Are VPNs even safe now Hacker Explains
Duration : 30:20

#Linux #gnome GTK X11 backend deprecated
https://gitlab.gnome.org/GNOME/gtk/-/merge_requests/8060

A 7-Zip vulnerability allowing attackers to bypass the Mark of the Web (MotW) Windows security feature was exploited by Russian hackers as a zero-day since September 2024.

According to Trend Micro researchers, the flaw was used in SmokeLoader malware campaigns targeting the Ukrainian government and private organizations in the country.

The Mark of the Web is a Windows security feature designed to warn users that the file they're about to execute comes from untrusted sources, requesting a confirmation step via an additional prompt. Bypassing MoTW allows malicious files to run on the victim's machine without a warning.

When downloading documents and executables from the web or received as an email attachment, Windows adds a special 'Zone.Id' alternate data stream called the Mark-of-the-Web (MoTW) to the file.

When attempting to open a downloaded file, Windows will check if a MoTW exists and, if so, display additional warnings to the user, asking if they are sure they wish to run the file. Similarly, when opening a document in Word or Excel with a MoTW flag, Microsoft Office will generate additional warnings and turn off macros.

MoTW warnings in Windows
Source: BleepingComputer
As the Mark of the Web security features prevent dangerous files from automatically running, threat actors commonly attempt to find MoTW bypasses so their files automatically run and execute.

For years, cybersecurity researchers requested 7-Zip add support for the Mark of the Web, but it was only in 2022 that support for the feature was finally added.....

https://www.bleepingcomputer.com/news/security/7-zip-motw-bypass-exploited-in-zero-day-attacks-against-ukraine/

Used a PDF in a private group to lure people into...

Tehran, IRNA - An official with Meta Platforms' (META.O) said the Israeli spyware company Paragon Solutions has hacked the popular WhatsApp targeting scores of its users, including journalists and members of civil society.

The official said on Friday "WhatsApp had sent Paragon a cease-and-desist letter following the hack," the official told Reuters on Friday.
In a statement, WhatsApp said the company "will continue to protect people's ability to communicate privately".

The WhatsApp official further told Reuters it had detected an effort to hack approximately 90 users.

The official declined to say who, specifically, was targeted, but he said those targeted were based in more than two dozen countries, including several people in Europe.

He said WhatsApp users were sent malicious electronic documents that required no user interaction to compromise their targets, a so-called zero-click hack that is considered particularly stealthy.

https://en.irna.ir/news/85735967/WhatsApp-hacked-by-Israel-s-spyware-company-Paragon-Meta-says

Qubes-OS has a neat feature where you convert a pdf in a disposable VM to a bitmap which is probably the safest way.
https://blog.invisiblethings.org/2013/02/21/converting-untrusted-pdfs-into-trusted.html
https://github.com/QubesOS/qubes-app-linux-pdf-converter

Hackers Claim Massive Breach of Location Data Giant, Threaten to Leak Data

Gravy Analytics has been one of the most important companies in the location data industry for years, collating smartphone location data from around the world selling some to the U.S. government. Hackers say they stole a mountain of data.

Hackers claim to have compromised Gravy Analytics, the parent company of Venntel which has sold masses of smartphone location data to the U.S. government.  The hackers said they have stolen a massive amount of data, including customer lists, information on the broader industry, and even location data harvested from smartphones which show peoples’ precise movements, and they are threatening to publish the data publicly.

The news is a crystalizing moment for the location data industry. For years, companies have harvested location information from smartphones, either through ordinary apps or the advertising ecosystem, and then built products based on that data or sold it to others.

In many cases, those customers include the U.S. government, with arms of the military, DHS, the IRS, and FBI using it for various purposes. But collecting that data presents an attractive target to hackers....

https://www.404media.co/hackers-claim-massive-breach-of-location-data-giant-threaten-to-leak-data/

https://www.wired.com/story/gravy-location-data-app-leak-rtb/

Net Switch: Isolate Apps from Internet Access

Net Switch is a Magisk module to isolate apps from accessing the internet on your Android device. This tool gives you complete control over which apps can send or receive data, improving security, privacy, and saving bandwidth.
Fully standalone, Operates fully on iptables.

