If you're using #Element X on #Android, make sure you're up to date. The #vulnerability was patched in version 25.04.2.
#FOSS #FreeSoftware #LibreSoftware #OpenSource #Security #Privacy #Matrix
@usdAG@infosec.exchange
https://infosec.exchange/@usdAG/114478194638016465
#FOSS #FreeSoftware #LibreSoftware #OpenSource #Security #Privacy #Matrix
@usdAG@infosec.exchange
https://infosec.exchange/@usdAG/114478194638016465
Infosec Exchange
usd AG (@usdAG@infosec.exchange)
Attached: 1 image
We have found an interesting vulnerability in a #Matrix #Android client:
🧩 Software: #Element X Android
📦 Affected Version: <= 25.04.1
🆔 CVE: CVE-2025-27599
📊 CVSSv3.1: MEDIUM
⚠️ Prerequisites: Clicking on a crafted hyperlink or using…
We have found an interesting vulnerability in a #Matrix #Android client:
🧩 Software: #Element X Android
📦 Affected Version: <= 25.04.1
🆔 CVE: CVE-2025-27599
📊 CVSSv3.1: MEDIUM
⚠️ Prerequisites: Clicking on a crafted hyperlink or using…
👍1
#Bluetooth was a mistake: Millions of Bluetooth headphones can potentially be turned in eavesdropping devices. Best-seller #Sony and #Bose #headphones are affected by at least some of the disclosed flaws among many others. The true dimension of these flaws is yet unknown as the the vulnerable component is very widely in use under different names.
https://www.heise.de/en/news/Zero-day-Bluetooth-gap-turns-millions-of-headphones-into-listening-stations-10460704.html
Disclosure of the vulnerabilities: https://insinuator.net/2025/06/airoha-bluetooth-security-vulnerabilities/
No updates or official statements available yet. ☠️
#Security #Privacy #Audio #Airoha #ZeroDay
https://www.heise.de/en/news/Zero-day-Bluetooth-gap-turns-millions-of-headphones-into-listening-stations-10460704.html
Disclosure of the vulnerabilities: https://insinuator.net/2025/06/airoha-bluetooth-security-vulnerabilities/
No updates or official statements available yet. ☠️
#Security #Privacy #Audio #Airoha #ZeroDay
Security
Zero-day: Bluetooth gap turns millions of headphones into listening stations
The Bluetooth chipset installed in popular models from major manufacturers is vulnerable. Hackers could use it to initiate calls and eavesdrop on devices.
😁2
So…who hates those Google log-in pop-ups that are seemingly everywhere now? Wanna make them go away?
1. Get uBlock Origin (which you should have already been using):
https://github.com/gorhill/uBlock
2. Open the plugin and click the settings button.
3. Click on the “my filters” tab and paste this into the input:
||accounts.google.com/gsi/*$xhr,script,3p
That’s it! Worked flawlessly for me.
(Updated URL. Thx @IceWolf@masto.brightfur.net
and @emz@chaos.social!)
#Google #Privacy #Security #PopUps #InfoSec #BadGoogle
1. Get uBlock Origin (which you should have already been using):
https://github.com/gorhill/uBlock
2. Open the plugin and click the settings button.
3. Click on the “my filters” tab and paste this into the input:
||accounts.google.com/gsi/*$xhr,script,3p
That’s it! Worked flawlessly for me.
(Updated URL. Thx @IceWolf@masto.brightfur.net
and @emz@chaos.social!)
#Google #Privacy #Security #PopUps #InfoSec #BadGoogle
🥰7🔥1👏1
I added a banner on my homepage to talk about #ChatControl and how to fight back, similarly to how I did it two years ago for the same reason.
#FightChatControl #StopChatControl #EU #EUpol #Privacy #Security
#FightChatControl #StopChatControl #EU #EUpol #Privacy #Security
❤5
If you've wondered how Android developer verification affects Accrescent, today we have a new blog post explaining briefly what it is, how it impacts us, and how we're responding.
https://blog.accrescent.app/posts/android-developer-verification/
#accrescent #android #appstore #security #privacy
https://blog.accrescent.app/posts/android-developer-verification/
#accrescent #android #appstore #security #privacy
Accrescent Blog
Accrescent and Android Developer Verification
Google recently announced that starting next year, Android will require all apps to be registered by verified developers for users to install them on their devices, i.e., all apps must be registered by a developer who has performed identity verification with…
Avevamo ragione, come sempre, nel comunicare che fino ad Aprile 2026 il chat control sarebbe tornato a massacrarci l'esistenza! A molti di voi potrebbe non interessare ma consegnare i nostri dati a Big Tech, far indebolire la cifratura dei certificati ssl e stravolgere le regole per un controllo di massa anche no!
