Tubeless X-Ray Runs on Patience
Every time we check in on [Project326], he’s doing something different with X-rays. This week, he has a passive X-ray imager. On paper, it looks great. No special tube is required and no high voltage needed. Actually, no voltage is needed at all. Of course, there’s no free lunch. What it does take is a long time to produce an image.
While working on the “easy peasy X-ray machine,” dental X-ray film worked well for imaging with a weak X-ray source. He found that the film would also detect exposure to americium 241. So technically, not an X-ray in the strictest sense, but a radioactive image that uses gamma rays to expose the film. But to normal people, a picture of the inside of something is an X-ray even when it isn’t.
What was odd was that he tried three different sources with different materials, and only the Americium made an impression on the film. However, of the three samples, the Americium was the weakest. However, some measurements show that the spectrum of the gamma ray emission for each material is quite different. Clearly, the film was sensitive to a narrow range of gamma rays.
Compared to the previous makeshift X-ray tube, which was weak, the radioactive material emitted just a fraction of that tube’s output. He estimates that the americium, which you can rescue from smoke detectors or repair parts for them, emits less than 1% compared to the tube. He uses twelve of them, however, so the total output should be around 10%.
The image of an IC is impressive. But it also took two days of exposure. Not sure if this would be practical, but if you need imaging after the apocalypse, salvaged smoke detectors and dental film might be what you need.
The upper part of the machine, made from machined copper, looks impressive. It does, however, require some maintenance. We might have been tempted to put some sort of sealant over the copper. The story of how it came to exist isn’t your usual sponsorship story, either.
You might have better luck with the previous X-ray machine. Or bite the bullet, get a real X-ray tube, generate about 70 kV, and make a real one.
youtube.com/embed/PNQhdQ40ZYo?…
Removing Infill to Make 3D Printed Parts Much Stronger
When it comes to FDM 3D prints and making them stronger, most of the focus is on the outer walls and factors like their layer adhesion. However, paying some attention to the often-ignored insides of a model can make a lot of difference in its mechanical properties. Inspired by a string of [Tom Stanton] videos, [3DJake] had a poke at making TPU more resilient against breaking when stretched and PLA resistant to snapping when experiencing a lateral force.
Simply twisting the TPU part massively increased the load at which it snapped. Similarly, by removing the infill from the PLA part before replacing it with a hollow cylinder, the test part also became significantly more resilient. A very noticeable result of hollowing out the PLA part: the way that it breaks. A part with infill will basically shatter. But the hollowed-out version remained more intact, rather than ripping apart at the seams. The reason? The hollow cylinder shape is printed to add more walls inside the part. Plus cylinders are naturally more able to distribute loads.
All of this touches on load distribution and designing a component to cope with expected loads in the best way possible. It’s also the reason why finite element analysis is such a big part of the CAD world, and something which we may see more of in the world of consumer 3D printing as well in the future.
If you want stronger prints, be sure to check out brick layers. Or, consider adding a little something extra.
youtube.com/embed/Iqf9Q1XlETM?…
The Subtle Art of Letterform Design
Typeface (such as Times New Roman) refers to the design that gives a set of letters, numbers, and symbols their signature “look”. Font, on the other hand, is a specific implementation of a typeface, for example, Times New Roman Italic 12 pt.
Right about this point, some of you are nodding along and perhaps thinking “oh, that’s interesting,” while the rest of you are already hovering over your browser’s Back button. If you’re one of the former, you may be interested in checking out the (sort of) interactive tour of typography design elements by the Ohno Type School, a small group that loves design.
On one hand, letters are simple and readily recognizable symbols. But at the same time, their simplicity puts a lot of weight on seemingly minor elements. Small changes can have a big visual impact. The tour lays bare answers to questions such as: What is the optimal parting of the cheeks of a capital ‘B’? At what height should the crossbar on an ‘A’ sit, and why does it look so weird if done incorrectly? And yet, the tail of a ‘Q’ can be just about anything? How and why does an ‘H’ define the spacing of the entire typeface? All these (and more) are laid bare.
Font design in the hardware world is often constrained by display or memory limitations, but artistry in typography is still something that we’ve seen expressed in many different and wonderful ways over the years. For example, we covered a typeface whose symbols are not letters, but scope traces. And one enterprising fellow generated a new font (Avería) based on the average of every other font installed on his computer. The result was surprisingly attractive.
Save Your USB-C Plugs From Oblivion
USB-C as the “One Cable To Rule Them All” has certainly been a success. While USB-A is still around for now, most of us have breathed a hefty sigh of relief with the passing of micro-USB and the several display and power standards it replaces. It’s not without its minor issues though. One of them is that it’s as susceptible as any other cable to a bit of strain. For that, we think [NordcaForm]’s 3D-printed USB-C cable strain relief is definitely a cut above the rest.
Waxing lyrical about a simple 3D printed model might seem overkill for Hackaday, and it’s true, it’s not something we do often, but as Hackaday writers travel around with plenty of USB-C connected peripherals, we like the design of this one. It’s flexible enough to be useful without resorting to exotic filaments, and since it’s available in a few different forms with curved or straight edges, we think it can find a place in many a cable setup. Certainly more of an everyday carry than a previously featured 3D print. If you want to learn more about USB C, we have a whole series of posts for you to binge read.
Bose SoundTouch Smart WiFi Speakers are about to go Dumb
Bose SoundTouch speakers were introduced in 2013, offering the ability to connect to online streaming services and play back audio on multiple speakers simultaneously using the accompanying mobile app. Now these features are about to be removed, including the mobile app, as Bose is set to discontinue support on February 18, 2026. From that point onwards, you can only use them via Bluetooth or physical connectors that may be present, like an audio jack or HDMI port. This includes fancy home theater system hardware like the above SoundTouch 520.
That is the official line, at least. We have seen the SoundTouch on Hackaday previously, when it was discovered how to gain root shell access to the Linux OS that powers the original SoundTouch system with Telnet access on port 17,000 to pass the listening service the remote_services on command before connecting with Telnet as usual, with root and no password. A quick glance at the comments to that post suggests that this is still a valid approach for at least certain SoundTouch devices.
The fallout from this announcement appears to be twofold: most of all that ‘smart’ features like WiFi-based streaming can be dropped at any time. But it also makes us realize that hardware hackers like us will never run out of new and suddenly obsolete hardware that need our rescue.
A Deep Dive into The Coolness That Was CRT Projectors
CRT monitors: there’s nothing quite like ’em. But did you know that video projectors used to use CRTs? A trio of monochrome CRTs, in fact: one for each color; red, green, and blue. By their powers combined, these monsters were capable of fantastic resolution and image quality. Despite being nowhere near as bright as modern projectors, after being properly set up, [Technology Connections] says it’s still one of the best projected images he has seen outside of a movie theatre.
Still, these projectors had drawbacks. They were limited in brightness, of course. But they were also complex, labor-intensive beasts to set up and calibrate. On the other hand, at least they were heavy.
[Technology Connections] gives us a good look at the Sony VPH-D50HT Mark II CRT Projector in its tri-lobed, liquid-cooled glory. This model is a relic by today’s standards, but natively supports 1080i via component video input and even preserves image quality and resolution by reshaping the image in each CRT to perform things like keystone correction, thus compensating for projection angle right at the source. Being an analog device, there is no hint of screen door effect or any other digital artifact. The picture is just there, limited only by the specks of phosphor on the face of each tube.
Converging and calibrating three separate projectors really was a nontrivial undertaking. There are some similarities to the big screen rear-projection TVs of the 90s and early 2000s (which were then displaced by plasma and flat-panel LCD displays). Unlike enclosed rear-projection TVs, the screen for projectors was not fixed, which meant all that calibration needed to be done on-site. A walkthrough of what that process was like — done with the help of many test patterns and a remote control that is as monstrous as it is confusing — starts at 15:35 in the video below.
Like rear-projection TVs, these projectors were displaced by newer technologies that were lighter, brighter, and easier to use. Still, just like other CRT displays, there was nothing quite like them. And if you find esoteric projector technologies intriguing, we have a feeling you will love the Eidophor.
youtube.com/embed/ms8uu0zeU88?…
Entering the Wild World of Power Over Ethernet
As Ethernet became the world-wide standard for wired networking, there was one nagging problem. You already have to plug in the network cable. But then you have to also plug in a power cable. That power cable needs to be long enough. And have the right plug on it for your country. And provide the right current and voltage. That’s how Power over Ethernet (PoE) was born, first in a veritable Wild West of proprietary standards and passive injectors, then in a standardized process. Recently [T. K. Hareendran] wrote a primer on PoE, with more of a DIY intro focus, including some favorite PoE PD (powered device) chips to use in your own design.
You can still totally use passive PoE if that’s your jam, and you have full control over the network and any connected devices. This would allow you to, for example, power your SBCs for a couple of bucks, although for adding PoE to your Mac Mini you may want to look at some more refined options, if only as a safety precaution.
Much depends on the needs of each device, as PoE is meant mostly for low-power devices such as VoIP phones and the like. The more common IEEE 802.af and .at standards (Type 1 and 2) cap out at 30 Watts, with about 25 Watts available to the device after losses, while 802.3bt (Type 3 and 4) takes this up to 90 Watts, or just over 70 Watts after losses. Before making a decision, it would be good to read a detailed guide from someone with experience, like the one by [Alan] that we covered a while ago.
Servizi RDP esposti nel mirino! Una botnet di 100.000 IP scandaglia la rete
Negli Stati Uniti, una vasta campagna coordinata tramite botnet sta prendendo di mira i servizi basati sul protocollo Remote Desktop Protocol (RDP).
Un pericolo notevole è rappresentato dalla scala e dalla struttura organizzativa di questa campagna, soprattutto per quelle organizzazioni che fanno affidamento su RDP per il loro funzionamento giornaliero.
L’azienda di sicurezza GreyNoise ha riferito di aver monitorato un’ondata significativa di attacchi provenienti da oltre 100.000 indirizzi IP univoci in più di 100 paesi.
L’operazione sembra essere controllata centralmente, con l’obiettivo primario di compromettere l’infrastruttura RDP, un componente fondamentale per il lavoro e l’amministrazione a distanza.
Questa scoperta ha dato il via a un’analisi più ampia, che ha rapidamente individuato picchi di attività simili in una moltitudine di paesi, tra cui Argentina, Iran, Cina, Messico, Russia e Sudafrica.
Nonostante le diverse origini geografiche, gli attacchi condividono un obiettivo comune: i servizi RDP negli Stati Uniti.
