FacePass Breach Exposes 1.6M Biometric and ID Records

The recent breach at #FacePass, a Brazilian facial recognition and identification app, has exposed deep vulnerabilities in the growing digital ID ecosystem. Over 1.6 million files containing sensitive user data and internal system credentials were left unsecured in a misconfigured Amazon Web Services (AWS) S3 bucket, according to cybersecurity researchers at Cybernews.

The exposed data includes national identity numbers, facial verification selfies, full names, CPF tax IDs, phone numbers, and AWS access credentials — painting a troubling picture of both individual and systemic risk.

As Brazil moves rapidly toward integrating #biometric verification and #DigitalID into its national infrastructure, this incident highlights how fragile such digital identity systems can be, especially as more and more countries are pushing to implement the controversial system.

Via @reclaimthenet
#Brazil

Good advice but I would add the core matters. Debian/Ubuntu is your best bet if you are starting out.

A simple breakdown every distro is based on one of three cores that they were created from.

1. Debian/Ubuntu - Stable, only security updates are pushed. Point Upgrades are done to the OS on a yearly or long term schedule.

2. Arch - Bad for beginners prone to regression (bugs and crashes). Usually rolling release which means the OS is updated constantly. Falling behind those updates usually causes problems.

3. Fedora/RHEL - Stable, meant for workstations and professional use. Follows a security update only style release and point upgrades. There are some rolling release so care is needed when choosing from this line.

https://www.howtogeek.com/new-to-linux-focus-on-the-desktop-environment-not-the-distro/

Organic Maps migrates to Forgejo due to GitHub account blocked by Microsoft
Article, Comments

GitHub CodeQL Actions Critical Supply Chain Vulnerability (CodeQLEAKED)
Article, Comments

Introduction to System Programming in Linux (Early Access)
Article, Comments

Microsoft is removing the script used to avoid Microsoft Account in Windows 11

Microsoft has removed the BypassNRO.cmd script in its latest Windows 11 Insider Dev build, that previously enabled users to bypass the Microsoft Account setup requirement, in order to "enhance security and user experience."

This change will likely be pushed to production versions within weeks.

However, Microsoft has not yet removed the BypassNRO Registry value, so this command can be used to skip Microsoft account during setup:

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\OOBE /v BypassNRO /t REG_DWORD /d 1 /f shutdown /r /t 0”

🔗 BleepingComputer
🧑‍💻 @agamtechtricks

🚨 Russia-linked hackers Gamaredon are using fake war docs to drop Remcos RAT on Ukrainian systems.

🪤 ZIP → LNK → PowerShell → DLL side-loading → full access

Meanwhile, another phishing op is posing as the CIA to trick pro-Ukraine Russians into handing over personal info via Google Forms.

Two fronts. One strategy.

Learn more: https://thehackernews.com/2025/03/russia-linked-gamaredon-uses-troop.html

Discover the Top 10 Features of HarmonyO 5: Smart, Fast, and Convenient
https://www.gizchina.com/2025/03/30/discover-the-top-10-features-of-harmonyo-5-smart-fast-and-convenient/

DeepSeek surpasses ChatGPT in monthly visits, ranks third globally
https://www.gizchina.com/2025/03/31/deepseek-surpasses-chatgpt/

How to stop your Android phone from secretly tracking you
https://www.gizchina.com/2025/03/31/stop-android-phone-tracking/

⚡ Above and Beyond - A review of the Above Phone by Claudiu Chereji
@takebackourtech

Is your phone spying on you? Claudiu Chereji, co-host of the Firmamental Podcast, just did a deep dive into the Above Phone, exploring how it helps you reclaim your privacy.

No preloaded spyware. No forced tracking. Just full control over your data.

Check out his full review and see why the Above Phone is the best way to break free from Big Tech surveillance.

📺 Watch here : https://www.youtube.com/watch?v=IAXKYjqWo0s

—
✌️ MORE POSTS | 🗯 CHAT GROUP | 📩 NEWSLETTER | XMPP
Follow 🫶 @takebackourtech

The cloud backup is the only part we disagree with. However even a local cloud can still be prone to HDD failures unless setup with redundant disks. The idea of multiple types of backup mediums is a best practice.

https://www.xda-developers.com/why-external-hard-drive-isnt-real-backup/

Courses can be very helpful but not necessary, most non-technical people could probably benefit from computer literacy courses. With some basic general knowledge on technology it could help most navigate the easy to make mistakes that cause headaches.

Such as safe browsing and email habits, how to properly turn the computer off, and other basic operations. These would translate to better use of Linux as well as Windows.

https://www.howtogeek.com/what-does-it-mean-to-learn-linux/

⚡ THN Weekly Recap – This Week in Cyber:

– Chrome 0-Day exploited in the wild
– Kubernetes RCE nightmare exposed
– Solar inverters at risk of blackouts
– Rclone-powered leak site breached
– DNS-based phishing just got stealthier

📩 Catch up now: https://thehackernews.com/2025/03/weekly-recap-chrome-0-day.html

🚨 AWS doesn't secure your cloud—you do. Most cloud breaches happen because customers miss what's theirs to protect.

5 silent risks you're likely exposed to:
• SSRF attacks
• Leaky S3 buckets
• Over-permissive IAM
• Unpatched EC2
• Public-facing services

AWS secures the foundation. You secure the rest.

👉 Start scanning in minutes → https://thehackernews.com/2025/03/5-impactful-aws-vulnerabilities-youre.html

🚨 Hackers are abusing WordPress mu-plugins—a hidden auto-run directory—to inject malware, hijack links, and redirect users to scam sites.

Also, add these to the list of 2024's major WordPress threats:
CVE-2024-27956 | SQL injection
CVE-2024-25600 | RCE in Bricks theme
CVE-2024-8353 | PHP injection
CVE-2024-4345 | Arbitrary file upload

If you run a WordPress site, check your mu-plugins folder NOW.

🛡️ Full story: https://thehackernews.com/2025/03/hackers-exploit-wordpress-mu-plugins-to.html

🚨 A Russian group, Water Gamayun, is abusing a Windows zero-day (CVE-2025-26633) to drop two chilling backdoors: SilentPrism & DarkWisp.

They’re hiding in plain sight—using signed .msi files posing as legit apps like DingTalk & VooV to hijack systems.

👀 Targets? Your data, credentials, and even crypto wallets.

💀 Techniques? Living-off-the-land, PowerShell implants, fake WinRAR sites—pure cyber espionage playbook.

🔗 Learn more: https://thehackernews.com/2025/03/russian-hackers-exploit-cve-2025-26633.html

🔥 Apple hit with €150M fine for “biased” privacy rules.

France says Apple’s App Tracking Transparency (ATT) gave itself a privacy pass—while forcing rivals through a double-consent maze.

Regulators call it unfair, confusing, and not truly neutral.

https://thehackernews.com/2025/04/apple-fined-150-million-by-french.html

Android Phone Running Slow? Try These 3 Secret Performance Boosters
https://www.gizchina.com/2025/03/31/android-phone-running-slow-try-these-3-secret-performance-boosters/

Trump, Musk, and the DOGE Dilemma: Samsung May Lose Billions
https://www.gizchina.com/2025/03/31/trump-musk-and-the-doge-dilemma-samsung-may-lose-billions/