Forwarded from The Hacker News
$1M in crypto gone—stolen by 150+ fake Firefox wallet extensions.
The scam: lookalike MetaMask, TronLink, Exodus add-ons that start clean… then turn malicious when no one’s watching.
Now spreading to Chrome. AI is helping them scale.
Full story → https://thehackernews.com/2025/08/greedybear-steals-1m-in-crypto-using.html
The scam: lookalike MetaMask, TronLink, Exodus add-ons that start clean… then turn malicious when no one’s watching.
Now spreading to Chrome. AI is helping them scale.
Full story → https://thehackernews.com/2025/08/greedybear-steals-1m-in-crypto-using.html
Forwarded from The Hacker News
🚨 RubyGems & PyPI under attack:
🔸 60 fake RubyGems stole social media logins (275K+ downloads)
🔸 PyPI fakes hijacked crypto staking wallets
Both hide credential-stealing code in legit-looking packages.
Details → https://thehackernews.com/2025/08/rubygems-pypi-hit-by-malicious-packages.html
🔸 60 fake RubyGems stole social media logins (275K+ downloads)
🔸 PyPI fakes hijacked crypto staking wallets
Both hide credential-stealing code in legit-looking packages.
Details → https://thehackernews.com/2025/08/rubygems-pypi-hit-by-malicious-packages.html
Forwarded from サイデクス
New version released:
https://github.com/sidex15/deviceidchanger/releases/tag/v1.1.0
Added support for ABX
https://github.com/sidex15/deviceidchanger/releases/tag/v1.1.0
Added support for ABX
GitHub
Release v1.1.0 · sidex15/deviceidchanger
Add support for Android Binary XML (ABX)
Change backup XML location to /sdcard/
Change backup XML location to /sdcard/
Forwarded from fatalcoder524
Finally!
ReLSPosed is released on GitHub!🎉
Finally an OSS LSPosed with hardened security and bug fixes!✅
https://github.com/ThePedroo/ReLSPosed
Show some love to Pedro by starting and using the module!❤️
ReLSPosed is released on GitHub!🎉
Finally an OSS LSPosed with hardened security and bug fixes!✅
https://github.com/ThePedroo/ReLSPosed
Show some love to Pedro by starting and using the module!❤️
GitHub
GitHub - ThePedroo/ReLSPosed: LSPosed Framework resuscitated
LSPosed Framework resuscitated. Contribute to ThePedroo/ReLSPosed development by creating an account on GitHub.
Forwarded from ThePedroo (Pedro)
I'm here to announce ReLSPosed has been finally F(L)OSSed. ReLSPosed is yet another (JingMatrix) LSPosed fork, however, it has a detection-hardened dex2oat: https://github.com/ThePedroo/ReLSPosed
Dex2Oat is an Android system that optimizes to machine code the dex files of an app, trading space for performance. LSPosed overlays dex2oat to, when optimizing/making the
However, the problem lies in that process not having any checks for denylist, ending up not inlining for all apps. This is not a good approach, since it can be detected through
Efforts had been made in JingMatrix LSPosed to fix that, however the fix is not stable across Dex2Oat from devices, ending up not working for some people, rendering it useless for those.
By verifying whether the app is in the DenyList or not, and only injecting and not inlining when it is NOT in the DenyList, we can fix both detections with simple code. This is what was made in ReLSPosed.
l will show you what I want to show you.
It doesn't matter what happened through.
Care for this moment, the one we appreciate,
One day, this all fades away, it deprecates.
Dex2Oat is an Android system that optimizes to machine code the dex files of an app, trading space for performance. LSPosed overlays dex2oat to, when optimizing/making the
oat files, not inline functions, so that they can be hooked, if any XPosed modules needs to.However, the problem lies in that process not having any checks for denylist, ending up not inlining for all apps. This is not a good approach, since it can be detected through
oat parsing or even simple analysis in the generated oat. Not only that, but because a new comment is injected, it leaks into the oat too.Efforts had been made in JingMatrix LSPosed to fix that, however the fix is not stable across Dex2Oat from devices, ending up not working for some people, rendering it useless for those.
By verifying whether the app is in the DenyList or not, and only injecting and not inlining when it is NOT in the DenyList, we can fix both detections with simple code. This is what was made in ReLSPosed.
l will show you what I want to show you.
It doesn't matter what happened through.
Care for this moment, the one we appreciate,
One day, this all fades away, it deprecates.
GitHub
GitHub - ThePedroo/ReLSPosed: LSPosed Framework resuscitated
LSPosed Framework resuscitated. Contribute to ThePedroo/ReLSPosed development by creating an account on GitHub.
Forwarded from The Hacker News
🚨 Stolen logins are now the #1 way hackers break in — beating phishing & software flaws.
Many still work. Attackers don’t need exploits when they can just log in.
Think your passwords are safe? You might want to check.
Full report → https://thehackernews.com/2025/08/leaked-credentials-up-160-what.html
Many still work. Attackers don’t need exploits when they can just log in.
Think your passwords are safe? You might want to check.
