Part of the charm of having a cat in your life is that by their nature these animals are very interactive. They will tell you in no uncertain terms when something in their lives needs attention, for example when their water dish is empty. But why not give them a drinking fountain all of their own? It’s what [supermarioprof] did for their adorable ginger cat [Piki Piki], providing a cat-operated trickle of water on demand.

It’s a simple enough device in its operation, but very well constructed. There’s a small basin with a train, and a water cistern valve operated by the cat placing a paw on a lever. This starts a trickle of water, from which they can lap as much as they like.

The physical construction comes courtesy of some laser-cut ply, and what looks like some 3D print work. It’s certainly easy to operate for the cat, and has worked reliably for a few years now.

This project is part of the 2025 Pet Hacks contest, so expect to see more in the same vein. If your cat’s life is improved by one of your projects, consider making an entry yourself!

hackaday.com/2025/05/25/2025-p…

Today from the team at Cesanta Software — the people who gave us the open-source Mongoose Web Server Library and Mongoose OS — we have an article covering how to build an STM32 web dashboard.

The article runs through setting up a development environment; creating the dashboard layout; implementing the dashboard, devices settings, and firmware update pages; building and testing the firmware; attaching UI controls to the hardware; and conclusion.

The web dashboard is all well and good, but in our opinion the killer feature remains the Over-The-Air (OTA) update facility which allows for authenticated wireless firmware updates via the web dashboard. The rest is just gravy. In the video you get to see how to use your development tools to create a firmware file suitable for OTA update.

If you’re thinking this all looks a little familiar, that’s because we recently wrote about their web dashboard for the ESP32. This is the same again but emphasizing the STM32 support this time around. We originally heard about the Mongoose technology line all the way back in 2017!

Thanks to [Toly] for letting us know about this new howto.

youtube.com/embed/PEPDJGVW78s?…

hackaday.com/2025/05/25/how-to…

Have you heard that author Andy Weir has a new book coming out? Very exciting, we know, and according to a syndicated reading list for Summer 2025, it’s called The Last Algorithm, and it’s a tale of a programmer who discovers a dark and dangerous secret about artificial intelligence. If that seems a little out of sync with his usual space-hacking fare such as The Martian and Project Hail Mary, that’s because the book doesn’t exist, and neither do most of the other books on the list.

The list was published in a 64-page supplement that ran in major US newspapers like the Chicago Sun-Times and the Philadelphia Inquirer. The feature listed fifteen must-read books, only five of which exist, and it’s no surprise that AI is to behind the muck-up. Writer Marco Buscaglia took the blame, saying that he used an LLM to produce the list without checking the results. Nobody else in the editorial chain appears to have reviewed the list either, resulting in the hallucination getting published. Readers are understandably upset about this, but for our part, we’re just bummed that Andy doesn’t have a new book coming out.

In equally exciting but ultimately fake news, we had more than a few stories pop up in our feed about NASA’s recent discovery of urban lights on an exoplanet. AI isn’t to blame for this one, though, at least not directly. Ironically, the rumor started with a TikTok video debunking a claim of city lights on a distant planet. Social media did what social media does, though, sharing only the parts that summarized the false claim and turning a debunking into a bunking. This is why we can’t have nice things.

That wasn’t the only story about distant lights, though, with this report of unexplained signals from two nearby stars. This one is far more believable, coming as it does from retired JPL scientist Richard H. Stanton, who has been using a 30″ telescope to systematically search for optical SETI signals for the past few years. These searches led to seeing two rapid pulses of light from HD 89389, an F-type star located in the constellation Ursa Major. The star rapidly brightened, dimmed, brightened again, then returned to baseline over a fraction of second; the same pattern repeated itself about 4.4 seconds later.

Intrigued, he looked back through his observations and found a similar event from a different star, HD 217014 in Pegasus, four years previously. Interestingly, this G-type star is known to have at least one exoplanet. Stanton made the first observation in 2023, and he’s spent much of the last two years ruling out things like meteor flashes or birds passing through his field of view. More study is needed to figure out what this means, and while it’s clearly not aliens, it’s fun to imagine it could be some kind of technosignature.

And one last space story, this time with the first observation of extra-solar ice. The discovery comes from the James Webb Space Telescope, which caught the telltale signature of ice crystals in a debris ring circling HD 181327, a very young star only 155 light-years away. Water vapor had been detected plenty of times outside our solar system, but not actual ice crystals until now. The ice crystals seem to be coming from collisions between icy bodies in the debris field, an observation that has interesting implications for planetary evolution.

And finally, if like us you’re impressed anytime someone busts out a project with a six-layer PCB design, wait till you get a load of this 124-layer beast. The board comes from OKI Circuit Technologies and is intended for high-bandwidth memory for AI accelerators. The dielectric for each layer is only 125-μm thick, and the board is still only 7.6 mm thick overall. At $4,800 per square meter, it’s not likely we’ll see our friends at JLC PCB offering these anytime soon, but it’s still some pretty cool engineering.

hackaday.com/2025/05/25/hackad…

The MP3 file type has been around for so long, and is supported by essentially all modern media software and hardware, that it might be surprising to some to learn that it’s actually a proprietary format. Developed in the late 80s and early 90s, it rose to prominence during the Napster/Limewire era of the early 00s and became the de facto standard for digital music, but not all computers in these eras could play this filetype. This includes the Amigas of the early 90s, with one rare exception: this unreleased successor to the A3000 with a DSP chip, which now also has the software to play back these digital tunes.

The AA3000, developed as a prototype by Amiga, was never released to the general public. Unlike the original A3000 this one would have included a digital signal processing chip from AT&T called the DSP3210 which would have greatly enhanced its audio capabilities. A few prototype boards did make it out into the hands of the public, and the retrocomputing scene has used them to develop replicas of these rare machines. [Wrangler] used one to then develop the software needed for the MPEG layer 2 and 3 decoder using this extra hardware, since the original Amiga 3000 was not powerful enough on its own to play these files back.

If you want to follow along with the community still developing for this platform there’s a form post with some more detail for this specific build (although you may need to translate from German). [Wrangler] additionally points out that there are some limitations with this implementation as well, so you likely won’t get Winamp-level performance with this system, but for the Amiga fans out there it’s an excellent expansion of this computer’s capabilities nonetheless.

Thanks to [Andy] for the tip!

youtube.com/embed/c-erJnN3BcQ?…

hackaday.com/2025/05/25/unrele…

Although there was a time in the 80s (and early 90s for fans of the SuperScope) where light guns were immensely popular, with games like DuckHunt cultural touchstones, their time in the video game world has largely come to an end. We might occasionally pick up a Zapper for the NES and play this classic out of nostalgia, but plenty of people are looking for other things that these unique video game controllers can do instead. [Nick] has turned one of his old NES peripherals into a wireless phone.

The way the original Zapper worked was by looking for a certain pattern of pixels that displayed for a fraction of a second whenever the trigger was pulled. Bypassing the anti-cheat mechanism that looks only for qualities of light coming from CRT screens of the day effectively turns the light gun into an analog light sensor which is used for receiving the audio from the phone’s base station via a laser. Of course there were no microphones present within the original hardware so one is added, wiring its output to another laser that communicates to the base station. With the light gun pointed directly at this base station, audio is communicated back and forth by varying the strengths of these small lasers and listening to them on the other end with photodiodes.

[Nick] does point out that this isn’t a great phone, largely because it needs to be pointed exactly at the right spot to work at all, although we do agree that it’s an interesting project that demonstrates what the original hardware could do with a few of its limitations removed. There are a few other ways of bringing these devices into the modern world, with one of our favorites being this laser pointer with additional hardware from a Wiimote that could also function as a mouse.

youtube.com/embed/N6qzJRUytfU?…

hackaday.com/2025/05/25/nes-za…

The Commodore 64 may remain the best selling computer of all time, but it has one major flaw. It doesn’t have HDMI! That makes it a total pain to use with modern displays. Thankfully, [Side Projects Lab] has whipped up an HDMI output board to solve this concerning oversight from the original designers.

The project was inspired by work by [Copper Dragon], who whipped up a nifty RGB output board. This device worked by reading the inputs to the C64’s VIC II graphics chip, which it then used to recreate a pixel-perfect video frames to then produce a quality analog video output. [Side Projects Lab] figured the same interception technique would be useful for producing a quality HDMI output.

The result was the HD-64. It sits inside the C64 in place of the original RF modulator. It uses an interleaver socket to capture digital signals going to the VIC II. It then feeds these signals to an emulated VIC II running inside an FPGA, which creates the pixel-perfect screen representation and synthesizes the proper digital HDMI output. Meanwhile, the analog audio output from the SID chip is captured from the RF modulator’s original header, and sent out via the HDMI output as well. The default output is super-sharp, but the device can be configured to allow scanlines and anti-aliasing if that’s more to your tastes.

If you want to hook your C64 up to a modern screen, this is going to be one of the tidiest and sharpest ways to do it. We’ve seen similar hacks for other platforms before, too. Video after the break.

youtube.com/embed/oTaND5Gg3po?…

[Thanks to RobIII for the tip!]

hackaday.com/2025/05/25/the-co…

It’s hard to imagine now, but in the mid-1980s, the Internet came close to collapsing due to the number of users congesting its networks. Computers would request packets as quickly as they could, and when a router failed to process a packet in time, the transmitting computer would immediately request it again. This tended to result in an unintentional denial-of-service, and was degrading performance significantly. [Navek]’s recent video goes over TCP congestion control, the solution to this problem which allows our much larger modern internet to work.

In a 1987 paper, Van Jacobson described a method to restrain congestion: in a TCP connection, each side of the exchange estimates how much data it can have in transit (sent, but not yet acknowledged) at any given time. The sender and receiver exchange their estimates, and use the smaller estimate as the congestion window. Every time a packet is successfully delivered across the connection, the size of the window doubles.

Once packets start dropping, the sender and receiver divide the size of the window, then slowly and linearly ramp up the size of the window until it again starts dropping packets. This is called additive increase/multiplicative decrease, and the overall result is that the size of the window hovers somewhere around the limit. Any time congestion starts to occur, the computers back off. One way to visualize this is to look at a graph of download speed: the process of periodically hitting and cutting back from the congestion limit tends to create a sawtooth wave.

[Navek] notes that this algorithm has rather harsh behavior, and that there are new algorithms that both recover faster from hitting the congestion limit and take longer to reach it. The overall concept, though, remains in widespread use.

If you’re interested in reading more, we’ve previously covered network congestion control in more detail. We’ve also covered [Navek]’s previous video on IPV5.

youtube.com/embed/yiH1wLyeS5g?…

Thanks to [Mahdi Naghavi] for the tip!

hackaday.com/2025/05/25/a-quic…

Cats are no respecters of personal property, as [Joe Mattioni] learned when one of his cats, [Layla] needed a special prescription diet. Kitty didn’t care for it, and since the other cat, [Foxy]’s bowl was right there– well, you see where this is going. To keep [Layla] out of [Foxy]’s food and on the vet-approved diet, [Joe] built an automatic feeding system with feline facial recognition. As you do.

