Forwarded from The Hacker News
🚨 Russia’s APT29 hits EU diplomats with new malware disguised as wine-tasting invites.
🍷 GRAPELOADER is a stealthy first-stage loader hidden in “wine-zip”
🎯 Targets: European Ministries of Foreign Affairs
🔄 Launches WINELOADER for deep system access
🔗 Full report: https://thehackernews.com/2025/04/apt29-deploys-grapeloader-malware.html
🍷 GRAPELOADER is a stealthy first-stage loader hidden in “wine-zip”
🎯 Targets: European Ministries of Foreign Affairs
🔄 Launches WINELOADER for deep system access
🔗 Full report: https://thehackernews.com/2025/04/apt29-deploys-grapeloader-malware.html
Forwarded from 𝗽𝗼𝗽𝗠𝗢𝗗𝗦 | 𝗙𝗢𝗦𝗦, 𝗟𝗶𝗳𝗲, 𝗠𝗲𝗺𝗲𝘀 (Ömer)
Zero Width Shortener (ZWS)
Shorten URLs with invisible spaces.
🔗 Links:
- Website
- Source code
Organization: zws-im
❗️Friendly reminder:
Shorten URLs with invisible spaces.
🔗 Links:
- Website
- Source code
Organization: zws-im
❗️Friendly reminder:
If you find it useful, You may star the repo, donate to the developer, or perhaps you may also contribute to the development of this project.🏷 Tags: #Website #URL #URLShortener
#A15 #Unofficial #TD #GSI #crDroid #LOS
Build Date: 2025 04 20
April Security Patch
crDroid 11.4 - LOS 22.2
Changelog
Maintainer: NedTop
Download
@TrebleGSIs_PrivacySecure_Chat
@TrebleGSIs_PrivacySecure_Channel
Build Date: 2025 04 20
April Security Patch
crDroid 11.4 - LOS 22.2
Changelog
Test build vanilla A15 QPR2
Maintainer: NedTop
Download
@TrebleGSIs_PrivacySecure_Chat
@TrebleGSIs_PrivacySecure_Channel
Forwarded from Gizchina.com
How to Install Windows 11 on an Incompatible Windows 10 PC
https://www.gizchina.com/2025/04/20/how-to-install-windows-11-on-an-incompatible-windows-10-pc/
https://www.gizchina.com/2025/04/20/how-to-install-windows-11-on-an-incompatible-windows-10-pc/
Forwarded from Hacker News
Open Source Security
Can we trust CVE?
If you are a security nerd, and even if you’re not, you probably heard about the epic CVE mess that happened. It’s a very long story and was covered in many places, but the TL;DR was the funding for CVE fell through, panic ensued, then CISA found some temporary…
Forwarded from Bones' Tech Garage
Why might this be important or at least noteworthy is Redis found itself in a catch 22 situation created by big tech.
In what way is Redis used? If you have a Nextcloud server this can be used for memory caching. It's not that hard to setup if you have a few notes on how to add it to the config for your server.
https://linuxiac.com/arch-says-goodbye-to-redis-adopts-valkey/
In what way is Redis used? If you have a Nextcloud server this can be used for memory caching. It's not that hard to setup if you have a few notes on how to add it to the config for your server.
https://linuxiac.com/arch-says-goodbye-to-redis-adopts-valkey/
Linuxiac
Arch Says Goodbye to Redis, Adopts Valkey
Redis, a popular in-memory data store, is being deprecated in Arch Linux's repo; Valkey steps in as a high-performance BSD-licensed replacement.
Forwarded from Hacker News
Winblues
The Joy of Linux Theming in the Age of Bootable Containers
Having spent a couple of decades in the Linux world, I have always had an interest in Linux desktop environments and how they are themed. I would often come across a post on /r/unixporn that inspired me to try to customize the look and feel of my desktop…
Forwarded from 𝗽𝗼𝗽𝗠𝗢𝗗𝗦 | 𝗙𝗢𝗦𝗦, 𝗟𝗶𝗳𝗲, 𝗠𝗲𝗺𝗲𝘀 (Ömer)
Smithery
Smithery is a platform to help developers find and ship language model extensions compatible with the MCPs.
