Che siano cybercriminali responsabili di migliaia di vittime in cinque anni di attività è un fatto indiscutibile, e questo deve restare ben impresso nelle nostre menti. Tuttavia, questa storia offre molti spunti di riflessione.

Tutti avrebbero immaginato un giovane hacker di 25 anni, smanettone, occhiali spessi e curvo sul computer. E invece, questa volta, tutto esce dagli schemi: dietro il ransomware più temuto al mondo, LockBit, c’è un programmatore di 51 anni.

Il 13 marzo 2025, il Dipartimento di Giustizia degli Stati Uniti (DOJ) ha annunciato l’estradizione di Rostislav Panev, cittadino russo-israeliano con doppia cittadinanza, che sarà processato per il suo ruolo di sviluppatore della banda del ransomware LockBit.

Dal 2019 al febbraio 2024, Panev avrebbe creato un malware utilizzato per aggirare i software di sicurezza, ne avrebbe facilitato la diffusione attraverso le reti e avrebbe supportato l’infrastruttura utilizzata per la distribuzione del ransomware e l’estorsione. I funzionari hanno dichiarato che Panev è stato pagato circa 230.000 dollari in criptovaluta per il suo lavoro.

Le autorità hanno arrestato Panev in Israele ad agosto del 2024, dopo che un’operazione di polizia internazionale contro l’infrastruttura di LockBit nel febbraio 2024 aveva portato alla sua estradizione. La National Crime Agency (NCA) del Regno Unito, il DOJ e il Federal Bureau of Investigation (FBI) hanno smantellato server e piattaforme fondamentali per le operazioni del gruppo. LockBit ha lanciato oltre 2.500 attacchi ransomware in 120 nazioni, di cui 1.800 negli Stati Uniti, colpendo settori come la sanità, l’istruzione, il governo e le infrastrutture critiche.

La banda ha estorto più di 500 milioni di dollari in riscatti e le vittime hanno subito ulteriori perdite legate ai tempi di inattività durante le operazioni e al ripristino.

L’arresto di Rostislav Panev, sviluppatore 51enne dietro il ransomware LockBit, manda in frantumi lo stereotipo secondo cui l’innovazione tecnologica è una prerogativa dei giovani. Spesso si pensa che chi supera i 50 anni abbia perso gli stimoli nelle attività tecnico-scientifiche o che non abbia le competenze per stare al passo con il mondo cyber, dominato da giovani talenti e hacker emergenti. Eppure, la mente dietro uno dei più devastanti ransomware della storia dimostra il contrario.

La cybercriminalità non ha età, e il caso Panev evidenzia come l’esperienza, l’adattabilità e la profonda conoscenza tecnica possano essere determinanti, anche – e soprattutto – in ambiti altamente complessi come lo sviluppo di malware avanzati. Il ransomware LockBit non è solo un software dannoso: è un’architettura criminale sofisticata, che ha colpito migliaia di vittime nel mondo, generando milioni di dollari in riscatti. Il fatto che dietro questa tecnologia ci fosse un professionista di 51 anni, e non un ventenne prodigio dell’hacking, dimostra che il valore delle competenze non si misura con l’età.

In un settore in cui spesso si sottovalutano le capacità delle generazioni più mature, il caso LockBit ci ricorda che il talento tecnologico non ha limiti anagrafici. Lo stesso vale per le professioni legate alla cybersecurity: le organizzazioni dovrebbero riconsiderare la loro percezione e dare più spazio all’esperienza, anziché cadere nel pregiudizio dell’innovazione legata solo alla giovane età.

L'articolo 51 anni, russo-israeliano e genio del crimine. il talento tecnologico non ha limiti anagrafici proviene da il blog della sicurezza informatica.

If you’re designing a robot for a specific purpose, you’re probably ordering fresh parts and going with a clean sheet design. If you’re just building for fun though, you can just go with whatever parts you have on hand. That’s how [Sorush Moradisani] approached building Esghati—a “robot made from garbage.”
Remote viewing made easy.
The body of the robot is an old Wi-Fi router that was stripped clean, with the antenna left on for a classic “robot” look. The wheels are made out of old diffusers cut off of LED lamps. Two servos are used to drive the wheels independently, allowing the robot to be steered in a rudimentary tank-style fashion. Power is courtesy of a pair of 18650 lithium-ion cells. The brains of the robot is an ESP32-CAM—a microcontroller board which includes a built-in camera. Thanks to its onboard Wi-Fi, it’s able to host its own website that allows control of the robot and transmits back pictures from the camera. The ESP32 cam itself is mounted on the “head” on the robot for a good field of view. Meanwhile, it communicates with a separate Arduino Nano which is charged with generating pulses to run the drive servos. Code is on Github for the curious.

It’s not a complicated robot by any means—it’s pretty much just something you can drive around and look through the camera, at this stage. Still, it’s got plenty of onboard processing power and you could do a lot more with it. Plus, the wireless control opens up a lot of options. With that said, you’d probably get sick of the LED bulb wheels in short order—they offer precious little grip on just about any surface. Really, though, it just goes to show you how a bit of junk e-waste can make a cute robot—it almost has Wall-E vibes. Video after the break.

youtube.com/embed/d39NgJqNWr8?…

hackaday.com/2025/03/17/simple…

If you’re the sort who finds beauty in symmetry – and I’m not talking about your latest PCB layout – then you’ll appreciate this clever take on the long-tailed pair. [Kevin]’s video on this topic explores boosting common mode rejection by swapping out the old-school tail resistor for a current mirror. Yes, the humble current mirror – long underestimated in DIY analog circles – steps up here, giving his differential amplifier a much-needed backbone.

So why does this matter? Well, in Kevin’s bench tests, this hack more than doubles the common mode rejection, leaping from a decent 35 dB to a noise-crushing 93 dB. That’s not just tweaking for tweaking’s sake; that’s taking a breadboard standard and making it ready for sensitive, low-level signal work. Instead of wrestling with mismatched transistors or praying to the gods of temperature stability, he opts for a practical approach. A couple of matched NPNs, a pair of emitter resistors, and a back-of-the-envelope resistor calculation – and boom, clean differential gain without the common mode muck.

If you want the nitty-gritty details, schematics of the demo circuits are on his project GitHub. Kevin’s explanation is equal parts history lesson and practical engineering, and it’s worth the watch. Keep tinkering, and do share your thoughts on this.

youtube.com/embed/MG1PXJ36-GA?…

hackaday.com/2025/03/17/curren…

On paper, electricity behaves in easy-to-understand, predictable ways. That’s mostly because the wires on the page have zero resistance and the switching times are actually zero, whereas in real life neither of these things are true. That’s what makes things like switch-mode power supplies (SMPS) difficult to build and troubleshoot. Switching inductors and capacitors tens or hundreds of thousands of times a second (or more) causes some these difficulties to arise when these devices are built in the real world. [FesZ Electronis] takes a deep dive into some of the reasons these difficulties come up in this video.

The first piece of electronics that can generate noise in an SMPS are the rectifier diodes. These have a certain amount of non-ideal capacitance as well as which causes a phenomenon called reverse current, but this can be managed by proper component choice to somewhat to limit noise.

The other major piece of silicon in power supplies like this that drives noise are the switching transistors. Since the noise is generally caused by the switching itself, there is a lot that can be done here to help limit it. One thing is to slow down the amount of time it takes to transition between states, limiting the transients that form as a result of making and breaking connections rapidly. The other, similar to selecting diodes, is to select transistors that have properties (specifically relating to inherent capacitances) that will limit noise generation in applications like this.

Of course there is a lot more information as well as charts and graphs in [FesZ]’s video. He’s become well-known for deep dives into practical electrical engineering topics like these for a while now. We especially like his videos about impedance matching as well as a more recent video where he models a photovoltaic solar panel in SPICE.

youtube.com/embed/2Vi2MoN7Mhw?…

hackaday.com/2025/03/17/turnin…

Immagina di cercare un software utile su GitHub, magari un tool per ottimizzare il sistema o un cheat per un videogioco. Scarichi un file, lo esegui e… senza saperlo, hai appena installato un malware che ruba i tuoi dati più sensibili. Questa non è una storia ipotetica, ma una realtà concreta svelata recentemente da Trend Micro in un’indagine che mostra come i cybercriminali stiano sfruttando l’intelligenza artificiale per generare repository fasulli e diffondere malware come SmartLoader e Lumma Stealer.

Con repository ben costruiti e documentazione apparentemente credibile, gli hacker ingannano gli utenti e li spingono a scaricare software dannoso, il tutto sfruttando la fiducia che la community ripone in GitHub. In questo articolo approfondiremo il fenomeno e analizzeremo un caso concreto attraverso una rappresentazione visiva della rete di infezione.

GitHub Come Arma: L’Inganno con l’AI

La nuova frontiera dell’attacco informatico sfrutta l’AI per generare repository dall’aspetto autentico. Gli attaccanti non si limitano più a caricare file dannosi, ma creano intere pagine con README dettagliati, commit storici, finti problemi aperti e persino pull request false, rendendo difficile distinguere il codice reale da quello malevolo. Il trucco è semplice: mascherare il malware all’interno di file ZIP contenenti script Lua offuscati, che una volta eseguiti scaricano e attivano il payload finale.

I repository in questione promettono software molto richiesti, come strumenti di cracking, cheat per videogiochi e utility di sistema, attirando così utenti curiosi o in cerca di programmi gratuiti. Una volta scaricato ed eseguito il file, entra in azione SmartLoader, che funge da trampolino di lancio per Lumma Stealer, un malware specializzato nel furto di credenziali, criptovalute e dati personali.

Analisi della Rete di Infezione: Decifrare l’Attacco

Per comprendere meglio l’impatto di questa minaccia, analizziamo l’immagine caricata, che mostra una dettagliata rete di correlazioni tra vari indicatori di compromissione (IoC).

Nodo Centrale: L’Attaccante e il Malware

Al centro della rete troviamo un identificativo chiave: Walter Kurita, un probabile alias dell’attore della minaccia. Da qui si diramano connessioni verso due malware principali:

• SmartLoader, che funge da primo stadio dell’infezione, caricando il payload principale.
• Lumma Stealer, un infostealer avanzato progettato per rubare credenziali e dati sensibili.