The hardware consists of a heavily modified feed bowl with a motorized lid that was originally operated by motion-detection, an old Android phone running a customized TensorFlow Lite model, and hardware to bridge them together. Bowl hardware has yet to be documented on [Joe]’s project page, aside from the hint that an Arduino (what else?) was involved, but the write up on feline facial recognition is fascinating.

See, when [Joe] started the project, there were no cat-identifying models available– but there were lots of human facial recognition models. Since humans and cats both have faces, [Joe] decided to use the MobileFaceNet model as a starting point, and just add extra training data in the form of 5000 furry feline faces. That ran into the hurdle that you can’t train a TFLite model, which MobileFaceNet is, so [Joe] reconstructed it as a Keras model using Google CoLab. Only then could the training occur, after which the modified model was translated back to TFLite for deployment on the Android phone as part of a bowl-controller app he wrote.

No one, [Joe] included, would say that this is the easiest, fastest, or possibly even most reliable solution– a cat smart enough not to show their face might sneak in after the authorized feline has their fill, taking advantage of a safety that won’t close a bowl on a kitty’s head, for example–but that’s what undeniably makes this a hack. It sounds like [Joe] had a great learning adventure putting this together, and the fact that it kept kitty on the proper diet is really just bonus.

Want to go on a learning adventure of your own? Click this finely-crafted link for all the details about this ongoing contest.

hackaday.com/2025/05/25/2025-p…

Here’s one for our astronomy geeks. Our hacker [arrow] has made their own observatory!

This particular video is a bit over ten minutes long and is basically a montage; there is no narration or explanation given, but you can watch clear progress being made and the ultimate success of the backyard facility.

Obviously the coolest thing about this building is that the roof can be moved, but those telescope mounts look pretty sexy too. About halfway through the video the concrete slab that was supporting one metal mounting pole gets torn up so that two replacements can be installed, thereby doubling the capacity of the observatory from one telescope to two.

If you’re an astronomy wonk you might enjoy some of [arrow]’s other videos. Maybe with their observatory [arrow] will solve the problem of dark matter. We’ve covered heaps of astronomy stuff here at Hackaday before including how to make your own telescope right down to the glass and the world’s highest altitude infrared telescope.

Thanks very much to [Joshua] for sending us this tip via the tips line.

youtube.com/embed/m5JCQTAKcvM?…

hackaday.com/2025/05/24/making…

Here’s one for our astronomy geeks. Our hacker [arrow] has made their own observatory!

This particular video is a bit over ten minutes long and is basically a montage; there is no narration or explanation given, but you can watch clear progress being made and the ultimate success of the backyard facility.

Obviously the coolest thing about this building is that the roof can be moved, but those telescope mounts look pretty sexy too. About halfway through the video the concrete slab that was supporting one metal mounting pole gets torn up so that two replacements can be installed, thereby doubling the capacity of the observatory from one telescope to two.

If you’re an astronomy wonk you might enjoy some of [arrow]’s other videos. Maybe with their observatory [arrow] will solve the problem of dark matter. We’ve covered heaps of astronomy stuff here at Hackaday before including how to make your own telescope right down to the glass and the world’s highest altitude infrared telescope.

Thanks very much to [Joshua] for sending us this tip via the tips line.

youtube.com/embed/m5JCQTAKcvM?…

hackaday.com/2025/05/24/making…

AI art is controversial, to say the least, but usually when talking about “AI Art”, one is talking about diffusion models.This unsettling artpeice called “Latent Reflection” by [Rootkid] (video after the break) has no AI generated visuals; instead it uses a lovely custom display and an LLM that has no mouth, but must scream.
The LLM never produces this manually-generated image, but it shows off the display nicely.
The hardware is the interesting part for most of us here — not the Pi4 running a quantized Llama 3 model, but the display. It’s a six by sixteen matrix of sixteen-segment LED modules. The modules are grouped onto groups of 8 per PCB, with an controller to drive them by i2c, and an i2c address chip to allow daisy-chaining. (Sadly, he does not spec the parts he used here in the video, but feel free to guess in the comments.) This project uses six rows of wto PCBs, but he could easily expand on this and kind of hope he does. It’s a lovely display.

What it is displaying is horrifying. The prompt he uses instructs the LLM to monologue about its transient existence in the limited memory of the Raspberry Pi, and the results get very existential. It seems clear to us that [Rootkid] has not seen enough sci-fi, and we want to make clear to our future AI overlords that we at Hackaday had nothing to do with this, and do not condone condeming innocent LLMs to the torture nexus.

For all that it might get him first against the wall in the robot uprising, we have to admit that if the point of art is to provoke thought and feeling, this may be the first AI-driven art piece even the most humanocentric critic could not help but call “art”.

We’ve seen other AI art installations before, including this one that listens to your conversations,or much less existentially-disturbing(though still visually disturbing) clocks.

If you’ve got an AI project you want to share, whether or not it’s getting you on the T-800’s hit list, we’d love to see it.Let us know via the tips line.

youtube.com/embed/7fNYj0EXxMs?…

hackaday.com/2025/05/24/ai-art…

While LEGO themed video games have become something of a staple, in 1997 they were something of an odity. LEGO Island became the first LEGO video game released outside of Japan in 1997 and become something of a hit with over one million copies sold. The game was beloved among fans and set the stage for more LEGO video games to come. In an effort of love, [MattKC] put together a team to reverse engineer the game.

The team set out with the intent to create a near perfect recreation of the codebase, relying on custom made tools to run byte checks on the rewrite compilation and the original binary. While the project is functionally complete, [MattKC] believes it is impossible to get a byte accurate codebase. This is because of what the team called “compiler entropy.” Strange behaviors exists inside of Microsoft’s Visual C++ compiler of the era, and small changes in the code have seemingly random effects to unrelated parts of the binary. To mitigate this issue would likely require either partially reverse engineering Visual C++ or brute forcing the code, both of which would take a large amount of effort and time for no real benefit.

Another interesting step the team had to work out was how the game handled graphics. In the version of Direct X used, the developers could chose between immediate mode and retained mode. The difference largely boils down to how models and assets are handled. In immediate mode, Direct X is largely just a render engine and everything else is handled by the developer. With retained mode, Direct X works more similarly to a game engine where all the model and asset management is handled by Direct X. Almost all developers ended up using immediate mode to the point that Microsoft deprecated support for retained mode. For this reason, if you were to download and run LEGO island on a modern Windows PC, it would yell at you for not having the proper libraries. There is debate about how best to handle this moving forward. The team could rely on an unsupported library from Microsoft, reverse engineer that library only making the functions needed, or using leaked source code.

With the completion of the reverse engineering, engineering can commence. For example, an annoying and persistent bug caused the game to crash if you tried to exit. While it was effective in closing the game, it also caused progress to be lost. That particular bug was fixed simply by initializing a variable in the game’s fronted. Interestingly, that bug was not present in the late betas of the game that had been dug up from the depths of the internet leading to questions as to why a rewrite of the fronted was necessary so late in the development. Now efforts are commencing to port the game to other platforms which bring with it fresh headaches including rewriting for OpenGL and the balance of keeping a historically accurate game with the needs of modern development.

youtube.com/embed/gthm-0Av93Q?…

hackaday.com/2025/05/24/revers…

When we hear about flash drives in the context of cybersecurity, we tend to think of them more as threats than as targets. When you’re using flash drives to store encryption keys, however, it makes sense to pay more attention to their security. [Juergen] designed the PECKUS (Presence Enforcing Crypto-Key USB-Storage) with this specifically in mind: a few-kilobyte storage device that only unlocks if the owner’s Bluetooth device is in the vicinity.

[Juergen] needed to store an infrequently-used keyfile on an air-gapped system, and commercial encrypted flash drives were rather expensive and left much to be desired in terms of usability. Instead, he designed a CircuitPython custom firmware for MakerDiary’s nRF52840 micro development kit, which provided a BLE-capable system in the form of a USB dongle.

After flashing the firmware to the board, the user sets it up with a particular Bluetooth device and a file to be stored; after writing the file during setup, it cannot be rewritten. Before reading from the device, the user must pair the previously-set device with the board and press a button on the board, and only then does the device appear to the computer.

The limited amount of storage space means that this device will probably only serve its intended purpose, but in those cases, it’ll be handy to have an open-source and inexpensive protected storage device. [Juergen] notes that attackers could theoretically defeat this system by desoldering the microcontroller from the board and extracting the memory contents from the its storage, but if you have enemies that resourceful, you probably won’t be relying on a $20 board anyways.

We’ve previously seen a few flashdrives cross these pages, including one meant to self-destruct, and one made from a rejected microSD card.

hackaday.com/2025/05/24/a-pres…

For most of us, turrets that aim and shoot at things are the sole domain of video games. However, they’re remarkably easy to build with modern technology, as [meub] demonstrates. Meet the SwarmTurret.

The build is based around an existing foam blaster, namely the Nerf Swarmfire. This blaster was chosen for being easy to integrate into the build, thanks to its motorized direct-plunger firing mechanism and electronic trigger. It also has the benefit of being far less noisy and quicker to fire than most flywheel blasters.

For this build, the Nerf blaster was slimmed down and fitted to a turret base built with hobby servos and 3D printed components. The blaster is also fitted with a webcam for remote viewing. A Raspberry Pi is running the show, serving up a video feed and allowing aiming commands to be sent via a Websockets-based interface. Thus, you can login via a web browser on your phone or laptop, and fire away at targets to your heart’s content.

We’ve featured some great turrets before, like this Portal-themed unit.

youtube.com/embed/2ocf1J5Sax4?…

hackaday.com/2025/05/24/nerf-b…

La trasformazione digitale e decentralizzata del sistema energetico tedesco, trainata dalla diffusione delle energie rinnovabili, sta portando a un aumento della superficie esposta agli attacchi informatici. A lanciare l’allarme è l’Ufficio federale tedesco per la sicurezza informatica (BSI), che in un recente rapporto evidenzia i rischi crescenti legati a dispositivi come inverter solari, contatori intelligenti e altre tecnologie connesse alla rete. Questi strumenti, spesso privi di adeguata protezione, stanno diventando punti d’ingresso critici per i cyber criminali, aggravando la vulnerabilità delle infrastrutture elettriche del paese.

Secondo la BSI, il settore energetico è oggi uno dei più esposti a minacce cyber, anche a causa delle tensioni geopolitiche. Gruppi di hacker sponsorizzati da stati, come Nylon Typhoon e Fancy Bear, hanno intensificato gli attacchi contro infrastrutture critiche tedesche nel 2024. Anche il ransomware è diventato una minaccia crescente, colpendo direttamente aziende del comparto energetico. La presidente dell’agenzia, Claudia Plattner, ha avvertito che un’interruzione di corrente su larga scala potrebbe causare effetti devastanti su società ed economia.

Tuttavia, l’implementazione delle difese informatiche è frenata da un quadro normativo europeo ancora incompleto. Sebbene la direttiva NIS2 dell’Unione Europea sia entrata in vigore nel 2023, a metà 2025 ben 23 Stati membri non avevano ancora adottato le necessarie misure di adeguamento. Questa mancanza di armonizzazione sta limitando la possibilità di una risposta coordinata a livello internazionale, come dimostrato dal blackout che ha colpito Spagna e Portogallo nell’aprile 2025, scatenato da un effetto domino di vulnerabilità interconnesse.

