano di remediation, riducendo drasticamente i tempi di risposta.
Al Fal.Con è stato presentato anche l’Adversary Strategy Program, con cui CrowdStrike replica e anticipa le mosse degli hacker per rendere la piattaforma sempre più resiliente. Da qui nascono soluzioni come Apex, un modello AI in grado di smascherare l’uso malevolo di processi legittimi, e nuove tecniche per contrastare ransomware e l’abuso di strumenti di gestione remota.
La sfida del futuro
In un mondo in cui “i prompt sono i nuovi malware”, come è stato detto sul palco, CrowdStrike punta a trasformare la paura dell’AI in un’opportunità: se i criminali informatici sfruttano i modelli generativi per accelerare i loro attacchi, le aziende possono rispondere con agenti AI che lavorano senza sosta, 24 ore su 24, al fianco dei team di sicurezza.
La promessa è chiara: con Falcon, Pangea e l’ecosistema di agenti intelligenti, CrowdStrike vuole fare con l’AI ciò che anni fa fece con gli endpoint: alzare l’asticella e ridefinire, ancora una volta, cosa significa “fermare le violazioni”.
L'articolo CrowdStrike: la Sicurezza Informatica entra nell’era degli agenti AI proviene da il blog della sicurezza informatica.