Lava launches a super cheap mobile phone for under $80
https://www.gizchina.com/2025/05/05/lava-launches-a-super-cheap-mobile-phone-for-under-80/

No deleted account found from 52 scanned users from this group 🚫👻

🚨 Zero-click, max impact — and it's already being exploited.

A critical Commvault bug (CVE-2025-34028, CVSS 10.0) lets hackers upload poisoned ZIPs, leading to full remote code execution—no login needed.

Read: https://thehackernews.com/2025/05/commvault-cve-2025-34028-added-to-cisa.html

Deadline for U.S. agencies: May 23.

Chuwi AuBox 8745 review: a true powerhouse for any type of user
https://www.gizchina.com/2025/05/05/chuwi-aubox-8745-review-a-true-powerhouse-for-any-type-of-user/

🚨 Zero-click. Wormable. Network-spreading.

New flaws in Apple’s AirPlay protocol (🔓 AirBorne) could let hackers hijack your device without a click—then ride your Wi-Fi into corporate networks.

CVE-2025-24252 + CVE-2025-24132 = silent RCE across Macs, TVs, speakers. Just being on the same Wi-Fi can be enough.

🔗 Learn more: https://thehackernews.com/2025/05/wormable-airplay-flaws-enable-zero.html

📲 Update all AirPlay-enabled devices now—personal & work.

The Beauty of Having a Pi-Hole
Article, Comments

No Instagram, No Privacy
Article, Comments

🔥 New Edition Just Dropped!

Cybersecurity Weekly Recap | May 5 —— From nation-state hacks to deepfake-ready malware, this week’s intel is packed:

• Iranian APT lurked 2 yrs in critical infra
• Claude chatbot abused for political ops
• TikTok hit with $601M fine over China data
• 30+ new CVEs to patch now
• Magento supply chain backdoor activated after 6 yrs

Read the full recap → https://thehackernews.com/2025/05/weekly-recap-nation-state-hacks-spyware.html

Evolving OpenAI's Structure
Article, Comments

Show HN: TextQuery – Query CSV, JSON, XLSX Files with SQL
Article, Comments

Show HN: Pipask – safer pip without compromising convenience
Article, Comments

An important open source initiative needs your help!

https://news.itsfoss.com/osu-open-source-lab-closure/

Mission Center's 1.0 release is here:

https://news.itsfoss.com/mission-center-1-0-release/

🛑 Critical Langflow Flaw Actively Exploited!

CISA has added CVE-2025-3248 to its Known Exploited Vulnerabilities list.

• CVSS: 9.8
• Affects most Langflow versions
• Allows remote code execution without login
• PoC exploit published April 9
• 466 servers exposed worldwide

➡️ Full story: https://thehackernews.com/2025/05/critical-langflow-flaw-added-to-cisa.html

🚨 Exploited in the wild. No user click needed.

Google patches 46 Android flaws, including CVE-2025-27363—a critical System bug tied to the FreeType font engine.

Discovered by Meta in March, it's now confirmed active.

🔗 Learn more: https://thehackernews.com/2025/05/google-fixes-actively-exploited-android.html

🔥 AI agents are the new insider threat—fast, autonomous, and already slipping past security.

Meanwhile, users just want to work—on personal devices, with unsanctioned apps, and now AI tools.

The Access-Trust Gap is real—and growing.

✅ It’s time to move from blocking to governing access, for humans and machines.

👉 Read more from Dave Lewis, Global Advisory CISO at 1Password: https://thehackernews.com/expert-insights/2025/05/ai-access-trust-gap-droids-were-looking.html

🚨 UPDATE - Darcula’s secret weapon exposed!

NRK & Mnemonic uncover Magic Cat — a phishing toolkit behind 884K+ stolen cards in 7 months.

🔹 13M+ clicked links
🔹 600+ scammers
🔹 Real-time data & PIN capture
🔹 19K+ victims in Norway alone

Dev behind it? A 24-year-old from China.
The company? Claims it’s just “a website builder.”

🔗 Full story: https://thehackernews.com/2025/04/darcula-adds-genai-to-phishing-toolkit.html

Circuitpainter: Create PCBs using a simplfiied graphics language
Article, Comments