Latest IronFox for Android update
Updated to Firefox 138.0.
Updated to Phoenix 2025.04.27.1. - (See changes from the last IronFox release)

Added a toggle under Privacy and security in settings to control Safe Browsing. Note that this requires a restart to take effect.

Added toggles under Privacy and security -> Site settings to control JavaScript, JIT, and WebAssembly. (Note that the JIT toggle requires a restart to take effect). Due to the addition of these toggles, we've now enabled WebAssembly by default (due to the notable breakage it causes), though users are recommended to disable it if possible to improve security. JIT will remain disabled by default.

Neutered the mozAddonManager API to restrict its capabilities and limit the data shared with Mozilla, while still allowing users to install extensions from addons.mozilla.org.

We now harden FPP (Fingerprinting Protection) and set our overrides to unbreak websites internally, instead of using the privacy.fingerprintingProtection.granularOverrides & privacy.fingerprintingProtection.overrides preferences like we have previously. This makes it far easier for users to add their own overrides if needed. If you have previously configured either of these preferences, it is highly recommended to reset them after updating to these release. If you would like to disable our overrides to unbreak websites (as well as Mozilla's), you can do so by setting privacy.fingerprintingProtection.remoteOverrides.enabled to false in your about:config.
Added a Quick fixes list to uBlock Origin by default to allow us to work-around/fix issues caused by our default config significantly faster (while we wait on the upstream list maintainers to fix the issues...).

Implemented LibreWolf's Remote Settings Blocker patch to allow us (and users) to limit what collections are read/downloaded from Mozilla, and reduce the data shared. Users can configure this from the browser.ironfox.services.settings.allowedCollections preference in the about:config, though we would not recommend editing this unless necessary, as the collections we allow by default were carefully considered and provide important functionality, including for security.

Improved visibility of domains in the URL bar to better protect against phishing. - (Thanks to @mimi89999! 💜)

Significantly improved upon and expanded Mozilla's built-in certificate pinning to protect against MITM attacks. If you're a website operator and would like your domain to be added or want to request details be changed, please file an issue!
Took back control of all Safe Browsing preferences, meaning these can now be freely controlled by the users from the about:config (with the exception of browser.safebrowsing.malware.enabled & browser.safebrowsing.phishing.enabled - these are controlled by the new toggle in Settings). For example, users can now set their own custom Safe Browsing provider if desired, disable our proxy and revert back to Google's standard domains, etc...

Hardened the internal PDF Viewer (PDF.js) with changes inspired by GrapheneOS's PDF Viewer. - #79

Disabled CSP Reporting to improve privacy, reduce undesired network activity, and limit the data shared with website operators.

Enabled Proxy Bypass Protection to help prevent leaks for proxy users.
Fixed a bug that caused cookies/site data and permissions to always clear on exit, regardless of their check boxes/values set by users.

Disabled Firefox's new Unified Trust Panel redesign for the menu that appears when you select the lock icon on the top left of the URL bar by default, due to phishing concerns (as it unfortunately doesn't currently display the full URL if it's too long). - You can re-enable this if preferred by navigating to IronFox's Settings -> About IronFox -> Tap IronFox's logo at the top 5 times, then go back to Settings -> Secret Settings -> Unified Trust Panel.

Disabled the com.widevine.alpha key system (MediaDrm).

Disabled Mozilla's GeoIP/Region Service to prevent Firefox from monitoring the user's region/general location and reduce unwanted network activity.

Disabled system extensions & system policies at build-time.
Disabled & removed the build dependency on legacy AutoConfig functionality (also known as Mission Control Desktop, debuted in Netscape Communicator 4.5... https://www.internetnews.com/enterprise/netscape-unveils-enterprise-management-tools/) to reduce attack surface and reliance on legacy code.

Disabled more unnecessary debugging/development features at build-time.
Explicitly disabled SpiderMonkey performance telemetry at build-time.
Enabled mobile optimizations at build-time.

Updated the onboarding to remove Privacy Policy/Terms of Use references, and replaced the Firefox logo (and certain other elements) with our own.

Removed Swisscows as a default search engine due to concerns regarding false marketing of their VPN and spreading false claims about other services, such as Signal.
Other minor tweaks, fixes, & adjustments.

https://gitlab.com/ironfox-oss/IronFox/-/releases

■■■■□ A proof-of-concept program has been released to demonstrate a so-called monitoring "blind spot" in how some Linux antivirus and other endpoint protection tools use the kernel's io_uring interface.

That interface allows applications to make IO requests without using traditional system calls. That's a problem for security tools that rely on syscall monitoring to detect threats.

https://developers.redhat.com/articles/2023/04/12/why-you-should-use-iouring-network-io

https://www.theregister.com/2025/04/29/linux_io_uring_security_flaw/

Redis is open source again
Article, Comments

Fivetran to acquire Census
Article, Comments

Must read for tg user!!! 😤😡😈🤮

https://tginfo.me/esafety-analysis-en/ telegram will read all messages including private messages

Microsoft is making Office apps load at startup

Microsoft is introducing "Startup Boost" for Office apps, beginning with Word in mid-May 2025. It will enhance load times by preloading the apps at Windows startup. It is only available for PCs having at least 8GB of RAM and 5GB of free disk space to maintain performance.

The scheduled task will wait for 10 minutes before execution to prevent slowing down Windows on login. After the task executes, the app remains in paused state. It can be disabled via app settings or Task Scheduler. The feature will later extend to other Office apps.

🔗 MS365 Message Center
🧑‍💻 @agamtechtricks

🚨 AI isn’t just writing your code — it’s leaking your secrets.

New GitGuardian data shows AI-assisted repos leak secrets 40% more often than average.

📊 1,200+ repos leaked secrets in 2025 alone.

👉 Don’t trust. Verify. Full report: https://thehackernews.com/expert-insights/2025/04/the-new-frontier-of-security-risk-ai.html

🔥 UPDATE - A public PoC exploit is now available for a serious SonicWall SMA exploit chain.

➡️ CVE-2024-38475: Apache HTTP Server flaw used to bypass auth
➡️ CVE-2023-44221: Post-auth command injection via Diagnostics menu

CISA has added both to the KEV catalog — federal patch deadline: May 22, 2025.
Exploitation is already active in the wild.

📎 Details + PoC: https://thehackernews.com/2025/05/sonicwall-confirms-active-exploitation.html

🔐 Microsoft goes passwordless by default for all new accounts.

No more passwords at sign-up—just passkeys, using biometrics or device PINs. It's phishing-resistant, backed by FIDO standards.

Existing users? You can remove your password now from settings.

Learn more: https://thehackernews.com/2025/05/microsoft-sets-passkeys-default-for-new.html

Xiaomi may be moving towards a Google-free future with HyperOS, potentially collaborating with BBK and Huawei. This shift could redefine the smartphone market and reduce reliance on Google services while building their ecosystem. Stay tuned for updates!

🔗 Check More

Third Party Cookies Must Be Removed
Article, Comments

XAI Dev Leaks API Key for Private SpaceX, Tesla LLMs
Article, Comments

Felix86: Run x86-64 programs on RISC-V Linux
Article, Comments

Chrome Origin Trial: Device Bound Session Credentials
Article, Comments

Weather Doge

Wow, doge weather for Android.

🔗 Links:
- Download
- Screenshots
- Features
- Source code
Developer: VersoBit

❗️Friendly reminder:

If you find it useful, You may star the repo/app, donate to the developer, or perhaps you may also contribute to the development of this project.

🏷 Tags: #Android #Utilities

The UN is slowly moving away from proprietary solutions.

https://news.itsfoss.com/un-ditches-google-form/