Agite al link sottostante:
https://fightchatcontrol.eu
#stopchatcontrol #fightchatcontrol #privacy #security #freedom
Agite al link sottostante:
https://fightchatcontrol.eu
#stopchatcontrol #fightchatcontrol #privacy #security #freedom
fightchatcontrol.eu
Fight Chat Control - Protect Digital Privacy in the EU
Learn about the EU Chat Control proposal and contact your representatives to protect digital privacy and encryption.
🍌1
Commerzbank (one of the largest German banks) just banned GrapheneOS:
https://discuss.grapheneos.org/d/28440-commerzbank-one-of-the-largest-german-banks-bans-grapheneos
There is literally zero reason why banking apps shouldn't work on GrapheneOS, and yet so many European financial institutions prefer to rely on the security assurances of megacorporations controlled by a foreign country.
At least I hope that the current geopolitical madness will contribute to stopping this plague.
#google #android #aosp #grapheneos #lineageos #bigtech #enshittification #security #privacy #digitalsovereignty #usa #eu #europe #politics #germany #commerzbank
https://discuss.grapheneos.org/d/28440-commerzbank-one-of-the-largest-german-banks-bans-grapheneos
There is literally zero reason why banking apps shouldn't work on GrapheneOS, and yet so many European financial institutions prefer to rely on the security assurances of megacorporations controlled by a foreign country.
At least I hope that the current geopolitical madness will contribute to stopping this plague.
#google #android #aosp #grapheneos #lineageos #bigtech #enshittification #security #privacy #digitalsovereignty #usa #eu #europe #politics #germany #commerzbank
GrapheneOS Discussion Forum
Commerzbank (one of the largest German banks) bans GrapheneOS - GrapheneOS Discussion Forum
🖕6
...le of recording video.
dmidecode tells me this is a LENOVO Yoga 9 2-in-1 14ILL10 (P/N:83LC)
Command I used for anyone to replicate the finding. (I was on bog standard Kali, but I'm sure you'll figure out your device names if they change under other distros):
vlc v4l2:///dev/video0 -vv --v4l2-width=320 --v4l2-height=240 & vlc v4l2:///dev/video2 -vv --v4l2-width=320 --v4l2-height=240
#Cyber #Security #Infosec #Lenovo #Privacy #Hacking
dmidecode tells me this is a LENOVO Yoga 9 2-in-1 14ILL10 (P/N:83LC)
Command I used for anyone to replicate the finding. (I was on bog standard Kali, but I'm sure you'll figure out your device names if they change under other distros):
vlc v4l2:///dev/video0 -vv --v4l2-width=320 --v4l2-height=240 & vlc v4l2:///dev/video2 -vv --v4l2-width=320 --v4l2-height=240
#Cyber #Security #Infosec #Lenovo #Privacy #Hacking
Motorola announces partnership with Graphene OS to bring us secure phones!
https://motorolanews.com/motorola-three-new-b2b-solutions-at-mwc-2026/
So the mysterious manufacturer GOS was working with was Motorola, not OnePlus as early speculations suggested. This is good news, Motorola is owned by Lenovo and makes cool phones!
Reminder that Graphene OS is still based on AOSP and therefore, IMHO, eventually doomed to succumb to Google's shenanigans. However, for now and for the foreseeable future, that's the best we can have.
#grapheneos #motorola #android #aosp #linux #pixel #google #enshittification #security #privacy
https://motorolanews.com/motorola-three-new-b2b-solutions-at-mwc-2026/
So the mysterious manufacturer GOS was working with was Motorola, not OnePlus as early speculations suggested. This is good news, Motorola is owned by Lenovo and makes cool phones!
Reminder that Graphene OS is still based on AOSP and therefore, IMHO, eventually doomed to succumb to Google's shenanigans. However, for now and for the foreseeable future, that's the best we can have.
#grapheneos #motorola #android #aosp #linux #pixel #google #enshittification #security #privacy
Global Blog
Motorola News | Motorola's new partnership with GrapheneOS
Motorola announces three new B2B solutions at MWC 2026, including GrapheneOS partnership, Moto Analytics and more.