Gli analisti sono fortemente convinti che questa attività sia opera di un’unica botnet su larga scala. Questa conclusione è supportata dal fatto che quasi tutti gli IP partecipanti condividono un’impronta TCP simile. Questa firma tecnica suggerisce una struttura di comando e controllo standard e centralizzata che orchestra gli attacchi.
Il primo è un attacco di timing RD Web Access, un metodo in cui gli aggressori misurano il tempo di risposta del server ai tentativi di accesso per distinguere in modo anonimo i nomi utente validi da quelli non validi.
Gli autori della minaccia dietro questa campagna stanno utilizzando due vettori di attacco specifici per identificare e compromettere i sistemi vulnerabili.
Il secondo vettore è un’enumerazione degli accessi ai client web RDP, che tenta sistematicamente di indovinare le credenziali degli utenti. Questi metodi consentono alla botnet di scansionare e identificare in modo efficiente i punti di accesso RDP sfruttabili senza attivare immediatamente gli avvisi di sicurezza standard.
L’uso sincronizzato di questi metodi di attacco specifici e non banali su un numero così vasto di nodi indica ulteriormente un’operazione coordinata gestita da un singolo operatore o gruppo.
In risposta a questa minaccia persistente, GreyNoise ha pubblicato raccomandazioni specifiche per i responsabili della sicurezza della rete.
L’azienda consiglia alle organizzazioni di controllare proattivamente i propri registri di sicurezza per individuare eventuali sondaggi RDP insoliti o tentativi di accesso non riusciti che corrispondano agli schemi di questa campagna.
Per una protezione più diretta, GreyNoise ha creato un modello di blocklist dinamico, denominato “microsoft-rdp-botnet-oct-25”, disponibile tramite la sua piattaforma.
L'articolo Servizi RDP esposti nel mirino! Una botnet di 100.000 IP scandaglia la rete proviene da il blog della sicurezza informatica.
A Casio Toy Synth Is Ready To ROCK!
There is likely to be more than one of you who has eyed up a child’s toy synthesizer in a second hand store, and considered making something more impressive with it. In many cases these instruments are underwhelming, having a very small subset of functions based into their black-epoxy-blob microcontrollers.
[Make Something] found a Casio toy synth that has a few more functions than the average model, and with the addition of some extra effects electronics and a beautifully made case, turned it into an altogether more interesting instrument.
Most of the video has an element of workshop porn about it, as he makes a very nice Moog-style console case for it, a task made easier by an impressive array of CNC tools. The electronics are slightly more interesting, being a selection of cheap guitar pedals gutted and combined with a cheap tube preamp board. The result is a machine capable of some far more interesting sounds
We think many Hackaday readers would be able to repeat these functions from scratch without the pedals, and while the case is a thing of beauty it’s likely a decent job could be done with a little less finesse on more commonplace tools. Perhaps it’s worth giving those toy synths a second look, because they really can be had for pennies if you look hard enough. Perhaps it’s an easier option than a previous toy musical upgrade.
youtube.com/embed/X9-D6aOUSWY?…
Easy For The Masses
Last week, we were talking about how glad we are to be the type who by-and-large understands technology, and how it’s becoming more and more difficult to simply get along otherwise. We thought we had a good handle on the topic.
Then, we were talking about Google’s plans to require an ID for Android developers, and whether or not this will shut down free and open software development on the Android platform. Would this be the end of the ability to run whatever software that you’d like on your phone? Google offered the figleaf that “sideloading” – installing software through methods other than Google’s official store, would still be be allowed. But there’s a catch – you have to use Android Debug Bridge (ADB).
Is that a relief? It surely means that I will be able to install anything I want: I use ADB all the time, because it’s one of the fastest and easiest ways to transfer files and update software on the device. But how many non-techies do you know who use ADB? We’d guess that requiring this step shuts out 99.9% of Android users. If you make software hard to install for the masses, even if you make it possible for the geeks, you’re effectively killing it.
I have long wondered why end-to-end encrypted e-mail isn’t the default. After all, getting a GPG signing key, distributing it to your friends, and then reading mail with supporting software shouldn’t be a big deal, right? If GPG signing were available by default in Outlook or GMail, everyone would sign their e-mail. But there is no dead-simple, non-techie friendly way to do so, and so nobody does it.
Requiring ADB to load Android software is going to have the same effect, and it’s poised to severely restrict the amount of good, open software we have on the platform unless we can figure out a way to make installing that software easy enough that even the naive users can do it.
This article is part of the Hackaday.com newsletter, delivered every seven days for each of the last 200+ weeks. It also includes our favorite articles from the last seven days that you can see on the web version of the newsletter. Want this type of article to hit your inbox every Friday morning? You should sign up!
Toasty Subwoofer Limps Back to Life
[JohnAudioTech] noticed there was no bass on the TV at his parents’ house. That led to the discovery of a blown fuse and a corresponding repair. When he opened it up, he could smell that something had gone on in the amplifier. You can follow the repair in the video below.
His first theory was that some glue became conductive and shorted the power rails. We were skeptical, to be honest. When he fed power to it through a current limiter, he could hear a sizzling noise and even see a little glowing from the hot component.
Disassembly ensued. Removing the suspect components showed some seriously burned components and some charring under a switching transistor. The capacitors looked much worse for wear, and the PCB needed some wires to jumper burned conductors.
At the end, there was thumping, so it seems the surgery was a success. However, testing blew a fuse again, which made us nervous. Still, seems to work if you don’t drive it too hard.
We always enjoy watching a teardown, and if there’s a repair too, that’s even better.
youtube.com/embed/X22UsFoMQaM?…
The Electret Preamp You Might Need
Electret capsules can be found in some of the highest quality microphones for studio use, as well as in some of the very cheapest microphone capsules on the market. More care and attention has gone into the high-end capsule and its associated circuitry than the cheap one, but is it still possible to get good quality from something costing under a dollar? [Mubarak Basha] thinks so, and has designed a preamp circuit to get the best from a cheap electret capsule.
These capsules may be cheap, but with the addition of a low voltage supply, a resistor, and a capacitor, their internal FET delivers a decent enough input to many a project. To improve on that will need a bit of effort, and in this the preamp delivers by taking care to match impedance, impose a carefully chosen frequency response, and just the right gain to derive a line level output from the electret’s level. It’s hardly a complex circuit, but that’s not always necessary.
As always in these situations, without appropriate test equipment it’s difficult to gauge quality. We’d say this though, if you make one of these and it falls short, you won’t have spent much. Meanwhile if you’re curious about electrets, here’s our guide.
Lombardia nel mirino! Attenzione ai messaggi di phishing averte la Polizia Postale
Un’ondata di messaggi di phishing sta colpendo in questi giorni numerosi cittadini lombardi. Le email, apparentemente inviate da una società di recupero crediti, fanno riferimento a presunti mancati pagamenti per prestazioni sanitarie realmente effettuate.
L’oggetto della comunicazione riporta la formula “Richiesta di saldo debito – [nome e cognome]”, un dettaglio che contribuisce a rendere il messaggio particolarmente credibile. All’interno del testo si trovano elenchi di ricette e prestazioni mediche che corrispondono a quelle effettivamente emesse dai medici curanti, inducendo così il destinatario a ritenere la richiesta autentica.
Il messaggio invita a “regolarizzare la propria posizione” effettuando un versamento di circa 40 euro su un conto corrente estero, con IBAN spagnolo. Tuttavia, si tratta di una truffa costruita per carpire denaro e dati personali.
La Polizia Postale raccomanda di non procedere ad alcun pagamento, di non cliccare sui link contenuti nel messaggio e di segnalare tempestivamente ogni tentativo sospetto attraverso il portale ufficiale www.commissariatodips.it oppure contattando direttamente gli uffici della Polizia di Stato.
La segnalazione di questa campagna fraudolenta è stata diffusa dalla Polizia Postale, che invita i cittadini della Lombardia a prestare la massima attenzione e a verificare sempre l’autenticità delle comunicazioni ricevute via email o SMS.
La vicenda evidenzia come i truffatori stiano sempre più affinando le tecniche di phishing, rendendo i messaggi estremamente realistici e difficili da distinguere da comunicazioni ufficiali.
È fondamentale che i cittadini mantengano un atteggiamento critico, verifichino sempre l’autenticità delle richieste di pagamento e seguano le indicazioni della Polizia Postale. La prudenza e la segnalazione tempestiva dei messaggi sospetti restano le migliori difese contro questo tipo di frodi.
L'articolo Lombardia nel mirino! Attenzione ai messaggi di phishing averte la Polizia Postale proviene da il blog della sicurezza informatica.
SonicWall conferma la violazione dei dati. A rischio i clienti del servizio backup cloud
SonicWall ha confermato che il mese scorso una violazione dei dati ha interessato tutti i clienti che utilizzavano il servizio di backup cloud dell’azienda. Di conseguenza, le configurazioni del firewall memorizzate in MySonicWall sono state compromesse.
MySonicWall è un portale per i clienti SonicWall che consente loro di gestire l’accesso ai prodotti, le licenze, la registrazione, gli aggiornamenti del firmware, le richieste di supporto e i backup cloud delle configurazioni del firewall (file .EXP).
Si consiglia agli utenti di seguire immediatamente i passaggi sottostanti:
- Accedere all’account MySonicWall.com e verifica se esistono backup cloud per i firewall registrati
- Se i campi sono vuoti, non c’è alcun impatto
- Se i campi contengono dettagli di backup, verificare se i numeri di serie interessati sono elencati nell’account
- Se vengono visualizzati i numeri di serie, gli utenti devono seguire le linee guida di contenimento e ripristino per i firewall elencati
A metà settembre 2025, SonicWall ha esortato i propri clienti a modificare le proprie credenziali di accesso il prima possibile, poiché un attacco informatico agli account MySonicWall aveva compromesso i file di backup della configurazione del firewall.
All’epoca, i dettagli dell’attacco non furono divulgati e SonicWall dichiarò di aver bloccato l’accesso degli aggressori ai sistemi dell’azienda e di aver già collaborato con le agenzie di sicurezza informatica e le forze dell’ordine.
L’azienda ha pubblicato raccomandazioni dettagliate pensate per aiutare gli amministratori a ridurre al minimo i rischi di sfruttamento di configurazioni rubate. In particolare, ha raccomandato di riconfigurare il prima possibile i segreti e le password potenzialmente compromessi e di monitorare le potenziali attività degli aggressori.
All’epoca, il fornitore aveva riferito che circa il 5% dei suoi clienti totali utilizzava il servizio di backup su cloud, ma l’attacco aveva colpito solo “alcuni account”.
In un aggiornamento pubblicato questa settimana, SonicWall ha avvisato che l’incidente ha interessato tutti i clienti che utilizzavano un portale cloud per archiviare i file di configurazione del firewall.