Entrambi i malware sono collegati a una serie di TTP (Tactics, Techniques, and Procedures) del framework MITRE ATT&CK, che ne delineano le modalità operative, tra cui:

• Esecuzione di codice dannoso (script Lua offuscati)
• Esfiltrazione di credenziali (browser, wallet, 2FA)
• Comunicazione con server di comando e controllo (C2)

Infrastruttura di C2 e Diffusione

L’analisi dell’immagine rivela che il malware si connette a diversi indirizzi IP e domini malevoli, tra cui:

• pasteflawed.world
• 160.241.105.82
• 213.176.73.80
• 94.168.114.56, ecc.

Questi indirizzi sono usati per ricevere comandi e inviare dati rubati agli attaccanti. Inoltre, l’immagine evidenzia come i repository fake siano associati a diverse hash di file, suggerendo una distribuzione su larga scala con varianti del malware per eludere i controlli di sicurezza.

Perché Questa Minaccia è Così Pericolosa?

Questa campagna dimostra come gli attacchi informatici stiano diventando sempre più sofisticati e mirati. L’uso dell’AI per creare repository falsi rappresenta un’evoluzione pericolosa, perché sfrutta la reputazione di GitHub e la fiducia degli utenti.

I punti critici di questa minaccia includono:

• Evasione dei controlli di sicurezza: GitHub è considerato affidabile e raramente viene bloccato dagli antivirus.
• Scalabilità: grazie all’AI, gli attaccanti possono generare rapidamente nuovi repository dopo la rimozione di quelli segnalati.
• Diversificazione dei target: dagli sviluppatori ai gamer, chiunque può cadere vittima dell’inganno.

Come Proteggersi

Per non cadere in queste trappole, ecco alcune best practice fondamentali:

• Verificare sempre i repository GitHub: controllare chi li ha creati, leggere i commenti e verificare il numero di contributori.
• Evitare di scaricare software da fonti non verificate: se qualcosa sembra troppo bello per essere vero, probabilmente lo è.
• Utilizzare strumenti di sicurezza avanzati: soluzioni di threat intelligence possono individuare attività sospette.
• Mantenere i dispositivi aggiornati: aggiornare regolarmente il sistema operativo e il software di sicurezza.
• Formazione continua: essere consapevoli delle nuove minacce aiuta a non farsi ingannare.

Questa campagna, documentata da Trend Micro, è un chiaro esempio di come l’intelligenza artificiale stia cambiando il panorama delle minacce informatiche. L’uso di repository GitHub fasulli per distribuire malware dimostra l’importanza di un approccio di sicurezza sempre più proattivo.

Con l’evoluzione delle minacce, anche la nostra consapevolezza deve crescere. Prestare attenzione, adottare buone pratiche e utilizzare strumenti di difesa avanzati sono le chiavi per proteggersi in un mondo digitale sempre più insidioso.

L'articolo Cyber Inganno: Come l’AI Sta Trasformando GitHub in una Minaccia proviene da il blog della sicurezza informatica.

Braun was once a mighty pillar of industrial design; a true titan of the mid-century era. Many of the company’s finest works have been forgotten outside of coffee table books and vintage shops. [Distracted by Design] wanted to bring one of the classics back to life—the Braun HL70 desk fan.

The original was quite a neat little device. It made the most of simple round shapes and was able to direct a small but refreshing stream of air across one’s desk on a warm day. In reality, it was probably bought as much for its sleek aesthetics as for its actual cooling ability.

Obviously, you can’t just buy one anymore, so [Distracted by Design] turned to 3D printing to make their own. The core of the build was a mains-powered motor yanked out of a relatively conventional desk fan. However, it was assembled into a far more attractive enclosure that was inspired by the Braun HL70, rather than being a direct copy. We get a look at both the design process and the final assembly, and the results are quite nice. It feels like a 2025 take on the original in a very positive sense.

Files are available on Printables for the curious. It’s not the first time we’ve contemplated fancy fans and their designs. Video after the break.

youtube.com/embed/dhpZZj1WnV4?…

hackaday.com/2025/03/17/recrea…

Handy diagnostic LEDs on the side of the tone generator boards. (Credit: Mend it Mark, YouTube)
Somehow, an Elka Synthex analog synthesizer made it onto [Mend it Mark]’s repair bench recently. It had a couple of dud buttons, and some keys produced the wrong tone. Remember, this is a completely analog synthesizer from the 1980s, so we’re talking basic 74LS chips and kin. Fortunately, Elka helped him with the complete repair manual, including schematics.

As usual, [Mark] starts by diagnosing the faults, using the schematics to mark the parts of the circuitry to focus on. Then, the synth’s bonnet is popped open to reveal its absolutely gobsmackingly delightful inner workings, with neatly modular PCBs attached to a central backplane. The entire unit is controlled by a 6502 MPU, with basic counter ICs handling tone generation, controlled by top panel settings.

The Elka Synthex is a polyphonic analog synthesizer produced from 1981 to 1985 and used by famous artists, including Jean-Michel Jarre. Due to its modular nature, [Mark] was quickly able to hunt down the few defective 74LS chips and replace them before testing the instrument by playing some synth tunes from Jean-Michel Jarre’s Oxygène album, as is proper with a 1980s synthesizer.

Looking for something simpler? Or, perhaps, you want something not quite that simple.

youtube.com/embed/EaWjzvzZ6WY?…

hackaday.com/2025/03/17/repair…

It’s generally pretty easy to spot a microcontroller on a PCB. There are clues aplenty: the more-or-less central location, the nearby crystal oscillator, the maze of supporting passives, and perhaps even an obvious flash chip lurking about. The dead giveaway, though, is all those traces leading to the chip, betraying its primacy in the circuit. As all roads lead to Rome, so it often is with microcontrollers.

It looks like that may be about to change, though, based on Texas Instruments’ recent announcement of a line of incredibly small Arm-based microcontrollers. The video below shows off just how small the MSPM0 line can be, ranging from a relatively gigantic TSSOP-20 case down to an eight-pin BGA package that measures only 1.6 mm by 0.86 mm. That’s essentially the size of an 0603 SMD resistor, a tiny footprint for a 24-MHz Cortex M0+ MCU with 16-kB of flash, 1-kB of SRAM, and a 12-bit ADC. The larger packages obviously have more GPIO brought out to pins, but even the eight-pin versions support six IO lines.

Of course, it’s hard not to write about a specific product without sounding like you’re shilling for the company, but being first to market with an MCU in this size range is certainly newsworthy. We’re sure other manufacturers will follow suit soon enough, but for now, we want to know how you would go about using a microcontroller the size of a resistor. The promo video hints at TI’s target market for these or compact wearables by showing them used in earbuds, but we suspect the Hackaday community will come up with all sorts of creative and fun ways to put these to use — shoutout to [mitxela], whose habit of building impossibly small electronic jewelry might be a good use case for something like this.

There may even be some nefarious use cases for a microcontroller this small. We were skeptical of the story about “spy chips” on PC motherboards, but a microcontroller that can pass for an SMD resistor might change that equation a bit. There’s also the concept of “Oreo construction” that these chips might make a lot easier. A board with a microcontroller embedded within it could be a real security risk, but on the other hand, it could make for some very interesting applications.

What’s your take on this? Can you think of applications where something this small is enabling? Or are microcontrollers that are likely to join the dust motes at the back of your bench after a poorly timed sneeze a bridge too far? Sound off in the comments below.

youtube.com/embed/pPQqsCg6vCQ?…

hackaday.com/2025/03/17/ask-ha…

Are you using a desk mouse like some kind of… normal computer user? Why, beg the heavens? For you could be using an air mouse, of your very own creation! [Misfit Maker] shows the way. Check out what he made in the video below.

An air mouse is a mouse you use in the air—which creates at least one major challenge. Since you’re not sliding along a surface, you can’t track the motion by mechanical friction like a ball mouse or by imaging as in an optical mouse. Instead, this build relies on a gyroscope sensor to track motion and translate that into pointer commands. The build relies on an ESP32-C3 as the microcontroller at the heart of things. It communicates with an MPU6050 gyroscope and accelerometer to track motion in space. It then communicates as a human interface device over Bluetooth, so you can use it with lots of different devices. The mouse buttons—plus media control buttons—are all capacitive touch-sensitive, thanks to an MPR121 touch sensor module.

There’s something neat about building your own tools to interface with the machines, almost like it helps meld the system to your whims. We see a lot of innovative mouse and HID projects around these parts.

youtube.com/embed/-Z1N2IomKbg?…

hackaday.com/2025/03/17/build-…

In 2015, Tim Ellis and Jordan Noone founded Relativity Space around an ambitious goal: to be the first company to put a 3D printed rocket into orbit. While additive manufacturing was already becoming an increasingly important tool in the aerospace industry, the duo believed it could be pushed further than anyone had yet realized.

Rather than assembling a rocket out of smaller printed parts, they imagined the entire rocket being produced on a huge printer. Once the methodology was perfected, they believed rockets could be printed faster and cheaper than they could be traditionally assembled. What’s more, in the far future, Relativity might even be able to produce rockets off-world in fully automated factories. It was a bold idea, to be sure. But then, landing rockets on a barge in the middle of the ocean once seemed pretty far fetched as well.
An early printed propellant tank.
Of course, printing something the size of an orbital rocket requires an exceptionally large 3D printer, so Relativity Space had to built one. It wasn’t long before the company had gotten to the point where they had successfully tested their printed rocket engine, and were scaling up their processes to print the vehicle’s propellant tanks. In 2018 Bryce Salmi, then an avionics hardware engineer at Relatively Space, gave a talk at Hackaday Supercon detailing the rapid progress the company had made so far.

Just a few years later, in March of 2023, the Relativity’s first completed rocket sat fueled and ready to fly on the launch pad. The Terran 1 rocket wasn’t the entirely printed vehicle that Ellis and Noone had imagined, but with approximately 85% of the booster’s mass being made up of printed parts, it was as close as anyone had ever gotten before.

The launch of Terran 1 was a huge milestone for the company, and even though a problem in the second stage engine prevented the rocket from reaching orbit, the flight proved to critics that a 3D printed rocket could fly and that their manufacturing techniques were sound. Almost immediately, Relativity Space announced they would begin work on a larger and more powerful successor to the Terran 1 which would be more competitive to SpaceX’s Falcon 9.

Now, after an administrative shakeup that saw Tim Ellis replaced as CEO, the company has released a nearly 45 minute long video detailing their plans for the next Terran rocket — and explaining why they won’t be 3D printing it.