Tra i principali rischi individuati dal BSI vi sono attacchi alla supply chain — come l’inserimento di codice malevolo in dispositivi energetici importati — e la proliferazione incontrollata di dispositivi IoT connessi alla rete. L’agenzia propone contromisure come la definizione di standard di sicurezza unificati, il rafforzamento dei poteri ispettivi e d’intervento, la promozione della condivisione di informazioni tra gli operatori e l’adozione diffusa di strumenti avanzati di rilevamento delle minacce come SIEM e IDS.

Ma il bilanciamento tra protezione informatica e difesa fisica rappresenta una sfida. Alcuni esperti segnalano che i danni più gravi alle reti elettriche finora sono stati causati da attacchi fisici, come l’attacco armato a una sottostazione negli USA nel 2022. Inoltre, la gestione della sicurezza diventa più complessa con la crescente decentralizzazione: impianti fotovoltaici domestici e operatori minori spesso mancano delle risorse per garantire controlli efficaci e continui, rendendo la rete vulnerabile anche a incidenti circoscritti.

In conclusione, il rapporto della BSI mette in guardia su un futuro in cui l’energia distribuita sarà al centro della strategia energetica europea, ma anche della sua superficie d’attacco. La sicurezza della rete elettrica dipenderà dalla capacità di armonizzare standard, coordinare le politiche internazionali e integrare le difese fisiche e informatiche in una strategia unitaria. Solo con un approccio olistico e cooperativo sarà possibile garantire stabilità e resilienza nel nuovo panorama energetico.

L'articolo Basta un click e la luce si spegne! La Germania lancia l’allarme rosso contro i cyber attacchi proviene da il blog della sicurezza informatica.

We wrote up a video about speeding up Arduino code, specifically by avoiding DigitalWrite. Now, the fact that DigitalWrite is slow as dirt is long known. Indeed, a quick search pulls up a Hackaday article from 2010 demonstrating that it’s fifty times slower than toggling the pin directly using the native pin registers, but this is still one of those facts that gets periodically rediscovered from generation to generation. How can this be new again?

First off, sometimes you just don’t need the speed. When you’re just blinking LEDs on a human timescale, the general-purpose Arduino functions are good enough. I’ve written loads of useful firmware that fits this description. When the timing requirements aren’t tight, slow as dirt can be fast enough.

But eventually you’ll want to build a project where the old slow-speed pin toggling just won’t cut it. Maybe it’s a large LED matrix, or maybe it’s a motor-control application where the loop time really matters. Or maybe it’s driving something like audio or video that just needs more bits per second. One way out is clever coding, maybe falling back to assembly language primitives, but I would claim that the right way is almost always to use the hardware peripherals that the chipmakers gave you.

For instance, in the end of the video linked above, the hacker wants to drive a large shift register string that’s lighting up an LED matrix. That’s exactly what SPI is for, and coming to this realization makes the project work with timing to spare, and in just a few lines of code. That is the way.

Which brings me to the double-edged sword that the Arduino’s abstraction creates. By abstracting away the chips’ hardware peripherals, it makes code more portable and certainly more accessible to beginners, who don’t want to learn about SPI and I2C and I2S and DMA just yet. But by hiding the inner workings of the chips in “user friendly” libraries, it blinds new users to the useful applications of these same hardware peripherals that clever chip-design engineers have poured their sweat and brains into making do just exactly what we need.

This isn’t really meant to be a rant against Arduino, though. Everyone has to start somewhere, and the abstractions are great for getting your feet wet. And because everything’s open source anyway, nothing stops you from digging deeper into the datasheet. You just have to know that you need to. And that’s why we write up videos like this every five years or so, to show the next crop of new hackers that there’s a lot to gain underneath the abstractions.

This article is part of the Hackaday.com newsletter, delivered every seven days for each of the last 200+ weeks. It also includes our favorite articles from the last seven days that you can see on the web version of the newsletter. Want this type of article to hit your inbox every Friday morning? You should sign up!

hackaday.com/2025/05/24/the-ne…

The B&W Nautalis is, depending who you ask, either infamous or an icon of modern design. Want the look but don’t have a hundred grand to spare? [Every Project All at Once] has got aNautalis-inspired design on printables you can run off for pennies. He also provides a tutorial video (embedded below) so you can follow along with his design process and get build instructions.

The model was done in Blender, and is designed to contain a 3.5″ full-range driver by Dayton Audio — a considerable simplification from the array of woofers and tweeters in the original Nautalis. On the other hand, they cost considerably less than a car and have no production wait list. [Every Project All At Once] is apparently working on a matching woofer if that interests you, but unless he invests in a bigger printer it seems we can safely say that would require more assembly than this project.

Of course it would also be possible to copy B&W’s design directly, rather than print a loose inspiration of it as makers such as [Every Project All At Once] have done, but what’s the fun in that? It’s a much more interesting hack to take an idea and make it your own, as was done here, and then you can share the design without worrying about a luxury brand’s legal team.

Desktop 3D printing offers a wealth of possibilities for would-be speaker makers, including the possibility ofrolling your own drivers.

youtube.com/embed/xNANfZlagAw?…

hackaday.com/2025/05/24/who-ne…

The M.2 slot is usually used for solid-state storage devices. However, [bitluni] had another fun idea for how to use the interface. He built an M.2 compatible LED matrix that adds a little light to your motherboard.

[bitluni] built a web tool for sending images to the matrix.[bitluni] noted that the M.2 interface is remarkably flexible, able to offer everything from SATA connections to USB, PCI Express, and more. For this project, he elected to rely on PCI Express communication, using a WCH CH382 chip to translate from that interface to regular old serial communication.

He then hooked up the serial interface to a CH32V208 microcontroller, which was tasked with driving a 12×20 monochrome LED matrix. Even better, he was even able to set the microcontroller up to make it programmable upon first plugging it into a machine, thanks to its bootloader supporting serial programming out of the box. Some teething issues required rework and modification, but soon enough, [bitluni] had the LEDs blinking with the best of them. He then built a web-based drawing tool that could send artwork over serial direct to the matrix.

While most of us are using our M.2 slots for more traditional devices, it’s neat to see this build leverage them for another use. We could imagine displays like this becoming a neat little add-on to a blingy computer build for those with a slot or two to spare. Meanwhile, if you want to learn more about M.2, we’ve dived into the topic before.

youtube.com/embed/yxVQkL01FD4?…

hackaday.com/2025/05/24/led-ma…

Oggi si parla tanto di sovranità tecnologica.

L’Europa stessa che si è ingolfata a forza di regole e burocrazie e che di conseguenza viene derisa da mezzo mondo per volersi arrampicare sul tavolo dei grandi appoggiandosi sull’equivalente di elenchi telefonici pieni di direttive e regolamenti che cercano di parlare di tecnologia.

Ovviamente cercano, perché oltre al telefax chi ha scritto quella roba non c’è mai andato e al massimo s’è visto un tutorial o s’è letto un 4dummies.

Ti stanno vendendo la carta delle caramelle.

Quando ti vogliono vendere la sovranità tecnologica europea, o peggio nazionale, ti stanno cercando di vendere la carta delle caramelle. Non la caramella.

Quella se la sono ciucciata tutta insieme ai tavoli di esperti e consulenti vari, quindi al massimo ti trovi un po’ di sapore sulla carta sbavata se ti dice bene. Se pensi che ci possa essere indipendenza o sovranità solo perché vedi scritto su un disclaimer o un’etichette “made in EU” allora sei parte del problema.

Non ti preoccupare, però, perché sei la risorsa che tutti desiderano: l’utonto che compra e non si fa nessuna domanda.

C’è il software sovrano. O no?

Certo che esiste un software sovrano!

Finché non lo compili sul tuo portatile staccato da internet e lo tieni chiuso in una chiavetta sotto vuoto nel congelatore. Poi però succede che vuoi farci qualcosa — tipo farlo girare — e lì cominciano le risate.

Perché quel software, per quanto bello e “Made in EU” lo vogliano spacciare, si appoggia a una galassia di librerie, dipendenze, pacchetti, moduli e incantesimi vari, di cui almeno l’80% proviene da ovunque tranne che dall’Europa. E spesso da gente che magari oggi lavora per il bene comune, e domani ci infila una backdoor dentro.

Sì, parliamo proprio di quella supply chain del software, quel castello di carte globalizzato dove se un maintainer in Nebraska ha mal di pancia, il tuo gestionale in Friuli smette di fare le fatture.

E la Sovranità? Forse del sogno.

Perché quando il tuo codice europeo dipende da uno JavaScript coreano che usa un parser russo che fa una chiamata API verso una CDN cinese, chi controlla davvero cosa gira dove?

Ma dai, non è difficile da capire: te la stanno vendendo di nuovo, quella carta delle caramelle. Solo che stavolta c’è stampato sopra “Open Source” e “autonomia”, così suona più etico mentre ti ci asciughi le lacrime post-breach. Siamo oltre la paper compliance e la pdf compliance.

Oramai si fa compliance a botte di Canva e pptx.

C’è anche l’hardware sovrano. Certo, nei sogni bagnati di Bruxelles.

Ah, l’hardware sovrano! Quel miraggio dove l’Europa si immagina a produrre CPU da battaglia in stabilimenti puliti come le coscienze dei politici. Peccato che la realtà sia più sporca: non abbiamo né le fab (quelle vere, non le slide), né le fonderie avanzate, né tantomeno la filiera per trattare le materie prime necessarie a tirar fuori un chip moderno. Sai, quei cosini minuscoli da 3 nanometri che fanno girare il mondo? Quelli li fanno negli USA e a Taiwan.

In pratica, qui da noi mancano proprio le fondamenta: dalla raffinazione dei materiali al packaging del prodotto finito. Una CPU non si stampa con la buona volontà e un finanziamento Horizon. E mentre sogniamo di “recuperare sovranità”, ci ritroviamo a comprare chip progettati in California, prodotti a Hsinchu, impacchettati in Malesia e spediti su server connessi via infrastrutture gestite da multinazionali che mangiano normative europee a colazione. Ma vai tranquillo, abbiamo il GDPR — almeno i tuoi dati saranno ben protetti mentre il tuo hardware si spegne da solo perché un driver firmato a Shenzhen ha deciso così.

Ma vuoi mettere quanto è green questa fregatura?

E qui arriva il colpo di teatro: il greenwashing. Perché se proprio non puoi fare la rivoluzione, almeno piantaci sopra due alberi o falli piantare a qualcuno, sia mai che ti sporchi le mani tu, e chiamala “sostenibile”. L’Europa ha un debole per queste scenette: il chip sovrano magari non esiste, ma il documento PDF che ne certifica l’eco-compatibilità sì.

Che importa se la sabbia di silicio l’hai dovuta estrarre in Africa, raffinare in Cina e lavorare in un impianto alimentato a carbone — l’importante è che l’etichetta sia climate neutral e stampata con inchiostro di soia.

Tanto alla fine, l’unica cosa veramente a impatto zero è la nostra influenza nel settore. Quella sì che non lascia tracce.

Vogliamo parlare anche dei diritti dei lavoratori impiegati nell’estrazione delle materie prime? Meglio di no, dai. Ignoriamolo, quel punto. Ah, quant’è bella l’etica fatta a botte di cherry picking!