Full report → https://thehackernews.com/2025/08/leaked-credentials-up-160-what.html
#A16 #Official #TD #GSI #DerpFest #AOSP
Build Date: 2025 08 08
August Security Patch
DerpFest 16.0 | A16 QPR0 | TREBLE GSI OFFICIAL-signed
Changelog:
SCREENSHOTS - LINK
SUPPORT GROUP - LINK
Maintainer: Doze-off
Download: LINK
@TrebleGsis_PrivacySecure_Chat
@TrebleGsis_PrivacySecure_Channel
Build Date: 2025 08 08
August Security Patch
DerpFest 16.0 | A16 QPR0 | TREBLE GSI OFFICIAL-signed
Changelog:
Sync latest source of DerpFestNote
DerpFestCustomizations: User-selectable PIF
DerpFestCustomizations: Transparent notification toggle
DerpFestCustomizations: Allow easy tapping for button comfort + disable statusbar in lockscreen
OTA implemented
Performance adjustments, smoother system, and touch improvement to 165Hz
More fixes for RIL
4G+ enabled by default...
circle to search works depending on your device as the feature has not been fully implemented
You have an option to update via manual OTA in the Treble app, just by downloading the .xz file and selecting it manually. (But the OTA breaks the DSU sideloader whenever you install an image it restarts on the same system, be aware of this when updating via OTA)
SCREENSHOTS - LINK
SUPPORT GROUP - LINK
Maintainer: Doze-off
Download: LINK
@TrebleGsis_PrivacySecure_Chat
@TrebleGsis_PrivacySecure_Channel
This thread is getting some bumps lately (R > 100)
China just dropped an open source OCR LLM with 1.7 billion parameters:
https://huggingface.co/rednote-hilab/dots.ocr
What does China gain by releasing so many models for free? What are they trying to accomplish?
https://boards.4chan.org/g/thread/106160457
China just dropped an open source OCR LLM with 1.7 billion parameters:
https://huggingface.co/rednote-hilab/dots.ocr
What does China gain by releasing so many models for free? What are they trying to accomplish?
https://boards.4chan.org/g/thread/106160457
huggingface.co
rednote-hilab/dots.ocr · Hugging Face
We’re on a journey to advance and democratize artificial intelligence through open source and open science.
Forwarded from cKure
■■■□□ German security researchers say 'Windows Hell No' to Microsoft biometrics for biz.
https://www.theregister.com/2025/08/07/windows_hello_hell_no/
https://www.theregister.com/2025/08/07/windows_hello_hell_no/
The Register
German security researchers say 'Windows Hell No' to Microsoft biometrics for biz
Black Hat: Hello loophole could let a rogue admin, or a pwned one, inject new facial scans
Forwarded from Bones' Tech Garage
🤦 It never ceases to amaze me just how much Microsoft hates it's users.
https://news.itsfoss.com/microsoft-recall-fails-again/
https://news.itsfoss.com/microsoft-recall-fails-again/
It's FOSS
Microsoft Recall Exposes Passwords and Banking Data!
New tests reveal Microsoft Recall still screenshots sensitive data.
Forwarded from #TBOT: Take Back Our Tech
Media is too big
VIEW IN TELEGRAM
⚡️Update on the Monero Attack
Its been about a week since Qubic started its attack on Monero, which would begin on August 2nd. Although the attack failed to gain its 51% attack over Monero, they've decided to mine Monero regularly.
The attack began with some drama —Qubic claimed their network was hit by a DDoS, slowing the start, although no one has confirmed any evidence of a DDOS attack.
They mined 20% of Monero’s blocks in 24 hours. If you choose to believe it, Qubic’s data shows an all-time-high hashrate of 2.6 GH/s, holding it for ~12 hours—about 35–45% of Monero’s total hashrate.
Monero Research Lab’s Rucknium released a tool to visualize “orphaned blocks”—blocks mined almost at the same time, forcing the network to choose a chain.
If you care about Monero’s future, mine with Gupax—it’s never been easier.
📖 Read full article on Substack
🎙 Follow the show
🛡 Back to School Tech Awareness Webinar. Register here.
Its been about a week since Qubic started its attack on Monero, which would begin on August 2nd. Although the attack failed to gain its 51% attack over Monero, they've decided to mine Monero regularly.
The attack began with some drama —Qubic claimed their network was hit by a DDoS, slowing the start, although no one has confirmed any evidence of a DDOS attack.
They mined 20% of Monero’s blocks in 24 hours. If you choose to believe it, Qubic’s data shows an all-time-high hashrate of 2.6 GH/s, holding it for ~12 hours—about 35–45% of Monero’s total hashrate.
Monero Research Lab’s Rucknium released a tool to visualize “orphaned blocks”—blocks mined almost at the same time, forcing the network to choose a chain.
If you care about Monero’s future, mine with Gupax—it’s never been easier.
📖 Read full article on Substack
🎙 Follow the show
🛡 Back to School Tech Awareness Webinar. Register here.
Forwarded from The Hacker News
🚨 Brazil hit by two cyber threats:
1️⃣ Hackers using AI-built fake gov sites to steal IDs + cash via PIX.
2️⃣ Efimer Trojan spreading via fake legal emails, torrents & WordPress hacks — swapping crypto wallets + stealing funds.
How both attacks work → https://thehackernews.com/2025/08/ai-tools-fuel-brazilian-phishing-scam.html
1️⃣ Hackers using AI-built fake gov sites to steal IDs + cash via PIX.
2️⃣ Efimer Trojan spreading via fake legal emails, torrents & WordPress hacks — swapping crypto wallets + stealing funds.
How both attacks work → https://thehackernews.com/2025/08/ai-tools-fuel-brazilian-phishing-scam.html