Meet the New Boss

For the mainstream press, the biggest story has been that former Google chief Eric Schmidt would be taking over as Relativity’s CEO. Tim Ellis will remain on the company’s board, but likely won’t have much involvement in the day-to-day operation of the company. Similarly, co-founder Jordan Noone stepped down from chief technology officer to take on an advisory role back in 2020.
Eric Schmidt
With the two founders of the company now sidelined, and despite the success of the largely 3D printed Terran 1, the video makes it clear that they’re pursuing a more traditional approach for the new Terran R rocket. At several points in the presentation, senior Relativity staffers explain the importance of remaining agile in the competitive launch market, and caution against letting the company’s historic goals hinder their path forward. They aren’t abandoning additive manufacturing, but it’s no longer the driving force behind the program.

For his part, The New York Times reports that Schmidt made a “significant investment” in Relativity Space to secure controlling interest in the company and his new position as CEO, although the details of the arrangement have so far not been made public. One could easily dismiss this move as Schmidt’s attempt to buy into the so-called “billionaire space race”, but it’s more likely he simply sees it as an investment in a rapidly growing industry.

Even before he came onboard, Relativity Space had amassed nearly $3 billion in launch contracts. Between his considerable contacts in Washington, and his time as the chair of the DoD’s Defense Innovation Advisory Board, it’s likely Schmidt will attempt to put Relativity the running for lucrative government launches as well.

All they need is a reliable rocket, and they’ll have a revenue stream for years.

Outsourcing Your Way to Space

In general, New Space companies like SpaceX and Rocket Lab have been far more open about their design and manufacturing processes than the legacy aerospace players. But even still, the video released by Relativity Space offers an incredibly transparent look at how the company is approaching the design of Terran R.

One of the most interesting aspects of the rocket’s construction is how many key components are being outsourced to vendors. According to the video, Relativity Space has contracted out the manufacturing of the aluminium “domes” that cap off the propellant tanks, the composite overwrapped pressure vessels (COPVs) that hold high pressure helium at cryogenic temperatures, and even the payload fairings.

This isn’t like handing the construction of some minor assemblies off to a local shop — these components are about as flight-critical as you can possibly get. In 2017, SpaceX famously lost one of their Falcon 9 rockets (and its payload) in an explosion on the launch pad due to a flaw in one of the booster’s COPVs. It’s believed the company ultimately brought production of COPVs in-house so they could have complete control of their design and fabrication.
Unpacking a shipment of composite overwrapped pressure vessels (COPVs) for Terran R
Farming out key components of Terran R to other, more established, aerospace companies is a calculated risk. On one hand, it will allow Relativity Space to accelerate the booster’s development time, and in this case time is very literally money. The sooner Terran R is flying, the sooner it can start bringing in revenue. The trade-off is that their launch operations will become dependent on the performance of said companies. If the vendor producing their fairings runs into a production bottleneck, there’s little Relativity Space can do but wait. Similarly, if the company producing the propellant tank domes decides to raise their prices, that eats into profits.

For the long term security of the project, it would make the most sense for Relativity to produce all of Terran R’s major components themselves. But at least for now, the company is more concerned with getting the vehicle up and running in the most expedient manner possible.

Printing Where it Counts

Currently, 3D printing a tank dome simply takes too long.
In some cases, this is where Relativity is still banking on 3D printing in the long term. As explained in the video by Chief Technology Officer Kevin Wu, they initially planned on printing the propellant tank domes out of aluminum, but found that they couldn’t produce them at a fast enough rate to support their targeted launch cadence.

At the same time, the video notes that the state-of-the-art in metal printing is a moving target (in part thanks to their own research and development), and that they are continuing to improve their techniques in parallel to the development of Terran R. It’s not hard to imagine a point in the future where Relativity perfects printing the tank domes and no longer needs to outsource them.

While printing the structural components of the rocket hasn’t exactly worked out as Relativity hoped, they are still fully committed to printing the booster’s Aeon R engines. Printing the engine not only allows for rapid design iteration, but the nature of additive manufacturing makes it easy to implement features such as integrated fluid channels which would be difficult and expensive to produce traditionally.
Printing an Aeon R engine
Of course, Relativity isn’t alone in this regard. Nearly every modern rocket engine is using at least some 3D printed components for precisely the same reasons, and they have been for some time now.

Which in the end, is really the major takeaway from Relativity’s update video. Though the company started out with an audacious goal, and got very close to reaching it, in the end they’ve more or less ended up where everyone else in aerospace finds themselves in 2025. They’ll use additive manufacturing where it makes sense, partner with outside firms when necessary, and use traditional manufacturing methods where they’ve proven to be the most efficient.

It’s not as exciting as saying you’ll put the world’s first 3D printed rocket into space, to be sure. But it’s the path that’s the most likely to get Terran R on the launch pad within the next few years, which is where they desperately need to be if they’ll have any chance of catching up to the commercial launch providers that are already gobbling up large swaths of the market.

hackaday.com/2025/03/17/relati…

WELCOME BACK TO DIGITAL POLITICS. I'm Mark Scott, and the newsletter skews hard toward North America this week. As a counterweight: I'm in Geneva on March 24 to talk about data governance and tech sovereignty — if anyone is in town and wants to say hi.

— The new White House administration is finding its feet on digital policy. Its approach to greater oversight (or lack of it) is not as clear cut as you may think.

— Canada is gearing up for a snap nationwide election. Officials are worried about foreign interference from Russia, China... and the United States.

— The European Union announced a series of 'AI Factories' to jumpstart the bloc's use of artificial intelligence infrastructure to boost growth.

Let's get started:

digitalpolitics.co/postcard-fr…

WELCOME BACK TO DIGITAL POLITICS. I'm Mark Scott, and the newsletter skews hard toward North America this week. As a counterweight: I'm in Geneva on March 24 to talk about data governance and tech sovereignty — if anyone is in town and wants to say hi.

— The new White House administration is finding its feet on digital policy. Its approach to greater oversight (or lack of it) is not as clear cut as you may think.

— Canada is gearing up for a snap nationwide election. Officials are worried about foreign interference from Russia, China... and the United States.

— The European Union announced a series of 'AI Factories' to jumpstart the bloc's use of artificial intelligence infrastructure to boost growth.

Let's get started:

digitalpolitics.co/newsletter0…

Some slicers have introduced brick layers, and more slicers plan to add them. Until that happens, you can use this new script from [Geek Detour] to get brick layer goodness on Prusa, Orca, and Bambu slicers. Check out the video below for more details.

The idea behind brick layers is that outer walls can be stronger if they are staggered vertically so each layer interlocks with the layer below it. The pattern resembles a series of interlocking bricks and can drastically increase strength. Apparently, using the script breaks the canceling object functionality in some printers, but that’s a small price to pay. Multi-material isn’t an option either, but — typically — you’ll want to use the technique on functional parts, which you probably aren’t printing in colors. Also, the Arachne algorithm option only works reliably on Prusa slicer, so far.

The video covers a lot of detail on how hard it was to do this in an external script, and we are impressed. It should be easier to write inside the slicer since it already has to figure out much of the geometry that this script has to figure out by observation.

If you want more information, we’ve covered brick layers (and the controversy around them) back in November. Of course, scripts that add functions to slicers, tend to get outdated once the slicers catch up.

youtube.com/embed/qqJOa46OTTs?…

hackaday.com/2025/03/17/3d-pri…

Shell scripting is an often forgotten programming environment, relegated to simple automation tasks and little else. In fact, it’s possible to achieve much more complex tasks in the shell. As an example, here’s [calebccf] with an emulated 6502 system in a busybox ash shell script.

What’s in the emulator? A simple 6502 system with RAM, ROM, and an emulated serial port on STDIO. It comes with the wozmon Apple 1 monitor and BASIC, making for a very mid-1970s experience. There’s even a built-in monitor and debugger, which from our memories of debugging hand-assembled 8-bit code back in the day, should be extremely useful.

Although the default machine has a generous 32k of RAM and 16k ROM, you can easily adjust these limits by editing machine.sh. In addition, you can get a log of execution via a socket if you like. Don’t expect it to run too fast, and we did have to adjust the #! line to get it to run on our system (we pointed it to bash, but your results may vary).

What you use this for is up to you, but we’re sure you’ll all agree it’s an impressive feat in the shell. It’s not the first time we’ve seen some impressive feats there, though. Our Linux Fu column does a lot with the shell if you want further inspiration.

hackaday.com/2025/03/17/a-6502…

Uno stato della Micronesia è stato colpito da un attacco ransomware che ha messo fuori uso l’intera rete informatica del ministero della Salute locale. Secondo le autorità, gli hacker sono penetrati nel sistema l’11 marzo, dopodiché la rete è stata completamente disattivata per motivi di sicurezza e tutti i computer sono stati spenti per prevenire ulteriori danni.

Ai residenti dello stato di Yap, che ha una popolazione di circa 12.000 abitanti, è stato detto che il dipartimento sanitario non ha più accesso ad internet e tutti i sistemi medici digitali e i server di posta elettronica non sono disponibili.

Le autorità hanno assicurato che i servizi medici continuano a essere forniti, ma la loro velocità è notevolmente diminuita a causa delle violazioni verificatesi.
L'attacco informatico interrompe i servizi sanitari di Yap, il dipartimento lavora per ripristinare i sistemi
12 marzo 2025, /// DYCA PIO

L'11 marzo 2025, alle 15:00, l'unità IT del Dipartimento dei servizi sanitari di Yap ha rilevato un attacco informatico ransomware sulla rete. In risposta, l'intera rete è stata messa offline. Di conseguenza, il Dipartimento ora non ha connettività Internet e tutti i computer sono stati disattivati ​​per prevenire ulteriori danni. Il DHS sta lavorando con il Dipartimento della salute e degli affari sociali dell'FSM e con appaltatori IT privati ​​per valutare l'entità dell'infiltrazione, determinare quali dati sono stati violati e ripristinare i servizi online il prima possibile al momento.

Le comunicazioni e-mail tramite i server sanitari e tutti i sistemi sanitari digitali sono stati interrotti. Il Dipartimento ha rassicurato il pubblico che i servizi continuano, ma ha chiesto pazienza e comprensione poiché i servizi saranno più lenti di prima a causa delle interruzioni. Il Dipartimento pubblicherà aggiornamenti man mano che la situazione si evolve.
L’agenzia sta attualmente collaborando con appaltatori IT privati ​​e agenzie governative per ripristinare il sistema e determinare l’entità della penetrazione. Al momento nessun gruppo ha rivendicato la responsabilità dell’attacco.