More info :https://github.com/Rem01Gaming/net-switch

#magisk #firewall #privacy #afwallalterernative

■□□□□ New Attack Technique to Bypassing EDR as Low Privileged Standard User.

https://cybersecuritynews.com/bypassing-edr-as-standard-user/

Cloudflare Is Blocking Pale Moon and other non-mainstream browsers (🔥 Score: 159+ in 2 hours)

Link: https://readhacker.news/c/6nAUW

Hello.
Cloudflare's Browser Intergrity Check/Verification/Challenge feature used by many websites, is denying access to users of non-mainstream browsers like Pale Moon.
Users reports began on January 31:
https://forum.palemoon.org/viewtopic.php?f=3&t=32045
This situation occurs at least once a year, and there is no easy way to contact Cloudflare. Their "Submit feedback" tool yields no results. A Cloudflare Community topic was flagged as "spam" by members of that community and was promptly locked with no real solution, and no official response from Cloudflare:
https://community.cloudflare.com/t/access-denied-to-pale-moon-desktop-browser/764330
Partial list of other browsers that are being denied access:
Falkon, SeaMonkey, IceCat, Basilisk.
Hacker News 2022 post about the same issue, which brought attention and had Cloudflare quickly patching the issue:
https://news.ycombinator.com/item?id=31317886
A Cloudflare product manager declared back then: "...we do not want to be in the business of saying one browser is more legitimate than another."
As of now, there is no official response from Cloudflare. Internet access is still denied by their tool.

FeedDemon
Fluent Reader
Fraidycat
LeechCraft *
QuiteRSS
Raven Reader
RSS Bandit
RSS Guard *
RSSOwl
RSSOwlnix
SharpReader
Spot-On *

* Recommended

https://leechcraft.org/
https://textbrowser.github.io/spot-on/

Owner of spyware used in alleged WhatsApp breach ends contract with Italy.

https://www.theguardian.com/technology/2025/feb/06/owner-of-spyware-used-in-alleged-whatsapp-breach-ends-contract-with-italy

Spyware maker Paragon terminates contract with Italian government: media reports | TechCrunch

"Paragon Solutions, a startup that sells access to surveillance technologies including phone spyware, has cut ties with the Italian government, according to reports in The Guardian and Haaretz.

On Thursday, citing an anonymous source, The Guardian reported Paragon had first suspended its contract with Italy on Friday after WhatsApp said it had disrupted a hacking campaign leveraging the Israeli startup’s spyware targeting around 90 people. On Wednesday, Paragon terminated the contract once the company determined that the Italian government had broken “the terms of service and ethical framework it had agreed under its Paragon contract,” according to the British newspaper."

#Paragon #ParagonGraphite #Italy

Nitter.net is coming back.
https://github.com/zedeus/nitter/discussions/1212

■■□□□ ”Torrenting from a corporate laptop doesn’t feel right”: Meta emails unsealed.

https://arstechnica.com/tech-policy/2025/02/meta-torrented-over-81-7tb-of-pirated-books-to-train-ai-authors-say/

Nepenthes
This is a tarpit intended to catch web crawlers. Specifically, it's targetting crawlers that scrape data for LLM's - but really, like the plants it is named after, it'll eat just about anything that finds it's way inside.

It works by generating an endless sequences of pages, each of which with dozens of links, that simply go back into a the tarpit. Pages are randomly generated, but in a deterministic way, causing them to appear to be flat files that never change. Intentional delay is added to prevent crawlers from bogging down your server, in addition to wasting their time. Lastly, optional Markov-babble can be added to the pages, to give the crawlers something to scrape up and train their LLMs on, hopefully accelerating model collapse.
You can take a look at what this looks like, here. (Note: VERY slow page loads!)

WARNING
THIS IS DELIBERATELY MALICIOUS SOFTWARE INTENDED TO CAUSE HARMFUL ACTIVITY. DO NOT DEPLOY IF YOU AREN'T FULLY COMFORTABLE WITH WHAT YOU ARE DOING.

ANOTHER WARNING
LLM scrapers are relentless and brutual. You may be able to keep them at bay with this software - but it works by providing them with a neverending stream of exactly what they are looking for. YOU ARE LIKELY TO EXPERIENCE SIGNIFICANT CONTINUOUS CPU LOAD, ESPECIALLY WITH THE MARKOV MODULE ENABLED.

YET ANOTHER WARNING
There is not currently a way to differentiate between web crawlers that are indexing sites for search purposes, vs crawlers that are training AI models. ANY SITE THIS SOFTWARE IS APPLIED TO WILL LIKELY DISAPPEAR FROM ALL SEARCH RESULTS.

https://zadzmo.org/code/nepenthes/