■■■■□ Confirmed — 19 Billion Compromised Passwords Published Online.

https://www.forbes.com/sites/daveywinder/2025/05/05/new-warning---19-billion-compromised-passwords-create-hacking-arsenal/

■■■■■ BREAKING: Jew criminal spyware maker NSO Group must pay $167 million to WhatsApp for a hacking campaign in 2019 that targeted more than 1,400 chat app users.

This is a huge win for WhatsApp. NSO says it will consider appealing.

https://techcrunch.com/2025/05/06/nso-group-must-pay-more-than-167-million-in-damages-to-whatsapp-for-spyware-campaign/

https://www.quora.com/Why-does-GNU-not-like-systemd/answer/Nala-Ginrut

Why does GNU not like systemd?

Nala Ginrut
GNU maintainer, W3C invited expert on privacyUpvoted by 
Ed Carp
, Been writing software professionally since 1978. · Author has 156 answers and 271.2K answer viewsUpdated 7y

Few years ago, I was working for SUSE Linux Enterprise (SLE) as full-time developer. My boss asked me if I’m interested in maintaining systemd for SLE. At that time I know little about systemd. Then I said “I’ll see what I can do”.

I’ve downloaded the source code accompanied with 2000+ backport patches, this took almost a half day. When I was waiting, I had reviewed the code and try to find out what’s in it. And I had contacted several experienced colleagues to learn about it from them.

Finally, I could figure out that systemd takes advantages of Linux kernel things to start services in parallel. This sounds good, but it introduces unbelievable complexity for such a functionality. If you’re a common desktop user, maybe you rarely encounter problems, or you may endure some bugs in systemd. But for an enterprise version Linux, it makes the work of maintainer hard.

And the 2000+ backport patches implies that I (as the maintainer) have to maintain all of them alone, since it’s backported. I discussed with my boss, and told him this kind of work requires a small group people, rather than one man effort. Fortunately, my boss agreed with me completely, so he managed to throw out this package to a bigger team.

Even now, I still remember the complexity in systemd code, and I always tell my engineer team to avoid such kind of complexity in the project. Eliminating complexity is far more important than adding features without clear mind. Don’t try to put every good features into just one project. Every feature is good, but package all of them, you’ll get shit.

https://nitter.poast.org/windscribecom/status/1915889645209919735

Windscribe
@windscribecom
Apr 25
Our legal battle is over. A few years back, some idiot used our VPN to do idiot things. Greece then decided to charge the Windscribe CEO @yegor for the crimes because it was his name on the VPN server bill. No logs existed of anything. Case dismissed. windscribe.com/blog/windscri…

Windscribe Wins Legal Battle in Greece Due to No-Logs Policy
Windscribe was sued by a Greek court, which kicked off a 2 year legal battle. The case was dismissed because of our no-logs policy.
windscribe.com

https://x.com/wikileaks/status/1919359727030374651?t=gROj6f40Efcx2RVgVUtZrQ&s=19 WikiLeaks

https://nitter.poast.org/stingerdelux/status/1919360735651471826

🚨 A U.S. org was hit by Play ransomware using CVE-2025-29824 before it was patched. Attackers slipped in via a Cisco ASA, dropped fake Palo Alto files, stole AD data, and planted custom tools — but didn’t launch ransomware.

🔗 Read: https://thehackernews.com/2025/05/play-ransomware-exploited-windows-cve.html

🚨 Your SSE stack sees the network—but not the browser.

🔹 It can’t tell if a user pastes code into ChatGPT.
🔹 Or uploads IP to Dropbox.
🔹 Or uses a personal Google Drive.
🔹 Or if a browser extension is stealing credentials.

That’s the last mile—and it’s unprotected.

A new report reveals the blind spot in today’s SSE architectures… and what’s needed to fix it.

👉 Don’t secure half the picture | Read the report: https://thehackernews.com/2025/05/reevaluating-sses-technical-gap.html

🚨 No login. Full access. One POST request.

A newly revealed exploit chain in on-prem SysAid lets attackers go from XXE injection to admin takeover—and that’s before combining it with OS-level command injection.

Details: https://thehackernews.com/2025/05/sysaid-patches-4-critical-flaws.html

Admins, don’t wait—patch now.

Don’t let attackers turn your own tools against you. 🚨

Bitdefender brings true innovation to endpoint security with the launch of GravityZone PHASR — the industry’s first solution to dynamically tailor hardening for each user.

Learn more: https://thn.news/gravityzone-phasr

Unity’s Open-Source Double Standard: the ban of VLC
Article, Comments

CLion Is Now Free for Non-Commercial Use
Article, Comments

Zed: The Fastest AI Code Editor
Article, Comments

Transform your Raspberry Pi into a powerhouse with SunFounder's 10-inch touchscreen.

https://itsfoss.com/sunfounder-touchscreen-review/

🚨 100K+ WordPress sites at risk!

A critical OttoKit flaw (CVSS 9.8) is under active attack—no login needed.

Two bugs. One exploit chain. Admin access in minutes.

Full story, attack IPs, and fix → https://thehackernews.com/2025/05/ottokit-wordpress-plugin-with-100k.html

💪 Europol just dismantled 6 major DDoS-for-hire services used to launch thousands of global attacks—for as little as €10 a hit.

🔹 4 arrested in Poland
🔹 9 domains seized by the U.S.
🔹 Operation PowerOFF strikes again.

These slick platforms let anyone pay to flood schools, gov sites & gaming servers offline, no tech skills needed.

🔗 Read → https://thehackernews.com/2025/05/europol-shuts-down-six-ddos-for-hire.html