Forwarded from The Hacker News
🚨 39 million secrets leaked on GitHub in 2024 alone.
Not just mistakes—these are entry points for attackers to breach your cloud, CI/CD, and data stores without triggering alerts.
Even a forgotten repo can cost everything.
Here’s how to stop it → https://thehackernews.com/2025/07/the-unusual-suspect-git-repos.html
Not just mistakes—these are entry points for attackers to breach your cloud, CI/CD, and data stores without triggering alerts.
Even a forgotten repo can cost everything.
Here’s how to stop it → https://thehackernews.com/2025/07/the-unusual-suspect-git-repos.html
The XLIBRE Technical Bifurcation of the Graphic Server X.ORG unmasks the intrinsic policy of the Foss Ecosystem: its project rejects codes of conduct and initiatives ofi, explaining a conservative ideological agenda. This reflects the historical tension between the free software movement (ethical, focused on user liberties) and the Open Source (pragmatic, focused on technical efficiency), whose fusion under the term "foss" is fragile. Any technical decision - forms, language changes or licenses - redistributes power: altera hierarchies of expertise, controls infrastructure and defines who participate in the development culture. Thus, protocols such as Wayland vs.11 or Copyleft (GPL) vs permissive (MIT) embody battles for values, not just efficiency. Ignore this human dimension - Igo, fear of obsolescence, struggle for influence - is to deny that the code is a political artifact where control over users and developers materializes. Survival in the AI era and surveillance capitalism requires choosing flags: technical neutrality is a myth.
https://www.gizvault.com/archives/ideological-gravity-of-foss
💬 Another article talking about the same, think what they want but this says in the end "technical neutrality is a myth" is true
https://www.gizvault.com/archives/ideological-gravity-of-foss
💬 Another article talking about the same, think what they want but this says in the end "technical neutrality is a myth" is true
Gizvault
The Ideological Gravity of FOSS
Dive into the heart of the **FOSS** world! This blog post explores the hidden **ideology** and politics at play in software development, from language choices t
Hardware Security Threats Against Bluetooth Mesh Networks
https://ieeexplore.ieee.org/document/8433184/authors#authors
. Security risks of Bluetooth
Man-in-the-middle attacks (MITM):
Bluetooth connections can be susceptible to eavesdropping attacks if strong encryption is not used. Older Bluetooth versions (before 4.2) are particularly risky.
Bluejacking & bluesnarfing:
Attackers could try to send unwanted messages (bluejacking) or even steal data from devices (bluesnarfing).
Traceability:
Bluetooth devices often send unique MAC addresses, which makes users traceable.
Weak standard pairing methods:
Many devices still use simple PINs or confirm connections without verification (e.g. "Just Works" mode with Bluetooth LE).
Risks specific to Bluetooth mesh networks
Mesh networks increase the attack surface:
Each device in the mesh acts as a relay, which means that a compromised device could influence the entire data traffic.
Lack of end-to-end encryption:
If the app/software does not implement additional encryption, messages can be forwarded in plain text.
Decentralized management:
Without centralized control, it is difficult to identify and remove malicious nodes.
yes a mesh network is not best in class security, user case is for "emergency" or other edge cases. For example where you have no other radio signal like mining sites.
Also mesh network were used during mass protest in Hong Kong and was so effective that China asked apple to disable it...
Even a UHF radio is useful in some situation even if it's not safe for private communications.
Is like meshtastic security is not main goal, for now at least...
https://ieeexplore.ieee.org/document/8433184/authors#authors
. Security risks of Bluetooth
Man-in-the-middle attacks (MITM):
Bluetooth connections can be susceptible to eavesdropping attacks if strong encryption is not used. Older Bluetooth versions (before 4.2) are particularly risky.
Bluejacking & bluesnarfing:
Attackers could try to send unwanted messages (bluejacking) or even steal data from devices (bluesnarfing).
Traceability:
Bluetooth devices often send unique MAC addresses, which makes users traceable.
Weak standard pairing methods:
Many devices still use simple PINs or confirm connections without verification (e.g. "Just Works" mode with Bluetooth LE).
Risks specific to Bluetooth mesh networks
Mesh networks increase the attack surface:
Each device in the mesh acts as a relay, which means that a compromised device could influence the entire data traffic.
Lack of end-to-end encryption:
If the app/software does not implement additional encryption, messages can be forwarded in plain text.
Decentralized management:
Without centralized control, it is difficult to identify and remove malicious nodes.
yes a mesh network is not best in class security, user case is for "emergency" or other edge cases. For example where you have no other radio signal like mining sites.
Also mesh network were used during mass protest in Hong Kong and was so effective that China asked apple to disable it...
Even a UHF radio is useful in some situation even if it's not safe for private communications.
Is like meshtastic security is not main goal, for now at least...
Forwarded from GSMArena (IFTTT)
Report: Chinese Android makers are testing under-display selfie cameras with 3D facial recognition
https://ift.tt/x4ojb2q
https://ift.tt/x4ojb2q
GSMArena.com
Report: Chinese Android makers are testing under-display selfie cameras with 3D facial recognition
The race to the first phone with a 3D UD selfie cam is on. 3D facial recognition hardware is a luxury in today's smartphone market, with Apple being the...