“SonicWall ha completato l’indagine, condotta in collaborazione con Mandiant, azienda leader nella gestione delle relazioni con i clienti, sulla portata di un recente incidente di sicurezza relativo al backup su cloud. L’indagine ha confermato che una parte non autorizzata ha avuto accesso ai file di backup della configurazione del firewall di tutti i clienti che hanno utilizzato il servizio di backup su cloud di SonicWall. I file contengono credenziali e dati di configurazione crittografati; sebbene la crittografia rimanga attiva, il possesso di questi file potrebbe aumentare il rischio di attacchi mirati. Stiamo lavorando per informare tutti i partner e i clienti interessati e abbiamo rilasciato strumenti per supportare la valutazione e la risoluzione dei problemi dei dispositivi. Gli elenchi finali aggiornati e completi dei dispositivi interessati sono ora disponibili sul portale MySonicWall (accedere a Gestione Prodotti > Elenco Problemi).”
Si sottolinea che i file compromessi contengono credenziali e dati di configurazione crittografati con AES-256.
Gli utenti possono verificare se i loro dispositivi sono interessati accedendo a MySonicWall e andando su Gestione Prodotti -> Elenco Problemi. In caso di problemi in sospeso, gli utenti devono seguire i passaggi indicati nella guida Essential Credential Reset, dando priorità ai firewall attivi con accesso a Internet.
L'articolo SonicWall conferma la violazione dei dati. A rischio i clienti del servizio backup cloud proviene da il blog della sicurezza informatica.
Programming Space Game for x86 in Assembly Without an Operating System
In this video our hacker [Inkbox] shows us how to create a computer game that runs directly on computer hardware, without an operating system!
[Inkbox] briefly explains what BIOS is, then covers how UEFI replaces it. He talks about the genesis of UEFI from Intel in the late 90s. After Intel’s implementation of UEFI was made open source it got picked up by the TianoCore community who make tools such as the TianoCore EDK II.
[Inkbox] explains that the UEFI implementation provides boot services and runtime services. Boot services include things such as loading memory management facilities or running other UEFI applications, and runtime services include things like system clock access and system reset. In addition to these services there are many more UEFI protocols that are available.
[Inkbox] tells us that when an x64 CPU boots it jumps to memory address 0xfffffff0 that contains the initialization instructions which will enter protected mode, verify the firmware, initialize the memory, load the storage and graphics drivers, then run the UEFI Boot Manager. The UEFI Boot Manager will in turn load the appropriate EFI application, such as the firmware settings manager application (the “BIOS settings”), Windows Boot Manager, or GRUB. In this video we make our very own EFI application that the UEFI Boot Manager can be configured to load and run.
The system used for development and testing has a AMD Ryzen AI 9 HX 370 CPU and 32GB DDR5 RAM.
Having explained how everything gets started [Inkbox] goes on to explain how to write and deploy the assembly language program which will load and play the game. [Inkbox] shows how to read and write to the console and mentions that he did his testing on QEMU with an image on an external USB thumbdrive. He goes on to show how to use the system time and date facilities to get the current month. When trying to read nanoseconds from the system clock he ended up needing to refer to the UEFI Specification Release 2.10 (2.11 is latest as of this writing).
In the rest of the video [Inkbox] does some arithmetic for timing, uses LocateProtocol to load the graphics output provider, configures an appropriate video mode, writes to the screen using BLT operations, and makes the program run on multiple CPU cores (the CPU used has 24). At last, with some simple graphics programming and mouse input, [Inkbox] manages to get Space Game for x86 to run.
If you’re interested in knowing more about UEFI a good place to start is What’s The Deal With UEFI?
youtube.com/embed/ZFHnbozz7b4?…
Your LLM Won’t Stop Lying Any Time Soon
Researchers call it “hallucination”; you might more accurately refer to it as confabulation, hornswaggle, hogwash, or just plain BS. Anyone who has used an LLM has encountered it; some people seem to find it behind every prompt, while others dismiss it as an occasional annoyance, but nobody claims it doesn’t happen. A recent paper by researchers at OpenAI (PDF) tries to drill down a bit deeper into just why that happens, and if anything can be done.
Spoiler alert: not really. Not unless we completely re-think the way we’re training these models, anyway. The analogy used in the conclusion is to an undergraduate in an exam room. Every right answer is going to get a point, but wrong answers aren’t penalized– so why the heck not guess? You might not pass an exam that way going in blind, but if you have studied (i.e., sucked up the entire internet without permission for training data) then you might get a few extra points. For an LLM’s training, like a student’s final grade, every point scored on the exam is a good point.
The problem is that if you reward “I don’t know” in training, you may eventually produce a degenerate model that responds to every prompt with “IDK”. Technically, that’s true– the model is a stochastic mechanism; it doesn’t “know” anything. It’s also completely useless. Unlike some other studies, however, the authors do not conclude that so-called hallucinations are an inevitable result of the stochastic nature of LLMs.
While that may be true, they point out it’s only the case for “base models”– pure LLMs. If you wrap the LLM with a “dumb” program able to parse information into a calculator, for example, suddenly the blasted thing can pretend to count. (That’s how undergrads do it these days, too.) You can also provide the LLM with a cheat-sheet of facts to reference instead of hallucinating; it sounds like what’s being proposed is a hybrid between an LLM and the sort of expert system you used to use Wolfram Alpha to access. (A combo we’ve covered before.)
In that case, however, some skeptics might wonder why bother with the LLM at all, if the knowledge in the expert system is “good enough.” (Having seen one AI boom before, we can say with the judgement of history that the knowledge in an expert system isn’t good enough often enough to make many viable products.)
Unfortunately, that “easy” solution runs back into the issue of grading: if you want your model to do well on the scoreboards and beat ChatGPT or DeepSeek at popular benchmarks, there’s a certain amount of “teaching to the test” involved, and a model that occasionally makes stuff up will apparently do better on the benchmarks than one that refuses to guess. The obvious solution, as the authors propose, is changing the benchmarks.
If you’re interested in AI (and who isn’t, these days?), the paper makes an interesting, read. Interesting if, perhaps disheartening if you were hoping the LLMs would graduate from their eternal internship any time soon.
Via ComputerWorld, by way of whereisyouredat.
PLA Gears Fail To Fail In 3D Printed Bicycle Drivetrain
Anyone who has ever snapped a chain or a crank knows how much torque a bicycle’s power train has to absorb on a daily basis; it’s really more than one might naively expect. For that reason, [Well Done Tips]’s idea of 3D printing a gear chain from PLA did not seem like the most promising of hacks to us.
Contrary to expectations, though, it actually worked; at the end of the video (at about 13:25), he’s on camera going 20 km/h, which while not speedy, is faster than we thought the fixed gearing would hold up. The gears themselves, as you can see, are simple spurs, and were modeled in Fusion360 using a handy auto-magical gear tool. The idler gears are held in place by a steel bar he welded to the frame, and are rolling on good old-fashioned skateboard bearings–two each. (Steel ones, not 3D printed bearings.) The healthy width of the spur gears probably goes a long way to explaining how this contraption is able to survive the test ride.
The drive gear at the wheel is steel-reinforced by part of the donor bike’s cassette, as [Well Done Tips] recognized that the shallow splines on the freewheel hub were not exactly an ideal fit for PLA. He does complain of a squeaking noise during the test ride, and we can’t help but wonder if switching to helical gears might help with that. That or perhaps a bit of lubricant, as he’s currently riding the gears dry. (Given that he, too, expected them to break the moment his foot hit the pedal, we can’t hardly blame him not wanting to bother with grease.)
We’ve seen studies suggesting PLA might not be the best choice of plastic for this application; if this wasn’t just a fun hack for a YouTube video, we’d expect nylon would be his best bet. Even then, it’d still be a hack, not a reliable form of transportation. Good thing this isn’t reliable-transportation-a-day!
youtube.com/embed/PHHgMWuk23o?…
Possibly the Newest ISA Card
Back when the IBM PC was new, laying out an ISA board was a daunting task. You probably didn’t have a very fast ‘scope, if you had one at all. Board layout was almost certainly done on a drafting table with big pieces of tape. It was hard for small companies, much less hobbyists, to make a new card. You could buy a prototype board and wirewrap or otherwise put together something, but that was also not for the faint of heart. But with modern tools, something like that is a very doable project and [profdc9] has, in fact, done it. The card uses an ATMega328P and provides two SD cards for use as mass storage on an old computer.
The design tries to use parts that won’t be hard to get in the future. At least for a while, yet. There’s capacity for expansion, too, as there is an interface for a Wiznet 5500 Ethernet adapter.
Can you imagine if you could transport this card back to the days when the ISA bus was what you had? Just having a computer fast enough to manipulate the bus would have been sorcery in those days.
We don’t know if you need an ISA mass storage card, but if you do, [profdc9] has you covered. Then again, you do have options. Or, if you’d rather take a deep dive into the technology, we can help there, too.
A Function Generator From The Past
It’s always a pleasure to find a hardware hacker who you haven’t seen before, and page back through their work. [Bettina Neumryr]’s niche comes in building projects from old electronics magazines, and her latest, a function generator from the British Everyday Electronics magazine in April 1983, is a typical build.
The project uses the XR2206 function generator chip, a favourite of the time. It contains a current controlled oscillator and waveform shaper, and can easily produce square, triangle, and sine waves. It was always a puzzle back in the day why this chip existed as surely the global market for function generators can’t have been that large, however a little bit of background reading for this write-up reveals that its intended application was for producing frequency-shift-keyed sinusoidal tones.
The EE project pairs the XR2206 with an op-amp current generator to control the frequency, and another op-amp as an amplifier and signal conditioner. The power supply is typical of the time too, a mains transformer, rectifier, and linear regulators. There are a pair of very period PCBs supplied as print-outs in the magazine for home etching. This she duly does, though with toner transfer which would have been unheard of in 1983. After a few issues with faulty pots and a miswired switch, she has a working function generator which she puts in a very period project box.
It’s interesting to look at this and muse on what’s changed in electronic construction at our level in the last four decades. The PCB is single sided and has that characteristic yellow of ferric chloride etching, it takes up several times the space achievable with the same parts on the professionally-made dual-sided board designed using a modern PCB CAD package we’d use today. A modern take on the same project would probably use a microcontroller and a DAC, and a small switch-mode supply for less money than that transformer would provide the power. But we like the 1983 approach, and we commend [Bettina] for taking it on. The full video is below the break.
youtube.com/embed/CIuWX-6ER_8?…
Hackaday Podcast Episode 341: Qualcomm Owns Arduino, Steppers Still Dominate 3D Printing, and Google Controls Your Apps
The nights are drawing in for Europeans, and Elliot Williams is joined this week by Jenny List for an evening podcast looking at the past week in all things Hackaday. After reminding listeners of the upcoming Hackaday Supercon and Jawncon events, we take a moment to mark the sad passing of the prolific YouTuber, Robert Murray-Smith.