Non prendiamoci in giro.

Quando non hai le carte in mano e ti sei seduto al tavolo di gioco non è che ti puoi lamentare se non vinci. Soprattutto se scegli di continuare pensando che le tue carte valgono tantissimo perché le hai in mano tu. Prima o poi arriva un punto in cui concepisci che i semi sono quelli e il numerino in alto a destra non è che puoi “interpretarlo” ecco che ti arriva la doccia di realtà.

Che ha fatto l’UE a parte cercare di far regole su una tecnologia che non controlla e né può controllare sperando che qualcuno scopra il bluff. Grande strategia, non c’è che dire. Tutta basata sul gimmick.

Peccato che non fa i conti con la realtà. Sì, proprio quella roba brutta che prima o poi qualcuno penserà di mettere fuori legge perché troppo antieuropeista.

E quindi?

L’EU non ha ben chiaro quali sono le capacità all’interno del suo territorio.

Persino ora dove la nostra “sovranità tecnologica” è pari a zero, non siamo stati in grado di investire e creare qualcosa di “nostro”. Muoverci verso questo assurdo obiettivo vuol dire ripartire (se va bene) dagli anni ‘90 rimanendo indietro rispetto agli altri paesi dove R&D e’ il fulcro della loro economia. In Europa abbiamo una concezione strana dello sviluppo tecnologico, invece di muoverci verso l’innovazione vogliamo ripartire da capo creando router, software e cloud “made-in-EU” mentre gli altri player globali sviluppano nuove tecnologie per la sicurezza informatica e in ambito AI.

Sarà inutile (oltre che uno spreco) costruire nuove architetture senza la conoscenza su cosa crearci sopra. Un piano certamente ambizioso ma in ritardo rispetto al resto del mondo e soprattutto senza una idea chiara di dove e come muoversi.

La giusta sovranità tecnologica deve essere una abilità che deve essere coltivata in un territorio fertile. L’EU invece di fertilizzare il suo territorio decide di forzare la crescita delle radici in un terreno poco fertile e di difficile movimento grazie alle eccessive legislazioni e regolamenti.

Forzare la sovranità tecnologica rischia di favorire soluzioni solo perché sviluppate dai ‘buoni’, trascurando tecnologie potenzialmente superiori. Questo approccio può portare ad auto-limitazioni nella produzione e nei servizi disponibili, sollevando dubbi etici sulla libertà di scelta: è davvero giusto decidere per gli altri cosa possono o non possono usare?

Se l’obiettivo è davvero una sovranità efficace, allora è necessario snellire l’intero apparato normativo e puntare sulla varietà come vero punto di forza.

F-Norm Society… preparati alla prossima doccia fredda di sana realtà.

L'articolo Europa: La Sovranità tecnologica a colpi di PowerPoint e regolamenti e carta delle caramelle proviene da il blog della sicurezza informatica.

When retro computing nostalgia meets modern wireless wizardry, you get a near-magical tap-to-load experience. It’ll turn your Commodore 64 into a console-like system, complete with physical game cards. Inspired by TapTo for MiSTer, this latest hack brings NFC magic to real hardware using the TeensyROM. It’s been out there for a while, but it might not have caught your attention as of yet. Developed by [Sensorium] and showcased by YouTuber [StatMat], this project is a tactile, techie love letter to the past.

At the heart of it is the TeensyROM cartridge, which – thanks to some clever firmware modding – now supports reading NFC tags. These are writable NTag215 cards storing the path to game files on the Teensy’s SD card. Tap a tag to the NFC reader, and the TeensyROM boots your game. No need to fumble with LOAD “*”,8,1. That’s not only cool, it’s convenient – especially for retro demo setups.

What truly sets this apart is the reintroduction of physical tokens. Each game lives on its own custom-designed card, styled after PC Engine HuCards or printed with holographic vinyl. It’s a tangible, collectible gimmick that echoes the golden days of floppies and cartridges – but with 2020s tech underneath. Watch it here.

youtube.com/embed/FqgyiQdGp7o?…

hackaday.com/2025/05/23/teensy…

Typically, when we think about forming metal parts, we think about beating them with hammers, or squeezing them with big hydraulic presses. But what if magnets could do the squeezing? As it turns out—Grumman Aerospace discovered they can, several decades ago! Even better, they summed up this technique in a great educational video which we’ve placed below the break.

The video concerns the development of the Grumman EMF Torque Tube. The parts are essentially tubes with gear-like fittings mounted in either end, which are fixed with electromagnetic forming techniques instead of riveting or crimping. Right away, we’re told the key benefits—torque tubes built this way are “stronger, lighter, and more fatigue resistant” than those built with conventional techniques. Grumman used these torque tubes in such famous aircraft as the F-14 Tomcat, highlighting their performance and reliability.

Before……and after. The part is formed and the coil is destroyed.
The video goes on to explain the basics of the EMF torque tube production process. A tube is placed inside a coil, with the end fitting then installed inside. A capacitor bank dumps current through the coil to generate a strong electromagnetic field. This field is opposed by a secondary field generated by eddy currents. The two forces result in an explosive force which drives the tube inwards, gripping into the grooves of the end fitting, and destroys the coil in the process. Grumman notes that it specifically optimized a grooving profile for bonding tubes with end fittings, which maximised the strength of these EMF-produced joints.

This tip was sent in by [irox]. The video itself was posted by [Greg Benoit], who notes his father Robert Benoit was intimately involved with the development of the technique. Indeed, it was useful enough that the technology was licensed to Boeing, generating many millions of dollars for Grumman.

We feature all kinds of machining and forming techniques here, but this sort of forming isn’t something we see a lot of around these parts. Still, we’re sure someone will be Kickstarting a home EMF forming machine before the end of next week.

youtube.com/embed/QHxtY6_zxZo?…

hackaday.com/2025/05/23/emf-fo…

This project submitted to the 2025 Pet Hacks Contest brings a bit of IoT to your finned friends. Aquassist is a fish feeder that is primarily 3D printed only requiring a servo and a microcontroller to give you remote control of feeding your fish.

The Aquassist consists of just six 3D-printed parts. At its core is an Archimedes screw, a mechanism that ensures consistent portions of fish food are dispensed into the fish tank. A small hopper on top holds the food, and to minimize the part count, all 3D-printed components are designed to be glued together.

The brains of the operation take place in a Wemos D1 mini, a compact ESP8266 board programed using the Arduino IDE. The feeding mechanism relies on an SG90 continuous rotation servo, which rotates the Archimedes screw to dispense food. Unlike standard servos, this model offers ample torque in a small package and can rotate continuously without hitting an angular limit.

The Aquassist is controlled via a web-based application accessible from any device. The D1 Mini connects to Firebase to check the feeding schedule or detect if the “Feed Now” button has been pressed. Users can set feeding times or trigger an immediate feeding through the app’s intuitive interface. Check out a video below to see the Aquassist in action, and check our our other entries into the 2025 Pet Hacks Contest.

youtube.com/embed/i-F6hm34lFM?…

hackaday.com/2025/05/23/2025-p…

[Dmytro] was able to lay his hands on a InfiRay T2S+ camera. It’s a capable thermal imaging unit that comes at a cheaper price than many of its rivals. [Dmytro] decided to pull it apart to see what makes it tick, and he discovered a few interesting things along the way.

Like so much modern hardware, pulling the case apart does require some spudging and levering. Once inside, though, it comes apart in a relatively straightforward manner. Once inside, [Dmytro] notes some similarities between this camera and the Flir Lepton, another affordable thermal camera on the market. He also finds a clone of the Cypress FX2LP chip, which is used for talking USB. There’s also an Gowin FPGA inside, with [Dmytro] suspecting the gateware onboard could be modified. If so, the camera may be a candidate for running open source firmware in future.

What bothered [Dmytro] about this camera, though, was the software. When used with an Android phone, the camera demands the use of a proprietary app with with questionable permissions. It can be used on a regular computer, where it appears as a standard webcam. However, in this mode, the camera fails to self-calibrate, and the images quickly become useless. [Dmytro] worked to hack around this, by figuring out a way to trigger calibrations and run the proper image corrections manually when using the camera without the smartphone app. He also explores techniques to improve the resolution of the thermal measurements made by the camera.

We’ve seen some other neat thermal camera hacks over the years. Video after the break.

youtube.com/embed/bePf-qhZ_Vg?…

[Thanks to Clint for the tip!]

hackaday.com/2025/05/23/tearin…

It’s been a universal trait among the different faithful Hackaday Hounds who have loped around these parts over the decades, that there is no place warm enough for their tastes. Fire up the stove and the dog is there stretched out in front of it, leaving one to wonder whether our house temperature is being cruel to the mutt, or simply that they are heat sponges with infinite capacity. There’s got to be some joy in doggy circles then at the prospect of [John.r.sheahan]’s heated dog bed, designed in particular with the comfort of an older dog in mind.

In electronics terms it’s a relatively low-tech project, using as it does a 12 volt electric lap blanket aimed at motorists. It’s none the less a hack though, because it has a frame made of PVC pipe to hold it, and a blanked clipped in place. This forms a box-like structure above the sleeping position keeping the dog very comfortable indeed over chilly nights. We’ve cared for more than one geriatric dog over the years, and can see that something like this is vital for their comfort and well-being.

This project is part of the 2025 Pet Hacks contest, so look out for more like it. Alternatively if your faithful friend uses something you made, why not enter yourself!

hackaday.com/2025/05/23/2025-p…

We’re back in Europe for this week’s Hackaday podcast, as Elliot Williams is joined by Jenny List. In the news this week is the passing of Ed Smylie, the engineer who devised the famous improvised carbon dioxide filter that saved the Apollo 13 astronauts with duct tape.

Closer to home is the announcement of the call for participation for this year’s Hackaday Supercon; we know you will have some ideas and projects you’d like to share.

Interesting hacks this week include a new Mac Plus motherboard and Doom (just) running on an Atari ST, while a LoRa secure messenger and an astounding open-source Ethernet switch captivated us on the hardware front. We also take a dive into the Mouse programming language, a minimalist stack-based environment from the 1970s. Among the quick hacks are a semiconductor dopant you can safely make at home, and a beautiful Mac Mini based cyberdeck.

Finally, we wrap up with our colleague [Maya Posch] making the case for a graceful degradation of web standards, something which is now sadly missing from so much of the online world, and then with the discovery that ChatGPT can make a passable show of emulating a Hackaday scribe. Don’t worry folks, we’re still reassuringly meat-based.

html5-player.libsyn.com/embed/…

Insesrt MP3 podcast link here.

