Forwarded from The Hacker News
⚡ From zero-click iOS exploits to NTLM credential leaks and the 4Chan breach — this week’s cyber threats hit where trust runs deepest.
THN’s Weekly Recap breaks down the stealth, the strategy, and the systems under fire.
🔗 Read: https://thehackernews.com/2025/04/thn-weekly-recap-ios-zero-days-4chan.html
THN’s Weekly Recap breaks down the stealth, the strategy, and the systems under fire.
🔗 Read: https://thehackernews.com/2025/04/thn-weekly-recap-ios-zero-days-4chan.html
Forwarded from NoGoolag
4Chan Taken Offline After Hack — Recap
Controversial internet forum 4chan was breached and its internal data leaked after hackers gained shell access to its hosting server, likely doxxing the entire moderation team along with many of the site's registered users.
A 4chan splinter site called #soyjackparty, aka #sharty, has claimed responsibility for the security breach and posted what they alleged was internal data on their rival website, including source code and information on moderators and janitors. A hacktivist group called the Dark Storm Team also claimed to have taken down the site on its Telegram channel, alongside BreachForums ("breachforums[.]st"). One #4chan janitor told TechCrunch that they are "confident" the leaked data and screenshots are real. In a screenshot shared by Hackmanac on X, the threat actors behind the breach revealed how they managed to gain access to the site's internal systems: "4chan allows uploading PDF to certain boards (/gd/, /po/, /qst/, /sci/, /tg/) They neglected to verify that the uploaded file is actually a PDF file. As such, PostScript files, containing PostScript drawing commands, can be uploaded. Said PostScript file will be passed into Ghostscript to generate a thumbnail image.
The version of Ghostscript that 4chan uses is from 2012, so it is trivial to exploit. From there, we exploit a mistaken SUID binary to elevate to the global user." The development comes as cybercrime forum Cracked.io has resumed operations under the new cracked[.]sh domain over two months after its earlier version hosted on "cracked[.]io" was seized in a joint law enforcement operation.
@thehackernews
#4chanHack
Controversial internet forum 4chan was breached and its internal data leaked after hackers gained shell access to its hosting server, likely doxxing the entire moderation team along with many of the site's registered users.
A 4chan splinter site called #soyjackparty, aka #sharty, has claimed responsibility for the security breach and posted what they alleged was internal data on their rival website, including source code and information on moderators and janitors. A hacktivist group called the Dark Storm Team also claimed to have taken down the site on its Telegram channel, alongside BreachForums ("breachforums[.]st"). One #4chan janitor told TechCrunch that they are "confident" the leaked data and screenshots are real. In a screenshot shared by Hackmanac on X, the threat actors behind the breach revealed how they managed to gain access to the site's internal systems: "4chan allows uploading PDF to certain boards (/gd/, /po/, /qst/, /sci/, /tg/) They neglected to verify that the uploaded file is actually a PDF file. As such, PostScript files, containing PostScript drawing commands, can be uploaded. Said PostScript file will be passed into Ghostscript to generate a thumbnail image.
The version of Ghostscript that 4chan uses is from 2012, so it is trivial to exploit. From there, we exploit a mistaken SUID binary to elevate to the global user." The development comes as cybercrime forum Cracked.io has resumed operations under the new cracked[.]sh domain over two months after its earlier version hosted on "cracked[.]io" was seized in a joint law enforcement operation.
@thehackernews
#4chanHack
Forwarded from #TBOT: Take Back Our Tech
Media is too big
VIEW IN TELEGRAM
⚡️Privacy Recommendations: Avoid Calls & Texts
@takebackourtech
In this clip from Above’s ‘The Future of Cell Service’ webinar I get into how nothing you say on the cell network is private. This is because call detail records from phone calls and SMS is recorded and logged. Calls and texts cannot be encrypted, secret surveillance programs like Hemisphere unconstitutionally collect national phone calls, and calls can be wiretapped.
This is why we recommend using encrypted messaging apps like XMPP, which can encrypt messages and calls before they leave the device. A VPN (like Above VPN) can also encrypt traffic passing through the mobile network and we recommend Jitsi for end to end encrypted video conferencing.
Sign up FREE to watch more webinar clips here.
—
✌️ MORE POSTS | 🗯 CHAT GROUP | 📩 NEWSLETTER | XMPP
Follow 🫶 @takebackourtech
@takebackourtech
In this clip from Above’s ‘The Future of Cell Service’ webinar I get into how nothing you say on the cell network is private. This is because call detail records from phone calls and SMS is recorded and logged. Calls and texts cannot be encrypted, secret surveillance programs like Hemisphere unconstitutionally collect national phone calls, and calls can be wiretapped.
This is why we recommend using encrypted messaging apps like XMPP, which can encrypt messages and calls before they leave the device. A VPN (like Above VPN) can also encrypt traffic passing through the mobile network and we recommend Jitsi for end to end encrypted video conferencing.
Sign up FREE to watch more webinar clips here.
—
✌️ MORE POSTS | 🗯 CHAT GROUP | 📩 NEWSLETTER | XMPP
Follow 🫶 @takebackourtech
Forwarded from 𝗽𝗼𝗽𝗠𝗢𝗗𝗦 | 𝗙𝗢𝗦𝗦, 𝗟𝗶𝗳𝗲, 𝗠𝗲𝗺𝗲𝘀 (Ömer)
SmartScan - Image organisation & search app
SmartScan is an innovative app powered by a CLIP model that automatically organizes your images by content similarity and enables text-based search, making gallery management effortless.