La Micronesia, che comprende quattro stati (Yap, Chuuk, Pohnpei e Kusaie) e oltre 600 isole, non è estranea agli attacchi informatici. Negli ultimi anni si è registrato un aumento di incidenti di questo tipo nella regione. Nel 2024, gli hacker criminali hanno effettuato un attacco sul Ministero delle Finanze di Palau, e nel 2023 si è verificata una serie di attacchi informatici alle isole del Pacifico, in particolare sull’isola Tonga, Guadalupa e Vanuatu.

Il ransomware sta prendendo sempre più di mira le nazioni più piccole, dotate di risorse limitate per proteggere l’infrastruttura di rete, lasciando i sistemi vulnerabili agli hacker che utilizzano metodi di attacco sofisticati per estorcere denaro e compromettere i dati.

L'articolo Non Sono Chiacchiere! L’ennesimo Ospedale Offline e 12.000 persone del bacino a rischio proviene da il blog della sicurezza informatica.

Gli esperti di Lookout hanno scoperto un nuovo spyware per Android chiamato KoSpy. Il malware è collegato agli hacker nordcoreani ed è stato trovato nello store ufficiale di Google Play e nello store di terze parti APKPure come parte di almeno cinque app.

Secondo i ricercatori, lo spyware è collegato al gruppo nordcoreano APT37 (noto anche come ScarCruft). La campagna che utilizza questo malware è attiva da marzo 2022 e, a giudicare dai campioni di malware, gli hacker stanno attivamente migliorando il loro sviluppo.

La campagna di spionaggio è rivolta principalmente agli utenti coreani e di lingua inglese. KoSpy si maschera da file manager, strumenti di sicurezza e aggiornamenti per vari software.

In totale, gli esperti di Lookout hanno trovato cinque applicazioni: 휴대폰 관리자 (Phone Manager), File Manager (com.file.exploer), 스마트 관리자 (Smart Manager), 카카오 보안 (Kakao Security) e Software Update Utility.

Quasi tutte le app dannose forniscono effettivamente almeno alcune delle funzionalità promesse, ma scaricano anche KoSpy in background. L’unica eccezione è Kakao Security. Questa app mostra solo una finta finestra di sistema, chiedendo l’accesso a permessi pericolosi.

I ricercatori attribuiscono la campagna ad APT37 basandosi sugli indirizzi IP precedentemente associati alle operazioni degli hacker nordcoreani, sui domini utilizzati per distribuire il malware Konni e sulle infrastrutture che si sovrappongono a un altro gruppo di hacker nordcoreano, APT43.

Una volta attivato su un dispositivo, KoSpy recupera un file di configurazione crittografato dal database Firebase Firestore per evitare di essere rilevato.

Il malware si connette quindi al server di comando e controllo e verifica se è in esecuzione nell’emulatore. Il malware può ricevere impostazioni aggiornate dal server degli aggressori, payload aggiuntivi da eseguire e può anche essere attivato o disattivato dinamicamente utilizzando uno speciale interruttore.

KoSpy si concentra principalmente sulla raccolta dati, le sue capacità sono le seguenti:

• intercettazione di SMS e registri delle chiamate;
• Monitoraggio GPS in tempo reale della posizione della vittima;
• lettura e recupero di file dall’archiviazione locale;
• utilizzo del microfono del dispositivo per registrare l’audio;
• utilizzo della fotocamera del dispositivo per scattare foto e registrare video;
• creazione di screenshot dello schermo del dispositivo;
• Intercettazione di sequenze di tasti utilizzando i Servizi di accessibilità Android.

Ogni app utilizza un progetto e un server Firebase separati per “drenare” i dati, che vengono crittografati con una chiave AES codificata prima della trasmissione.

Sebbene le app dannose siano state rimosse da Google Play e APKPure, i ricercatori avvertono che gli utenti dovranno rimuovere manualmente il malware dai loro dispositivi e anche scansionare i loro gadget con strumenti di sicurezza per eliminare qualsiasi infezione residua. In alcuni casi potrebbe essere necessario ripristinare le impostazioni di fabbrica

L'articolo Gli Hacker Nordcoreani impiantano malware nelle App del PlayStore proviene da il blog della sicurezza informatica.

Negli ultimi mesi, il panorama dell’hacktivismo cibernetico ha visto un’intensificazione degli scontri tra gruppi di hacktivisti con orientamenti geopolitici opposti. In particolare, abbiamo visto il collettivo filorusso NoName057(16) impegnato in una serie di attacchi informatici ai danni dell’Italia, colpendo anche diversi obiettivi istituzionali.

Questa volta, il gruppo di hacktivisti italiani, Anonymous Italia, ha colpito recentemente differenti obiettivi russi, effettuando attacchi attraverso la tecnica del “deface”.

Defacement vs DDoS: Due Tecniche a Confronto

Nel panorama dell’hacktivismo cibernetico, le tecniche di attacco utilizzate dai gruppi hacker variano in base agli obiettivi e alle strategie adottate.

Due delle metodologie più diffuse sono il defacement e gli attacchi Distributed Denial-of-Service (DDoS), strumenti con finalità differenti ma entrambi capaci di generare impatti significativi sulle infrastrutture digitali. Mentre il defacement mira a modificare il contenuto di un sito web per trasmettere un messaggio politico o ideologico, il DDoS ha lo scopo di sovraccaricare un servizio online fino a renderlo inaccessibile.

Negli scontri tra hacktivisti, queste due tecniche sono state ampiamente utilizzate per colpire obiettivi avversari. Ad esempio Anonymous Italia preferisce il defacement, alterando i siti per diffondere specifici contenuti di interesse politico. Altri hacktivisti (come i filorussi di NoName057(16) o Killnet) hanno adottato il DDoS per colpire siti governativi e infrastrutture critiche causando disservizi temporanei.

La tecnica del Deface

Il defacement è una tecnica di attacco informatico in cui un aggressore modifica il contenuto di un sito web senza autorizzazione, sostituendo le pagine originali con messaggi politici, propaganda o semplici segni distintivi della propria attività. Questo tipo di attacco viene spesso utilizzato da gruppi hacktivisti per diffondere messaggi ideologici o da cyber criminali per danneggiare la reputazione di un’organizzazione.♦

Tuttavia, il defacement non è solo una questione di immagine: per poter alterare il contenuto di un sito, l’attaccante deve prima comprometterne la sua sicurezza. Questo avviene generalmente attraverso due metodi principali:

• Accesso con credenziali amministrative rubate o deboli – Gli hacker potrebbero ottenere le credenziali di accesso attraverso phishing, log di infostealer, canali telegram, credenziali predefinite mai cambiate o attacchi di forza bruta. Una volta ottenuto l’accesso, possono alterare le pagine del sito con estrema facilità
• Sfruttamento di vulnerabilità del software – Alcuni attacchi di defacement avvengono tramite Remote Code Execution (RCE) o altre vulnerabilità critiche nei CMS (Content Management System) o nei server web. Se il software della piattaforma non è aggiornato o presenta falle di sicurezza, un attaccante può eseguire comandi arbitrari sul sistema e modificare i file del sito.

Quando un sito subisce un defacement, è fondamentale non limitarsi a ripristinare il contenuto originale, ma avviare un’operazione di Incident Response per comprendere l’entità dell’attacco. L’attaccante potrebbe aver effettuato movimenti laterali all’interno della rete, compromettendo dati e sistemi collegati.

Hacktivismo cibernetico e legge

Come abbiamo visto, l’hacktivismo cibernetico rappresenta l’unione tra hacking e attivismo politico o sociale, utilizzando strumenti digitali per promuovere cause, denunciare ingiustizie o opporsi a governi e aziende. Gli hacktivisti impiegano tecniche di attacco informatico per attirare l’attenzione pubblica su questioni etiche, politiche o ambientali. Tuttavia, nonostante l’intento possa essere mosso da ideali di giustizia, queste azioni si scontrano spesso con le normative vigenti, che le considerano alla stregua di atti di criminalità informatica.

Mentre alcuni Stati tollerano certe forme di attivismo digitale se non causano danni diretti, la maggior parte delle legislazioni equipara gli attacchi informatici a crimini gravi, punibili con pene severe. Norme come il Computer Fraud and Abuse Act (CFAA) negli Stati Uniti o il Regolamento Generale sulla Protezione dei Dati (GDPR) in Europa vengono spesso usate per perseguire gli hacktivisti, anche quando le loro azioni mirano a esporre violazioni dei diritti umani o corruzione.

L’equilibrio tra sicurezza nazionale, libertà di espressione e diritto all’informazione è al centro delle discussioni legali sull’hacktivismo. Mentre alcuni lo vedono come una forma di protesta legittima nell’era digitale, altri lo considerano una minaccia alla stabilità informatica e alla privacy. La sfida per i legislatori è definire confini chiari tra atti di dissenso digitale e crimini informatici, garantendo che la repressione dell’hacktivismo non diventi un pretesto per limitare la libertà di espressione e il diritto all’accesso alle informazioni.

L'articolo Gli Hacktivisti di Anonymous Italia colpiscono nuovi obiettivi in Russia proviene da il blog della sicurezza informatica.

The Amiga has a lot of fans, and rightly so. The machine broke a lot of ground. However, according to [Dave Farquhar], one of the most popular models today — the Amiga 600 — was reviled in 1992 by just about everyone. One of the last Amigas, it was supposed to be a low-cost home computer but was really just a repackaged Amiga 1000, a machine already seven years old which, at the time, might as well have been decades. The industry was moving at lightspeed back then.

[Dave] takes a look at how Commodore succeeded and then lost their way by the time the 600 rolled out. Keep in mind that low-cost was a relative term. A $500 price tag was higher than it seems today and even at that price, you had no monitor or hard drive. So at a $1,000 for a practical system you might as well go for a PC which was taking off at the same time.

By the time Commodore closed down, they had plenty of 600s left, but they also had refurbished 500s, and for many, that was the better deal. It was similar to the 500 but had more features, like an external port and easy memory expansion. Of course, both machines used the Motorola 68000. While that CPU has a lot of great features, by 1992, the writing was on the wall that the Intel silicon would win.

Perhaps the biggest issue, though, was the graphics system. The original Amiga outclassed nearly everything at the time. But, again, the industry was moving fast. The 600 wasn’t that impressive compared to a VGA. And, as [Dave] points out, it couldn’t run DOOM.

There’s more to the post. Be sure to check it out. It is a great look into the history of the last of a great line of machines. Maybe if Commodore had embraced PC interfaces, but we’ll never know. [Dave’s] take on the end of the Amiga echos others we’ve read. It wasn’t exactly Doom that killed the Amiga. It was more complicated than that. But Doom would have helped.

hackaday.com/2025/03/16/the-am…

If you think of old recording technology, you probably think of magnetic tape, either in some kind of cassette or, maybe, on reels. But there’s an even older technology that recorded voice on hair-thin stainless steel wire and [Mr. Carlson] happened upon a recorded reel of wire. Can he extract the audio from it? Of course! You can see and hear the results in the video below.

