Forwarded from XIAOMI Fuckups
🚨 Xiaomi Watch Users, You've Been Played 🚨
Credits: @minatiscape
Remember when Xiaomi promised built-in AI on your HyperOS smartwatch? Turns out, instead of the on-device AI, your queries and images are now sent straight to some third-party service called *AI Zone* – because clearly nothing says “trust” in handing your personal data to a mystery provider you’ve never heard of.
Even better? It's now $4/month for the privilege. That’s right – they stripped out the feature (meant to be free), outsourced it, slapped a price tag on it, and called it a day. The FAQ section notes that:
• Q/A is 10 times free use
• Watch Face is 20 times free use
And the cherry on top? Some users report even the “trial” doesn’t work. Peak Ximi moment. Also, for the voice recognition feature which later costs 4$/month, you need to speak slowly for better success rates.
Enjoy the ✨AI experience✨ – brought to you by a company that's, not.... Xiaomi.
(Follow @XiaomiFuckup for more new discoveries!)
Credits: @minatiscape
Remember when Xiaomi promised built-in AI on your HyperOS smartwatch? Turns out, instead of the on-device AI, your queries and images are now sent straight to some third-party service called *AI Zone* – because clearly nothing says “trust” in handing your personal data to a mystery provider you’ve never heard of.
Even better? It's now $4/month for the privilege. That’s right – they stripped out the feature (meant to be free), outsourced it, slapped a price tag on it, and called it a day. The FAQ section notes that:
• Q/A is 10 times free use
• Watch Face is 20 times free use
And the cherry on top? Some users report even the “trial” doesn’t work. Peak Ximi moment. Also, for the voice recognition feature which later costs 4$/month, you need to speak slowly for better success rates.
Enjoy the ✨AI experience✨ – brought to you by a company that's, not.... Xiaomi.
(Follow @XiaomiFuckup for more new discoveries!)
Forwarded from XIAOMI Fuckups
Did you know HyperOS China now thinks you’re a bot?
You tap “Install APK” nine times today and suddenly the OS demands you solve a jigsaw puzzle to prove your humanity, because nothing screams “modern UX” like captcha-gating your users from app installations.
Your trusty Telegram? Nope, Risk verification first. Slide the puzzle piece into place, unlock the Narendra Modi tears, then maybe you’ll earn the right to install one more app.
All aboard the Quantum Install Blocker™, where your phone decides you’re too active, too curious, and definitely not a developer.
And people say China HyperOS bhai goated af.
Reports claim that Azerbaijan Technology is working to bypass this captcha through the use of LLM (Lotta Lil Moneys) technology.
(Follow @XiaomiFuckup for more new discoveries!)
You tap “Install APK” nine times today and suddenly the OS demands you solve a jigsaw puzzle to prove your humanity, because nothing screams “modern UX” like captcha-gating your users from app installations.
Your trusty Telegram? Nope, Risk verification first. Slide the puzzle piece into place, unlock the Narendra Modi tears, then maybe you’ll earn the right to install one more app.
All aboard the Quantum Install Blocker™, where your phone decides you’re too active, too curious, and definitely not a developer.
And people say China HyperOS bhai goated af.
Reports claim that Azerbaijan Technology is working to bypass this captcha through the use of LLM (Lotta Lil Moneys) technology.
(Follow @XiaomiFuckup for more new discoveries!)
Forwarded from Android Security & Malware
How To Turn Old Android Smartphone into Travel Router With NAS
https://www.mobile-hacker.com/2025/07/21/how-to-turn-old-android-smartphone-into-travel-router-with-nas/
https://www.mobile-hacker.com/2025/07/21/how-to-turn-old-android-smartphone-into-travel-router-with-nas/
Mobile Hacker
How To Turn Old Android Smartphone into Travel Router With NAS Mobile Hacker
It’s not perfect, but it works—a clever DIY project that blends portability, privacy, and practicality.
Forwarded from Android Security & Malware
Android Misconfiguration Leading to Task Hijacking in Caller ID app with 10M+ installs (CVE-2025-7889) + demo
https://github.com/KMov-g/androidapps/blob/main/caller.id.phone.number.block.md
https://github.com/KMov-g/androidapps/blob/main/caller.id.phone.number.block.md
GitHub
androidapps/caller.id.phone.number.block.md at main · KMov-g/androidapps
Contribute to KMov-g/androidapps development by creating an account on GitHub.
Forwarded from Android Security & Malware
Lookout Discovers Massistant Chinese Mobile Forensic Tooling
https://www.lookout.com/threat-intelligence/article/massistant-chinese-mobile-forensics
https://www.lookout.com/threat-intelligence/article/massistant-chinese-mobile-forensics
Lookout
Lookout Discovers Massistant Chinese Mobile Forensic Tooling | Threat Intel
Massistant is a mobile forensics application used by law enforcement in China to collect extensive information from mobile devices.