🔗 Links:
- Download
- Screenshots
- Features
- Limitations
- Source code
Developer: dev-diaries41
Special thanks to @R_2be for recommending!
❗️Friendly reminder:
SmartScan is an innovative app powered by a CLIP model that automatically organizes your images by content similarity and enables text-based search, making gallery management effortless.
🔗 Links:
- Download
- Screenshots
- Features
- Limitations
- Source code
Developer: dev-diaries41
Special thanks to @R_2be for recommending!
❗️Friendly reminder:
If you find it useful, You may star the repo, donate to the developer, or perhaps you may also contribute to the development of this project.🏷 Tags: #Android #Media #Tools
Forwarded from 𝗽𝗼𝗽𝗠𝗢𝗗𝗦 | 𝗙𝗢𝗦𝗦, 𝗟𝗶𝗳𝗲, 𝗠𝗲𝗺𝗲𝘀 (Ömer)
Shortwave
Shortwave is an internet radio player that provides access to a station database with over 50,000 stations.
🔗 Links:
- Download
- Screenshots
- Features
- Source code
Developer: Sveinn í Felli
❗️Friendly reminder:
🏷 Tags: #Linux #Media #Entertaiment
Shortwave is an internet radio player that provides access to a station database with over 50,000 stations.
🔗 Links:
- Download
- Screenshots
- Features
- Source code
Developer: Sveinn í Felli
❗️Friendly reminder:
If you find it useful, You may star the repo, donate to the developer, or perhaps you may also contribute to the development of this project.
🏷 Tags: #Linux #Media #Entertaiment
Forwarded from The Hacker News
⚠️ Hold your phone near your card... and they drain your bank account.
A new Android malware-as-a-service, SuperCard X, is targeting Italians with NFC relay attacks—letting cybercriminals remotely steal card data and pull off ATM & PoS fraud.
👉 Learn how it works: https://thehackernews.com/2025/04/supercard-x-android-malware-enables.html
Google’s now working on a new Android update to block risky app installs. But until then—stay sharp. Think before tapping.
A new Android malware-as-a-service, SuperCard X, is targeting Italians with NFC relay attacks—letting cybercriminals remotely steal card data and pull off ATM & PoS fraud.
👉 Learn how it works: https://thehackernews.com/2025/04/supercard-x-android-malware-enables.html
Google’s now working on a new Android update to block risky app installs. But until then—stay sharp. Think before tapping.
Forwarded from The Hacker News
🚨 Your MDM isn’t enough. Most breaches start with a device you can’t see.
Unmanaged laptops, outdated personal phones, misconfigured tools—attackers love them.
MDM/EDR miss the mark.
Device Trust closes the gap.
👀 See how: https://thehackernews.com/2025/04/5-reasons-device-management-isnt-device.html
Unmanaged laptops, outdated personal phones, misconfigured tools—attackers love them.
MDM/EDR miss the mark.
Device Trust closes the gap.
👀 See how: https://thehackernews.com/2025/04/5-reasons-device-management-isnt-device.html
Forwarded from Gizchina.com
Vivo X200s: the overclocked ”beast” you’ve been waiting for?
https://www.gizchina.com/2025/04/21/vivo-x200s-the-overclocked-beast-youve-been-waiting-for/
https://www.gizchina.com/2025/04/21/vivo-x200s-the-overclocked-beast-youve-been-waiting-for/
Forwarded from The Hacker News
🕵️♂️ Kimsuky is back—and digging deep.
A new Larva-24005 campaign is exploiting old RDP bugs (BlueKeep, CVE-2019-0708) to breach systems in South Korea, Japan & beyond—with targets across energy, finance & tech.
Learn more: https://thehackernews.com/2025/04/kimsuky-exploits-bluekeep-rdp.html
A new Larva-24005 campaign is exploiting old RDP bugs (BlueKeep, CVE-2019-0708) to breach systems in South Korea, Japan & beyond—with targets across energy, finance & tech.
Learn more: https://thehackernews.com/2025/04/kimsuky-exploits-bluekeep-rdp.html
Forwarded from 𝗽𝗼𝗽𝗠𝗢𝗗𝗦 | 𝗙𝗢𝗦𝗦, 𝗟𝗶𝗳𝗲, 𝗠𝗲𝗺𝗲𝘀 (Ömer)
AstraCrypt - Encrypt Your Data
AstraCrypt - is a free, powerful and open-source encryption app that has everything you need to keep your data safe and secure.
🔗 Links:
- Download
- Screenshots
- Features
- Source code
Developer: Alex (gromif)
❗️Friendly reminder:
AstraCrypt - is a free, powerful and open-source encryption app that has everything you need to keep your data safe and secure.
🔗 Links:
- Download
- Screenshots
- Features
- Source code
Developer: Alex (gromif)
❗️Friendly reminder:
If you find it useful, You may star the repo, donate to the developer, or perhaps you may also contribute to the development of this project.🏷 Tags: #Android #Utilities
Forwarded from Packet Pusher
Media is too big
VIEW IN TELEGRAM
The Selfish Ledger - a 2016 Google internal video that was leaked soon after creation. Through the lens of evolution, it explores the future use of AI as a kind of panopticon to predict, guide and eventually control human behavior. Nearly ten years later, this video deserves to be rewatched in the emerging context of LLM-based assistant services.
Forwarded from Gizchina.com
Best Free & Open-Source Alternatives to Microsoft Excel
https://www.gizchina.com/2025/04/21/best-free-open-source-alternatives-to-microsoft-excel/
https://www.gizchina.com/2025/04/21/best-free-open-source-alternatives-to-microsoft-excel/