Forwarded from The Hacker News
🚨 A new wave of stealth malware loaders is here—modular, evasive, and cloud-integrated.
🧬 Hijack Loader: API spoofing, anti-VM, Avast evasion
💻 SHELBY: GitHub as C2—payloads & commands via commits
🧪 SmokeLoader: .NET Reactor obfuscation + 7-Zip phishing
đź”— Read the full report: https://thehackernews.com/2025/04/new-malware-loaders-use-call-stack.html
🧬 Hijack Loader: API spoofing, anti-VM, Avast evasion
💻 SHELBY: GitHub as C2—payloads & commands via commits
🧪 SmokeLoader: .NET Reactor obfuscation + 7-Zip phishing
đź”— Read the full report: https://thehackernews.com/2025/04/new-malware-loaders-use-call-stack.html
Forwarded from The Hacker News
🚨 They’re back. Russian threat group FIN7 is using Anubis—a lightweight Python backdoor that grants full remote access to Windows machines without leaving detectable files.
It runs entirely in memory, evades most defenses, and can steal passwords, take screenshots, and exfiltrate data—all masked with Base64 and hosted on compromised SharePoint sites.
đź”— Full analysis: https://thehackernews.com/2025/04/fin7-deploys-anubis-backdoor-to-hijack.html
It runs entirely in memory, evades most defenses, and can steal passwords, take screenshots, and exfiltrate data—all masked with Base64 and hosted on compromised SharePoint sites.
đź”— Full analysis: https://thehackernews.com/2025/04/fin7-deploys-anubis-backdoor-to-hijack.html
Forwarded from It's FOSS
Some major upgrades have arrived for Proton Drive and Docs.
https://news.itsfoss.com/proton-drive-docs-update/
https://news.itsfoss.com/proton-drive-docs-update/
It's FOSS News
Proton Brings Updates to Its Drive App and Docs, but Keeps Linux Users Waiting
Proton has updated its Drive app and Docs, but Linux users are still waiting for a native Drive app.
Forwarded from Gizchina.com
Xiaomi Just Changed the Game: 6 Years of Updates, No Catch?
https://www.gizchina.com/2025/04/02/xiaomi-changed-game-6-years-of-updates-official/
https://www.gizchina.com/2025/04/02/xiaomi-changed-game-6-years-of-updates-official/
DEDA - tracking Dots Extraction, Decoding and Anonymisation toolkit
Document Colour Tracking Dots, or yellow dots, are small systematic dots which encode information about the printer and/or the printout itself. This process is integrated in almost every commercial colour laser printer. This means that almost every printout contains coded information about the source device, such as the serial number.
On the one hand, this tool gives the possibility to read out and decode these forensic features and on the other hand, it allows anonymisation to prevent arbitrary tracking.
https://github.com/dfd-tud/deda
Document Colour Tracking Dots, or yellow dots, are small systematic dots which encode information about the printer and/or the printout itself. This process is integrated in almost every commercial colour laser printer. This means that almost every printout contains coded information about the source device, such as the serial number.
On the one hand, this tool gives the possibility to read out and decode these forensic features and on the other hand, it allows anonymisation to prevent arbitrary tracking.
https://github.com/dfd-tud/deda
GitHub
GitHub - dfd-tud/deda
Contribute to dfd-tud/deda development by creating an account on GitHub.
Forwarded from Hacker News
sqlsync.dev
Stop syncing everything
Discover Graft, an open-source transactional storage engine built to solve the challenges of syncing data at the edge. Inspired by lessons from SQLSync, Graft enables lazy, partial, and strongly consistent replication—allowing edge applications to sync only…
Forwarded from The Hacker News
🔥 New Linux botnet ALERT!
Outlaw—a Romanian-linked group—is actively hijacking SSH servers to mine crypto via auto-spreading malware.
– Targets servers with weak SSH creds
– Uses BLITZ to self-propagate
– Installs SHELLBOT for remote control, DDoS, and data theft
– Exploits old bugs like Dirty COW (CVE-2016-5195)
đź”— Full report: https://thehackernews.com/2025/04/outlaw-group-uses-ssh-brute-force-to.html
Outlaw—a Romanian-linked group—is actively hijacking SSH servers to mine crypto via auto-spreading malware.
– Targets servers with weak SSH creds
– Uses BLITZ to self-propagate
– Installs SHELLBOT for remote control, DDoS, and data theft
– Exploits old bugs like Dirty COW (CVE-2016-5195)
đź”— Full report: https://thehackernews.com/2025/04/outlaw-group-uses-ssh-brute-force-to.html
Forwarded from #TBOT: Take Back Our Tech
⚡️Google & Roblox Target Gen Z with Immersive Ads In Video Games
@takebackourtech
I really wish this was an April fools joke, but Roblox just announced a new partnership with Google, which would enable advertisers to purchase “Immersive Ads” in the popular Roblox video game.
Roblox is a browser based game where players build & explore worlds with lego-like characters. Its estimated that Roblox has close to 80M daily active users. 58% of the users are assumed to be under 16 years old.
Now Gen Z-ers will be presented with “Immersive Ads” on in-game Billboards. They will also be able to pay for in-game purchases by watching these ads.
Worse yet, these ads will be associated with in-game rewards.
Roblox is partnering with some of the biggest consumer research firms to measure effectiveness of ads and brand impact. Some of the biggest names in the space will participate including DoubleVerify, Cint, Kantar, and Nieslen - who will quiz kids on how they felt about the ads.
If other gaming platforms implement this (and why wouldn’t they?), it would mean the death for online gaming and the invasion of surveillance infrastructure in these virtual worlds.
Read the announcement from Roblox.
Read this article on Substack.
—
✌️ MORE POSTS | 🗯 CHAT GROUP | 📩 NEWSLETTER | XMPP
Follow 🫶 @takebackourtech
@takebackourtech
I really wish this was an April fools joke, but Roblox just announced a new partnership with Google, which would enable advertisers to purchase “Immersive Ads” in the popular Roblox video game.
Roblox is a browser based game where players build & explore worlds with lego-like characters. Its estimated that Roblox has close to 80M daily active users. 58% of the users are assumed to be under 16 years old.
Now Gen Z-ers will be presented with “Immersive Ads” on in-game Billboards. They will also be able to pay for in-game purchases by watching these ads.
Worse yet, these ads will be associated with in-game rewards.
Rewarded Video ads enable users to opt in and watch up to 30-second full-screen video ads within immersive Roblox games and experiences. In return, users receive in-game benefits from the creators of these games and experiences, also known as the ad publishers. Early tests show an average completion rate over 80%, with select experiences seeing completion rates over 90%1 as users saw the value2 in rewards, such as power-ups or in-game currency, and considered these ads additive to their overall experience.
Roblox is partnering with some of the biggest consumer research firms to measure effectiveness of ads and brand impact. Some of the biggest names in the space will participate including DoubleVerify, Cint, Kantar, and Nieslen - who will quiz kids on how they felt about the ads.
If other gaming platforms implement this (and why wouldn’t they?), it would mean the death for online gaming and the invasion of surveillance infrastructure in these virtual worlds.
Read the announcement from Roblox.
Read this article on Substack.
—
✌️ MORE POSTS | 🗯 CHAT GROUP | 📩 NEWSLETTER | XMPP
Follow 🫶 @takebackourtech