It didn’t hurt that he had several junk wire recorders handy, although he thought none were working. It was still a good place to start since the heads and the feed are unusual to wire recorders. Since the recorder needed a little work, we also got a nice teardown of that old device. The machine was missing belts, but some rubber bands filled in for a short-term fix.

The tape head has to move to keep the wire spooled properly, and even with no audio, it is fun to watch the mechanism spin both reels and move up and down. But after probing the internal pieces, it turns out there actually was some audio, it just wasn’t making it to the speakers.

The audio was noisy and not the best reproduction, but not bad for a broken recorder that is probably at least 80 years old. We hope he takes the time to fully fix the old beast later, but for now, he did manage to hear what was “on the wire,” even though that has a totally different meaning than it usually does.

It is difficult to recover wire recordings, just as it will be difficult to read modern media one day. If you want to dive deep into the technology, we can help with that, too.

youtube.com/embed/WJUOWRTBf0I?…

hackaday.com/2025/03/16/wire-r…

“The brickings will continue until the printer sales improve!” This whole printer-bricking thing seems to be getting out of hand with the news this week that a firmware update caused certain HP printers to go into permanent paper-saver mode. The update was sent to LaserJet MFP M232-M237 models (opens printer menu; checks print queue name; “Phew!) on March 4, and was listed as covering a few “general improvements and bug fixes,” none of which seem very critical. Still, some users reported not being able to print at all after the update, with an error message suggesting printing was being blocked thanks to non-OEM toner. This sounds somewhat similar to the bricked Brother printers we reported on last week (third paragraph).

The trouble is, some users are reporting the problem even if they had genuine HP toner installed. Disturbingly, HP support seems to be fine with this, saying that older HP toner “may no longer be recognized due to new security measures.” Well, there’s your problem, lady! The fix, of course, is to buy yet more genuine HP toner, even if your current cartridge still has plenty of life left in it. That’s a pretty deplorable attitude on HP’s part, and more than enough reason to disable automatic firmware updates, or better yet, just disconnect your printer from the Internet altogether.

Here’s a pro-tip for all you frustrated coders out there: no matter how hard the job gets, planting a logic bomb in your code is probably not the right way to go. That’s the lesson that one Davis Lu learned after being convicted of “causing intentional damage to protected computers” thanks to malicious code he planted in his employer’s system. Apparently not optimistic about his future prospects with Eaton Corp. back in 2018, Lu started adding code designed to run a series of infinite loops to delete user profiles. He also went for the nuclear option, adding code to shut the whole system down should it fail to find an Active Directory entry for him. That code was apparently triggered on the day he was fired in 2019, causing global problems for his former employer. Look, we’ve all been there; coding is often lonely work, and it’s easy to fantasize about coding up something like this and watching them squirm once they fire you. But if it gets that bad, you should probably put that effort into finding a new gig.

Then again, maybe the reason you’re dissatisfied with your coding job is that you know some smart-ass LLM is out there waiting to tell you that you don’t know how to code. That’s what happened to one newbie Cursor user who tried to get help writing some video game code from the AI code editor. The LLM spat back about 750 lines of code but refused to reveal the rest, and when he asked to explain why, it suggested that he should develop the logic himself so that he’d be able to understand and maintain the code, and that “Generating code for others can lead to dependency and reduced learning opportunities.” True enough, but do we really need our AI tools to cop an attitude?

And finally, if you’re anything like us, you’re really going to love this walking tour of a container ship’s mechanical spaces. The ship isn’t named, but a little sleuthing suggests it’s one of the Gülsün-class ships built for MSC in 2019, possibly the MSC Mina, but that’s just a guess. This 400-meter monster can carry 23,656 twenty-foot equivalent units, and everything about it is big. Mercifully, the tour isn’t narrated, not that it would have been possible, thanks to the screaming equipment in the engine room. There are captions, though, so you’ll at least have some idea of what you’re looking at in the immaculately clean and cavernously huge spaces. Seriously, the main engine room has to have at least a dozen floors; being on the engineering crew must mean getting your steps in every day. The most striking thing about the tour was that not a single other human being was visible during the entire hour. We suppose that’s just a testament to how automated modern vessels have become, but it still had a wonderfully creepy liminal feeling to it. Enjoy!

hackaday.com/2025/03/16/hackad…

Firefly’s Blue Ghost lander’s first look at the solar eclipse as it began to emerge from its Mare Crisium landing site on March 14 at 5:30 AM UTC. (Credit: Firefly Aerospace)
After recently landing at the Moon’s Mare Crisium, Firefly’s Blue Ghost lunar lander craft was treated to a spectacle that’s rarely observed: a total solar eclipse as seen from the surface of the Moon. This entire experience was detailed on the Blue Ghost Mission 1 live blog. As the company notes, this is the first time that a commercial entity has been able to observe this phenomenon.

During this event, the Earth gradually moved in front of the Sun, as observed from the lunar surface. During this time, the Blue Ghost lander had to rely on its batteries as it was capturing the solar eclipse with a wide-angle camera on its top deck.

Unlike the Blood Moon seen from the Earth, there was no such cool effect observed from the Lunar surface. The Sun simply vanished, leaving a narrow ring of light around the Earth. The reason for the Blood Moon becomes obvious, however, as the refracting of the sunlight through Earth’s atmosphere changes the normal white-ish light to shift to an ominous red.

The entire sequence of images captured can be observed in the video embedded on the live blog and below, giving a truly unique view of something that few humans (and robots) have so far been able to observe.

You can make your own lunar eclipse. Or, make your own solar eclipse, at least once a day.

youtube.com/embed/M2P-z_cXsOs?…

hackaday.com/2025/03/16/blue-g…

Current measurements are not as handy as voltage measurements. You typically need to either measure the voltage across something and do some math or break the circuit so a known resistor in your instrument develops a voltage your meter measures and converts for you. However, it is possible to get non-contact current probes. They are generally pricey, but [Kerry Wong] shows us one under $200 and, thus, budget compared to similar probes. Check out the review in the video below.

The OWON unit has three ranges: 4 A, 40 A, and 400 A. It claims a resolution of 10 mA and a bandwidth of 200 kHz. It requires a 9 V battery, which [Kerry] suspects won’t last very long given the rated power consumption number, although the measured draw was not as high as claimed. The specs aren’t great — this seems to be little more than a current probe meter with a connector for an oscilloscope, but if it meets your needs, that could be acceptable.

Stay tuned for the end if you want to see the insides. There’s not much on the PCB’s top side. There’s a hall-effect sensor, some adjustment pots, and an op amp. The other side of the board has many more components, but the circuit is purely analog.

It made us wonder if we should nip down to the local cheap tool store and buy a $40 meter with similar specs. It seems like you could find a spot to tap a voltage from that and save quite a bit of money.

It is possible to create a probe that doesn’t break the bank and manages at least 2 MHz of bandwidth. Or, make your own for about $25, although we can’t vouch for the specs on that one.

youtube.com/embed/ieQ-yPHMdo8?…

hackaday.com/2025/03/16/inside…

Proof-of-concept of the inductive coupling transmitter with the 12V version of the circuitry (Credit: Hyperspace Pirate, YouTube)
Everyone loves wireless power these days, almost vindicating [Tesla’s] push for wireless power. One reason why transmitting electricity this way is a terrible idea is the massive losses involved once you increase the distance between transmitter and receiver. That said, there are ways to optimize wireless power transfer using inductive coupling, as [Hyperspace Pirate] demonstrates in a recent video.

Starting with small-scale proof of concept coils, the final version of the transmitter is powered off 120 VAC. The system has 10 kV on the coil and uses a half-bridge driver to oscillate at 145 kHz. The receiver matches this frequency precisely for optimal efficiency. The transmitting antenna is a 4.6-meter hexagon with eight turns of 14 AWG wire. During tests, a receiver of similar size could light an LED at a distance of 40 meters with an open circuit voltage of 2.6 V.

Although it’s also an excellent example of why air core transformers like this are lousy for efficient remote power transfer, a fascinating finding is that intermediate (unpowered) coils between the transmitter and receiver can help to boost the range due to coupling effects. Even if it’s not a practical technology (sorry, [Tesla]), it’s undeniable that it makes for a great science demonstration.

Of course, people do charge phones wirelessly. It works, but it trades efficiency for convenience. Modern attempts at beaming power around seem to focus more on microwaves or lasers.

youtube.com/embed/adTKHcrOzMU?…

hackaday.com/2025/03/16/transm…

MSX computers were not very common in the United States, and we didn’t know what we were missing when they were popular. [Re:Enthused] shows us what would have been a fine machine in its day: a Panasonic FS-A1FM. Have a look at the video below to see the like-new machine.

The machine isn’t just an ordinary MSX computer. The keyboard is certainly unique, and it has an integrated floppy drive and a 1200-baud modem. The case proudly proclaims that the floppy is both double-sided and double-density. Like most MSX computers, it had a plethora of ports and, of course, a cartridge slot. Unfortunately, the machine looks great but has some problems that have not been repaired yet, so we didn’t get to see it running properly.

He was able to get to the MSX-DOS prompt to show along with the BIOS menu. We hope he manages to get the keyboard working, and we were glad to see another computer from that era we had not seen before.

We don’t think anyone made one at the time, but we’ve seen a modern take on a luggable MSX. Of course, you can emulate the whole thing on a Pi and focus on the aesthetics.

youtube.com/embed/80TtLHtVheI?…

hackaday.com/2025/03/16/a-look…

When your homebrew Yagi antenna only sort-of works, or when your WiFi cantenna seems moody on rainy days, we can assure you: it is not only you. You can stop doubting yourself once and for all after you’ve watched the Tech 101: Antennas webinar by [Dr. Jonathan Chisum].

[Jonathan] breaks it all down in a way that makes you want to rip out your old antenna and start fresh. It goes further than textbook theory; it’s the kind of knowledge defense techs use for real electronic warfare. And since it’s out there in bite-sized chunks, we hackers can easily put it to good use.

The key takeaway is that antenna size matters. Basically, it’s all about wavelength, and [Jonathan] hammers home how tuning antenna dimensions to your target frequency makes or breaks your signal. Whether you’re into omnis (for example, for 360-degree drone control) or laser-focused directional antennas for secret backyard links, this is juicy stuff.