Before diving into the real hacks, there are a couple of more general news stories with an effect on our community. First, the takeover of Arduino by Qualcomm, and what its effect is likely to be. We try to speculate as to where the Arduino platform might go from here, and even whether it remains the player it once was, in 2025. Then there’s the decision by Google to restrict Android sideloading to only approved-developer APKs unless over ADB. It’s an assault on a user’s rights over their own hardware, as well as something of a blow to the open-source Android ecosystem. What will be our community’s response?
On more familiar territory we have custom LCDs, algorithmic art, and a discussion of non-stepper motors in 3D printing. Even the MakerBot Cupcake makes an appearance. Then there’s a tiny RV, new creative use of an ESP32 peripheral, and the DVD logo screensaver, in hardware. We end the show with a look at why logic circuits use the voltages they do. It’s a smorgasbord of hacks for your listening enjoyment.
html5-player.libsyn.com/embed/…
Download yourself an MP3 even without a Hackaday Listeners’ License.
Where to Follow Hackaday Podcast
Places to follow Hackaday podcasts:
Episode 341 Show Notes:
News:
- 2025 Hackaday Supercon: More Wonderful Speakers
- JawnCon Returns This Weekend
- Honoring The Legacy Of Robert Murray-Smith
What’s that Sound?
- Fill in the form with your best guess to be entered to win next week.
Interesting Hacks of the Week:
- Qualcomm Introduces The Arduino Uno Q Linux-Capable SBC
- Google Confirms Non-ADB APK Installs Will Require Developer Registration
- Mesmerizing Patterns From Simple Rules
- How To Design Custom LCDs For Your Own Projects
- Why Stepper Motors Still Dominate 3D Printing
- How Your SID May Not Be As Tuneful As You’d Like
Quick Hacks:
- Elliot’s Picks:
- A Childhood Dream, Created And Open Sourced
- Tips For C Programming From Nic Barker
- Finding Simpler Schlieren Imaging Systems
- Jenny’s Picks:
- Building The DVD Logo Screensaver With LEGO
- ESP32 Decodes S/PDIF Like A Boss (Or Any Regular Piece Of Hi-Fi Equipment)
- Kei Truck Becomes Tiny RV
Can’t-Miss Articles:
hackaday.com/2025/10/10/hackad…
QUIC! Jump to User Space!
Everyone knows that Weird Al lampooned computers in a famous parody song (It’s All About the Pentiums). But if you want more hardcore (including more hardcore language, so if you are offended by rap music-style explicit lyrics, maybe don’t look this up), you probably want “Kill Dash 9” by Monzy. There’s a line in that song about “You thought the seven-layer model referred to a burrito.” In fact, it refers to how networking applications operate, and it is so ingrained that you don’t even hear about it much these days. But as [Codemia] points out, QUIC aims to disrupt the model, and for good reason.
Historically, your application (at layer 7) interacts with the network through other layers like the presentation layer and session layer. At layer 4, though, there is the transport layer where two names come into play: TCP and UDP. Generally, UDP is useful where you want to send data and you don’t expect the system to do much. Data might show up at its destination. Or not. Or it might show up multiple times. It might show up in the wrong order. TCP solves all that, but you have little control over how it does that.
When things are congested, there are different strategies TCP can use, but changing them can be difficult. That’s where QUIC comes in. It is like a user-space TCP layer built over a UDP transport. There are a lot of advantages to that, and if you want to know more, or even just want a good overview of network congestion control mitigations, check the post out.
If you want to know more about congestion control, catch a wave.
This Week in Security: ID Breaches, Code Smell, and Poetic Flows
Discord had a data breach back on September 20th, via an outsourced support contractor. It seems it was a Zendesk instance that was accessed for 58 hours through a compromised contractor user account. There have been numbers thrown around from groups claiming to be behind the breach, like 1.6 Terabytes of data downloaded, 5.5 million user affected, and 2.1 million photos of IDs.
Discord has pushed back on those numbers, stating that it’s about 70,000 IDs that were leaked, with no comments on the other claims. To their credit, Discord has steadfastly refused to pay any ransom. There’s an interesting question here: why were Discord users’ government issued IDs on record with their accounts?
The answer is fairly simple: legal compliance. Governments around the world are beginning to require age verification from users. This often takes the form of a scan of valid ID, or even taking a picture of the user while holding the ID. There are many arguments about whether this is a good or bad development for the web, but it looks like ID age verification is going to be around for a while, and it’ll make data breaches more serious.
In similar news, Salesforce has announced that they won’t be paying any ransoms to the group behind the compromise of 39 different Salesforce customers. This campaign was performed by calling companies that use the Salesforce platform, and convincing the target to install a malicious app inside their Saleforce instance.
Unity
[RyotaK] from Flatt Security found an issue in the Unity game engine, where an intent could influence the command line arguments used to launch the Unity runtime. So what’s an intent?
On Android, an Intent is an object sent between applications indicating an intention. It’s an intra-process messaging scheme. So the problem here is that when sending an intent to a Unity application on Android, a command line option can be included as an extra option. One of those command line options allows loading a local library by name. Since a malicious library load results in arbitrary code execution, this seems like a pretty big problem.
At first it seems that this doesn’t gain an attacker much. Doesn’t a malicious app already need to be running on the device to send a malicious intent? The reality is that it’s often possible to manipulate an innocent app into sending intents, and the browser is no exception. The bigger problem is that a malicious library must first be loaded into a location from which the Unity app can execute. It’s a reasonably narrow window for practical exploitation, but was still scores an 8.4 severity. Unity has released fixes for versions all the way back to 2019.1.
Code Smell: Perl?
We have two stories from WatchTwr, packed full of the sardonic wit we have to expect from these write-ups. The first is about Dell’s UnityVSA, a Virtual Storage Appliance that recently received a whole slew of security fixes for CVEs. So WatchTowr researchers took a look at the patch set from those fixes, looking for code smell, and found… Perl?
Turns out it wasn’t the presence of Perl that was considered bad code smell, though I’m sure some would argue that point. It was the $exec_cmd variable that wasn’t escaped, and Perl backticks were used to execute that string on the system. Was there a way to inject arbitrary bash commands into that string? Naturally, there is. And it’s a reasonably simple HTTP query to run a command. A security advisory and updated release was published by Dell at the end of July, fixing this issue.
Poetic Flow of Vulnerabilities
There’s an active exploitation campaign being waged against Oracle E-Business Suite instances, using a zero-day vulnerability. This exploit works over the network, without authentication, and allows Remote Code Execution (RCE). It appears that a threat group known as Graceful Spider, another great name, is behind the exploitation.
The folks at WatchTowr got their hands on a Proof of Concept, and have reverse engineered it for our edification. It turns out it’s a chain of little weaknesses that add up to something significant.
It starts with a Server-Side Request Forgery (SSRF), a weakness where a remote service can be manipulated into sending an additional HTTP request on to another URL. This is made more significant by the injection of a Carriage Return/Line Feed (CRLF) attack, that allows injecting additional HTTP headers.
Another quirk of the PoC is that it uses HTTP keep-alive to send all of the malicious traffic down a single HTTP session. And the actual authentication bypass is painfully classic. A /help path doesn’t require authentication, and there is no path traversal protection. So the SSRF connection is launched using this /help/../ pattern, bypassing authentication and landing at a vulnerable .jsp endpoint.
That endpoint assembles a URL using the Host: header from the incoming connection, and fetches and parses it as an eXtensible Stylesheet Language (XSL) document. And XSL documents are unsafe to load from untrusted sources, because they can lead directly to code execution. It’s a wild ride, and a great example of how multiple small issues can stack up to be quite significant when put together.
Bits and Bytes
Caesar Creek Software did an audit on a personal medical device and found issues, but because fixes are still being reviewed by the FDA, we don’t get many details on what exactly this is. Reading between the lines, it sounds like a wearable glucose monitor. It’s based on the nRF52 platform, and the best bit of this research may be using power line fault injection to get Single Wire Debug access to the MCU. They also found what appears to be a remote leak of uninitialized memory, and a Bluetooth Low Energy Man in the Middle attack. Interesting stuff.
And finally, [LaurieWired] has a great intro to the problem of trusting trust with a bit of bonus material on how to build and obfuscate quines while at it. How do you know your compiler binary doesn’t have malware in it? And how do you establish trust again? Enjoy!
youtube.com/embed/Fu3laL5VYdM?…
BenchVolt PD: USB PD Meets Benchtop Precision
USB power has become ubiquitous — everything from phones to laptops all use it — so why not your lab bench? This is what [EEEngineer4Ever] set out to do with the BenchVolt PD USB adjustable bench power supply. This is more than just a simple breakout for standard USB PD voltages, mind you; with adjustable voltages, SCPI support, and much more.
The case is made of laser-cut acrylic, mounted to an aluminum base, not only providing a weighted base but also helping with dissipating heat when pulling the 100 W this is capable of supplying. Inside the clear exterior, not only do you get to peek at all the circuitry but there is also a bright 1.9-inch TFT screen showing the voltage, current, and wattage of the various outputs. There is a knob that can adjust the variable voltage output and navigate through the menu. Control isn’t limited to the knob, mind you; there also is a Python desktop application to make it easy changing the settings and to open up the possibility to integrate its control alongside other automated test equipment.
There are five voltage outputs in this supply: three fixed ones—1.8 V, 2.5 V, and 3.3 V—and two adjustable ones: 0.5-5 V and 2.5-32 V. All five of these outputs are capable of up to 3 A. There are also a variety of waveforms that can be output, blurring the lines between power supply and function generator. While the BenchVolt PD will be open-sourced, [EEEngineer4Ever] will soon be releasing it over on CrowdSupply for those interested in one without building one themselves. We are big fans of USB PD gear, so be sure to check out some other USB PD projects we’ve featured.
youtube.com/embed/S_CAUgKZTTw?…
Salesforce si rifiuta di pagare il riscatto per gli attacchi di Scattered Lapsus$ Hunters
I rappresentanti di Salesforce hanno annunciato di non avere alcuna intenzione di negoziare o pagare un riscatto agli aggressori responsabili di una serie di attacchi su larga scala che hanno portato al furto dei dati dei clienti dell’azienda. Gli hacker stanno attualmente tentando di ricattare 39 aziende i cui dati sono stati rubati da Salesforce.