🔗 Links:
- Website
- Source code
Organization: Smithery
❗️Friendly reminder:
🏷 Tags: #AI #Tools
Smithery is a platform to help developers find and ship language model extensions compatible with the MCPs.
🔗 Links:
- Website
- Source code
Organization: Smithery
❗️Friendly reminder:
If you find it useful, You may star the repo, donate to the developer, or perhaps you may also contribute to the development of this project.
🏷 Tags: #AI #Tools
🚨 Ex-Google CEO's BANNED Interview LEAKED
👁"You Have No Idea What's Coming"👁
https://youtu.be/EUeryhp8HSQ
👁"You Have No Idea What's Coming"👁
https://youtu.be/EUeryhp8HSQ
Forwarded from The Hacker News
🚨 Surge in cyberattacks tied to Russian bulletproof host Proton66 since Jan 8, 2025.
New research links it to brute-force, malware, ransomware—even traffic routed via Kaspersky Lab’s network path.
Attackers exploit 2024–25 zero-days, deploy SuperBlack & WeaXor ransomware, and run phishing via hacked WordPress sites.
Learn more: https://thehackernews.com/2025/04/hackers-abuse-russian-bulletproof-host.html
New research links it to brute-force, malware, ransomware—even traffic routed via Kaspersky Lab’s network path.
Attackers exploit 2024–25 zero-days, deploy SuperBlack & WeaXor ransomware, and run phishing via hacked WordPress sites.
Learn more: https://thehackernews.com/2025/04/hackers-abuse-russian-bulletproof-host.html
Forwarded from Gizchina.com
REDMI Turbo 4 Pro: Xiaomi’s Next “Turbo” Powerhouse Set to Launch on April 24th
https://www.gizchina.com/2025/04/21/redmi-turbo-4-pro-launching-on-april-24-powerhouse/
https://www.gizchina.com/2025/04/21/redmi-turbo-4-pro-launching-on-april-24-powerhouse/
Forwarded from Gizchina.com
Xiaomi Introduces Redmi Watch Move in India at ₹1,999
https://www.gizchina.com/2025/04/21/xiaomi-introduces-redmi-watch-move-in-india-at-₹1999/
https://www.gizchina.com/2025/04/21/xiaomi-introduces-redmi-watch-move-in-india-at-₹1999/
Forwarded from Hacker News
I thought I bought a camera, but no DJI sold me a LICENSE to use their camera [video]
Article, Comments
Article, Comments
YouTube
I thought I bought a camera, but no! DJI sold me a LICENSE to use their camera 🤦♂️
Enjoy the videos and music you love, upload original content, and share it all with friends, family, and the world on YouTube.
Forwarded from Tech & Leaks Zone
This media is not supported in your browser
VIEW IN TELEGRAM
First Look at CMF Phone 2 Pro
Specifications:
• 6.7-inch AMOLED Display
• 120Hz refresh rate
• MediaTek Dimensity 7300 SoC
• LPDDR4X RAM; UFS 2.2 storage
• 50MP main (OIS ❌)
• 8MP Ultrawide
• 50MP 2x Telephoto (OIS ❌)
• 5000mAh battery
• Essential Key
• Plastic frame and back
Conclusion: CMF Phone 2 Pro is CMF Phone 1 only but with essential key and cameras of Nothing Phone 3a without the OIS
CMF Phone 2 Pro will launch on 28th April globally alongside CMF Buds 2 Plus, CMF Buds 2 and Buds 2a.