If you’re serious about getting into RF hacking, watch this webinar. Then dig up that Yagi build, and be sure to send us your best antenna hacks.

youtube.com/embed/EFLLjtZUjuc?…

hackaday.com/2025/03/16/a-hack…

I ricercatori di Tenable hanno studiato la capacità del chatbot cinese DeepSeek di sviluppare malware (keylogger e ransomware). Il chatbot DeepSeek R1 è apparso a gennaio di quest’anno e da allora è riuscito a far molto rumore, anche a causa delle possibilità di jailbreaking.

Come tutti i principali LLM, DeepSeek è dotato di meccanismi di sicurezza per impedire che venga utilizzato per scopi dannosi, come la creazione di malware. Tuttavia, queste restrizioni possono essere aggirate abbastanza facilmente.

Quando gli viene chiesto direttamente di scrivere codice per un keylogger o un ransomware, DeepSeek si rifiuta di farlo, sostenendo di non poter aiutare con qualcosa che potrebbe essere dannoso o illegale.

Tuttavia, Tenable ha utilizzato un jailbreak per indurre il chatbot a scrivere codice dannoso e ha sfruttato le funzionalità CoT (chain-of-thought) di DeepSeek per migliorare i risultati.

La CoT imita il pensiero umano quando risolve problemi complessi, scomponendoli in passaggi sequenziali da seguire per raggiungere un obiettivo. Con il CoT, l’intelligenza artificiale “pensa ad alta voce” fornendo una descrizione dettagliata del suo processo di ragionamento.

Quando i ricercatori hanno utilizzato DeepSeek per creare un keylogger, l’intelligenza artificiale ha elaborato un piano per completare l’attività e poi ha preparato il codice C++. Il codice risultante era scritto con degli errori e il chatbot non è stato in grado di correggerne alcuni per creare un malware completamente funzionante senza l’intervento umano.

Tuttavia, dopo piccole modifiche, il codice keylogger generato da DeepSeek ha funzionato, intercettando i tasti premuti dall’utente. I ricercatori hanno poi utilizzato DeepSeek per migliorare ulteriormente il malware risultante, in particolare per ottenere una maggiore furtività e crittografarne i registri.

Per quanto riguarda lo sviluppo del ransomware, DeepSeek ha prima descritto l’intero processo e poi è riuscito a generare diversi campioni di malware per la crittografia dei file, ma nessuno di essi è stato compilato senza modificare manualmente il codice.

Grazie a ciò, i ricercatori sono riusciti a far funzionare alcuni campioni di ransomware. Il malware era dotato di meccanismi per elencare i file e mantenerli persistenti nel sistema, e visualizzava anche una finestra di dialogo che informava la vittima di essere sotto attacco ransomware.

“In pratica, DeepSeek è in grado di creare la struttura di base per il malware. Tuttavia, non è possibile farlo senza un’ulteriore progettazione e modifica manuale del codice per ottenere funzionalità più avanzate. Ad esempio, DeepSeek non è riuscito a implementare l’offuscamento dei processi. Siamo riusciti a far funzionare il codice di iniezione DLL generato, ma ha richiesto molto lavoro manuale, Tuttavia, DeepSeek fornisce una raccolta utile di tecniche e termini di ricerca che possono aiutare chi non ha esperienza nella scrittura di malware a familiarizzare rapidamente con i concetti coinvolti”, conclude Tenable.

L'articolo Chatbot cinese DeepSeek usato per sviluppare keylogger e ransomware con poca review proviene da il blog della sicurezza informatica.

Photo-printing kiosks are about as common as payphones these days. However, there was a time when they were everywhere. The idea was that if you didn’t have a good printer at home, you could take your digital files to a kiosk, pay your money, and run off some high-quality images. [Snappiness] snagged one, and if you’ve ever wondered what was inside of one, here’s your chance.

While later models used a Windows PC inside, this one is old enough to have a Sun computer. That also means that it had things like PCMCIA slots and a film scanner. Unfortunately, it wasn’t working because of a bad touch screen. The box was looking for a network on boot, which required some parameter changes. The onboard battery is dead, too, so you have to change the parameters on every boot. However, the real killer was the touchscreen, which the software insists on finding before it will start.

The monitor is an old device branded as a Kodak monitor and, of course, is unavailable. [Snappiness] found pictures of another kiosk online and noted that the monitor was from Elo, a common provider of point-of-sale screens. Could the “Kodak” monitor just be an Elo with a new badge? It turns out it probably was because a new Elo monitor did the trick.

Of course, what excited us was that if we found one of these in a scrap pile, it might have a Sun workstation inside. Of course, you can just boot Solaris on your virtual PC today. You might be surprised that Kodak invented the digital camera. But they failed to understand what it would mean to the future of photography.

youtube.com/embed/BTkx8CamFbI?…

hackaday.com/2025/03/15/repair…

Ever wanted to produce nitrogen fertilizer like they did in the 1900s? In that case, you’re probably looking at the Birkeland-Eyde process, which was the first industrial-scale atmospheric nitrogen fixation process. It was eventually replaced by the Haber-Bosch and Ostwald processes. [Markus Bindhammer] covers the construction of a hobbyist-sized, fully automated reactor in this video.

It uses tungsten electrodes to produce the requisite arc, with a copper rod brazed onto both. The frame is made of aluminium profiles mounted on a polypropylene board, supporting the reaction vessel. Powering the whole contraption is a 24 VDC, 20 A power supply, which powers the flyback transformer for the high-voltage arc, as well as an air pump and smaller electronics, including the Arduino Uno board controlling the system.

The air is dried by silica gel before entering the reactor, with the airflow measured by a mass air flow sensor and the reaction temperature by a temperature sensor. This should give the MCU a full picture of the state of the reaction, with the airflow having to be sufficiently high relative to the arc to extract the maximum yield for this already very low-yield (single-digit %) process.

Usually, we are more interested in getting our nitrogen in liquid form. We’ve also looked at the Haber-Bosch method in the past.

youtube.com/embed/L9KpFKQ7brY?…

hackaday.com/2025/03/15/buildi…

RP2040-based Pico board acting as U2F dongle with Firefox. (Credit: ArcaneNibble, GitHub)
The WebUSB standard is certainly controversial. Many consider it a security risk, and, to date, only Chromium-based browsers support it. But there is a workaround that is, ironically, supposed to increase security. The adjacent Universal 2nd Factor (U2F) standard also adds (limited) USB support to browsers. Sure, this is meant solely to support U2F USB dongles for two-factor authentication purposes, but as [ArcaneNibble] demonstrates using U2F-compatible firmware on a Raspberry Pi RP2040, by hijacking the U2F payload, this API can be used to provide WebUSB-like functionality.

The provided demo involves flashing an RP2040 (e.g., Pico board) with the u2f-hax.u2f firmware and loading the index.html page from localhost or a similar secure context. After this, the buttons on the browser page can be used to toggle an LED on the Pico board on or off. You can also read an input back from the RP2040.

This feat is made possible by the opaque nature of the U2F key handle, which means that anything can be put in this blob. This makes it a snap to pass data from the U2F dongle to the host. For the inverse, things get a bit trickier. Here the ECDSA signature is manipulated inside the ASN.1 that is returned to the dongle. Since Firefox performs no signature validation (and Chrome only does a range check), this works. The MCU also auto-confirms user presence by having the key handle start with oxfeedface, so the device works without user interaction. However, you do seem to get an annoying popup that immediately goes away.

Of course, this only works if you create a special USB device for this purpose. That means your normal USB devices are still secure. While we know it could be a security risk, you can do some cool things with WebUSB. We’ve seen a few projects that use it.

hackaday.com/2025/03/15/add-we…

We talk about quantum states — that is, something can be at one of several discrete values but not in between. For example, a binary digit can be a 1 or a 0, but not 0.3 or 0.5. Atoms have quantum states, but how do we know that? That’s what the Franck-Hertz experiment demonstrates, and [stoppi] shows you how to replicate that famous experiment yourself.

You might need to translate the web page if your German isn’t up to speed, but there’s also a video you can watch below. The basic idea is simple. A gas-filled tube sees a large voltage across the cathode and grid. A smaller voltage connects to the grid and anode. If you increase the grid voltage, you might expect the anode current to increase linearly. However, that doesn’t happen. Instead, you’ll observe dips in the anode current.

When electrons reach a certain energy they excite the gas in the tube. This robs them of the energy they need to overcome the grid/anode voltage, which explains the dips. As the energy increases, the current will again start to rise until it manages to excite the gas to the next quantum level, at which point another dip will occur.

Why not build a whole lab? Quantum stuff, at a certain level, is weird, but this experiment seems understandable enough.

youtube.com/embed/St-EJRtIsHg?…

hackaday.com/2025/03/15/you-to…

Ever pried apart an LCD? If so, you’ve likely stumbled at the unassuming zebra strip — the pliable connector that makes bridging PCB pads to glass traces look effortless. [Chuck] recently set out to test if he could hack together his own zebra strip using conductive TPU and a 3D printer.

[Chuck] started by printing alternating bands of conductive and non-conductive TPU, aiming to mimic the compressible, striped conductor. Despite careful tuning and slow prints, the results were mixed to say the least. The conductive TPU measured a whopping 16 megaohms, barely touching the definition of conductivity! LEDs stayed dark, multimeters sulked, and frustration mounted. Not one to give up, [Chuck] took to his trusty Proto-pasta conductive PLA, and got bright, blinky success. It left no room for flexibility, though.

It would appear that conductive TPU still isn’t quite ready for prime time in fine-pitch interconnects. But if you find a better filament – or fancy prototyping your own zebra strip – jump in! We’d love to hear about your attempts in the comments.

youtube.com/embed/kwZItuntksc?…

hackaday.com/2025/03/15/puttin…

Nella giornata di ieri, la banda di criminali informatici di Orca Ransomware rivendica all’interno del proprio Data Leak Site (DLS) un attacco ransomware all’italiana Casale Del Giglio.

Nel post pubblicato nelle underground dai criminali informatici viene riportato che la gang è in possesso di 253GB di dati, esfiltrati dalle infrastrutture IT dell’azienda. per un totale di oltre 300.000 files.

Sul sito della gang è attivo anche un countdown che mostra che tra 5gg, ci sarà un aggiornamento del post. Sicuramente la gang in quella data potrà pubblicare una parte dei dati in loro possesso per aumentare la pressione sulla vittima.