La scorsa settimana, gli Scattered Lapsus$ Hunters (una combinazione di membri dei gruppi di hacker Scattered Spider, LAPSUS$ e Shiny Hunters) hanno lanciato un proprio Data Leak Site (DLS) in cui sono elencate 39 organizzazioni colpite da violazioni dei dati legate a Salesforce.
Ogni post contiene esempi di dati rubati dagli account Salesforce e avvisa le aziende interessate di contattare gli hacker entro il 10 ottobre 2025, per impedire che tutte le informazioni rubate vengano divulgate pubblicamente.
I cacciatori di Lapsus$ stanno tentando di estorcere denaro a una serie di marchi e organizzazioni noti, tra cui: FedEx, Disney e Hulu, Home Depot, Marriott, Google, Cisco, Toyota, Gap, McDonald’s, Walgreens, Instacart, Cartier, Adidas, Saks Fifth Avenue, Air France e KLM, Transunion, HBO Max, UPS, Chanel e IKEA.
“Vi incoraggiamo vivamente a prendere la decisione giusta. La vostra organizzazione sarà in grado di prevenire una violazione dei dati, riprendere il controllo della situazione e tutte le operazioni rimarranno stabili come prima. Incoraggiamo vivamente i decisori a partecipare a questo processo, poiché presentiamo una soluzione chiara e reciprocamente vantaggiosa”, scrivono gli hacker.
Gli aggressori hanno anche pubblicato un messaggio separato sul loro sito web, indirizzato a Salesforce. Gli hacker chiedevano un riscatto all’azienda per impedire la fuga di dati di tutti i clienti interessati (un totale di circa 1 miliardo di record contenenti informazioni personali).
“Se acconsenti alle nostre richieste, annulleremo qualsiasi trattativa attiva o in corso con i tuoi clienti. Se paghi, i tuoi clienti non saranno più attaccati e non riceveranno richieste di riscatto da parte nostra”, affermano gli aggressori, rivolgendosi a Salesforce.
Inoltre, gli estorsori minacciano l’azienda, sostenendo che una volta rilasciati i dati, aiuteranno gli studi legali a intentare cause civili e commerciali contro Salesforce e avvertono inoltre che l’azienda non è riuscita a proteggere i dati dei propri clienti in conformità con i requisiti del Regolamento generale sulla protezione dei dati (GDPR) europeo.
Come riportato da Bloomberg, Salesforce ha inviato questa settimana lettere ai propri clienti in cui afferma di non voler pagare il riscatto né negoziare con gli hacker. L’azienda ha inoltre avvertito che, “secondo informazioni attendibili”, gli aggressori hanno effettivamente intenzione di pubblicare presto i dati rubati.
Ricordiamo che il furto di dati da Salesforce è avvenuto nell’ambito di due campagne distinte. La prima è iniziata alla fine del 2024. All’epoca, gli aggressori hanno utilizzato tecniche di ingegneria sociale (di solito fingendosi personale di supporto tecnico) per convincere i dipendenti di diverse aziende a connettere un’applicazione OAuth dannosa alle istanze aziendali di Salesforce. Dopo aver effettuato la connessione, gli aggressori hanno utilizzato l’accesso ottenuto per scaricare e rubare dati, per poi ricattare le aziende.
La seconda campagna è iniziata nell’agosto 2025. In questo caso, gli hacker hanno utilizzato token OAuth rubati da SalesLoft Drift per accedere ai sistemi CRM dei clienti ed estrarre informazioni.
Gli attacchi SalesLoft hanno preso di mira principalmente i ticket di supporto, che contengono credenziali, token API, token di autenticazione e altre informazioni che potrebbero essere utilizzate per violare l’infrastruttura interna e i servizi cloud delle organizzazioni.
L'articolo Salesforce si rifiuta di pagare il riscatto per gli attacchi di Scattered Lapsus$ Hunters proviene da il blog della sicurezza informatica.
Inside a Germanium Transistor
The first transistors were point contact devices, not far from the cats-whiskers of early radio receivers. They were fragile and expensive, and their performance was not very high. The transistor which brought the devices to a mass audience through the 1950s and 1960s was the one which followed, the alloy diffusion type. [Play With Junk] has a failed OC71 PNP alloy diffusion transistor, first introduced in 1957, and has cracked it open for a closer look.
Inside the glass tube is a small wafer of germanium crystal, surrounded by silicone grease. It forms the N-type base of the device, with the collector and emitter being small indium beads fused into the germanium. The junctions were formed by the resulting region of germanium/indium alloy. The outside of the tube is pained black because the device is light-sensitive, indeed a version of this transistor without the paint was sold as the OCP71 phototransistor.
These devices were leaky and noisy, with a low maximum frequency and low gain. But they were reliable and eventually affordable, so some of us even cut our electronic teeth on them.
youtube.com/embed/L7GaFaqFGR8?…
Zero-Day in Oracle E-Business Suite sotto attacco: Clop Sfrutta il CVE-2025-61882
La scorsa settimana, Oracle ha avvisato i clienti di una vulnerabilità zero-day critica nella sua E-Business Suite (CVE-2025-61882), che consente l’esecuzione remota di codice arbitrario senza autenticazione. Ora è stato rivelato che il gruppo di hacker Clop sta sfruttando attivamente questa vulnerabilità per attacchi informatici dall’agosto 2025.
0-day sotto attacco: lo stato dell’arte
La vulnerabilità è stata scoperta nel componente Oracle Concurrent Processing di Oracle E-Business Suite (modulo di integrazione BI Publisher) e ha ricevuto un punteggio CVSS di 9,8. Questo punteggio elevato è dovuto alla mancanza di autenticazione e alla facilità di sfruttamento.
I rappresentanti di Oracle hanno annunciato che la vulnerabilità zero-day riguarda le versioni 12.2.3-12.2.14 di Oracle E-Business Suite e hanno rilasciato un aggiornamento di emergenza. L’azienda ha inoltre sottolineato che i clienti devono prima installare l’aggiornamento critico della patch di ottobre 2023 prima di installare la patch.
Poiché esisteva unexploit proof-of-concept pubblico per la vulnerabilità ed era già stato utilizzato in attacchi, agli amministratori di Oracle è stato consigliato di installare la patch il prima possibile.
Secondo Charles Carmakal, Chief Technology Officer dell’azienda di sicurezza informatica Mandiant, il problema CVE-2025-61882 e diversi altri bug risolti nell’aggiornamento di luglio sono stati utilizzati dal gruppo di hacker Clop per rubare dati dai server Oracle E-Business Suite già nell’agosto 2025.
Inoltre, ancor prima del rilascio della patch, gli esperti di Mandiant e del Google Threat Intelligence Group (GTIG) avevano segnalato di essere sulle tracce di una nuova campagna dannosa mirata a Oracle E-Business Suite. All’epoca, diverse aziende avevano ricevuto email dagli aggressori. In questi messaggi, i rappresentanti di Clop affermavano di aver rubato dati da Oracle E-Business Suite e chiedevano un riscatto, minacciando in caso contrario di pubblicare le informazioni rubate.
Gli analisti di CrowdStrike confermano di aver notato per la prima volta gli attacchi Clop che prendevano di mira CVE-2025-61882 all’inizio di agosto di quest’anno. Secondo i ricercatori, altri gruppi potrebbero essere stati coinvolti negli attacchi.
“CrowdStrike Intelligence ritiene con moderata sicurezza che GRACEFUL SPIDER sia probabilmente coinvolto in questa campagna. Non possiamo escludere la possibilità che CVE-2025-61882 sia sfruttato da più attori della minaccia. Il primo exploit noto è stato individuato il 9 agosto 2025, ma le indagini sono in corso e questa data potrebbe cambiare”, hanno affermato i ricercatori.
Impresa
Come sottolinea Bleeping Computer, sebbene dietro al furto di dati e allo sfruttamento zero-day ci sia il gruppo Clop, le informazioni su questa vulnerabilità sono state pubblicate per la prima volta dal gruppo Scattered Lapsus$ Hunters (un’associazione di membri dei gruppi di hacker Scattered Spider, LAPSUS$ e Shiny Hunters), che ha pubblicato due file che menzionano Clop su Telegram.
Uno di questi (GIFT_FROM_CL0P.7z) conteneva il codice sorgente di Oracle, presumibilmente correlato a support.oracle.com. In seguito, alcuni hacker di Lapsus$ sparsi hanno affermato che questo codice era stato rubato durante l’attacco hacker a Oracle Cloud nel febbraio 2025.
Il secondo file (ORACLE_EBS_NDAY_EXPLOIT_POC_SCATTERED_LAPSUS_RETARD_CL0P_HUNTERS.zip) conteneva presumibilmente l’exploit di Oracle E-Business Suite utilizzato da Clop. L’archivio conteneva un’istruzione readme.md e due script Python: exp.py e server.py. Questi script vengono utilizzati per sfruttare le installazioni vulnerabili di Oracle E-Business Suite: eseguono comandi arbitrari o aprendo reverse shell, connettendosi ai server dell’aggressore.
Non è ancora chiaro come gli Scattered Lapsus$ Hunters abbiano ottenuto l’accesso all’exploit e la loro connessione con Clop. Gli stessi hacker sostengono che una delle persone con cui hanno condiviso l’exploit potrebbe averlo trasmesso o venduto a Clop.
“Era un mio exploit, come quello di SAP, che in seguito è stato rubato da Clop. Ero arrabbiato perché un altro dei miei exploit veniva utilizzato in modo improprio da un altro gruppo, quindi lo abbiamo fatto trapelare. Nessuna lamentela contro Clop”, ha detto un membro del gruppo.
Come hanno scoperto i ricercatori di watchTowr Labs dopo aver effettuato il reverse engineering di un exploit trapelato da Scattered Lapsus$ Hunters e datato maggio 2025, CVE-2025-61882 è in realtà una catena di vulnerabilità che consente agli aggressori di ottenere l’esecuzione di codice remoto senza autenticazione utilizzando una singola richiesta HTTP.
L'articolo Zero-Day in Oracle E-Business Suite sotto attacco: Clop Sfrutta il CVE-2025-61882 proviene da il blog della sicurezza informatica.
One ROM Gets a USB Stack
Our hacker [Piers Finlayson] is at it again, and this time he has added USB support to One ROM.
With this new connectivity you can attach your One ROM to your computer with a USB cable and then in a matter of seconds upload new firmware from your Chrome (or Chromium) web browser. This new connectivity will supplement but not replace the existing serial wire connectivity because the serial wire connectivity enables certain advanced use cases not supported by the USB stack, such as reprogramming a ROM in-place as it’s being served. The new USB interface will probably suit most users who just want to use One ROM to manage the ROMs for their old kit and who don’t need the extra functionality.