🍾7
#Telegram fork #Nekogram has been caught collecting users' phone numbers for OSINT bots with a secret function in the official release binaries.
https://github.com/Nekogram/Nekogram/issues/336
https://github.com/RomashkaTea/nekogram-proof-of-logging
There also was a debug function in #Cherrygram, another fork, immediately removed after the news about Nekogram broke out, although the dev says it was an innocuous unused debug function, but I think it's weird that it sent your phone number to Google Firebase Analytics though.
#Privacy #Security #FOSS
https://github.com/Nekogram/Nekogram/issues/336
https://github.com/RomashkaTea/nekogram-proof-of-logging
There also was a debug function in #Cherrygram, another fork, immediately removed after the news about Nekogram broke out, although the dev says it was an innocuous unused debug function, but I think it's weird that it sent your phone number to Google Firebase Analytics though.
#Privacy #Security #FOSS
GitHub
[Spyware, Malicious code] Malicious Code Injection and User Data Leaking in Release Binaries · Issue #336 · Nekogram/Nekogram
Open-source third-party Telegram client with not many but useful modifications. - [Spyware, Malicious code] Malicious Code Injection and User Data Leaking in Release Binaries · Issue #336 · Nekogram/Nekogram
⚡1
An ex-Azure engineer published six essays arguing Microsoft's cloud has been on life support since 2008, and the cause isn't bad code. It's bad people decisions. Rushed launch, post-launch talent exodus, no testing discipline, no architectural vision. Sound familiar to anyone who's worked in a place that ships first and staffs later?
Now layer 2026 on top. Microsoft cut roughly 15,000 jobs in mid-2025. Coding agents are pumping out 4x more commits in 90 days. GitHub's unofficial uptime has slipped under 90% and the proposed fix is, wait for it, moving more of GitHub onto Azure. The same Azure the engineer says is held together with rushed decisions and wishful thinking.
🧠 The phrase that stuck with me is "knowledge dilution from high attrition." When the senior people who knew why a system was built that way leave, no LLM in the world can recover that context
🤖 More AI-written code does not mean less work. It means more code to review, test, deploy, and run, which means more compute and more humans needed downstream
📉 OpenAI signing an $11.9B compute deal with CoreWeave in March 2025 was the loudest "we don't trust your capacity" signal Microsoft has ever received from its closest partner
🪑 The bet that AI lets you cut headcount keeps colliding with the reality that AI generates work for humans faster than it removes it
Every CIO I talk to is being pitched the same dream: fewer engineers, more agents, lower run rate. The Azure story is what happens when that math doesn't pencil out and the bill comes due in incidents instead of dollars.
https://www.theregister.com/2026/04/04/azure_talent_exodus/
#Azure #AI #Leadership #security #privacy #cloud #infosec #cybersecurity #software #devops
Now layer 2026 on top. Microsoft cut roughly 15,000 jobs in mid-2025. Coding agents are pumping out 4x more commits in 90 days. GitHub's unofficial uptime has slipped under 90% and the proposed fix is, wait for it, moving more of GitHub onto Azure. The same Azure the engineer says is held together with rushed decisions and wishful thinking.
🧠 The phrase that stuck with me is "knowledge dilution from high attrition." When the senior people who knew why a system was built that way leave, no LLM in the world can recover that context
🤖 More AI-written code does not mean less work. It means more code to review, test, deploy, and run, which means more compute and more humans needed downstream
📉 OpenAI signing an $11.9B compute deal with CoreWeave in March 2025 was the loudest "we don't trust your capacity" signal Microsoft has ever received from its closest partner
🪑 The bet that AI lets you cut headcount keeps colliding with the reality that AI generates work for humans faster than it removes it
Every CIO I talk to is being pitched the same dream: fewer engineers, more agents, lower run rate. The Azure story is what happens when that math doesn't pencil out and the bill comes due in incidents instead of dollars.
https://www.theregister.com/2026/04/04/azure_talent_exodus/
#Azure #AI #Leadership #security #privacy #cloud #infosec #cybersecurity #software #devops
The Register
Ex-Microsoft engineer believes Azure problems stem from talent exodus
: The cloud service's woes reflect a crisis made worse by AI – under-investment in people
Linux security flaws Dirty Frag and Copy Fail are a good reminder to stay up to date https://www.gamingonlinux.com/2026/05/linux-security-flaws-dirty-frag-and-copy-fail-are-a-good-reminder-to-stay-up-to-date/
#Linux #OpenSource #Security
#Linux #OpenSource #Security
GamingOnLinux
Linux security flaws Dirty Frag and Copy Fail are a good reminder to stay up to date
Have you run your Linux distribution updates recently? You probably should, because Dirty Frag and Copy Fail are coming for you.