Forwarded from The Hacker News
🔥 ALERT ➟ Microsoft issues urgent security patches for critical SharePoint RCE flaw (CVE-2025-53770), now under active exploitation worldwide.
Hackers are bypassing MFA, stealing keys, and targeting banks, government agencies, hospitals & more.
Details → https://thehackernews.com/2025/07/microsoft-releases-urgent-patch-for.html
If your SharePoint is on-prem and internet-facing—assume compromise. Patching alone won’t evict the threat.
🛡️ Urgent steps: Patch, rotate machine keys, restart IIS.
Hackers are bypassing MFA, stealing keys, and targeting banks, government agencies, hospitals & more.
Details → https://thehackernews.com/2025/07/microsoft-releases-urgent-patch-for.html
If your SharePoint is on-prem and internet-facing—assume compromise. Patching alone won’t evict the threat.
🛡️ Urgent steps: Patch, rotate machine keys, restart IIS.
Forwarded from The Hacker News
🚨 HPE Wi-Fi gear shipped with hardcoded admin logins.
CVE-2025-37103 scores 9.8/10—no password needed to hijack your network.
It can be chained with a second bug for full system takeover.
Full details → https://thehackernews.com/2025/07/hard-coded-credentials-found-in-hpe.html
CVE-2025-37103 scores 9.8/10—no password needed to hijack your network.
It can be chained with a second bug for full system takeover.
Full details → https://thehackernews.com/2025/07/hard-coded-credentials-found-in-hpe.html
Forwarded from The Hacker News
🚨 Over 3,500 websites hijacked to secretly mine crypto — just by visiting them.
The stealthy JavaScript miner hides in plain sight, adjusts intensity based on your device, and runs silently in the background.
It's linked to credit card theft too.
Read ↓ https://thehackernews.com/2025/07/3500-websites-hijacked-to-secretly-mine.html
The stealthy JavaScript miner hides in plain sight, adjusts intensity based on your device, and runs silently in the background.
It's linked to credit card theft too.
Read ↓ https://thehackernews.com/2025/07/3500-websites-hijacked-to-secretly-mine.html
Forwarded from The Hacker News
🚨 Hackers are bypassing FIDO keys—without breaking them.
A new phishing trick fools users into scanning legit QR codes, handing attackers full access.
The worst part? It abuses a real cross-device sign-in feature.
How PoisonSeed pulls it off ↓ https://thehackernews.com/2025/07/poisonseed-hackers-bypass-fido-keys.html
A new phishing trick fools users into scanning legit QR codes, handing attackers full access.
The worst part? It abuses a real cross-device sign-in feature.
How PoisonSeed pulls it off ↓ https://thehackernews.com/2025/07/poisonseed-hackers-bypass-fido-keys.html
Forwarded from The Hacker News
🚨 Over 80% of orgs are adopting Zero Trust by 2026—but AI is rewriting the playbook.
Predictive models block threats. Generative AI speeds triage. Agentic AI enforces policies autonomously.
The catch? Human oversight still makes or breaks security.
Learn more ↓ https://thehackernews.com/2025/07/assessing-role-of-ai-in-zero-trust.html
Predictive models block threats. Generative AI speeds triage. Agentic AI enforces policies autonomously.
The catch? Human oversight still makes or breaks security.
Learn more ↓ https://thehackernews.com/2025/07/assessing-role-of-ai-in-zero-trust.html
Forwarded from The Hacker News
⚠️ Zero-days are hitting faster than teams can patch.
→ SharePoint & Chrome under active attack
→ Hackers exploit NVIDIA, SQLite, CrushFTP
→ $2.17B stolen in crypto so far this year
→ AI just stopped a real-world exploit before humans did
This week proves: No system is safe.
Full recap → https://thehackernews.com/2025/07/weekly-recap-sharepoint-0-day-chrome.html
→ SharePoint & Chrome under active attack
→ Hackers exploit NVIDIA, SQLite, CrushFTP
→ $2.17B stolen in crypto so far this year
→ AI just stopped a real-world exploit before humans did
This week proves: No system is safe.
Full recap → https://thehackernews.com/2025/07/weekly-recap-sharepoint-0-day-chrome.html
Forwarded from GSMArena (IFTTT)
The vanilla Huawei Pura 80 pre-sales are starting on Wednesday, chipset leaks too
https://ift.tt/AoeyuG1
https://ift.tt/AoeyuG1
GSMArena.com
The vanilla Huawei Pura 80 pre-sales are starting on Wednesday, chipset leaks too
The vanilla model arrives over a month after the rest of the Pura 80 family launched in China. The vanilla Huawei Pura 80 is late to the party – the rest...