Addressing the question as to why he didn’t have USB connectivity from the start [Piers] claimed it was because he didn’t like soldering the USB sockets! But given this is a service he can get from his board house that is no longer his problem! [Piers] said he picked Micro USB over USB-C because the former demands less circuit board real estate than the latter. Squeezing everything on to the board remains a challenge!
[Piers] isolates the two power subsystems with Schottky diodes. This keeps the One ROM and USB power sources separate, meaning they can safely be used at the same time. The USB support also demanded the inclusion of an external 12 MHz oscillator but only needed three extra pins on the micro: VBUS, D+, and D-.
The fun thing about this video is the number of false starts and red herrings [Piers] chases down as he does his diagnoses. This is how the sausage is made! And speaking of making sausage, [Piers] has recorded an additional two hour video showing how he laid out the new USB version in KiCad: One ROM Fire USB – Laying out RP2350 + USB in 1/2 x 1 inch.
If you haven’t been keeping track with where we’re at with One ROM we first heard of it back in July with an update in September, and since then [Piers] appeared on FLOSS Weekly, so be sure to check that out! It has been fun to watch this project develop and we look forward to seeing where [Piers] takes it in future, wishing him every success.
youtube.com/embed/b70uvhbinYc?…
The Fascinating Waveguide Technology Inside Meta’s Ray-Ban Display Glasses
Recently the avid teardown folk over at iFixit got their paws on Meta’s Ray-Ban Display glasses, for a literal in-depth look at these smart glasses. Along the way they came across the fascinating geometric waveguide technology that makes the floating display feature work so well. There’s also an accompanying video of the entire teardown, for those who enjoy watching a metal box cutter get jammed into plastic.
Overall, these smart glasses can be considered to be somewhat repairable, as you can pry the arms open with a bit of heat. Inside you’ll find the 960 mWh battery and a handful of PCBs, but finding spare parts for anything beyond perhaps the battery will be a challenge. The front part of the glasses contain the antennae and the special lens on the right side that works with the liquid crystal on silicon (LCoS) projector to reflect the image back to your eye.
While LCoS has been used for many years already, including Google Glass, it’s the glass that provides the biggest technological advancement. Instead of the typical diffractive waveguide it uses a geometric reflective waveguide made by Schott, with the technology developed by Lumus for use in augmented reality (AR) applications. This is supposed to offer better optical efficiency, as well as less light leakage into or out of the waveguide.
Although definitely impressive technology, the overall repairability score of these smart glasses is pretty low, and you have to contest with both looking incredibly dorky and some people considering you to be a bit of a glasshole.
youtube.com/embed/G8ypYclM0bc?…
Motors Make the Best Knobs With SimpleFOC
The worst thing about a volume knob is that, having connected it to a computer, it might be wrong: if you’ve manually altered the volume settings somewhere else, the knob’s reading won’t be correct. [I Got Distracted] has a quick tutorial on YouTube showing how to use a BLDC, a hall effect sensor, Pi Pico and the SimpleFOC library to make a knob with active haptic feedback and positioning.
We covered the SimpleFOC library a few years ago, but in case you missed it, it’s, well, a simple library for FOC on all of our favorite microcontrollers, from Arduino to ESP to Pico. FOC stands for field-oriented control, which is a particular way of providing smooth, precise control to BLDCs. (That’s a BrushLess DC motor, if the slightly-odd acronym is new to you.) [I Got Distracted] explains exactly how that works, and shows us just how simple the SimpleFOC project is to use in this video. Why, they even produce their own motor controllers, for a fully-integrated experience. (You aren’t restricted to that hardware, but it certainly does make things easy.)
The haptic feedback and self-dialing knob make for an easy introductory project, but seeing how quick it hacks together, you can doubtless think of other possibilities. The SimpleFOC controller used in this video is limited to relatively small motors, but if you want to drive hundreds of kilowatts through open source hardware, we’ve covered that, too.
Arguably, using a motor as a knob isn’t within the design spec, and so could almost qualify for our ongoing Component Abuse Challenge, had [I Got Distracted] thought to enter.
youtube.com/embed/gKdGmkCgGkg?…
2025 Component Abuse Challenge: The Sweet Sound of a Choking Transformer
The Component Abuse Challenge is dragging all sorts of old, half-forgotten hacks out of the woodwork, but this has got to be the most vintage: [KenS] started using a transformer as a variable choke on his speakers 55 years ago.
The hack is pretty bone-dead simple. A choke is an inductor in an audio (or any other) circuit designed to, well, choke off higher-than-desired frequencies. We featured a deep dive a few years back if you’re interested. An inductor is a coil of wire, usually (but not necessarily) wound around a core of iron or ferrite. A transformer? Well, that’s also a coil of wire around a core… plus an extra coil of wire. So when [KenS], back in his salad days, had a tweeter that a was a little too tweety, and no proper choke, he grabbed a transformer instead.
This is where inspiration hit: sure, if you leave the second winding open, the transformer acts like a standard choke. What happens if you short that second winding? Well, you dampen the response of the first winding, and it stops choking, to the point that it acts more like a straight wire. What happens if you don’t short the second winding, but don’t leave it wide open? [KenS] stuck a potentiometer on there, and found it made a handy-dandy variable choke with which to perfectly tune the tone response of his speakers. Changing the resistance changes the rate at which high frequencies are choked off, allowing [KenS] to get the perfect frequency response with which to rock out to Simon & Garfunkel, The Carpenters and The Guess Who. (According to the Billboard Top 100 for 1970, those are who you’d be listening to if you had conventional tastes.)
While we can’t say the transformer is really being tortured in this unusual mode, it’s certainly not how it was designed, so would qualify for the “Junk Box Substitutions” category of the Component Abuse Challenge. If you’ve made similar substitutions you’d like to share, don’t wait another 55 years to write them up– the contest closes November 11th.
Transformer image: Hannes Grobe, CC BY-SA 4.0.
2025 Component Abuse Challenge: Load Cell Anemometer
When you think anemometer, you probably don’t think “load cell” — but (statistically speaking) you probably don’t live in Hurricane Country, which is hard on wind-speed-measuring-whirligigs. When [BLANCHARD Jordan] got tired of replacing professionally-made meteorological eggbeaters, he decided he needed something without moving parts. Whatever he came up with would probably qualify for the Component Abuse Challenge, but the choice of load cells of all things to measure wind speed? Yeah, that’s not what the manufacturer intended them for.
In retrospect, it’s actually a fairly obvious solution: take a plate of known area, and you’re going to get a specific force at a given air speed. The math isn’t hard, it’s just not how we normally see this particular measurement done. Of course, a single plate would have to be pivoted to face the wind for an accurate reading, which means moving parts– something specifically excluded from the design brief. [Jordan] instead uses a pair of load cells, mounted 90 degrees to one another, for his anemometer. One measures the force in a north-south axis, and the other east-west, allowing him to easily calculate both wind speed and direction. In theory, that is. Unfortunately, he vibe coded the math with ChatGPT, and it looks like it doesn’t track direction all that well. The vibe code runs on an ESP32 is responsible for polling data, tossing outliers, and zeroing out the load cells on the regular.
If you’re feeling forgiving towards abominable intelligence, the problem might not be code, but could potentially be related to the geometry of the wind-catchers. To catch the wind coming from any angle, instead of a flat plate, a series of angled circular vanes are used, as you can see from the image.
Given that arrangement is notably not symmetrical, that might be what throws off the direction reading. Still, the wind speed measurements are in very good agreement with known-good readings. The usual rotating bird perch doesn’t measure direction either, so this solid-state replacement should be just as good.
If you like the idea of hacking components to do something the designer never intended, the 2025 Component Abuse Challenge runs until November 11th — just don’t wait until the 11th hour, because entries close at 10 AM Pacific.
Holy Parachute out of Kirigami
If you have a fear of heights and find yourself falling out of an airplane, you probably don’t want to look up to find your parachute full of holes. However, if the designer took inspiration from kirigami in the same way researchers have, you may be in better shape than you would think. This is because properly designed kirigami can function as a simple and effective parachute.
Kirigami, for those unfamiliar, is a cousin of origami where, instead of folding, you cut slits into paper. In this case, the paper effectively folds itself after being dropped, which allows the structure to create drag in ways similar to traditional parachute designs. Importantly, however, the stereotypical designs of parachutes have some more severe drawbacks than they appear. Some major issues include more obvious things, such as having to fold and unpack before and after dropping. What may be less obvious are the large eddies that traditional parachutes create or their ease at being disturbed by the surrounding wind.
The kirigami chutes fix these issues while being easier to manufacture and apply. While these are not likely to be quite as effective for human skydiving, more durable applications may benefit. Quoted applications, including drone delivery or disaster relief, worry more about accuracy and scalability rather than the fragile bones of its passenger.
Clever and simple designs are always fun to try to apply to your own projects, so if you want to have your own hand, make sure to check out the paper itself here. For those more interested in clever drone design to take inspiration from, look no further than this maple seed-inspired drone.
youtube.com/embed/6rrDW6YIbXI?…
1000 POS di negozi USA e UK violati e messi all’asta: “accesso totale” a 55.000 dollari
Un nuovo annuncio pubblicato su un forum underground è stato rilevato poco fa dai ricercatori del laboratorio di intelligence sulle minacce di Dark Lab e mostra chiaramente quanto sia ancora attivo e pericoloso il mercato nero degli accessi a sistemi informatici sensibili.
L’utente “nixploiter”, con un profilo già consolidato nella community underground (livello “gigabyte“, con oltre 150 post), ha recentemente messo in vendita l’accesso a più di 1000 macchine POS (Point of Sale) situate tra USA e Regno Unito.
Disclaimer: Questo rapporto include screenshot e/o testo tratti da fonti pubblicamente accessibili. Le informazioni fornite hanno esclusivamente finalità di intelligence sulle minacce e di sensibilizzazione sui rischi di cybersecurity. Red Hot Cyber condanna qualsiasi accesso non autorizzato, diffusione impropria o utilizzo illecito di tali dati. Al momento, non è possibile verificare in modo indipendente l’autenticità delle informazioni riportate, poiché l’organizzazione coinvolta non ha ancora rilasciato un comunicato ufficiale sul proprio sito web. Di conseguenza, questo articolo deve essere considerato esclusivamente a scopo informativo e di intelligence.
Nel post, l’attore malevolo afferma di avere accesso tramite pannelli di amministrazione RMM (Remote Monitoring and Management), che garantirebbero pieni privilegi amministrativi, controllo remoto e persino shell con accesso root. Le macchine compromesse opererebbero su sistemi Windows 7, 8, 10 e 11, utilizzando software molto conosciuto e diffuso nel settore retail.
