🧪 Looks like a harmless Discord dev tool…

But behind the scenes? Full remote access.

📦 A fake PyPI package has 11,574+ installs
💥 Still live. Still dangerous.
😨 You won’t believe how it bypasses firewalls.

And it’s not the only one.

👀 What else is hiding in your software stack?

Read the full uncovering by researchers: https://thehackernews.com/2025/05/researchers-uncover-malware-in-fake.html

Jury orders NSO to pay $167M for hacking WhatsApp users
Article, Comments

Bloat is still software's biggest vulnerability (2024)
Article, Comments

EPA Plans to Shut Down the Energy Star Program
Article, Comments

Show HN: Whippy Term - GUI terminal for embedded development (Linux and Windows)
Article, Comments

BREAKING: Journalists Mishaal Rahman and Kamila exploited a security flaw to leak internal Google Pixel and Android details

Two well-known Android Authority journalists, Kamila Wojciechowska and Mishaal Rahman, are being accused of exploiting a vulnerability to get unauthorized access to dogfood builds (internal Google builds). This access reportedly allowed them to leak unreleased information about upcoming Pixel hardware and Android software features.

Instead of reporting the security flaw to Google, the two allegedly used it to publish "exclusive" stories and leaks based on confidential and unofficial builds. They gave the impression that Google supported their reporting, while hiding the fact that it was based on a serious vulnerability.

This raises serious concerns about how tech outlets get their information, as they are now crossing ethical lines to leak it.

Follow @TechLeaksZone

#AI Powered Tabs in #Firefox? But... Why?!
https://www.youtube.com/watch?v=RqbyPBkcK6Y

🐙 OctoGram: The open-source alternative Telegram client with all the features you've always wanted. A5.0+

★ Appearance Features:

⚡️ More user details
- Get at a glance the datacenter to which a user belongs and his user ID.

⚡️ Emoji set
- Choose the emoji pack you prefer. Obviously, the changes only apply to your client. Others will continue to see what they choose.

⚡️ Alternative buttons
- You choose the appearance of the buttons to keep up with your tastes and have an interface that is always modern.

★ Functions:

⚡️ Registration date
- Find out when your girlfriend created her Telegram account. Unfortunately, in a roundabout way.

⚡️ Message details
- Discover the most secret details of any message in any chat. Simply activate the option from the settings and press on a message.

⚡️ Experimental features
- If you are very curious or you like risks, use our lab functions. Warning: these functions may make your app unstable or may cause it to crash.

⚡️ Pinned Reactions
- You can now choose your favorite reactions that will always appear before others. You can choose different lists between chats and channels.

⚡️ Pinned Emojis
-You can now pin all your favorite emojis (static or animated ones) that will appear as first in the emoji section!

⚡️ Hide Selected Folders
You can now choose to hide, without deleting, as many folders as you like. You can do this from the folder settings or by holding down on a folder in the chat list.

⚡️ Datacenter status
Stay updated on any lag or internal issues from Telegram. This option is also available online. The DC Status option is now more comprehensive and has 2 new features:
- 🎞 Media monitor to try downloading from the 5 Telegram DCs
- 🌐 Web monitor to try pinging to main Telegram sites
🔗 More details here: tg://dc.

⚡️ Favorite Hashtags
You can now choose your favorite hashtags that will always appear before others.
If you have already used hashtags frequently in chats, a suggestion will appear to pin them quickly.

🔗 More details here: tg://pinned_hashtags
or in Settings => OctoGram Settings => General => Pinned Hashtags.

- 👁 Lock individual chats (from the 3 dots or the chat list - open locked chats list by long pressing on the chats list action bar)
- 🔓 Lock individual actions (call history, secret chats, settings)
Account Locking By fingerprint unlocking and it's also possible to enable unlocking by device PIN or by face.
This can all be configured in the new settings menu.
🔗 More details here: tg://privacy
or in Settings => OctoGram Settings => Privacy and Security..