Forwarded from Tech & Leaks Zone
Nothing says that the Phone 3 reaches more than 60°C in benchmarking apps like 3D wildlife extreme tests because the phone doesn't have any bulky, multi-chamber cooling system as found in "gaming phones".
But with Google Pixels and iPhones, even without having any VC, the phones do not reach 60C. Clearly lack of optimization and thermal management but Nothing blamed it on the hardware lacking multi VC .
But with Google Pixels and iPhones, even without having any VC, the phones do not reach 60C. Clearly lack of optimization and thermal management but Nothing blamed it on the hardware lacking multi VC .
Forwarded from Hacker News
Electronic Frontier Foundation
Data Brokers are Selling Your Flight Information to CBP and ICE
For many years, data brokers have existed in the shadows, exploiting gaps in privacy laws to harvest our information—all for their own profit. They sell our precise movements without our knowledge or
Forwarded from XiaomiTime: Xiaomi & HyperOS News (IFTTT)
"Xiaomi's HyperCharge tech revolutionizes fast charging! - Adaptive voltage regulation for optimal energy transfer- Multi-cell architecture for rapid charging- Intelligent temperature control- Available up to 200W+ for flagship devices Experience quick, safe charging!"
🔗 Check More
🔗 Check More
XiaomiTime
What Is HyperCharge? Xiaomi's Fast Charging Tech Explained - XiaomiTime
Let’s break this down from a business angle. HyperCharge represents Xiaomi’s major push to differentiate in the ultra-competitive mobile market. It’s not just
Forwarded from #TBOT: Take Back Our Tech
Media is too big
VIEW IN TELEGRAM
⚡ From Skype to Surveillance: What’s Really Going On
On The Daily Pulse with Zeee Media, we talked about how Skype has quietly been shut down and users are now being funneled into Microsoft Teams—a platform with deeper integration, more data collection, and less transparency.
Meanwhile, Zoom records everything, and it’s no secret that your calls are being logged, stored, and potentially analyzed. But there are solutions. I shared some private, open-source alternatives that don’t treat your conversations like products.
You don’t have to settle for surveillance.
Watch the full show here: https://above.sh/GHXveM
—
🫶 @takebackourtech
📩 WEBSITE & NEWSLETTER | 🎥 VIDEOS| XMPP | SUBSTACK
On The Daily Pulse with Zeee Media, we talked about how Skype has quietly been shut down and users are now being funneled into Microsoft Teams—a platform with deeper integration, more data collection, and less transparency.
Meanwhile, Zoom records everything, and it’s no secret that your calls are being logged, stored, and potentially analyzed. But there are solutions. I shared some private, open-source alternatives that don’t treat your conversations like products.
You don’t have to settle for surveillance.
Watch the full show here: https://above.sh/GHXveM
—
🫶 @takebackourtech
📩 WEBSITE & NEWSLETTER | 🎥 VIDEOS| XMPP | SUBSTACK
Forwarded from Hacker News
Anthropic
Anthropic awarded $200M DOD agreement for AI capabilities
The U.S. Department of Defense (DOD), through its Chief Digital and Artificial Intelligence Office (CDAO), has awarded Anthropic a two-year prototype other transaction agreement with a $200 million ceiling. As part of the agreement, Anthropic will prototype…
Forwarded from It's FOSS
Why did my Arch update just eat 30 GB? 😩
Here's what happened.
https://itsfoss.com/aur-electron-update-issue/
Here's what happened.
https://itsfoss.com/aur-electron-update-issue/
It's FOSS
The Curious Case of AUR Fetching 30 GB for Electron Updates
No one has time for a 30 GB update, right?
No deleted account found from
64 scanned users from this group 🚫👻Forwarded from The Hacker News
🚨 The bait? Fake coding assignments.
North Korean hackers pushed 67 new malware-laced npm packages—over 17K downloads already.
They’re now using a stealthier loader called XORIndex to hijack dev machines, steal crypto, and drop Python backdoors.
Read → https://thehackernews.com/2025/07/north-korean-hackers-flood-npm-registry.html
North Korean hackers pushed 67 new malware-laced npm packages—over 17K downloads already.
They’re now using a stealthier loader called XORIndex to hijack dev machines, steal crypto, and drop Python backdoors.
Read → https://thehackernews.com/2025/07/north-korean-hackers-flood-npm-registry.html
Forwarded from The Hacker News
🚨 AsyncRAT didn’t just survive—it multiplied.
Since its 2019 GitHub release, this open-source trojan has spawned a swarm of powerful variants like DCRat and Venom RAT—stealing webcams, logging keystrokes, evading antivirus, and more.
Details here → https://thehackernews.com/2025/07/asyncrats-open-source-code-sparks-surge.html
Since its 2019 GitHub release, this open-source trojan has spawned a swarm of powerful variants like DCRat and Venom RAT—stealing webcams, logging keystrokes, evading antivirus, and more.
Details here → https://thehackernews.com/2025/07/asyncrats-open-source-code-sparks-surge.html