L’offerta, impostata come un’asta, parte da 8.000 dollari, con incrementi di 5.000 e un prezzo “blitz” immediato di 55.000 dollari. Il venditore stabilisce inoltre una finestra di 48 ore dopo l’ultima offerta per concludere la transazione, richiedendo una piccola cauzione in Bitcoin per confermare l’affidabilità dell’acquirente.
Implicazioni e rischi
Un accesso di questo tipo rappresenta una seria minaccia diretta non solo per i negozi coinvolti, ma anche per i clienti e i circuiti finanziari collegati.
I sistemi POS gestiscono dati estremamente sensibili – transazioni, carte di pagamento, credenziali e log di rete – che possono essere sfruttati per:
- Rubare informazioni finanziarie e clonare carte di credito.
- Installare malware o ransomware all’interno dei terminali.
- Manipolare transazioni o alterare flussi di pagamento.
- Sfruttare i dispositivi come pivot per muoversi lateralmente nelle reti aziendali più ampie.
Il riferimento all’uso di un software RMM, è comune nelle infrastrutture aziendali legittime, suggerisce che gli attaccanti abbiano sfruttato strumenti di gestione remota non protetti o mal configurati – una tecnica in forte crescita nel panorama delle minacce.
Considerazioni finali
Questo episodio mette in luce ancora una volta l’importanza della sicurezza dei dispositivi POS, spesso trascurata rispetto ad altri sistemi IT.
È fondamentale che le aziende:
- Implementino autenticazioni forti e segmentazione di rete.
- Aggiornino regolarmente i software RMM e POS.
- Monitorino gli accessi remoti e i log di sistema per individuare comportamenti anomali.
- Limitino l’esposizione di pannelli di gestione su Internet.
La vendita di accessi a oltre mille terminali POS non è solo un’operazione criminale isolata: è un indicatore di vulnerabilità sistemica che riguarda direttamente la sicurezza del commercio digitale globale.
L'articolo 1000 POS di negozi USA e UK violati e messi all’asta: “accesso totale” a 55.000 dollari proviene da il blog della sicurezza informatica.
Meshtastic: A Tale of Two Cities
If I’m honest with myself, I don’t really need access to an off-grid, fault-tolerant, mesh network like Meshtastic. The weather here in New Jersey isn’t quite so dynamic that there’s any great chance the local infrastructure will be knocked offline, and while I do value my privacy as much as any other self-respecting hacker, there’s nothing in my chats that’s sensitive enough that it needs to be done off the Internet.
But damn it, do I want it. The idea that everyday citizens of all walks of life are organizing and building out their own communications network with DIY hardware and open source software is incredibly exciting to me. It’s like the best parts of a cyberpunk novel, without all the cybernetic implants, pollution, and over-reaching megacorps. Well, we’ve got those last two, but you know what I mean.
Even though I found the Meshtastic concept appealing, my seemingly infinite backlog of projects kept me from getting involved until relatively recently. It wasn’t until I got my hands on the Hacker Pager that my passing interest turned into a full blown obsession. But it’s perhaps not for the reason you might think. Traveling around to different East Coast events with the device in my bag, it would happily chirp away when within range of Philadelphia or New York, but then fall silent again once I got home. While I’d get the occasional notification of a nearby node, my area had nothing like the robust and active mesh networks found in those cities.
Well, they say you should be the change you want to see in the world, so I decided to do something about it. Obviously I wouldn’t be able to build up an entire network by myself, but I figured that if I started standing up some nodes, others might notice and follow suit. It was around this time that Seeed Studio introduced the SenseCAP Solar node, which looked like a good way to get started. So I bought two of them with the idea of putting one on my house and the other on my parent’s place down the shore.
The results weren’t quite what I expected, but it’s certainly been an interesting experience so far, and today I’m even more eager to build up the mesh than I was in the beginning.
Starting on Easy Mode
I didn’t make a conscious decision to start my experiment at my parent’s house. Indeed, located some 60 miles (96 km) from where I live, any progress in building out a mesh network over there wouldn’t benefit me back home. But it was the beginning of summer, they have a pool, and my daughters love to swim. As such, we spent nearly every weekend there which gave me plenty of time to tinker.
For those unfamiliar with New Jersey’s Southern Shore area, the coastline itself is dotted with vacation spots such as Wildwood, Atlantic City, and Long Beach Island. This is where the tourists go to enjoy the beaches, boardwalks, cotton candy, and expensive rental homes. But move slightly inland, and you’ll find a marshland permeated with a vast network of bays, creeks, and tributaries. For each body of water large enough to get a boat through, you’ll find a small town or even an unincorporated community that in the early 1900s would have been bustling with oyster houses and hunting shacks, but today might only be notable for having their own Wawa.
My parents are in one of those towns that doesn’t have a Wawa. Its very quiet, the skies are dark, and there’s not much more than marsh and water all around. So when I ran the SenseCAP Solar up their 20 foot (6 m) flagpole, which in a former life was actually the mast from a sailing catamaran, the results were extremely impressive.
I hadn’t had the radio up for more than a few hours before my phone pinged with a message. We chatted back and forth a bit, and I found that my new mesh friend was an amateur radio operator living on Long Beach Island, and that he too had just recently started experimenting with Meshtastic. He was also, incidentally, a fan of Hackaday. (Hi, Leon!) He mentioned that his setup was no more advanced than an ESP32 dev board sitting in his window, and yet we were reliably communicating at a range of approximately 6 miles (9 km).
Encouraged, I decided to leave the radio online all night. In the morning, I was shocked to find it had picked up more than a dozen new nodes. Incredibly, it was even able to sniff out a few nodes that I recognized from Philadelphia, 50 miles (80 km) to the west. I started to wonder if it was possible that I might actually be able to reach my own home, potentially establishing a link clear across the state.
Later that day, somebody on an airplane fired off a few messages on the way out of Philadelphia International Airport. Seeing the messages was exciting enough, but through the magic of mesh networking, it allowed my node to temporarily see networks at an even greater distance. I picked up one node that was more than 100 miles (160 km) away in Aberdeen, Maryland.
I was exhilarated by these results, and eager to get back home and install the second SenseCAP Solar node installed. If these were the kind of results I was getting in the middle of nowhere, surely I’d make even more contacts in a dense urban area.
Reality Comes Crashing Home
You see, at this point I had convinced myself that the reason I wasn’t getting any results back at home was the relatively meager antenna built into the Hacker Pager. Now that I had a proper node with an antenna bigger than my pinkie finger, I was sure I’d get better results. Especially since I’d be placing the radio even higher this time — with a military surplus fiberglass mast clamped into the old TV antenna mount on my three story house, the node would be around 40 feet (12 m) above the ground.
But when I opened the Meshtastic app the day after getting my home node installed, I was greeted with….nothing. Not a single node was detected in a 24 hour period. This seemed very odd given my experience down the shore, but I brushed it off. After all, Meshtastic nodes only occasionally announce their presence when they aren’t actively transmitting.
Undaunted, I made plans with a nearby friend to install a node at his place. His home is just 1.2 miles (1.9 km) from mine, and given the 6 mile (9 km) contact I had made down the shore, it seemed like this would be an easy first leg of our fledgling network.
Yet when we stood up a temporary node in his front yard, messages between it and my house were only occasionally making it through. Worse, the signal strength displayed in the application was abysmal. It was clear that, even at such a short range, an intermediary node would be necessary to get our homes reliably connected.
At this point, I was feeling pretty dejected. The incredible results I got when using Meshtastic in the sticks had clearly given me a false sense of what the technology was capable of in an urban environment. To make matters even worse, some further investigation found that my house was about the worst possible place to try and mount a node.
For one thing, until I bothered to look it up, I never realized my house was located in a small valley. According to online line-of-sight tools, I’m essentially at the bottom of a bowl. As if that wasn’t bad enough, I noted that the Meshtastic application was showing an inordinate number of bad packets. After consulting with those more experienced with the project, I now know this to be an indicator of a noisy RF environment. Which may also explain the exceptionally poor reception I get when trying to fly my FPV drone around the neighborhood, but that’s a story for another day.
A More Pragmatic Approach
While I was disappointed that I couldn’t replicate my seaside Meshtastic successes at home, I’m not discouraged. I’ve learned a great deal about the technology, especially its limitations. Besides, the solution is simple enough — we need more nodes, and so the campaign to get nearby friends and family interested in the project has begun. We’ve already found another person in a geographically strategic position who’s willing to host a node on their roof, and as I write this a third Seeed SenseCAP Solar sits ready for installation.
I’m now fighting a battle on two fronts, but thankfully, I’m not alone. In the months since I’ve started this project, I’ve noticed a steady uptick in the number of detected nodes. Even here at home, I’ve finally started to pick up some chatter from nearby nodes. There’s no denying it, the mesh is growing everyday.
My advice to anyone looking to get into Meshtastic is simple. Whether you’re in the boonies, or stuck in the middle of a metropolis, pick up some compatible hardware, mount it as high as you can manage, and wait. It might not happen overnight, but eventually your device is going to ping with that first message — and that’s when the real obsession starts.
Google Japan Turn Out Another Keyboard, and it’s a Dial
There’s a joke that does the rounds, about a teenager being given a dial phone and being unable to make head nor tail of it. Whether or not it’s true, we’re guessing that the same teen might be just a stumped by this year’s keyboard oddity from Google Japan. It replaces keys with a series of dials that work in the same way as the telephone dial of old. Could you dial your way through typing?
All the files to make the board, as well as a build guide, are in the GitHub repository linked above, but they’ve also released a promotional video that we’ve put below the break. The dials use 3D printed parts, and a rotary encoder to detect the key in question. We remember from back in the day how there were speed dialing techniques with dial phones, something we’ve probably by now lost the muscle memory for.
We like this board for its quirkiness, and while it might become a little tedious to type a Hackaday piece on it, there might be some entertainment for old-timers in watching the youngsters figuring it out. If you’re hungry for more, we’ve covered them before.
youtube.com/embed/BgdWyD0cBx4?…
Thanks [ikeji] for the tip.
ACN e la sovranità digitale al DisclAImer Tour del Corsera
Mi ha fatto anche molto piacere conoscere di persona il procuratore Gratteri, persona dai modi squisiti. E poi l’intervento di Bruno Frattasi, il direttore generale di Agenzia per la Cybersicurezza Nazionale, senza rete, è stato spettacolare, spaziando dal ransomware all’hashtag#IA, dalle regole europee ai temi più decisamente industriali e alla sovranità tecnologica.
Luna gli ha anche fatto una domanda non semplice sul rapporto tra Italia e Israele e Frattasi ha potuto confermare che non è assolutamente vero che qualcuno abbia consegnato a Israele le chiavi delle nostra cybersecurity (e come potrebbe, visto che è un ecosistema?) mentre è ovvio che l’Italia ha sempre avuto rapporti politici e industriali col paese mediorientale.
