TP-Link warns of four critical vulnerabilities in Omada gateways that allow arbitrary command execution and root access. More than ten models in the ER, G, and FR series are affected, and TP-Link has released firmware updates for…
CONTINUE READING 🡒 
YouTube removed 3,000 videos that spread malware
Google specialists removed from YouTube more than 3,000 videos that distributed infostealers disguised as cracked software and game cheats. Check Point researchers dubbed this campaign YouTube Ghost Network and report that it has been active since 2021,…
CONTINUE READING 🡒 
Deep Dive into DoH: How DNS over HTTPS Works and…
DoH (DNS over HTTPS) promises users better security and privacy. It’s already enabled by default in Firefox, Google plans to test it in Chrome 79, and even Microsoft says it will bring it to Windows. At the…
CONTINUE READING 🡒 
Jingle Thief group hacks companies to steal gift cards
Researchers at Palo Alto Networks have uncovered the Jingle Thief hacking group, which targets the cloud infrastructures of retailers and consumer services companies to mass-issue and steal gift cards.
CONTINUE READING 🡒 
Microsoft disables previews for files downloaded from the internet
The developers have disabled the preview feature in File Explorer (formerly Windows Explorer) for files downloaded from the internet. Now previews are automatically blocked to prevent credential theft via malicious documents.
CONTINUE READING 🡒 
Baohuo Android backdoor steals Telegram accounts
Analysts at Doctor Web have discovered the Baohuo backdoor (Android.Backdoor.Baohuo.1.origin), hidden in modified versions of the Telegram X messenger. In addition to being able to steal a user’s confidential and account data, as well as chat history,…
CONTINUE READING 🡒 
DIY Spy Listening Device: Building an Eavesdropping Gadget
You’ve probably heard that almost anything can be turned into a spy device—even charging cables. In this article, I’ll show you how to build and program a GSM bug with Arduino that you can call from a…
CONTINUE READING 🡒 
AWS Outage Took Down Eight Sleep’s Smart Sleep Systems
This week, a massive Amazon Web Services (AWS) outage knocked out not only half the internet, but also Eight Sleep’s smart sleep systems costing several thousand dollars. Users complained that some were woken by unbearable heat from…
CONTINUE READING 🡒 
Proposal to bring white‑hat hackers’ work under FSB oversight
Media outlets, citing their own sources, report that a new version of a bill to legalize white-hat hackers is in the works. The Federation Council, the FSB, the Interior Ministry (MVD), and infosec companies are discussing the…
CONTINUE READING 🡒 
TARmageddon Vulnerability Affects Rust async-tar Library, Enables Remote Code Execution
A critical vulnerability, dubbed TARmageddon, was discovered in the abandoned async-tar library and its forks (including tokio-tar), which allows remote execution of arbitrary code.
CONTINUE READING 🡒 
Auto-obfuscator. Obfuscating code with LLVM
This article discusses obfuscating compilers, their operational principle, and the LLVM architecture. You will learn how to write your own code obfuscation passes. Using practical examples, I will explain how to create a string obfuscator, build LLVM from the source code, and integrate…
CONTINUE READING 🡒 
iOS 12 Jailbreak Tutorial: Step-by-Step Guide
No doubt about it: the iPhone is a very convenient device, especially for anyone who’s fully moved into the Apple ecosystem. But iOS has one quirk that can really get on iPhone owners’ nerves—and make Android fans…
CONTINUE READING 🡒 
Court bans NSO Group from targeting WhatsApp users with Pegasus…
A federal court has ordered the Israeli company NSO Group (developer of the commercial spyware Pegasus) to stop using the spyware to target and attack WhatsApp** users.
CONTINUE READING 🡒 
PassiveNeuron Attacks Servers of Large Organizations in Multiple Countries
Researchers from Kaspersky Lab analyzed a new wave of PassiveNeuron infections that lasted from December 2024 to August 2025. The attacks affected government, financial, and industrial organizations in Asia, Africa, and Latin America. A distinctive feature of…
CONTINUE READING 🡒 
ColdRiver group uses ClickFix attacks and fake CAPTCHAs
Specialists from the Google Threat Intelligence Group (GTIG) report that the Russian-speaking hacker group ColdRiver is stepping up its activity and employing new malware families (NoRobot, YesRobot, MaybeRobot), which are deployed via complex delivery chains starting with…
CONTINUE READING 🡒 
Unlocking OpenVPN Access Server: Removing Connection Limits for Unlimited VPN…
Lately, friends have been asking me more and more often to help them regain access to Facebook, Instagram, Telegram, YouTube, and other sites they can’t reach anymore, where important information might still be. To help them, I’ve…
CONTINUE READING 🡒 
Positive Technologies helped fix vulnerabilities in Broadcom network adapter firmware
Positive Labs specialist Alexey Kovrizhnykh helped eliminate two vulnerabilities in the firmware of high-speed network adapters from the American company Broadcom, which are used in servers and data center equipment.
CONTINUE READING 🡒 
DNS0.EU DNS service shuts down due to lack of time…
This week, the service team replaced all the content on its website with a short announcement about shutting down.
CONTINUE READING 🡒 
Reduce Eye Strain: How to Enable DC Dimming (PWM Reduction)…
Those eye-searing, flickering OLED displays are a thing of the past! Xiaomi claims it’s figured out how to make OLEDs without flicker—and not just on its latest flagship, but on older devices too. But how much of…
CONTINUE READING 🡒 
PolarEdge botnet targets Cisco, ASUS, QNAP, and Synology devices
Researchers at Sekoia have examined the inner workings of the PolarEdge botnet. First described by the company’s specialists in February 2025, the malware is linked to a campaign targeting Cisco, ASUS, QNAP, and Synology devices. The devices…
CONTINUE READING 🡒