In the previous installment of our “import-substitution misadventures,” we took a deep dive into the Kuznyechik (Grasshopper) block cipher defined in GOST 34.12–2015. Alongside Kuznyechik, the standard also specifies another cipher with a 64-bit block size called…
CONTINUE READING 🡒 
Authentication bypass bug found in the Passwordstate enterprise password manager
Click Studios, the company behind the Passwordstate enterprise password manager, has warned customers to urgently apply a patch to fix a critical authentication bypass vulnerability.
CONTINUE READING 🡒 
F6 researchers discover new Phantom stealer
In June 2025, researchers discovered a new malicious activity they named Phantom Papa. The attackers sent emails in Russian and English with malicious attachments containing the new Phantom stealer.
CONTINUE READING 🡒 
Google warns of large-scale data theft linked to Salesloft’s AI…
Last week it emerged that hackers had compromised the Salesloft sales automation platform and stole customers’ OAuth and refresh tokens from its Drift AI agent, which is designed to integrate with Salesforce. As Google has now warned,…
CONTINUE READING 🡒 
HDR+ Explained: What It Is and How to Enable It…
Over the past four years, the cameras in Google’s Pixel and Nexus lineups have made a major leap forward: Google introduced a software-based photo post-processing system called HDR+. In this article, we’ll explain how it works and…
CONTINUE READING 🡒 
Zero-Day Vulnerability in WhatsApp for iOS and macOS Patched
The messenger’s developers have fixed a 0-day vulnerability in the iOS and macOS versions. According to the company, the new issue, along with a recently disclosed Apple bug, may have been used in “sophisticated attacks targeting specific…
CONTINUE READING 🡒 
Firefox Patches Vulnerability Discovered by a Positive Technologies Expert
Exploitation of the vulnerability became possible after injecting malicious code into an arbitrary website, allowing an attacker to steal credentials and redirect users to phishing pages.
CONTINUE READING 🡒 
Hardware Over the Network: Passthrough USB Devices, GPU, Sound Card,…
In one of our earlier articles, we explored ways to expose all kinds of resources as files and directories—WebDAV, BitTorrent, SSH, and even GPU memory. But what if we want access not to a remote or local…
CONTINUE READING 🡒 
Microsoft says the Windows update didn’t damage SSDs or HDDs
Microsoft representatives said the company has not found any connection between the August security update KB5063878 and customer complaints about crashes and data corruption issues affecting SSDs and HDDs from various manufacturers.
CONTINUE READING 🡒 
Battlefield 6 anti-cheat requires Secure Boot
In August, Electronic Arts (EA) announced that players in the Battlefield 6 open beta on PC would need to enable Secure Boot in Windows and BIOS settings. The decision sparked debate and criticism, as many were unwilling…
CONTINUE READING 🡒 
Computer Vision with Python: Training a Neural Network for Digit…
Numeric CAPTCHAs used to be a great way to filter out bots, but you hardly see them anymore. You can probably guess why: neural networks now solve them better than we do. In this article, we’ll look…
CONTINUE READING 🡒 
Vulnerability Scanning with Kali Linux: Penetration Testing Essentials
Vulnerability scanning is the process of identifying and analyzing critical security weaknesses in a target environment. It’s sometimes referred to as a vulnerability assessment. Vulnerability scanning is a core function of a vulnerability management program focused on…
CONTINUE READING 🡒 
Building a Mobile App with Firebase: Google’s Free, Powerful Backend-as-a-Service
Google’s new Firebase can cover most mobile developers’ needs—and even solve problems you don’t have yet. It’s free within a generous tier, and you’ll have to try hard to exceed it. In this article, I’ll start outlining…
CONTINUE READING 🡒 
Vicious exploitation. Searching for buffer overflow vulnerabilities with Angr
Angr, a powerful symbolic emulator, makes it possible to seize control over execution of someone else’s code; all you have to do is specify the search direction. Today you will learn how to find similar holes in applications using Angr; in addition, you will write an inline…
CONTINUE READING 🡒 
Build a Custom, Debloated Windows 10 ISO the Easy Way
Building your own OS distributions is a favorite pastime among Linux enthusiasts. It’s often assumed that Windows users don’t get to enjoy anything similar. Not quite: there are ways to strip unnecessary components from a Windows 10…
CONTINUE READING 🡒 
60+ Gift Ideas for Hackers: Best Geeky Gadgets for Friends…
We’ve rounded up 60+ gadgets, so you’re bound to find something to delight your geeky friends for New Year’s or any other occasion—or (we’ve all been there!) a great way to spend the gift cash from relatives…
CONTINUE READING 🡒 
Positive Technologies: Attacks via GitHub and GitLab Hit Record Levels
By posting fake projects on popular developer platforms (GitHub and GitLab), attackers trick users into executing malicious payloads that fetch additional components from a hacker-controlled repository. As a result, remote access trojans and spyware are downloaded onto…
CONTINUE READING 🡒 
Jon von Tetzchner speaks out against AI in browsers
Jon von Tetzchner, head of the Norwegian company Vivaldi Technologies, which develops the browser of the same name, shared his thoughts on integrating AI into browsers. In von Tetzchner’s view, the industry’s attempts to merge AI models…
CONTINUE READING 🡒 
Corosync and Pacemaker: Best Practices for Deploying a High‑Availability (HA)…
Getting a service to handle heavy traffic is a challenge every sysadmin runs into sooner or later. It’s best to put high-availability mechanisms in place ahead of time—before critical nodes start failing. In this article, I’ll cover…
CONTINUE READING 🡒 
Law enforcement shuts down VerifTools, a service for creating fake…
The FBI and Dutch police report the shutdown of the VerifTools marketplace, which specialized in creating fraudulent documents. Law enforcement seized the service’s servers located in Amsterdam.
CONTINUE READING 🡒