Forwarded from The Hacker News
🚨 Google just launched OSS Rebuild—a powerful weapon against open-source supply chain attacks.
It rebuilds & verifies packages independently, catching tampered code others miss.
No extra work for maintainers.
Full details ↓ https://thehackernews.com/2025/07/google-launches-oss-rebuild-to-expose.html
It rebuilds & verifies packages independently, catching tampered code others miss.
No extra work for maintainers.
Full details ↓ https://thehackernews.com/2025/07/google-launches-oss-rebuild-to-expose.html
Forwarded from Android Security & Malware
Insecure authentication due to missing brute-force protection and runtime manipulation in Two App Studio Journey v5.5.9 for iOS (CVE-2025-41459)
Journey is a journaling app for iOS that stores personal entries and media
https://cirosec.de/en/news/vulnerability-in-two-app-studio-journey/
Journey is a journaling app for iOS that stores personal entries and media
https://cirosec.de/en/news/vulnerability-in-two-app-studio-journey/
cirosec
Vulnerability in Two App Studio Journey (CVE-2025-41459) - cirosec
July 21, 2025 - Journey is a journaling app for iOS that stores personal entries and media.
Forwarded from The Hacker News
🚨 Most “critical” CVEs aren’t even exploitable in your app.
Security teams are drowning in false positives—because most scanners ignore whether the vulnerable function actually runs.
Function-level runtime reachability changes everything.
Here’s what it gets right ↓ https://thehackernews.com/expert-insights/2025/07/everything-to-know-about-runtime.html
Security teams are drowning in false positives—because most scanners ignore whether the vulnerable function actually runs.
Function-level runtime reachability changes everything.
Here’s what it gets right ↓ https://thehackernews.com/expert-insights/2025/07/everything-to-know-about-runtime.html
Forwarded from The Hacker News
Overexposed to risk with public images?
Get ActiveState's free secure containers—rebuilt, scanned, and now on Docker Hub.
🛡️ Cut out CVEs and patching hassle. Just pull, trust, and deploy: https://thn.news/activestate-dockerhuby
Get ActiveState's free secure containers—rebuilt, scanned, and now on Docker Hub.
🛡️ Cut out CVEs and patching hassle. Just pull, trust, and deploy: https://thn.news/activestate-dockerhuby
Forwarded from GSMArena (IFTTT)
Redmi 15 5G specs leak: 6.9" 144Hz display, huge battery and a surprising chipset
https://ift.tt/0uQTMFh
https://ift.tt/0uQTMFh
GSMArena.com
Redmi 15 5G specs leak: 6.9" 144Hz display, huge battery and a surprising chipset
If this leak pans out, the Redmi 15 5G will have much better hardware than previous iterations of the series. We’ve been seeing leaks for a 4G-connected...
Forwarded from The Hacker News
🚨 This Windows trojan just became the first to weaponize Microsoft’s accessibility tools.
The Coyote malware is stealing banking and crypto logins from 75+ institutions—by reading what’s on your screen.
Here’s how it works → https://thehackernews.com/2025/07/new-coyote-malware-variant-exploits.html
The Coyote malware is stealing banking and crypto logins from 75+ institutions—by reading what’s on your screen.
Here’s how it works → https://thehackernews.com/2025/07/new-coyote-malware-variant-exploits.html
Forwarded from The Hacker News
🚨 Most Kerberoasting attacks still bypass detection—despite being a 10+ year-old threat.
Why? Legacy tools miss subtle, low-and-slow attacks.
@BeyondTrust just built a statistical model that spots what rules-based tools can’t—with fewer false positives.
How it works ↓ https://thehackernews.com/2025/07/kerberoasting-detections-new-approach.html
Why? Legacy tools miss subtle, low-and-slow attacks.
@BeyondTrust just built a statistical model that spots what rules-based tools can’t—with fewer false positives.