But, what about CMF Phone 2 ¯\_(ツ)_/¯
Follow @TechLeaksZone
Specifications:
• 6.7-inch AMOLED Display
• 120Hz refresh rate
• MediaTek Dimensity 7300 SoC
• LPDDR4X RAM; UFS 2.2 storage
• 50MP main (OIS ❌)
• 8MP Ultrawide
• 50MP 2x Telephoto (OIS ❌)
• 5000mAh battery
• Essential Key
• Plastic frame and back
Conclusion: CMF Phone 2 Pro is CMF Phone 1 only but with essential key and cameras of Nothing Phone 3a without the OIS
CMF Phone 2 Pro will launch on 28th April globally alongside CMF Buds 2 Plus, CMF Buds 2 and Buds 2a.
But, what about CMF Phone 2 ¯\_(ツ)_/¯
Follow @TechLeaksZone
Forwarded from The Hacker News
⚡ From zero-click iOS exploits to NTLM credential leaks and the 4Chan breach — this week’s cyber threats hit where trust runs deepest.
THN’s Weekly Recap breaks down the stealth, the strategy, and the systems under fire.
🔗 Read: https://thehackernews.com/2025/04/thn-weekly-recap-ios-zero-days-4chan.html
THN’s Weekly Recap breaks down the stealth, the strategy, and the systems under fire.
🔗 Read: https://thehackernews.com/2025/04/thn-weekly-recap-ios-zero-days-4chan.html
Forwarded from NoGoolag
4Chan Taken Offline After Hack — Recap
Controversial internet forum 4chan was breached and its internal data leaked after hackers gained shell access to its hosting server, likely doxxing the entire moderation team along with many of the site's registered users.
A 4chan splinter site called #soyjackparty, aka #sharty, has claimed responsibility for the security breach and posted what they alleged was internal data on their rival website, including source code and information on moderators and janitors. A hacktivist group called the Dark Storm Team also claimed to have taken down the site on its Telegram channel, alongside BreachForums ("breachforums[.]st"). One #4chan janitor told TechCrunch that they are "confident" the leaked data and screenshots are real. In a screenshot shared by Hackmanac on X, the threat actors behind the breach revealed how they managed to gain access to the site's internal systems: "4chan allows uploading PDF to certain boards (/gd/, /po/, /qst/, /sci/, /tg/) They neglected to verify that the uploaded file is actually a PDF file. As such, PostScript files, containing PostScript drawing commands, can be uploaded. Said PostScript file will be passed into Ghostscript to generate a thumbnail image.
The version of Ghostscript that 4chan uses is from 2012, so it is trivial to exploit. From there, we exploit a mistaken SUID binary to elevate to the global user." The development comes as cybercrime forum Cracked.io has resumed operations under the new cracked[.]sh domain over two months after its earlier version hosted on "cracked[.]io" was seized in a joint law enforcement operation.
@thehackernews
#4chanHack
Controversial internet forum 4chan was breached and its internal data leaked after hackers gained shell access to its hosting server, likely doxxing the entire moderation team along with many of the site's registered users.
A 4chan splinter site called #soyjackparty, aka #sharty, has claimed responsibility for the security breach and posted what they alleged was internal data on their rival website, including source code and information on moderators and janitors. A hacktivist group called the Dark Storm Team also claimed to have taken down the site on its Telegram channel, alongside BreachForums ("breachforums[.]st"). One #4chan janitor told TechCrunch that they are "confident" the leaked data and screenshots are real. In a screenshot shared by Hackmanac on X, the threat actors behind the breach revealed how they managed to gain access to the site's internal systems: "4chan allows uploading PDF to certain boards (/gd/, /po/, /qst/, /sci/, /tg/) They neglected to verify that the uploaded file is actually a PDF file. As such, PostScript files, containing PostScript drawing commands, can be uploaded. Said PostScript file will be passed into Ghostscript to generate a thumbnail image.
The version of Ghostscript that 4chan uses is from 2012, so it is trivial to exploit. From there, we exploit a mistaken SUID binary to elevate to the global user." The development comes as cybercrime forum Cracked.io has resumed operations under the new cracked[.]sh domain over two months after its earlier version hosted on "cracked[.]io" was seized in a joint law enforcement operation.
@thehackernews
#4chanHack