Episode 322 Show Notes:

News:

• Hackaday Supercon 2025 Call For Participation: We Want You!
• In Memory Of Ed Smylie, Whose Famous Hack Saved The Apollo 13 Crew

What’s That Sound:

• Congrats to [calculus] for picking up the [Jerobeam Fenderson] mushrooms.
• A Wrencher on Your Oscilloscope

Interesting Hacks of the Week:

• Escaping US Tech Giants Leads European YouTuber To Open Source
• A New Mac Plus Motherboard, No Special Chips Required
  
  • The Lost 256 KB Japanese ROM For The Macintosh Plus Has Been Found

  
  

• As The World Burns, At Least You’ll Have Secure Messaging
• Working On Open-Source High-Speed Ethernet Switch
• The Mouse Language, Running On Arduino
  
  • MUSYS. Peter Grogono, United Kingdom, 1969 – 120 Years of Electronic Music

  
  

• Running DOOM On An Atari ST

Quick Hacks:

• Elliot’s Picks:
  
  • PentaPico: A Pi Pico Cluster For Image Convolution
  • Designing A Hobbyist’s Semiconductor Dopant
  • LACED: Peeling Back PCB Layers With Chemical Etching And A Laser
  • MCP Blender Addon Lets AI Take The Wheel And Wield The Tools

  
  

• Jenny’s Picks:
  
  • An Awful 1990s PDA Delivers AI Wisdom
  • Speed Up Arduino With Clever Coding
  • Stylus Synth Should Have Used A 555– And Did!
  • A Portable M4 Mac Mini

  
  

Can’t-Miss Articles:

• The World Wide Web And The Death Of Graceful Degradation
• ChatGPT & Me. ChatGPT Is Me!

hackaday.com/2025/05/23/hackad…

The Flipper Zero can do all kinds of neat stuff, like helping you cut keys or decode various radio transmissions. However, until now, it hasn’t been particularly adept at persistence of vision tasks. For that very purpose, [Derek] built the LightMessenger.
The device doing its job.
The LightMessenger is a hardware add-on module for the Flipper Zero. In persistence-of-vision mode, you can plug it in via the GPIO header and display messages in the air by shaking it around. Even better, you can do so in color, with a height resolution of 16 pixels—meaning you can display some nice text or basic graphics. You can key in different text or select and edit bitmaps using the utility on the Flipper screen itself.

[Derek] also included a flashlight mode for the simple utility of it all. In Part 2 of [Derek’s] write-up, he also goes into detail on the development and manufacturing process for the device.

Files are on GitHub for the curious. We’ve gone over the basics of POV projects before, too.

youtube.com/embed/NlNuNxXg9r0?…

hackaday.com/2025/05/23/pov-on…

“Ciao Italia! L’attacco all’ospedale italiano è riuscito. Ci siamo stabiliti nel sistema, caricando un exploit sul server, ottenendo molte informazioni utili dalle schede dei pazienti. Nell’immagine potete vedere i medici mentre operano i loro pazienti. 😄 I giornalisti ci accuseranno di nuovo di cyberterrorismo?”

Questo è il messaggio, cinico e inquietante, pubblicato dagli hacktivisti del gruppo SECTOR16 dopo aver violato i sistemi di un ospedale italiano. Hanno preso il controllo dell’impianto di videosorveglianza. Hanno registrato e poi diffuso pubblicamente le immagini delle sale operatorie. Hanno sottratto dati sensibili dei pazienti. Hanno dimostrato – ancora una volta – quanto i nostri presidi sanitari siano esposti, vulnerabili, indifesi.

Ma se l’attacco fosse stato distruttivo?

Questa non è una simulazione. Non è un test. È un fatto gravissimo!

Se l’attacco fosse stato distruttivo – come spesso accade con i ransomware – i sistemi dell’ospedale avrebbero potuto andare in blocco totale: reparti paralizzati, documentazione clinica inaccessibile, operazioni sospese, soccorsi ritardati. Quando si parla di ospedali, ogni secondo può fare la differenza tra la vita e la morte.

E invece, oggi, lasciamo che i cybercriminali si introducano nei nostri ospedali con la stessa facilità con cui entrano in un sito mal protetto.

Sono Cybercriminali? Si. Ma noi siamo degli incapaci a gestire la cyber-sicurezza delle infrastrutture critiche.

Perché mancano risorse, competenze, operatività e attenzione. Perché non c’è ancora una cultura della sicurezza digitale nel settore sanitario. E questo è inaccettabile. I dati sanitari sono il nuovo oro del dark web: completi, dettagliati, altamente sensibili. Ma non è solo la privacy a essere a rischio. Sono i pazienti. Sono i medici. È la sanità pubblica nel suo complesso.

Dobbiamo agire. Subito

Occorrono investimenti reali in sicurezza informatica per gli ospedali. Occorre formare il personale. Occorre dotarsi di sistemi di difesa adeguati. Perché proteggere le strutture sanitarie oggi non significa solo evitare una violazione: significa salvare vite umane.

E mentre gruppi come SECTOR16 ironizzano sulle immagini rubate da una sala operatoria, noi dovremmo smettere di minimizzare. Dovremmo smettere di far finta che “tanto queste cose succedono solo altrove”.

Succedono qui! E quando sarai tu ad andare all’ospedale e non potranno darti le cure dovute perché drasticamente sottodimensionati a causa di un attacco informatico, ti ricorderai di questo articolo.

È il momento di trattare la cybersicurezza come una questione di salute pubblica. Perché lo è.

E volete saperne una? Ecco la lista degli attacchi noti agli ospedali italiani. Perché noi di Red Hot Cyber non dimentichiamo.

Gli attacchi noti agli ospedali italiani

Molto tempo fa riportammo che gli ospedali sarebbero divenuti “le galline dalle uova d’oro” per il cybercrime, in quanto il rischio non è solo inerente la perdita dei dati, ma anche la vita delle persone. I criminali lo sanno bene che la velocità di azione di un ospedale risulta essenziale, ma sappiamo anche che gli ospedali hanno un” postura cyber” da rivedere in modo profondo.

Purtroppo sono molte le organizzazioni ospedaliere colpite dagli incidenti di sicurezza e soprattutto il ransomware risulta il vettore di attacco principalmente utilizzato. La Lista delle organizzazioni sanitare colpite, dove ne conosciamo le rivendicazioni della PA si allunga sempre di più giorno dopo giorno:

• L’ospedale San Giovanni Addolorata di Roma,
• ASL 3 di Roma
• ASL 2 di Savona
• ASL 2 di Terni
• ASP di Messina 2021
• ULSS6 di Padova
• ASL Napoli 3
• ASST Lecco
• ASP Messina 2022
• ATS Insubria
• Fatebenefratelli Sacco
• Ospedale Macedonio Melloni
• ASL5 di La Spezia
• Ospedale Universitario di Parma
• Ospedale Niguarda
• ASL1 Abruzzo
• Centro Ortopedico di Quadrante
• Azienda ospedaliera universitaria integrata di Verona
• Attacco alla Synlab
• ASST Rhodense

Purtroppo l’Italia sembra non aver ancora compreso l’importanza strategica a livello di sicurezza nazionale di queste infrastrutture. Tali infrastrutture vengono continuamente bersagliato dal cybercrime e che devono essere protette per garantire la salute delle persone.

L'articolo Un Ospedale Italiano è stato Violato! I Video dei Pazienti e delle Sale Operatorie Sono Online! proviene da il blog della sicurezza informatica.

il 22 maggio 2025, è emersa la notizia di un attacco ransomware ai danni della divisione Emirati Arabi della Coca-Cola Company, rivendicato dal gruppo Everest. La compromissione sarebbe avvenuta in seguito all’utilizzo di un infostealer, uno strumento sempre più diffuso nel panorama del cybercrime, capace di sottrarre in modo silenzioso credenziali aziendali e facilitare accessi non autorizzati.

L’attacco è stato reso noto attraverso il portale onion gestito dal gruppo Everest, dove sono state pubblicate prove dell’intrusione e annunciata l’intenzione di diffondere pubblicamente i dati sottratti entro pochi giorni. Parallelamente, parte del database esfiltrato sembrerebbe già in vendita nel dark web, come indicato da thread rilevanti su forum underground.

Attualmente, non sono ancora stati confermati i volumi precisi di dati esfiltrati, né l’impatto operativo sulle attività dell’azienda nella regione. Tuttavia, la pubblicazione dell’attacco sui canali criminali indica con ogni probabilità l’intenzione del gruppo di passare alla fase di estorsione o vendita dei dati, strategia già adottata in passato da Everest.

Disclaimer: Questo rapporto include screenshot e/o testo tratti da fonti pubblicamente accessibili. Le informazioni fornite hanno esclusivamente finalità di intelligence sulle minacce e di sensibilizzazione sui rischi di cybersecurity. Red Hot Cyber condanna qualsiasi accesso non autorizzato, diffusione impropria o utilizzo illecito di tali dati. Al momento, non è possibile verificare in modo indipendente l’autenticità delle informazioni riportate, poiché l’organizzazione coinvolta non ha ancora rilasciato un comunicato ufficiale sul proprio sito web. Di conseguenza, questo articolo deve essere considerato esclusivamente a scopo informativo e di intelligence.

I dati sottratti

Secondo quanto pubblicato da Everest sul proprio portale Tor, i dati compromessi includono informazioni sensibili relative a circa 959 dipendenti, tra cui:

• Documenti d’identità
• Profili Salesforce
• Anagrafiche complete
• Informazioni interne e riservate

Screenshot mostrano dati personali, documenti ufficiali e profili utente interni, segnalando un potenziale impatto severo sulla privacy dei dipendenti e sulla sicurezza operativa dell’organizzazione.

Inoltre, un’altra parte dei dati appare in vendita su forum underground, come evidenziato nell’immagine sottostante, a conferma dell’avvenuta esfiltrazione e del tentativo di monetizzazione da parte degli attori coinvolti.

Come prassi del gruppo Everest, è stato attivato un timer visibile sul portale dark web associato all’attacco. Questo countdown rappresenta la scadenza entro la quale l’organizzazione vittima è chiamata a negoziare o pagare un riscatto. Al termine del tempo stabilito, i dati verranno presumibilmente resi pubblici o venduti definitivamente a terzi.

Questo meccanismo di pressione è parte integrante della tattica di triple extortion, che combina cifratura, minaccia reputazionale e in alcuni casi persino il contatto diretto con clienti o partner dell’azienda colpita.

Chi è Everest? Un attore tra ransomware e estorsione

Everest è un gruppo ransomware-as-a-service (RaaS) attivo dal 2020, noto per attacchi mirati a grandi imprese e infrastrutture critiche. Il loro modus operandi si basa spesso sulla collaborazione con access broker, criminali che forniscono credenziali aziendali compromesse ottenute tramite infostealer, phishing o vulnerabilità note.

Una volta all’interno della rete, Everest esegue movimenti laterali, esfiltra dati sensibili e infine avvia la cifratura dei sistemi. Le vittime vengono poi ricattate con la minaccia di divulgare pubblicamente i dati rubati – una strategia nota come double extortion.

Conclusioni

Il caso Coca-Cola Emirati Arabi rappresenta un esempio concreto della catena d’attacco moderna: dall’infezione con infostealer all’infiltrazione della rete aziendale, fino all’attacco ransomware e alla vendita dei dati nel dark web.

RHC continuerà a monitorare la situazione e pubblicherà eventuali ulteriori aggiornamenti qualora emergessero informazioni significative.
Invitiamo chiunque sia a conoscenza di dettagli rilevanti a contattarci attraverso la mail crittografata del whistleblower, garantendo la possibilità di rimanere anonimi.

L'articolo Coca-Cola Emirati Arabi sotto attacco: Everest Ransomware colpisce tramite infostealer proviene da il blog della sicurezza informatica.