♨️ Octogram
@OctoGramApp
💭 Group: @OctoGramGroup
📦 APK: @OctoGramAPKs
🧪 βeta: @OctoGramBeta
🔗 Website: octogramapp.github.io

■■■■□ Confirmed — 19 Billion Compromised Passwords Published Online.

https://www.forbes.com/sites/daveywinder/2025/05/05/new-warning---19-billion-compromised-passwords-create-hacking-arsenal/

■■■■■ BREAKING: Jew criminal spyware maker NSO Group must pay $167 million to WhatsApp for a hacking campaign in 2019 that targeted more than 1,400 chat app users.

This is a huge win for WhatsApp. NSO says it will consider appealing.

https://techcrunch.com/2025/05/06/nso-group-must-pay-more-than-167-million-in-damages-to-whatsapp-for-spyware-campaign/

https://www.quora.com/Why-does-GNU-not-like-systemd/answer/Nala-Ginrut

Why does GNU not like systemd?

Nala Ginrut
GNU maintainer, W3C invited expert on privacyUpvoted by 
Ed Carp
, Been writing software professionally since 1978. · Author has 156 answers and 271.2K answer viewsUpdated 7y

Few years ago, I was working for SUSE Linux Enterprise (SLE) as full-time developer. My boss asked me if I’m interested in maintaining systemd for SLE. At that time I know little about systemd. Then I said “I’ll see what I can do”.

I’ve downloaded the source code accompanied with 2000+ backport patches, this took almost a half day. When I was waiting, I had reviewed the code and try to find out what’s in it. And I had contacted several experienced colleagues to learn about it from them.

Finally, I could figure out that systemd takes advantages of Linux kernel things to start services in parallel. This sounds good, but it introduces unbelievable complexity for such a functionality. If you’re a common desktop user, maybe you rarely encounter problems, or you may endure some bugs in systemd. But for an enterprise version Linux, it makes the work of maintainer hard.

And the 2000+ backport patches implies that I (as the maintainer) have to maintain all of them alone, since it’s backported. I discussed with my boss, and told him this kind of work requires a small group people, rather than one man effort. Fortunately, my boss agreed with me completely, so he managed to throw out this package to a bigger team.

Even now, I still remember the complexity in systemd code, and I always tell my engineer team to avoid such kind of complexity in the project. Eliminating complexity is far more important than adding features without clear mind. Don’t try to put every good features into just one project. Every feature is good, but package all of them, you’ll get shit.

https://nitter.poast.org/windscribecom/status/1915889645209919735

Windscribe
@windscribecom
Apr 25
Our legal battle is over. A few years back, some idiot used our VPN to do idiot things. Greece then decided to charge the Windscribe CEO @yegor for the crimes because it was his name on the VPN server bill. No logs existed of anything. Case dismissed. windscribe.com/blog/windscri…

Windscribe Wins Legal Battle in Greece Due to No-Logs Policy
Windscribe was sued by a Greek court, which kicked off a 2 year legal battle. The case was dismissed because of our no-logs policy.
windscribe.com

https://x.com/wikileaks/status/1919359727030374651?t=gROj6f40Efcx2RVgVUtZrQ&s=19 WikiLeaks

https://nitter.poast.org/stingerdelux/status/1919360735651471826

🚨 A U.S. org was hit by Play ransomware using CVE-2025-29824 before it was patched. Attackers slipped in via a Cisco ASA, dropped fake Palo Alto files, stole AD data, and planted custom tools — but didn’t launch ransomware.

🔗 Read: https://thehackernews.com/2025/05/play-ransomware-exploited-windows-cve.html

🚨 Your SSE stack sees the network—but not the browser.

🔹 It can’t tell if a user pastes code into ChatGPT.
🔹 Or uploads IP to Dropbox.
🔹 Or uses a personal Google Drive.
🔹 Or if a browser extension is stealing credentials.

That’s the last mile—and it’s unprotected.

A new report reveals the blind spot in today’s SSE architectures… and what’s needed to fix it.

👉 Don’t secure half the picture | Read the report: https://thehackernews.com/2025/05/reevaluating-sses-technical-gap.html