❤🔥3
Researchers found Microsoft Edge loads every saved password into plaintext memory at launch, increasing exposure after session compromise 🔐
Unlike other Chromium browsers, Edge keeps credentials readable in RAM, raising scraping risks on shared and admin-access systems 🛡️
🔗 https://proton.me/business/blog/microsoft-edge-passwords-exposed
#TechNews #Browser #MicrosoftEdge #Microsoft #Edge #Cybersecurity #PasswordManager #Privacy #FOSS #OpenSource #Security #Encryption #Windows #Passwords #DataProtection #Infosec
Unlike other Chromium browsers, Edge keeps credentials readable in RAM, raising scraping risks on shared and admin-access systems 🛡️
🔗 https://proton.me/business/blog/microsoft-edge-passwords-exposed
#TechNews #Browser #MicrosoftEdge #Microsoft #Edge #Cybersecurity #PasswordManager #Privacy #FOSS #OpenSource #Security #Encryption #Windows #Passwords #DataProtection #Infosec
Proton
Microsoft Edge security alert: All saved passwords unencrypted | Proton
Microsoft Edge keeps all saved passwords in plaintext memory instead of encrypting them. Here’s what you risk and what you should do instead.
→ Meta Silently Added Face-Recognition Code for Its #Smart Glasses to Millions of Phones
https://www.wired.com/story/meta-smart-glasses-face-recognition-nametag-connections/
“"The feature is not yet exposed to consumers but seems nearly ready to go," says [Cooper Quintin, a #security researcher and senior public interest technologist with the nonprofit Electronic Frontier Foundation’s Threat Lab]. "Despite the billions of reasons not to, #Meta seems to have created the capacity to turn their customers into a distributed #surveillance machine."”
#Face
https://www.wired.com/story/meta-smart-glasses-face-recognition-nametag-connections/
“"The feature is not yet exposed to consumers but seems nearly ready to go," says [Cooper Quintin, a #security researcher and senior public interest technologist with the nonprofit Electronic Frontier Foundation’s Threat Lab]. "Despite the billions of reasons not to, #Meta seems to have created the capacity to turn their customers into a distributed #surveillance machine."”
#Face
WIRED
Meta Silently Added Face-Recognition Code for Its Smart Glasses to Millions of Phones
Code reviewed by WIRED uncovered an unreleased face-recognition system embedded in Meta’s smart glasses platform. It’s designed to identify people via biometric data stored on users’ phones.
🤬1
https://www.404media.co/fcc-wants-to-kill-burner-phones-by-forcing-telecoms-to-get-all-customers-ids/
The FCC wants to make it impossible to buy "burner" phones, such as pre-paid phones not linked to your identity. They plan to do this by forcing all companies to store a ton of data about ALL phone users, including Copy of ID, and Verified address and a ton more info for both new & existing phone users, regardless of company or phone.
#FCC #Privacy #Security
The FCC wants to make it impossible to buy "burner" phones, such as pre-paid phones not linked to your identity. They plan to do this by forcing all companies to store a ton of data about ALL phone users, including Copy of ID, and Verified address and a ton more info for both new & existing phone users, regardless of company or phone.
#FCC #Privacy #Security
404 Media
FCC Wants to Kill Burner Phones By Forcing Telecoms to Get All Customers’ IDs
The FCC wants to legally force telecoms to collect new and renewing customers’ government issued identity number and physical address, impacting everyone from the privacy-conscious to domestic abuse survivors. “We never thought that would happen here.”
🤬1🆒1
The Arch Linux AUR had over 400 packages compromised with malware https://www.gamingonlinux.com/2026/06/the-arch-linux-aur-had-over-400-packages-compromised-with-malware/
#Linux #ArchLinux #Security
#Linux #ArchLinux #Security
GamingOnLinux
The Arch Linux AUR had over 400 packages compromised with malware
Looks like the Arch Linux AUR (Arch User Repository) needs some better security and package checks - as some malicious users compromised a lot of packages.
😁7🥰1😱1