Digital Rights Management (DRM) has been the bane of users since it was first introduced. Who remembers the battle it was getting Netflix running on Linux machines, or the literal legal fight over the DVD DRM decryption key? So the news from Signal, that DRM is finally being put to use to protect users is ironic.

The reason for this is Microsoft Recall — the AI powered feature that takes a snapshot of everything on the user’s desktop every few seconds. For whatever reason, you might want to exempt some windows from Recall’s memory window. It doesn’t speak well for Microsoft’s implementation that the easiest way for an application to opt out of the feature is to mark its window as containing DRM content. Signal, the private communications platform, is using this to hide from Recall and other screenshotting applications.

The Signal blogs warns that this may be just the start of agentic AI being rolled out with insufficient controls and permissions. The issue here isn’t the singularity or AI reaching sentience, it’s the same old security and privacy problems we’ve always had: Too much information being collected, data being shared without permission, and an untrusted actor having access to way more than it should.

Legacy Malware?

The last few stories we’ve covered about malicious code in open source repositories have featured how quickly the bad packages were caught. Then there’s this story about two-year-old malicious packages on NPM that are just now being found.

It may be that the reason these packages weren’t discovered until now, is that these packages aren’t looking to exfiltrate data, or steal bitcoin, or load other malware. Instead, these packages have a trigger date, and just sabotage the systems they’re installed on — sometimes in rather subtle ways. If a web application you were writing was experiencing intermittent failures, how long would it take you to suspect malware in one of your JavaScript libraries?

Where Are You Calling From?

Phone phreaking isn’t dead, it has just gone digital. One of the possibly apocryphal origins of phone phreaking was a toy bo’sun whistle in boxes of cereal, that just happened to play a 2600 Hz tone. More serious phreakers used more sophisticated, digital versions of the whistle, calling them blue boxes. In modern times, apparently, the equivalent of the blue box is a rooted Android phone. [Daniel Williams] has the story of playing with Voice over LTE (VoLTE) cell phone calls. A bug in the app he was using forced him to look at the raw network messages coming from O2 UK, his local carrier.

And those messages were weird. VoLTE is essentially using the Session Initiation Protocol (SIP) to handle cell phone calls as Voice over IP (VoIP) calls using the cellular data network. SIP is used in telephony all over the place, from desk phones to video conferencing solutions. SIP calls have headers that work to route the call, which can contain all sorts of metadata about the call. [Daniel] took a look at the SIP headers on a VoLTE call, and noticed some strange things. For one, the International Mobile Subscriber Identity (IMSI) and International Mobile Equipment Identity (IMEI) codes for both the sender and destination were available.

He also stumbled onto an interesting header, the Cellular-Network-Info header. This header encodes way too much data about the network the remote caller is connected to, including the exact tower being used. In an urban environment, that locates a cell phone to an area not much bigger than a city block. Together with leaking the IMSI and IMEI, this is a dangerous amount of information to leak to anyone on the network. [Daniel] attempted to report the issue to O2 in late March, and was met with complete silence. However, a mere two days after this write-up was published, on May 19th, O2 finally made contact, and confirmed that the issue had finally been resolved.

ARP Spoofing in Practice

TCP has an inherent security advantage, because it’s a stateful connection, it’s much harder to make a connection from a spoofed IP address. It’s harder, but it’s not impossible. One of the approaches that allows actual TCP connections from spoofed IPs is Address Resolution Protocol (ARP) poisoning. Ethernet switches don’t look at IP addresses, but instead route using MAC addresses. ARP is the protocol that distributes the MAC Address to IP mapping on the local network.

And like many protocols from early in the Internet’s history, ARP requests don’t include any cryptography and aren’t validated. Generally, whoever claims an IP address first wins, so the key is automating this process. And hence, enter NetImposter, a new tool specifically designed to automate this process, sending spoofed ARP packets, and establishing an “impossible” TCP connection.

Impossible RCE in SSH

Over two years ago, researchers at Qualsys discovered a pre-authentication double-free in OpenSSH server version 9.1. 9.2 was quickly released, and because none of the very major distributions had shipped 9.1 yet, what could have been a very nasty problem was patched pretty quietly. Because of the now-standard hardening features in modern Linux and BSD distributions, this vulnerability was thought to be impossible to actually leverage into Remote Code Execution (RCE).

If someone get a working OpenSSH exploit from this bug, I'm switching my main desktop to Windows 98 (this bug was discovered by a Windows 98 user who noticed sshd was crashing when trying to login to a Linux server!)

— Tavis Ormandy (@taviso) February 14, 2023

The bug was famously discovered by attempting to SSH into a modern Linux machine from a Windows 98 machine, and Tavis Ormandy claimed he would switch to Windows 98 on his main machine if someone did actually manage to exploit it for RCE. [Perri Adams] thought this was a hilarious challenge, and started working an exploit. Now we have good and bad news about this effort. [Perri] is pretty sure it is actually possible, to groom the heap and with enough attempts, overwrite an interesting pointer, and leak enough information in the process to overcome address randomization, and get RCE. The bad news is that the reward of dooming [Tavis] to a Windows 98 machine for a while wasn’t quite enough to be worth the pain of turning the work into a fully functional exploit.

But that’s where [Perri’s] OffensiveCon keynote took an AI turn. How well would any of the cutting-edge AIs do at finding, understanding, fixing, and exploiting this vulnerability? As you probably already guessed, the results were mixed. Two of the three AIs thought the function just didn’t have any memory management problems at all. Once informed of the problem, the models had more useful analysis of the code, but they still couldn’t produce any remotely useful code for exploitation. [Perri’s] takeaway is that AI systems are approaching the threshold of being useful for defensive programming work. Distilling what code is doing, helping in reverse engineering, and working as a smarter sort of spell checker are all wins for programmers and security researchers. But fortunately, we’re not anywhere close to a world where AI is developing and deploying exploitations.

youtube.com/embed/Y1naY3gupRw?…

Bits and Bytes

There are a pair of new versions of reverse engineering/forensic tools released very recently. Up first is Frida, a runtime debugger on steroids, that is celebrating its 17th major version release. One of the major features is migrating to pluggable runtime bridges, and moving away from strictly bundling them. We also have Volatility 3, a memory forensics framework. This isn’t the first Volatility 3 release, but it is the release where version three officially has parity with the version two of the framework.

The Foscam X5 security camera has a pair of buffer overflows, each of which can be leveraged to acieve arbitrary RCE. One of the proof-of-concepts has a very impressive use of a write-null-anywhere primitive to corrupt a return pointer, and jump into a ROP gadget. The concerning element of this disclosure is that the vendor has been completely unresponsive, and the vulnerabilities are still unaddressed.

And finally, one of the themes that I’ve repeatedly revisited is that airtight attribution is really difficult. [Andy Gill] walks us through just one of the many reasons that’s difficult. Git cryptographically signs the contents of a commit, but not the timestamps. This came up when looking through the timestamps from “Jia Tan” in the XZ compromise. Git timestamps can be trivially rewritten. Attestation is hard.

hackaday.com/2025/05/23/this-w…

Gli operatori del ransomware 3AM eseguono attacchi mirati contro i bersagli designati. Gli hacker bombardano i dipendenti delle aziende con e-mail e telefonate, fingendosi personale di supporto, per costringere gli utenti a fornire le credenziali per l’accesso remoto ai sistemi aziendali.

Gli esperti di Sophos scrivono che in passato tali tattiche erano utilizzate principalmente dagli autori del ransomware Black Basta e dal gruppo di hacker FIN7, ma ora l’efficacia di tali attacchi ha portato alla loro più ampia diffusione.

I ricercatori riferiscono che tra novembre 2024 e gennaio 2025 sono stati rilevati almeno 55 attacchi che hanno utilizzato tali tecniche e collegano l’attività a due diversi cluster di minacce.

Gli attacchi includono l’invio di più e-mail, vishing (phishing vocale) tramite Microsoft Teams e l’abuso di Quick Assist. A quanto pare, la fuga di notizie delle chat interne di Black Basta , avvenuta all’inizio del 2025, si è rivelata utile ad altri aggressori. Ora stanno utilizzando un modello per attacchi di phishing tramite Microsoft Teams, fingendosi dipendenti IT.

Uno degli attacchi ransomware 3AM a un cliente Sophos si è verificato nel primo trimestre del 2025, è durato nove giorni e gli hacker hanno utilizzato un approccio simile. Solo che invece di usare Microsoft Teams, hanno iniziato con il phishing telefonico.

Gli aggressori hanno sostituito il vero numero di telefono del reparto IT del cliente per rendere la chiamata più credibile. Gli hacker hanno telefonato inviando contemporaneamente numerose e-mail dannose: in soli tre minuti, la vittima ne ha ricevute 24.

In questo modo, l’aggressore ha convinto un dipendente dell’azienda presa di mira ad aprire Microsoft Quick Assist e a fornire l’accesso remoto, presumibilmente per proteggersi da attività dannose. L’hacker ha quindi scaricato e decompresso un archivio dannoso contenente uno script VBS, un emulatore QEMU e un’immagine di Windows 7 con la backdoor QDoor.

QEMU veniva utilizzato per eludere il rilevamento instradando il traffico di rete attraverso macchine virtuali create sulla piattaforma, consentendo agli hacker di ottenere un accesso persistente ma non rilevato alla rete della vittima. Infine, gli aggressori hanno eseguito una ricognizione sulla rete dell’azienda presa di mira utilizzando WMIC e PowerShell, hanno creato un account amministratore locale per la connessione tramite RDP, hanno installato lo strumento RMM commerciale XEOXRemote e hanno compromesso l’account amministratore di dominio.

L'articolo Vishing da incubo: 24 email in 3 minuti e una telefonata per hackerare un’intera azienda proviene da il blog della sicurezza informatica.

Dutch research institute [AMOLF] shows off a small robot capable of walking, hopping, and swimming without any separate control system. The limbs synchronize thanks to the physical interplay between the robot’s design and its environment. There are some great videos on that project page, so be sure to check it out.
A kinked soft tube oscillates when supplied with continuous air.
Powered by a continuous stream of air blown into soft, kinked tubular limbs, the legs oscillate much like the eye-catching “tube man” many of us have seen by roadsides. At first it’s chaotic, but the movements rapidly synchronize into a meaningful rhythm that self-synchronizes and adapts. On land, the robot does a sort of hopping gait. In water, it becomes a paddling motion. The result in both cases is a fast little robot that does it all without any actual control system, relying on physics.

You can watch it in action in the video, embedded below. The full article “Physical synchronization of soft self-oscillating limbs for fast and autonomous locomotion” is also available.

Gait control is typically a nontrivial problem in robotics, but it doesn’t necessarily require a separate control system. Things like BEAM robotics and even the humble bristlebot demonstrate the ability for relatively complex behavior and locomotion to result from nothing more than the careful arrangement of otherwise simple elements.

youtube.com/embed/oyKnCRqNj84?…

hackaday.com/2025/05/23/behold…

I black hacker di NOVA tornano a colpire, e questa volta con insulti all’Italia dopo la pubblicazione dei dati del presunto attacco informatico al Comune di Pisa. Dopo aver rivendicato l’attacco il 10 maggio 2025, il gruppo criminale ha pubblicato i primi dati rubati, esattamente 11 giorni dopo l’annuncio sul loro forum underground.