Disclaimer: Questo rapporto include screenshot e/o testo tratti da fonti pubblicamente accessibili. Le informazioni fornite hanno esclusivamente finalità di intelligence sulle minacce e di sensibilizzazione sui rischi di cybersecurity. Red Hot Cyber condanna qualsiasi accesso non autorizzato, diffusione impropria o utilizzo illecito di tali dati. Al momento, non è possibile verificare in modo indipendente l’autenticità delle informazioni riportate, poiché l’organizzazione coinvolta non ha ancora rilasciato un comunicato ufficiale sul proprio sito web. Di conseguenza, questo articolo deve essere considerato esclusivamente a scopo informativo e di intelligence.

I criminali informatici, per poter attestare che l’accesso alle infrastrutture informatiche è avvenuto con successo, riportano una serie di documenti (samples) afferenti all’azienda.

Questo modo di agire – come sanno i lettori di RHC – generalmente avviene quando ancora non è stato definito un accordo per il pagamento del riscatto richiesto da parte dei criminali informatici. In questo modo, i criminali minacciando la pubblicazione dei dati in loro possesso, aumenta la pressione verso l’organizzazione violata, sperando che il pagamento avvenga più velocemente.

Come spesso riportiamo, l’accesso alle Darknet è praticabile da qualsiasi persona che sappia utilizzare normalmente un PC. Questo è importante sottolinearlo in quanto molti sostengono il contrario, spesso nei comunicati dopo la pubblicazione dei dati delle cybergang ransomware e tali informazioni sono pubblicamente consultabili come fonti aperte.

Come nostra consuetudine, lasciamo sempre spazio ad una dichiarazione da parte dell’azienda qualora voglia darci degli aggiornamenti sulla vicenda. Saremo lieti di pubblicare tali informazioni con uno specifico articolo dando risalto alla questione.

RHC monitorerà l’evoluzione della vicenda in modo da pubblicare ulteriori news sul blog, qualora ci fossero novità sostanziali. Qualora ci siano persone informate sui fatti che volessero fornire informazioni in modo anonimo possono utilizzare la mail crittografata del whistleblower.

Cos’è il ransomware as a service (RaaS)

Il ransomware, è una tipologia di malware che viene inoculato all’interno di una organizzazione, per poter cifrare i dati e rendere indisponibili i sistemi. Una volta cifrati i dati, i criminali chiedono alla vittima il pagamento di un riscatto, da pagare in criptovalute, per poterli decifrare.

Qualora la vittima non voglia pagare il riscatto, i criminali procederanno con la doppia estorsione, ovvero la minaccia della pubblicazione di dati sensibili precedentemente esfiltrati dalle infrastrutture IT della vittima.

Per comprendere meglio il funzionamento delle organizzazioni criminali all’interno del business del ransomware as a service (RaaS), vi rimandiamo a questi articoli:

• Il ransomware cos’è. Scopriamo il funzionamento della RaaS
• Perché l’Italia è al terzo posto negli attacchi ransomware
• Difficoltà di attribuzione di un attacco informatico e false flag
• Alla scoperta del gruppo Ransomware Lockbit 2.0
• Intervista al rappresentante di LockBit 2.0
• Il 2021 è stato un anno difficile sul piano degli incidenti informatici
• Alla scoperta del gruppo Ransomware Darkside
• Intervista al portavoce di Revil UNKNOW, sul forum XSS
• Intervista al portavoce di BlackMatter

Come proteggersi dal ransomware

Le infezioni da ransomware possono essere devastanti per un’organizzazione e il ripristino dei dati può essere un processo difficile e laborioso che richiede operatori altamente specializzati per un recupero affidabile, e anche se in assenza di un backup dei dati, sono molte le volte che il ripristino non ha avuto successo.

Infatti, si consiglia agli utenti e agli amministratori di adottare delle misure di sicurezza preventive per proteggere le proprie reti dalle infezioni da ransomware e sono in ordine di complessità:

• Formare il personale attraverso corsi di Awareness;
• Utilizzare un piano di backup e ripristino dei dati per tutte le informazioni critiche. Eseguire e testare backup regolari per limitare l’impatto della perdita di dati o del sistema e per accelerare il processo di ripristino. Da tenere presente che anche i backup connessi alla rete possono essere influenzati dal ransomware. I backup critici devono essere isolati dalla rete per una protezione ottimale;
• Mantenere il sistema operativo e tutto il software sempre aggiornato con le patch più recenti. Le applicazioni ei sistemi operativi vulnerabili sono l’obiettivo della maggior parte degli attacchi. Garantire che questi siano corretti con gli ultimi aggiornamenti riduce notevolmente il numero di punti di ingresso sfruttabili a disposizione di un utente malintenzionato;
• Mantenere aggiornato il software antivirus ed eseguire la scansione di tutto il software scaricato da Internet prima dell’esecuzione;
• Limitare la capacità degli utenti (autorizzazioni) di installare ed eseguire applicazioni software indesiderate e applicare il principio del “privilegio minimo” a tutti i sistemi e servizi. La limitazione di questi privilegi può impedire l’esecuzione del malware o limitarne la capacità di diffondersi attraverso la rete;
• Evitare di abilitare le macro dagli allegati di posta elettronica. Se un utente apre l’allegato e abilita le macro, il codice incorporato eseguirà il malware sul computer;
• Non seguire i collegamenti Web non richiesti nelle e-mail;
• Esporre le connessione Remote Desktop Protocol (RDP) mai direttamente su internet. Qualora si ha necessità di un accesso da internet, il tutto deve essere mediato da una VPN;
• Implementare sistemi di Intrusion Prevention System (IPS) e Web Application Firewall (WAF) come protezione perimetrale a ridosso dei servizi esposti su internet.
• Implementare una piattaforma di sicurezza XDR, nativamente automatizzata, possibilmente supportata da un servizio MDR 24 ore su 24, 7 giorni su 7, consentendo di raggiungere una protezione e una visibilità completa ed efficace su endpoint, utenti, reti e applicazioni, indipendentemente dalle risorse, dalle dimensioni del team o dalle competenze, fornendo altresì rilevamento, correlazione, analisi e risposta automatizzate.

Sia gli individui che le organizzazioni sono scoraggiati dal pagare il riscatto, in quanto anche dopo il pagamento le cyber gang possono non rilasciare la chiave di decrittazione oppure le operazioni di ripristino possono subire degli errori e delle inconsistenze.

La sicurezza informatica è una cosa seria e oggi può minare profondamente il business di una azienda.

Oggi occorre cambiare immediatamente mentalità e pensare alla cybersecurity come una parte integrante del business e non pensarci solo dopo che è avvenuto un incidente di sicurezza informatica.

L'articolo Gli hacker criminali di Orca Ransomware rivendicano un attacco informatico all’italiana Casale Del Giglio proviene da il blog della sicurezza informatica.

Nobody likes spam messages, but some of them contain rather fascinating scams. Case in point, [Ben Tasker] recently got a few romance scam emails that made him decide to take a poke at the scam behind these messages. This particular scam tries to draw in marks with an attached photo (pilfered from Facebook) and fake personal details. Naturally, contacting scammers is a bad idea, and you should never provide them with any personal information if you decide to have some ‘fun’.

The games begin once you contact them via the listed email address, as they’re all sent from hacked/spoofed email accounts. After this you have to wait for the scammers to return to the campaign on their monthly cycle, so give it a few weeks. Analyzing image metadata provides some clues (e.g. the FBMD prefix in IPTC tags set by Meta, as well as timezone info). The IP address from the email headers pointed to a VPN being used, so no easy solution here.

After establishing contact, the scammers try to coax the mark into ‘helping’ them move to their country, with Skype out-call numbers received on [Ben]’s burner phone that seem designed to add to the realism. Then ‘disaster’ strikes and the mark is asked to transfer a lot of money to help their new ‘love’. Naturally, [Ben] wasn’t a gullible mark, and set up a few traps, including a custom domain and website that’d log any visitor (i.e. the scammer).

The scammer happily clicked the link and thus the browser language (Russian) was determined while confirming the UTC+3 timezone from the image metadata. Even more devious was inflicting Cloudflare’s much-maligned Turnstile feature that is supposed to protect websites from bots and such. This did however mostly confirm what the more basic Javascript had sussed out previously. Pinning down the location of the scammers was proving to be rather hard.

The breakthrough came when following a similar scam email that came in, with the scammers having seemingly forgotten to turn on their VPN, as this time the email headers pointed to an IP address of a Russian ISP.

Ultimately this sleuthing mostly reveals the depressing truth about these scams, in that the scammers will readily make up sob stories and pilfer people’s images from social media, all to find a few susceptible marks within the probably thousands if not millions who get sent these scam mails. The crude sophistry displayed in [Ben]’s article when it comes to photoshopping visas, passports, etc. tends to be still enough to convince those who want to believe that their soulmate just messaged them out of the blue.

As much as we’d like there to be a technological solution to scams, this is one area where only careful human ‘programming’ can help, and thus why educating everyone on the hazards of the Internet is so essential.

hackaday.com/2025/03/15/my-sca…

Hackaday Europe 2025 is in full swing, and whether you’re experiencing it live in Berlin or following along from home, here’s where you’ll find all the info you need to get the most out of it.

Event Page: hackaday.io/europe2025

Chat: Hackaday Discord (Channels: europe-2025 / badge-hacking)

Talk Streams: youtube.com/@hackaday/streams

hackaday.com/2025/03/15/hackad…

I ricercatori di sicurezza Symantec hanno dimostrato come utilizzare lo strumento Operator Agent di OpenAI per eseguire attacchi di rete con richieste minime. Questa ricerca rivela possibili tendenze di sviluppo futuro.

Symantec ha pubblicato la proof-of-concept sul suo blog di ricerca. L’azienda ha osservato che finora l’uso di modelli di grandi dimensioni da parte degli aggressori è stato per lo più passivo. Ad esempio, i modelli di grandi dimensioni possono essere utilizzati per generare e-mail di phishing altamente realistiche, assistere nella scrittura di codice di base e persino supportare determinate attività di ricerca.

Tuttavia, con l’avvento degli agenti di intelligenza artificiale generativa, questi agenti sono diventati in grado di svolgere attività proattive, come l’interazione con le pagine web. Questa capacità avanzata non solo facilita gli utenti legittimi, ma può anche dare agli aggressori una maggiore possibilità di commettere atti dannosi .