How it works ↓ https://thehackernews.com/2025/07/kerberoasting-detections-new-approach.html
Forwarded from Hacker News
Forwarded from GSMArena (IFTTT)
Realme Note 70T listed on European retailer: 50+13MP cameras, 6,000mAh battery
https://ift.tt/mwIKaSM
https://ift.tt/mwIKaSM
GSMArena.com
Realme Note 70T listed on European retailer: 50+13MP cameras, 6,000mAh battery
Some details had leaked over the last couple of weeks, now almost everything has been revealed. After a couple of weeks of leaks, the Realme Note 70T is...
Forwarded from Mishaal's Android News Feed
📱❤️🖥 Microsoft is testing new features to make your Android phone work better with Windows PCs
New Phone Link features allow users to remotely lock and access their PC’s clipboard from their Android phone
More details👇
🔗 https://www.androidauthority.com/phone-link-clipboard-remote-lock-3580203/
New Phone Link features allow users to remotely lock and access their PC’s clipboard from their Android phone
More details👇
🔗 https://www.androidauthority.com/phone-link-clipboard-remote-lock-3580203/
Android Authority
Microsoft is testing new features to make your Android phone work better with Windows PCs
Microsoft is testing new features in Phone Link that make it easier to remotely access and control your Windows PC from your Android phone.
Forwarded from Gizchina.com
TECNO Spark 40 Pro+ Review: Surprisingly Capable, Unapologetically Budget
https://www.gizchina.com/2025/07/23/tecno-spark-40-pro-review-surprisingly-capable-unapologetically-budget/
https://www.gizchina.com/2025/07/23/tecno-spark-40-pro-review-surprisingly-capable-unapologetically-budget/
Forwarded from #TBOT: Take Back Our Tech
Media is too big
VIEW IN TELEGRAM
⚡️First eSIM Hack Hints at Phone Backdoors
A Polish security lab just hacked the eUICC—the chip that manages SIMs and stores carrier secrets. They targeted IoT devices running Kigen OS, which powers over 2 billion SIMs worldwide. By exploiting insecure Java applets, they gained access to protected memory, cloned SIMs, and exposed sensitive data that was supposed to stay locked away.
Read full article on Substack.
Even worse, Oracle shrugged off responsibility. Vulnerable Java Card setups could exist across major devices—Samsung, Apple, and possibly others.
This is why we built Above DataSIM. It skips phone numbers and SMS entirely, eliminating the usual attack surface. Pair it with Above Phone, which runs GrapheneOS out of the box, and a VPN, and you’ve got layered, resilient protection against emerging threats like this one.
🤖 Follow the show
👩💻 Get private phones, laptops, and tablets
📲 Learn more on our webinars
🏫 Sign up for our back to school webinar
A Polish security lab just hacked the eUICC—the chip that manages SIMs and stores carrier secrets. They targeted IoT devices running Kigen OS, which powers over 2 billion SIMs worldwide. By exploiting insecure Java applets, they gained access to protected memory, cloned SIMs, and exposed sensitive data that was supposed to stay locked away.
Read full article on Substack.
Even worse, Oracle shrugged off responsibility. Vulnerable Java Card setups could exist across major devices—Samsung, Apple, and possibly others.
This is why we built Above DataSIM. It skips phone numbers and SMS entirely, eliminating the usual attack surface. Pair it with Above Phone, which runs GrapheneOS out of the box, and a VPN, and you’ve got layered, resilient protection against emerging threats like this one.
🤖 Follow the show
👩💻 Get private phones, laptops, and tablets
📲 Learn more on our webinars
🏫 Sign up for our back to school webinar
Forwarded from Bones' Tech Garage
Just no... Bad idea, but we've come to expect that.
https://www.xda-developers.com/microsoft-teams-mercedes-benz/
https://www.xda-developers.com/microsoft-teams-mercedes-benz/
XDA
Joining a Microsoft Teams call while driving sounds like a terrible idea, but Mercedes-Benz thinks it can make it work
"Yeah, pause the meeting real quick, I'm next in the drive-thru."