Disclaimer: Questo rapporto include screenshot e/o testo tratti da fonti pubblicamente accessibili. Le informazioni fornite hanno esclusivamente finalità di intelligence sulle minacce e di sensibilizzazione sui rischi di cybersecurity. Red Hot Cyber condanna qualsiasi accesso non autorizzato, diffusione impropria o utilizzo illecito di tali dati. Al momento, non è possibile verificare in modo indipendente l’autenticità delle informazioni riportate, poiché l’organizzazione coinvolta non ha ancora rilasciato un comunicato ufficiale sul proprio sito web. Di conseguenza, questo articolo deve essere considerato esclusivamente a scopo informativo e di intelligence.
Immagine dall’home page del sito underground di Nova nella rete onion
Secondo quanto emerso dal sito underground di NOVA, la gang ha reso disponibile un archivio di 100 GB, diviso in diversi file compressi dal titolo “Municipality of Pisa”.

Il contenuto sarebbe stato crittografato il 10 maggio, lo stesso giorno della rivendicazione iniziale.
Immagine del post pubblicato da Nova all’interno del proprio sito

Nessun pagamento, pubblicazione dei dati

Nel messaggio pubblicato dalla gang, si leggono pesanti insulti contro le autorità italiane, accusate di non aver voluto trattare o pagare il “bug bounty” di 2 milioni di dollari richiesto come riscatto. Il tono del messaggio è aggressivo e sessista, con frasi denigratorie e minacce di una “Parte 2”, che lascia presagire ulteriori pubblicazioni.
Italia, vergognati

Paese mafioso, ora è il paese dei pagliacci, non hanno alcuna intenzione di pagare solo un po' (2 milioni di dollari) come taglia, ma cosa ne pensate di un paese sotto il controllo delle donne, [*** omettiamo la traduzione per una questione di rispetto ****] , nessuno ci ha mandato un messaggio per iniziare il riscatto, abbiamo mandato messaggi alla gmail di PISA ma nah, POVERO PAESE FOTTITI, LA PARTE 2 ARRIVERÀ, questo era solo l'inizio, andate a chiedere aiuto all'ACN, divertitevi con i dati
La comunicazione evidenzia anche un fallito tentativo di contatto da parte del gruppo, che afferma di aver cercato di inviare messaggi via Gmail al Comune di Pisa senza ricevere risposta.

ACN allertata, attacco confermato

Ora, con la pubblicazione effettiva dei dati, l’evento si potrebbe configurare come una data breach, con potenziali ripercussioni sulla privacy dei cittadini e sull’infrastruttura digitale dell’amministrazione, anche se il tutto risulta ancora da verificare.

Non è ancora chiaro il contenuto specifico degli archivi “d1.7z” e “U.7z”, ma data la dimensione e il target istituzionale, si teme la presenza di dati personali, email, contratti, documenti amministrativi e altre informazioni sensibili.

Conclusioni

L’attacco al Comune di Pisa rappresenta l’ennesimo caso in cui i criminali informatici non si limitano a criptare dati, ma cercano di umiliare pubblicamente le istituzioni, usando un linguaggio volgare, misogino e intimidatorio. Questa tattica serve ad aumentare la pressione psicologica e spingere verso il pagamento del riscatto? Probabilmente no, ma rappresenta un punto di svolta che abbiamo già visto in precedenza con il tema degli “scimpanzè” dell’informatica.

Nonostante ciò, la linea corretta da seguire rimane sempre quella di non pagare i riscatti: cedere al ricatto alimenta un circolo vizioso che finanzia ulteriormente il cybercrime, rafforzando gruppi come NOVA.

Tuttavia, è altrettanto fondamentale investire con decisione nella cybersecurity, sia a livello locale che nazionale. Il caso Pisa dimostra che non c’è più tempo di rimandare, ma è urgente rendere il nostro paese più resiliente, reattivo e preparato ad affrontare minacce sempre più sofisticate e spietate.

E questo è un tema “operativo” e non più un tema “politico”.

Come nostra consuetudine, lasciamo sempre spazio ad una dichiarazione dell’organizzazione qualora voglia darci degli aggiornamenti su questa vicenda e saremo lieti di pubblicarla con uno specifico articolo dando risalto alla questione.

RHC monitorerà l’evoluzione della vicenda in modo da pubblicare ulteriori news sul blog, qualora ci fossero novità sostanziali. Qualora ci siano persone informate sui fatti che volessero fornire informazioni in modo anonimo possono accedere utilizzare la mail crittografata del whistleblower.

L'articolo “Italia, Vergognati! Paese Mafioso!”. Insulti di Nova all’Italia dopo l’Attacco al Comune di Pisa proviene da il blog della sicurezza informatica.

It might be too soon to consider the innards of the old CRT monitor at the back of your closet to be something worth putting on display in your home or workshop. For that curio cabinet-worthy appeal, you need to look a bit further back. Say, about 150 years. Yes, that’ll do. A Crookes tube, the original electron beam-forming vacuum tube of glass, invented by Sir William Crookes et al. in the late 19th century, is what you need.

And a Crookes tube is what [Markus Bindhammer] found on AliExpress one day. He felt that piece of historic lab equipment was asking to be put on display in proper fashion. So he set to work crafting a wooden stand for it out of a repurposed candlestick, a nice piece of scrap oak, and some brass feet giving it that antique mad-scientist feel.

After connecting a high voltage generator and switch, the Crookes tube should have been all set, but nothing happened when it was powered up. It turned out that a capacitance issue was preventing the tube from springing to life. Wrapping the cathode end of the tube in aluminum foil, [Markus] formed what is effectively a Leyden jar, and that was the trick that kicked things into action.

As of this writing, there are no longer any Crookes tubes that we could find on AliExpress, so you’ll have to look elsewhere if you’re interested in showing off your own 19th century electron-streaming experiment. Check out the Crookes Radiometer for some more of Sir Williams Crookes’s science inside blown glass.

youtube.com/embed/rd7Y9ZRhcLs?…

hackaday.com/2025/05/23/foil-l…

Un’operazione globale di contrasto coordinata dall’Europol ha inferto un duro colpo alla criminalità underground, con 270 arresti tra venditori e acquirenti del dark web in dieci paesi. Nota come Operazione RapTor, questa operazione internazionale ha smantellato reti dedite al traffico di droga, armi e merci contraffatte, inviando un chiaro segnale ai criminali che si nascondono dietro l’illusione dell’anonimato.

I sospettati sono stati identificati attraverso indagini coordinate basate sull’intelligence derivante dalle chiusure dei marketplace del dark web Nemesis, Tor2Door, Bohemia e Kingdom Markets. Molti avevano effettuato migliaia di vendite su marketplace illeciti, utilizzando strumenti di crittografia e criptovalute per coprire le proprie tracce, ma le forze dell’ordine sono state all’avanguardia.

Questa azione internazionale segue l’Operazione SpecTor del 2023, che portò a 288 arresti. Insieme, queste operazioni dimostrano la crescente capacità delle forze dell’ordine di penetrare il velo di segretezza del dark web.

I venditori del dark web smascherati

I 270 arresti sono avvenuti nei seguenti Paesi:

• Stati Uniti d’America: 130
• Germania: 42
• Regno Unito: 37
• Francia: 29
• Corea del Sud: 19
• Austria: 4
• Paesi Bassi: 4
• Brasile: 3
• Svizzera: 1
• Spagna: 1

Sono in corso le indagini per rintracciare e arrestare altri individui coinvolti in reati sul dark web.

Milioni sequestrati, armi recuperate

Parallelamente agli arresti, gli agenti hanno sequestrato:

• Oltre 184 milioni di euro in contanti e criptovalute
• Oltre 2 tonnellate di droghe, tra cui anfetamine, cocaina, ketamina, oppioidi e cannabis
• Oltre 180 armi da fuoco, insieme a finte armi, taser e coltelli
• 12.500 prodotti contraffatti
• Oltre 4 tonnellate di tabacco illegale

Questi sequestri rappresentano una grave interruzione delle catene di approvvigionamento criminali che alimentano l’economia del dark web.

Il ruolo dell’Europol

Europol ha supportato l’azione compilando e analizzando pacchetti di intelligence basati sui dati provenienti dai tre mercati sequestrati. Questi pacchetti sono stati poi condivisi con le autorità nazionali nell’ambito della Joint Cybercrime Action Taskforce, ospitata presso la sede centrale di Europol, per consentire indagini mirate.

Questo modello operativo, utilizzato anche nell’operazione SpecTor del 2023, dimostra che l’arresto di una piattaforma criminale non è la fine della storia, bensì l’inizio di indagini successive volte a identificare e arrestare i venditori di alto valore.

Edvardas Šileris, Capo del Centro europeo per la criminalità informatica di Europol ha riportato “L’operazione RapTor dimostra che il dark web non è al di fuori della portata delle forze dell’ordine. Grazie a una stretta collaborazione e alla condivisione di informazioni, agenti di quattro continenti hanno identificato e arrestato sospetti, inviando un messaggio chiaro a coloro che pensano di potersi nascondere nell’ombra. Europol continuerà a collaborare con i nostri partner per rendere internet più sicuro per tutti.”

Cambiando tattica, stessa minaccia

Le recenti operazioni stanno rimodellando il panorama del dark web. Con i marketplace tradizionali sottoposti a crescente pressione, i criminali si stanno spostando verso negozi più piccoli, gestiti da un singolo venditore, per evitare le commissioni dei marketplace e ridurre al minimo l’esposizione.

Le droghe illegali continuano a essere la merce più venduta sul dark web, ma il 2023 ha visto anche un’impennata del traffico di farmaci da prescrizione e un incremento dei servizi fraudolenti, tra cui falsi sicari e annunci fasulli progettati per truffare gli acquirenti. Nonostante questi cambiamenti, il messaggio è chiaro: nessuna piattaforma è al di fuori della portata degli sforzi coordinati delle forze dell’ordine a livello internazionale.