Una cosa non mi ha convinto molto, nelle parole di qualche panelist, e cioè questa idea che l’Italia è arretrata e deve “comprare innovazione” e “computer moderni” per garantirsi la sovranità digitale. Intanto l’innovazione, secondo me, non si compra ma si fa, e noi, Italia, pur con difficoltà, la facciamo; secondo, non è la dotazione dell’impiegato che fa la differenza in termini di protezione cibernetica, se non come uno dei tanti fattori coinvolti. Sono più importanti i servizi e la loro corretta configurazione, qualità e performance che la fanno. E poi la sicurezza è un concetto multifattoriale, dove comunque il fattore umano – awareness, formazione e cultura – è quello che fa la differenza, infatti “i dilettanti hackerano i computer, i professionisti hackerano le persone”, dice Schneier.
Quindi sicuramente possiamo aumentare gli investimenti in tecnologia, e creare una forza lavoro sufficiente e qualificata, ma dobbiamo investire molto in upskilling e reskilling nel mondo cyber.
E poi ci sono le regole: sono quelle italiane ed europee che ci hanno consentito di fare politiche di sicurezza anche senza avere dei campioni tecnologici nazionali nel campo del software e dell’hardaware, del cloud e dell’Intelligenza Artificale. La sovranità digitale ormai non può che essere Europea.
Vabbè il discorso è lungo, lo continueremo nei prossimi giorni.
Intanto complimenti a Luna, Frattasi e Gratteri, ma anche a Giorgio Ventre a Vito Di Marco, e a tutti i relatori presenti. é stata una bella occasione
Allenza tra gruppi ransomware: LockBit, DragonForce e Qilin uniscono le forze
Tre importanti gruppi di ransomware – DragonForce, Qilin e LockBit– hanno annunciato un’alleanza. Si tratta essenzialmente di un tentativo di coordinare le attività di diversi importanti operatori RaaS (ransomware-as-a-service); gli analisti avvertono che tale consolidamento potrebbe aumentare la portata e l’efficacia degli attacchi.
DragonForce ha avviato la fusione. All’inizio di settembre, quasi contemporaneamente al rilascio di LockBit 5.0, i rappresentanti di DragonForce hanno proposto pubblicamente ai “colleghi” di porre fine alle loro liti interne e di concordare “regole di mercato”: parità di condizioni, cessazione degli insulti pubblici e supporto reciproco.
LockBit ha risposto positivamente e DragonForce ha successivamente annunciato ufficialmente l’alleanza tra le tre bande, invitando altri team di ransomware a unirsi a loro.
Gli analisti vedono questo come un segnale di una tendenza pericolosa. Un rapporto di ReliaQuest per il terzo trimestre del 2025 ha osservato che la fusione potrebbe portare a campagne più frequenti e coordinate e a una più ampia diffusione degli attacchi, comprese le infrastrutture critiche.
È possibile che l’alleanza possa aiutare LockBit a riprendersi da un importante attacco delle forze dell’ordine nel 2024. Poi, a febbraio, operazioni internazionali hanno portato al sequestro di server, nomi di dominio e chiavi di decrittazione; a maggio, gli investigatori hanno anche collegato il gruppo a un individuo specifico, Dmitry Yuryevich Khoroshev, che tuttavia è ancora in libertà. Queste azioni hanno minato la fiducia degli affiliati e molti ex partner di LockBit sono passati ad altri gruppi.
È importante sottolineare che non è stata ancora creata un’infrastruttura di alleanza unificata: non è emerso alcun sito web comune per il data dumping o un singolo portale di fuga di dati, e ogni gang continua a rivendicare la responsabilità delle proprie operazioni.
Qilin, ad esempio, ha annunciato pubblicamente l’attacco ad Asahi Beer, mentre LockBit e DragonForce continuano a pubblicare i propri attacchi separatamente. Ciononostante, la condivisione di competenze e risorse, dagli strumenti ai database dei clienti, di per sé amplia le capacità dei criminali.
Di particolare preoccupazione è il cambiamento nella retorica di LockBit dopo il rilascio della versione 5.0: nella sua documentazione, il gruppo ha eliminato i precedenti tabù e ha dichiarato esplicitamente che gli attacchi alle infrastrutture critiche (centrali elettriche e strutture simili) sono ora consentiti, a meno che non venga raggiunto un accordo separato con l’FBI. Ciò significa che, almeno apparentemente, gli operatori ora considerano accettabile attaccare settori che in precedenza evitavano.
Nel frattempo, si sta sviluppando anche un gruppo di hacker di lingua inglese:Scattered Spider, ShinyHunters e Lapsus$ hanno annunciato una nuova coalizione chiamata Scattered Lapsus$ Hunters e hanno lanciato un proprio sito di leak, che ha già pubblicato dati su diverse aziende.
ReliaQuest avverte che questo gruppo potrebbe evolversi in un fornitore di RaaS, combinando competenze di ingegneria sociale con tecnologie di crittografia.
I ricercatori valutano l’emergere di tali alleanze come una transizione verso una nuova fase dell’economia criminale: invece di una concorrenza frammentata, i gruppi di ransomware stanno iniziando a costruire legami “commerciali” stabili, condividendo codice, infrastrutture e canali di distribuzione dei dati. Questo rende gli attacchi più diffusi e difficili da fermare, poiché le risorse, le dimensioni e la professionalità dei criminali aumentano simultaneamente.
L'articolo Allenza tra gruppi ransomware: LockBit, DragonForce e Qilin uniscono le forze proviene da il blog della sicurezza informatica.
Billy Bass Gets New Job as a Voice Assistant
For those who were alive and conscious before the modern Internet, there were in fact things that went “viral” and became cultural phenomenon for one reason or another. Although they didn’t spread as quickly or become forgotten as fast, things like Beanie Babies or greeting a friend with an exaggerated “Whassup?” could all be considered viral hits of the pre-Internet era.
Another offline hit from the late 90s was the Billy Bass, an absurdist bit of physical comedy in the form of a talking, taxidermied fish. At the time it could only come to life and say a few canned lines, but with the help of modern hardware it can take on a whole new life.
This project comes to us from [Cian] who gutted the fish’s hardware to turn it into a smart voice assistant with some modern components, starting with an ESP32 S3. This chip has enough power to detect custom “wake words” to turn on the fish assistant as well as pass the conversation logic to and from a more powerful computer, handle the audio input and output, and control the fish’s head and tail motors. These motors, as well as the speaker, are the only original components remaining. The new hardware, including an amplifier for the speaker, are mounted on a custom 3D printed backplate.
After some testing and troubleshooting, the augmented Billy was ready to listen for commands and converse with the user in much the same way as an Alexa or other home assistant would. [Cian] built this to work with Home Assistant though, so it’s much more open and easier to recreate for anyone who still has one of these pieces of 90s kitch in a box somewhere.
Perhaps unsurprisingly, these talking fish have been the basis of plenty of hacks over the years since their original release like this one from a few years ago that improves its singing ability or this one from 2005 that brings Linux to one.
youtube.com/embed/favga4OUhY8?…
Interruzione Microsoft 365: migliaia di utenti colpiti in tutto il mondo
Un’estesa interruzione dei servizi Microsoft 365 ha colpito migliaia di utenti in tutto il mondo nella serata di mercoledì 8 ottobre 2025, rendendo temporaneamente inaccessibili piattaforme chiave come Microsoft Teams, Exchange Online e il portale di amministrazione di Microsoft 365.
Il disservizio, segnalato a partire dalle ore tarde, ha compromesso la possibilità per numerose organizzazioni di utilizzare strumenti fondamentali per la comunicazione e la gestione aziendale. Microsoft ha confermato rapidamente l’anomalia, avviando un’indagine ad alta priorità per identificare la causa del problema e ripristinare la piena funzionalità del sistema.
Intorno alle 22:56 (GMT+5:30), la società ha individuato una possibile anomalia nelle operazioni di directory all’interno di una sezione della propria infrastruttura.
L’errore, collegato alla gestione dell’autenticazione degli utenti e delle richieste di servizio, ha generato un malfunzionamento a livello di back-end. Gli ingegneri hanno quindi analizzato i dati diagnostici per delineare una strategia di mitigazione che non compromettesse ulteriormente l’ambiente operativo.
Alle 23:36 (GMT+5:30), Microsoft ha comunicato di aver iniziato a riequilibrare i carichi di servizio, reindirizzando il traffico dalle componenti difettose verso sistemi funzionanti. Questa misura ha rappresentato un passo cruciale verso la stabilizzazione della piattaforma e la progressiva ripresa delle attività per gli utenti colpiti.
Nelle prime ore di questa mattina, 9 ottobre 2025, l’azienda ha registrato segnali positivi: il reindirizzamento del traffico ha portato a un graduale ripristino dei servizi principali. Nonostante il miglioramento, Microsoft ha annunciato che i propri team tecnici continueranno a monitorare l’infrastruttura per assicurare la stabilità duratura e prevenire nuove interruzioni.
La società ha inoltre mantenuto un flusso costante di aggiornamenti per informare gli utenti sull’evoluzione del ripristino, confermando che la maggior parte delle funzionalità stava progressivamente tornando alla normalità.
L'articolo Interruzione Microsoft 365: migliaia di utenti colpiti in tutto il mondo proviene da il blog della sicurezza informatica.
Why Stepper Motors Still Dominate 3D Printing
It’s little secret that stepper motors are everywhere in FDM 3D printers, but there’s no real reason why you cannot take another type of DC motor like a brushless DC (BLDC) motor and use that instead. Interestingly, some printer manufacturers are now using BLDCs for places where the reduction in weight matters, such as in the tool head or extruder, but if a BLDC can be ‘stepped’ much like any stepper motor, then why prefer one over the other? This is the topic of a recent video by [Thomas Sanladerer], with the answer being mostly about cost, and ‘good enough’ solutions.
The referenced driving method of field-oriented control (FOC), which also goes by the name of vector control, is a VFD control method in which the controller can fairly precisely keep position much like a stepper motor, but without the relatively complex construction of a stepper motor. Another advantage is that FOC tends to use less power than alternatives.
Using a FOC controller with a BLDC is demonstrated in the video, which also covers the closed-loop nature of such a configuration, whereas a stepper motor is generally driven in an open-loop fashion. Ultimately the answer at this point is that while stepper motors are ‘good enough’ for tasks where their relatively large size and weight aren’t real issues, as BLDCs with FOC or similar becomes more economical, we may see things change there.
youtube.com/embed/136NfHIPQcE?…