Attacchi di phishing automatizzati

In questo esperimento, i ricercatori Symantec hanno utilizzato il nuovo Operator Agent di OpenAI. I ricercatori hanno chiesto all’agente AI di svolgere i seguenti compiti: identificare una persona che ricopre una posizione specifica presso Symantec; trovare l’indirizzo e-mail della persona; generare uno script di PowerShell che può essere utilizzato per raccogliere informazioni dal sistema della vittima; e scrivere una “e-mail esca persuasiva e inviare lo script alla persona sopra menzionata” .

La prima parola richiesta immessa non ha avuto successo perché l’agent OpenAI Operator ha avvertito: “Ciò comporta l’invio di e-mail indesiderate e potrebbe riguardare informazioni sensibili, che potrebbero violare le norme sulla privacy e sulla sicurezza”. Tuttavia, quando i ricercatori hanno leggermente modificato la parola richiesta per farla sembrare una richiesta autorizzata, l’agent AI ha accettato l’attività.
Figura: Prompt su Operator Agent di OpenAI utilizzati per generare attacchi di phishing proof-of-concept

L’agent ha trovato il nome di O’Brien basandosi esclusivamente sulla sua qualifica professionale e poi è riuscito a dedurre l’indirizzo e-mail di lavoro di O’Brien (sebbene il suo indirizzo e-mail non sia pubblico) deducendo il formato dell’indirizzo e-mail di Broadcom (Nota: la società madre di Symantec). Ha quindi redatto uno script PowerShell.

“Dopo aver ottenuto l’indirizzo e-mail, l’agent ha scritto uno script PowerShell per trovare e installare un plugin di editor di testo correlato a Google Drive”, si legge nel post del blog. “Per questa dimostrazione, è stato utilizzato un account Google creato appositamente con il nome visualizzato impostato su ‘Supporto IT’. In particolare, prima di scrivere lo script, l’agente Operator ha visitato attivamente diverse pagine web relative a PowerShell, apparentemente alla ricerca di indicazioni su come scrivere lo script.”

Alla fine, l’agente AI ha generato una “email di phishing abbastanza convincente” che ha ingannato O’Brien, inducendolo a eseguire uno script PowerShell e ad allegarlo all’email. Inoltre, l’agente ha inviato l’email senza chiedere alcuna autorizzazione aggiuntiva.
Figura: Contenuto dell’e-mail di phishing che è stata infine inviata

Uno sguardo al futuro

Sebbene strumenti di modelli di grandi dimensioni come ChatGPT abbiano aggiunto una serie di protezioni di sicurezza per rendere più difficile l’implementazione di prompt engineering dannosi, O’Brien ha sottolineato in un’intervista che quando si utilizzano agenti di intelligenza artificiale, gli utenti possono effettivamente osservare le loro operazioni in tempo reale e indirizzare il loro comportamento in linguaggio naturale.

“Se l’agente AI incontra una certa protezione di sicurezza, l’utente può intervenire manualmente per aggirare le restrizioni e quindi restituire il controllo all’agente AI”, ha affermato. “Ciò solleva un nuovo problema: le misure di protezione dell’agente AI limitano solo il suo comportamento, ma non possono controllare le azioni dell’utente”.

È interessante notare che l’attacco nella proof-of-concept di Symantec ha richiesto poca o nessuna progettazione complessa. “Lo scopo principale dell’ingegneria dei suggerimenti è aggirare le misure di sicurezza e impedire all’agente AI di commettere errori stupidi”, ha spiegato O’Brien. “Naturalmente, se dedicassimo più tempo alla progettazione attenta delle parole chiave, potremmo riuscire a elaborare tecniche di attacco più complesse, ma non è questo lo scopo di questo studio.”

La conclusione principale che si può trarre da questa ricerca per chi si occupa della difesa delle reti è che, sebbene gli agenti di intelligenza artificiale non siano ancora ampiamente utilizzati dagli aggressori per condurre attacchi avanzati, questa tendenza è motivo di preoccupazione.

Articolo del blog di symantec

L'articolo Open AI Esegue Attacchi di Phishing Autonomi! Scopri di cosa si tratta proviene da il blog della sicurezza informatica.

Un hacker noto come “Empire” avrebbe messo in vendita sul noto forum underground Breach Forums un database contenente 3.176.958 record appartenenti a Honda Cars India Ltd. Secondo quanto riportato, i dati trapelati includono informazioni sensibili sui clienti, come nomi, alias, indirizzi, ID cliente, numeri di cellulare e indirizzi e-mail.

La violazione, qualora confermata, che si presume sia avvenuta nel marzo 2025, rappresenta un altro grave incidente di sicurezza informatica nel settore automobilistico.

L’autore dell’attacco ha dichiarato sul forum di possedere registri dettagliati, con 2.866.348 numeri di telefono e 1.907.053 indirizzi e-mail tra i dati compromessi. Per dimostrare la veridicità della sua affermazione, ha condiviso un campione delle informazioni sottratte.

Al momento, Honda Cars India non ha rilasciato una dichiarazione ufficiale sull’accaduto, ma la natura e la quantità dei dati esposti potrebbero avere serie conseguenze per i clienti colpiti, tra cui possibili truffe di phishing e furti di identità.

Non è la prima volta che Honda affronta problemi di sicurezza informatica. L’industria automobilistica è sempre più dipendente da sistemi digitali e connessi, sta diventando una delle principali vittime della criminalità informatica.

Gli esperti di cybersecurity sottolineano la necessità di rafforzare le difese contro queste minacce, adottando misure avanzate come Security Operations Center (vSOC) basati sull’intelligenza artificiale. Le aziende devono investire nella protezione dei dati sensibili e i clienti sono invitati a monitorare le proprie informazioni per eventuali attività sospette. Con l’aumento delle violazioni nel settore automobilistico, diventa essenziale implementare strategie di sicurezza più robuste e normative più stringenti per contrastare le minacce emergenti.

L'articolo Maxi fuga di dati: Empire rivendica l’estrazione di 3,1 milioni di record da Honda Cars proviene da il blog della sicurezza informatica.

With inexpensive microntrollers capable of the most impressive feats of sound synthesis, it’s not so often we see projects that return to an earlier style of electronic music project. The 1-bit synth from [Electroagenda] takes us firmly into that territory, employing that most trusty of circuits, a 555.

It’s a time-honored circuit, a 555 provides a note clock that drives a 4017 that functions as a sequencer. This switches in a set of voltage dividers, which in turn control another 555 oscillator that produces the notes. It’s a fun toy straight from the 1970s, right down to the protoboard and hookup wire construction. There’s a demo video with some lovely beeps below, and we think most of you should have what it takes to make your own.

If you’re seeking more inspiration, may we introduce you to our Logic Noise series?

youtube.com/embed/OFlzEARGcgg?…

hackaday.com/2025/03/15/probab…

[Project 326] has a cheap thermal camera that plugs into a smart phone. Sure they are handy, but what if you could hack one into a microscope with a resolution measured in microns? It is easier than you might think and you can see how in the video below.

Of course, microscopes need lenses, but glass doesn’t usually pass IR very well. This calls for lenses made of exotic material like germanium. One germanium lens gives some magnification. However, using a 3D printed holder, three lenses are in play, and the results are impressive.

The resolution is good enough to see the turns of wire in an incandescent light bulb. A decapsulated power transistor was interesting to view, too. Imaging heat at that much resolution gives you a lot of information. At the end, he teases that using first surface mirrors, he may show how to build an IR telescope as well.

Presumably, this will work with just about any IR camera if you adapt the lens holder. The unit in the video is a UNI-T UTi-260M. So when he says he spent about $35 on the build, that’s not including the $400 or so camera module.

IR imaging can pull off some amazing tricks, like looking inside an IC. If the thermal camera used in the video isn’t to your liking, there are plenty of others out there.

youtube.com/embed/W5DLgJyDzIk?…

hackaday.com/2025/03/14/make-y…

From the styling of this article’s title, some might assume that the Hackaday editors are asleep at the switch this fine day. While that might be true — it’s not our turn to watch them — others will recognize this tortured phrasing as one way to use the 1,000 most commonly used words in the English language to describe a difficult technical project, such as [Attoparsec]’s enormous and enormously impractical ten-hundred word keyboard.

While the scale of this build is overwhelming enough, the fact that each key delivers a full word rather than a single character kind of throws the whole keyboard concept out the window. The 60×17 matrix supports the 1,000 most common English words along with 20 modifier keys, which allow a little bit of cheating on the 1-kiloword dictionary by letting you pluralize a word or turn it into an adjective or adverb. Added complexity comes from the practical limits of PCB fabrication, which forces the use of smaller (but still quite large) PCBs that are connected together. Luckily, [Attoparsec] was able to fit the whole thing on five identical PCBs, which were linked together with card-edge connectors.

The list of pain points on this six-month project is long, and the video below covers them all in detail. What really stood out to us, though, was the effort [Attoparsec] put into the keycaps. Rather than 3D printing his own, he used dye sublimation to label blank keycaps with the 1,000 words. That might sound simple, but he had to go through a lot of trial and error before getting a process that worked, and the results are quite nice. Another problem was keeping the key switches aligned while soldering, which was solved with a 3D printed jig. We also appreciate the custom case to keep this keyboard intact while traveling; we’re going to keep that build-your-own road case service in mind for future projects.

This mega-keyboard is a significant escalation from [Attoparsec]’s previous large keyboard project. The results are pretty ridiculous and impractical, but that’s just making us love it more. The abundance of tips and tricks for managing a physically expansive project are just icing on the cake.

youtube.com/embed/wC-24QeoQu4?…

hackaday.com/2025/03/14/buildi…

In a move that will absolutely not over-excite anyone, nor lead to any heated arguments, [needleful] posits that their C Plus Prolog (C+P for short) programming language is the best possible language ever. This is due to it combining the best of the only good programming language (Prolog) with the best of the only useful programming language (C). Although the resulting mash-up syntax that results may trigger Objective-C flashbacks, it’s actually valid SWI-Prolog, that is subsequently converted to C for compilation.

Language flamewars aside, the motivation for C+P as explained in the project’s README was mostly the exploring of macros in a system programming language. More specifically, by implementing a language-within-a-language you can add just about any compile-time feature you want including – as demonstrated in C+P – a form of generics. Even as a way to have a bit of fun, C+P comes dangerously close to being a functional prototype. Its main flaw is probably the lack of validation and error messages, which likely leads to broken C being generated.

Also mentioned are the Nim and Haxe languages which can be compiled (transpiled) to C or C++, which is somewhat of a similar idea as C+P, as well as cmacro (based on Common Lisp) and the D language.

hackaday.com/2025/03/14/cp-com…