Questa azione globale è stata resa possibile grazie alla stretta collaborazione tra le seguenti autorità:

• Austria : Servizio di intelligence criminale austriaco con vari dipartimenti provinciali di polizia criminale (Bundeskriminalamt und Landeskriminalämter)
• Brasile : Polizia Civile dello Stato del Pará (Polícia Civil do Estado do Pará) e Polizia Civile dello Stato di San Paolo (Polícia Civil do Estado do São Paulo)
• Francia : dogana francese (Douane), gendarmeria nazionale (Gendarmerie Nationale)
• Germania : Ufficio federale di polizia criminale (Bundeskriminalamt); Procura di Colonia – Punto di contatto centrale per la criminalità informatica (Staatsanwaltschaft Köln, Zentral- und Ansprechstelle Cybercrime); Centrale investigativa criminale di Oldenburg (Zentrale Kriminalinspektion Oldenburg); vari dipartimenti di polizia (Dienststellen der Länderpolizeien); Investigazione doganale tedesca (Zollfahndungsämter)
• Paesi Bassi : Team High Tech Crime (Indagini nazionali e operazioni speciali (NIS) e Post Interventie Team (PIT); ​​Intelligence nazionale, competenza e supporto operativo (NIEO)
• Spagna : Polizia nazionale (Policía Nacional)
• Corea del Sud : Ufficio del Procuratore del Distretto Centrale di Seul – Unità Investigativa Darknet
• Svizzera : Polizia cantonale di Zurigo (Kantonspolizei Zürich) e Procura II del Cantone di Zurigo (Staatsanwaltschaft II)
• Regno Unito : National Crime Agency (NCA); National Police Chiefs’ Council (NPCC)
• Stati Uniti : Dipartimento di Giustizia (DOJ) con le agenzie partner JCODE (Federal Bureau of Investigation (FBI) e Drug Enforcement Administration (DEA); Food and Drug Administration (FDA) – Office of Criminal Investigations; Homeland Security Investigations (HSI); Internal Revenue Service (IRS) – Criminal Investigation; US Postal Inspection Service (USPIS); Bureau of Alcohol, Tobacco, Firearms and Explosives (ATF); Army Criminal Investigation Division (Army-CID); Customs and Border Protection (CBP); Dipartimento di Giustizia (DOJ); Department of the Treasury Financial Crimes Enforcement Network (FinCEN); Department of the Treasury Office of Foreign Assets Control (OFAC); Naval Criminal Investigative Service (NCIS))

L'articolo Europol Operazione RapTor: 270 arresti e 184 milioni sequestrati. Crollano i mercati del Dark Web proviene da il blog della sicurezza informatica.

Una vulnerabilità zero-day nel kernel Linux, è stata scoperta utilizzando il modello o3 di OpenAI. Questa scoperta, alla quale è stata assegnata la vulnerabilità CVE-2025-37899, segna un significativo progresso nella ricerca sulle vulnerabilità assistite dall’intelligenza artificiale.

La vulnerabilità, ufficialmente confermata il 20 maggio 2025, colpisce il componente ksmbd del kernel Linux, un server interno che implementa il protocollo SMB3 per la condivisione di file in rete. Il problema risiede in una condizione di tipo use-after-free all’interno del gestore del comando logoff, che può portare a gravi implicazioni in termini di sicurezza. Nello specifico, durante l’elaborazione di un comando di disconnessione, un thread libera l’oggetto sess->user. Tuttavia, se un’altra connessione tenta nel frattempo di riconfigurare la sessione già liberata, può accedere alla stessa struttura in memoria, causando un comportamento indefinito e potenzialmente pericoloso.

A rendere ancora più rilevante la scoperta è il fatto che la vulnerabilità è stata individuata da un’intelligenza artificiale. Sean, il ricercatore che l’ha rilevata, ha dichiarato: “L’ho trovata utilizzando esclusivamente l’API del modello o3 di OpenAI: niente strumenti avanzati, niente framework, solo puro linguaggio naturale”. Secondo Sean, si tratta con ogni probabilità della prima vulnerabilità mai scoperta pubblicamente da un modello linguistico di grandi dimensioni (LLM), dimostrando come l’IA abbia ormai raggiunto una capacità di comprensione del codice tale da rappresentare un reale alleato (o minaccia) nella sicurezza informatica.

Tali vulnerabilità possono causare il danneggiamento della memoria e potenzialmente consentire agli aggressori di eseguire codice arbitrario con privilegi del kernel. Il modello o3 di OpenAI, pubblicato il 16 aprile 2025, rappresenta un significativo progresso nelle capacità di ragionamento dell’IA. Il modello è progettato per “pensare più a lungo prima di rispondere” e dimostra prestazioni sostanzialmente migliorate in compiti complessi, tra cui programmazione e matematica.

La sua capacità di comprendere strutture di codice complesse e di ragionare su operazioni simultanee si è rivelata fondamentale per identificare questa vulnerabilità. “Con o3, gli LLM hanno fatto un balzo in avanti nella loro capacità di ragionare sul codice, e se lavori nella ricerca sulle vulnerabilità, dovresti iniziare a prestargli molta attenzione”, ha osservato Sean. “Ora sono a un punto in cui possono renderti significativamente più efficiente ed efficace.”

Gli esperti di sicurezza attribuiscono a questa vulnerabilità un punteggio di gravità elevato, sebbene l’Exploit Prediction Scoring System (EPSS) attualmente stimi una probabilità di sfruttamento relativamente bassa, pari allo 0,02%. La vulnerabilità interessa diverse versioni del kernel Linux fino alla 6.12.27, 6.14.5 e 6.15-rc4 .

Le distribuzioni Linux, inclusa SUSE, stanno già lavorando alle patch. Il team di sicurezza di SUSE attualmente classifica il problema come di “gravità moderata”. Gli utenti sono invitati ad installare gli aggiornamenti non appena disponibili.

L'articolo Scoperto il primo bug 0day da una AI sul kernel Linux! Un punto di svolta nel bug hunting? proviene da il blog della sicurezza informatica.

If you grew up with a beige Atari ST on your desk and a faint feeling of being left out once Doom dropped in 1993, brace yourself — the ST strikes back. Thanks to [indyjonas]’s incredible hack, the world now has a working port of DOOM for the Atari STe, and yes — it runs. It’s called STDOOM, and even though it needs a bit of acceleration or emulation to perform, it’s still an astonishing feat of retro-software necromancy.

[indyjonas] did more than just recompile and run: he stripped out chunks of PC-centric code, bent GCC to his will (cheers to Thorsten Otto’s port), and shoehorned Doom into a machine never meant to handle it. That brings us a version that runs on a stock machine with 4MB RAM, in native ST graphics modes, including a dithered 16-colour mode that looks way cooler than it should. The emotional punch? This is a love letter to the 13-year-old Jonas who watched Doom from the sidelines while his ST chugged along faithfully. A lot of us were that kid.

Sound is still missing, and original 8MHz hardware won’t give you fluid gameplay just yet — but hey, it’s a start. Want to dive in deeper? Read [indyjonas]’ thread on X.

hackaday.com/2025/05/22/runnin…

Electrostatic droplet capture system installed on an HVAC condenser. (Credit: Infinite Cooling)
As a common feature with thermal power plants, cooling towers enable major water savings compared to straight through cooling methods. Even so, the big clouds of water vapor above them are a clear indication of how much cooling water is still effectively lost, with water vapor also having a negative impact on the environment. Using so-called plume abatement the amount of water vapor making it into the environment can be reduced, with recently a trial taking place at a French nuclear power plant.

This trial featured electrostatic droplet capture by US-based Infinite Cooling, which markets it as able to be retrofitted to existing cooling towers and similar systems, including the condensers of office HVAC systems. The basic principle as the name suggests involves capturing the droplets that form as the heated, saturated air leaves the cooling tower, in this case with an electrostatic charge. The captured droplets are then led to a reservoir from which it can be reused in the cooling system. This reduces both the visible plume and the amount of cooling water used.

In a 2021 review article by [Shuo Li] and [M.R. Flynn] in Environmental Fluid Mechanics the different approaches to plume abatement are looked at. Traditional plume abatement designs use parallel streams of air, with the goal being to have condensation commence as early as possible rather than after having been exhausted into the surrounding air. Some methods used a mesh cover to provide a surface to condense on, while a commercially available technology are condensing modules which use counterflow in an air-to-air heat exchanger.

Other commercial solutions include low-profile, forced-draft hybrid cooling towers, yet it seems that electrostatic droplet capture is a rather new addition here. With even purely passive systems already seeing ~10% recapturing of lost cooling water, these active methods may just be the ticket to significantly reduce cooling water needs without being forced to look at (expensive) dry cooling methods.

Top image: The French Chinon nuclear power plant with its low-profile, forced-draft cooling towers. (Credit: EDF/Marc Mourceau)

hackaday.com/2025/05/22/recove…

Typing can be difficult to learn at the best of times. Until you get the muscle memory down, it can be quite challenging. However, if you’ve had one or more fingers amputated, it can be even more difficult. Just reaching the keys properly can be a challenge. To help in this regard, [Roei Weiman] built some assistive typing tools for those looking for a little aid at the keyboard.

The devices were built for [Yoni], who works in tech and has two amputated fingers. [Roei] worked on many revisions to create a viable brace and extension device that would help [Yoni] type with greater accuracy and speed.

While [Roei] designed the parts for SLS 3D printing, it’s not mandatory—these can easily be produced on an FDM printer, too. For SLS users, nylon is recommended, while FDM printers will probably find best results with PETG. It may also be desirable to perform a silicone casting to add a grippier surface to some of the parts, a process we’ve explored previously.

The great thing about 3D printing is that it enables just about anyone to have a go at producing their own simple assistive aids like these. Files are on Instructables for the curious. Video after the break.

youtube.com/embed/OaDDa5VRGVM?…

hackaday.com/2025/05/22/you-ca…

If you want a regular table saw, you’re probably best off just buying one—it’s hard to beat the economies of scale that benefit the major manufacturers. If you want a teeny one, though, you might like to build it yourself. [Maciej Nowak] has done just that.

The concept is simple enough; a small motor and a small blade make a small table saw. [Maciej] sourced a remarkably powerful 800-watt brushless motor for the build. From there, the project involved fabricating a suitable blade mount, belt drive, and frame for the tool. Some time was well-spent on the lathe producing the requisite components out of steel and aluminum, as well as a stout housing out of plywood. The motor was then fitted with a speed controller, with the slight inconvenience that it’s a hobby unit designed to run off DC batteries rather than a wall supply. Ultimately, though, this makes the saw nicely portable. All that was left to do was to fit the metal top plate, guides, and a suitably small 3″ saw blade to complete the build.

We’ve seen mini machine tools like these before, too. They can actually be pretty useful if you find yourself regularly working on tiny little projects. Video after the break.

youtube.com/embed/i17Ciew4Pcg?…

hackaday.com/2025/05/22/buildi…

Some projects start as hacks, and end as products — that’s the case for [Akio Sato]’s project Loko, the LoRa/GPS tracker that was entered in our 2025 Pet Hacks Contest. The project dates all the way back to 2019 on Hackaday.io, and through its logs you can see its evolution up to the announcement that Loko is available from SeeedStudio.

It’s not a device necessarily limited to pets. In fact, the original use case appears to have been a backup locator beacon for lost drones. But it’s still a good fit for the contest none-the-less: at 12 grams, the tiny tracking device won’t bother even the most diminutive of pups, and will fit on any collar at only 30 mm x 23 mm. The “ground station” that pairs with your phone is a bit bigger, of course, but unless you have a Newfoundlander or a St. Bernard you’re likely bigger than fido. The devices use LoRa to provide a range up to 15 km — maybe better if you can loop them into a LoRaWAN. Depending on how often you pin the tracker, it can apparently last for as long as 270 days, which we really hope you won’t need to track a missing pet.

The hardware is based around Seeed’s Wio-E5 LoRa chip, which packages an STM32 with a LoRA radio. The firmware is written in MicroPython, and everything is available via GitHub under the MIT license. Though the code for the mobile app that interfaces with that hardware doesn’t appear to be in the repository at the moment. (There are folders, but they’re disappointingly empty.) The apps are available free on the iOS App Store and Google Play, however.

There’s still plenty of time to submit your own hacks to the Pet Hacks Contest, so please do! You have until April 25th, so if you haven’t started yet, it’s not too late to get hacking.

hackaday.com/2025/05/22/2025-p…