🚨 13,000+ sites at risk.

Hackers are actively exploiting 2 zero-days in Craft CMS, hitting servers via image tools. One flaw scores 10.0 CVSS—worst possible. Nearly 300 sites likely breached already.

Watch for POST hits to "/actions/assets/generate-transform"

🔗 Details: https://thehackernews.com/2025/04/hackers-exploit-critical-craft-cms.html

👀 Patch now. Rotate keys. Check logs.

⚠️ Think you're installing a security patch? Think again.

Hackers are luring WordPress site owners with fake WooCommerce alerts urging a “critical patch” download — but it’s a trap. The download creates a hidden admin account, installs web shells, and gives attackers full control.

Full story —https://thehackernews.com/2025/04/woocommerce-users-targeted-by-fake.html

👀 New APT Earth Kurma is spying on Southeast Asia’s top sectors—hidden in plain sight.

Since June 2024, 🇵🇭 🇻🇳 🇹🇭 🇲🇾 govts & telcos face custom malware, rootkits, & data theft via Dropbox/OneDrive.

Hackers use legit tools (LotL), making detection hard.

🔗 Learn more: https://thehackernews.com/2025/04/earth-kurma-targets-southeast-asia-with.html

POCO F7 Global: Unpacking the Mystery of the Smaller 6500 mAh Battery
https://www.gizchina.com/2025/04/28/poco-f7-global-unpacking-the-mystery-of-the-smaller-6500-mah-battery/

QEMU 10 is here with many new bits.

https://news.itsfoss.com/qemu-10-release/

Here's how to get ChatGPT to stop being an overly flattering yes man
Article, Comments

The Market Value of Google Chrome Has Been Disclosed!
https://www.gizchina.com/2025/04/28/the-market-value-of-google-chrome-has-been-disclosed/

I built a hardware processor that runs Python
Article, Comments

Proton Pass now lets you add files to passwords!

https://news.itsfoss.com/proton-pass-file-attachments/

⚡️How Long are Records Kept?
@takebackourtech

I detail how your phone calls, texts, and history with cell towers can be stored from 1 year to indefinitely by major telecom carriers.

Sign up FREE to watch more webinar clips here.

—
✌️ MORE POSTS | 🗯 CHAT GROUP | 📩 NEWSLETTER | XMPP
Follow 🫶 @takebackourtech

Why settle for one when you can dual boot CachyOS and Windows?

https://itsfoss.com/dual-boot-cachyos-windows/

CMF Phone 2 Pro announced: Brings major upgrades with new cameras and modular design
https://www.gizchina.com/2025/04/28/cmf-phone-2-pro-announced-brings-major-upgrades-with-new-cameras-and-modular-design/

Open Letter to Organic Maps Shareholders
https://openletter.earth/open-letter-to-organic-maps-shareholders-a0bf770c

Google Rolls Out Android Auto 14.2 Update, 14.3 Beta Already in Testing
https://www.gizchina.com/2025/04/28/google-rolls-out-android-auto-14-2-update-14-3-beta-already-in-testing/

📰Were you expecting a ton of Android news at Google I/O next month?

I have great news and potentially bad news:

Great news: You won't have to wait for I/O for big Android news, because "The Android Show: I/O Edition" is happening (virtually) on May 13 @ 10AM PT! This event will feature "the latest updates coming to the Android ecosystem."

Potentially bad news: This might mean Android won't have as big presence during the I/O keynotes...but we already know there will still be several Android-focused sessions (including one on Material 3 Expressive, Android 16 for TV, Android XR, etc.) plus Google says there will be "more special announcements and surprises in store" for us at the event, so fingers crossed!

Another zero day from Microsoft.

https://www.maketecheasier.com/protect-windows-ntlm-credentials-from-zero-day-threats/

Intel Removed All CPU information pages before 2nd generation processors
Article, Comments

Google revises its strategy for how Chrome handles third-party cookies. Going forward, Chrome will block third-party cookies by default only in Incognito mode. The company also plans to review its use of Privacy Sandbox technologies and outline a new roadmap in the coming months.

Last summer, Google backed away from its plan to completely remove third-party cookies from Chrome. Instead, it proposed showing users a dialog box to confirm consent to blocking.

Now, that idea has been abandoned entirely. Third-party cookie blocking will only happen if users enable the feature in their Privacy & Security settings. This means that Chrome will retain the approach of allowing third-party cookies by default, but allowing users to manually enable blocking if they wish.

In addition to revising its cookie blocking strategy, Google has announced plans to enable IP protection in Incognito mode. The feature will launch in the third quarter of this year. IP protection hides a user’s real IP address by routing traffic through proxy servers. When enabled, websites will only see the proxy server's IP address, similar to using a VPN.