Jolla Releases Sailfish OS 5.0 With WireGuard VPN, Updated Android Compatibility - Phoronix
https://www.phoronix.com/news/Jolla-Sailfish-OS-5.0

Deep dive into the #Signal arbitrary deletion #vulnerability I discovered in Signal Desktop:

In Signal Desktop, attachments are stored in a designated folder (typically “attachments.noindex”). The deletion logic resolves this folder’s absolute path using fs.realpathSync, which inherently follows symbolic links.


https://nitter.poast.org/jipisback/status/1894682205500088793

https://x.com/jipisback/status/1894682205500088793

https://fixupx.com/jipisback/status/1894682205500088793

Oppo Pad 4 Pro Will Launch with Snapdragon 8 Elite in April
https://www.gizchina.com/2025/02/28/oppo-pad-4-pro-will-launch-with-snapdragon-8-elite-in-april/

A Serbian activist’s Android phone was unlocked using a zero-day exploit developed by Cellebrite.

This attack leveraged a vulnerability in Android USB drivers, enabling attackers to bypass lock screens.

Read the full article to uncover how this exploit was used: https://thehackernews.com/2025/02/amnesty-finds-cellebrites-zero-day.html

✨ Blur + Zoom Effect – Bring Smooth Transitions to Your Android!🔥

📱 This app enables a stylish Blur & Zoom effect on your wallpaper when closing apps, just like premium UI animations! Now experience smoother transitions on any device.

🔹 Original App by: Remember Studios
🔹 Translation by: SDW
📥 Download Now: From Here
👀 Preview : Watch here

📝 Note: This app was originally made in Chinese, and while I translated most of it, some text couldn’t be translated. Hope you still enjoy it! 😅🎭

📢 Stay Updated:
📍 🚀 @SuperDroidWorld
💬 Join the Discussion:
📍 💬 @SuperDroidChats

👊 Firefox Deletes Promise To Not Sell Personal Data
@takebackourtech

Firefox removed the following section from their FAQ:

Does Firefox sell your personal data?
Nope. Never have, never will. And we protect you from many of the advertisers who do. Firefox products are designed to protect your privacy. That's a promise.

The updated version:

Mozilla doesn't sell data about you (in the way that most people think about "selling data"), and we don't buy data about you. Since we strive for transparency, and the LEGAL definition of "sale of data" is extremely broad in some places, we've had to step back from making the definitive statements you know and love. We still put a lot of work into making sure that the data that we share with our partners (which we need to do to make Firefox commercially viable) is stripped of any identifying information, or shared only in the aggregate, or is put through our privacy preserving technologies (like OHTTP).

What do you think? Do you trust them?

You can learn about the web browsers I recommend in my latest webinar.

ORIGINAL ARTICLE
—
✌️ MORE POSTS | 🗯 CHAT GROUP | 📩 NEWSLETTER | XMPP
Follow 🫶 @takebackourtech

Mirror2RearUltra

Rear screen mirroring plugin/app for Xiaomi Mi 11 Ultra.

🔗 Links:
- Download
- Usage
- Source code
Developer: tpkarras

🏷️ Tags: #Android #Tools

Mozilla updates Firefox’s Terms of Use after user concerns over data rights.

The new revisions clarify that Mozilla doesn’t own your data—but the language change follows a wave of community criticism.

Read the full breakdown here: https://thehackernews.com/2025/03/mozilla-updates-firefox-terms-again.html

Microsoft is finally shutting down Skype in May

https://www.xda-developers.com/microsoft-killing-skype/

‘You Can’t Hide’: #Elon #Musk & #SpaceX Are Helping US Intelligence Build the World’s Largest Spy Satellite Network

Why are so many freedom loving, privacy aware people using a military contractor’s satellite service, and turning a blind eye to the surveillance grid he is co-creating with the U.S. military and intelligence?

https://www.thelastamericanvagabond.com/musk-space-x-satellite-network/

"Haunted by Legacy: Discovering and Exploiting Vulnerable #Tunnelling Hosts", 2025.

This paper is the first to systematically analyse the securityof tunnelling hosts on the IPv4 and IPv6 Internet. Our large-scale Internet-wide scans identified over 4 million hosts that
accept unencrypted tunnelling packets from any source.

This is concerning because vulnerable hosts can be abused asone-way proxies, and many of these hosts also allow an ad-versary to spoof a packet’s source address, enabling variouskinds of known and novel attacks.

Moreover, we also demon-strated that these vulnerable hosts enable novel DoS attacks,such as our TuTL and Ping-Pong attacks. The TuTL attack
is especially concerning since it can be abused to perform DoS attacks against any third-party host on the Internet.

Our measurements also show that many Autonomous Systems,more than four thousand in total, do not (properly) imple-ment source address filtering, thereby allowing the spoofing
of source IP addresses.

#Hosts #Vulnerability

📱 Scam by Apple as it created a plain-text protocol and said it protects user privacy.

The nature of SORM as a surveillance system built directly into telecommunications and internet infrastructure facilitates potential interception of a vast range of data and significantly reduces visibility into digital surveillance operations, almost certainly raising the risk of abuse for countries that have
historically conducted intrusive domestic surveillance with limited oversight.

As SORM provider VAS Experts notes, “the person who is being monitored cannot in any way determine that this is happening, just as the [service] provider does not know who the special service is following”.

In this, identifying deployments of SORM becomes more difficult compared to commercial off-the-shelf spyware tools,
such as Predator, which can be identified and traced via changes in infrastructure.

#SORM

Hackers exploit 16 zero-days on first day of Pwn2Own Automotive 2025
https://www.bleepingcomputer.com/news/security/hackers-exploit-16-zero-days-on-first-day-of-pwn2own-automotive-2025/

AMD reveals AMDGPU Composition Stack, a fork of Wayland's Weston compositor for advancing the Linux desktop | GamingOnLinux
https://www.gamingonlinux.com/2025/01/amd-reveals-amdgpu-composition-stack-a-fork-of-waylands-weston-compositor-for-advancing-the-linux-desktop/

g.co, Google's official URL shortcut, is compromised
(update: or Google Workspace's domain verification, see bottom) People are actively having their Google accounts stolen.

https://gist.github.com/zachlatta/f86317493654b550c689dc6509973aa4

Comments