https://www.404media.co/fcc-wants-to-kill-burner-phones-by-forcing-telecoms-to-get-all-customers-ids/
The FCC wants to make it impossible to buy "burner" phones, such as pre-paid phones not linked to your identity. They plan to do this by forcing all companies to store a ton of data about ALL phone users, including Copy of ID, and Verified address and a ton more info for both new & existing phone users, regardless of company or phone.
#FCC #Privacy #Security
The FCC wants to make it impossible to buy "burner" phones, such as pre-paid phones not linked to your identity. They plan to do this by forcing all companies to store a ton of data about ALL phone users, including Copy of ID, and Verified address and a ton more info for both new & existing phone users, regardless of company or phone.
#FCC #Privacy #Security
404 Media
FCC Wants to Kill Burner Phones By Forcing Telecoms to Get All Customers’ IDs
The FCC wants to legally force telecoms to collect new and renewing customers’ government issued identity number and physical address, impacting everyone from the privacy-conscious to domestic abuse survivors. “We never thought that would happen here.”
🤬1🆒1
Didn't know #Flatpak apps can have internal updaters interacting with Flatpak directly so that they can update without the need for a graphical store like Discover or touching the command line. Handling things in Discover or the command line is probably more intuitive, but it's neat that apps can do this rather than trying to do their own thing only and possibly messing up files and introducing conflicts.
❤2
MANY ORPHANED AUR PACKAGES ARE BEING TARGETED WITH AN INFOSTEALER. official statement (fediverse discussion)
collection of detection scripts
the Arch User Repository package alvr has been orphaned, then adopted by a threat actor who immediately updated it with an infostealer. If you have this package on your system and updated it recently, you've been compromised. This is not a result of any upstream compromise; it's just that one AUR package. in particular, the alvr-bin sister package seems to be fine.
here's the relevant thread for alvr from the Arch Linux mailing list. alvr seems to be the first package compromised and/or the first one that was noticed. it was updated maliciously at 2026-06-11 13:53:45 UTC (2026-06-11T13:53:45.000Z) and reverted approximately 3-4 hours after that.
SEVERAL OTHER PACKAGES ARE BEING TARGETED WITH THE SAME MALWARE: 1, 2, 3, 4, 5
AUR mailing list megathread <-- over 400 (!!!!) packages have the malicious npm dependency
collection of detection scripts
the Arch User Repository package alvr has been orphaned, then adopted by a threat actor who immediately updated it with an infostealer. If you have this package on your system and updated it recently, you've been compromised. This is not a result of any upstream compromise; it's just that one AUR package. in particular, the alvr-bin sister package seems to be fine.
here's the relevant thread for alvr from the Arch Linux mailing list. alvr seems to be the first package compromised and/or the first one that was noticed. it was updated maliciously at 2026-06-11 13:53:45 UTC (2026-06-11T13:53:45.000Z) and reverted approximately 3-4 hours after that.
SEVERAL OTHER PACKAGES ARE BEING TARGETED WITH THE SAME MALWARE: 1, 2, 3, 4, 5
AUR mailing list megathread <-- over 400 (!!!!) packages have the malicious npm dependency
❤🔥2
i believe this is an up-to-date list of all packages that are known to be compromised
they all share in common that they will install the atomic-lockfile package from NPM. they were all orphan takeovers. as far as i can tell, all of the ones that have been noticed were reverted to known safe versions. including alvr.
THAT NPM PACKAGE HAS BEEN TAKEN DOWN, but there is another wave of this attack still ongoing! this time, the infected packages are installing js-digest or lockfile-js, also from npm registry (but using bun). js-digest was already taken down, but lockfile-js was published 2026-06-12 13:01:03 UTC (2026-06-12T13:01:03.000Z) and is still live right now !!
this is an infostealer, meaning it exfiltrates sensitive data from your system such as browser cookies, discord tokens, ssh keys, and container registry logins. removing the malware will not undo the damage; the attacker now has all your credentials. moreover, uninstalling the malicious package will not remove the malware because it persists as a systemd service that stays on your system indefinitely.
it executes as an npm preinstall script, and the npm package is installed by the AUR packages. this means that simply installing the malicious versions of any of these packages will compromise you. it does not require you to do anything more afterwards. again, the malware persists if you uninstall the malicious packages
to check if you've been compromised, look in /etc/systemd/system and ~/.config/systemd/user for a recently added .service file with a random name. that's the persistence mechanism and the most obvious mark that you've been compromised.
---
Attached is a screenshot of an announcement from the "Linux VR Adventures" discord.
i know we all hate discord, but LVRA has a lot of auxiliary discussion, so here's an invite link. (or at least, it had a lot of relevant discussion when the news broke and this post was much shorter; it's mostly quiet now as we realized the scope goes way beyond VR. this post is also now more complete than it was)
of special interest, here's a malware analysis thread. Feel free to follow it in real time, or contribute, or whatever. Whanos has produced a preliminary analysis blog post that contains a lot of important information about the malware.
they all share in common that they will install the atomic-lockfile package from NPM. they were all orphan takeovers. as far as i can tell, all of the ones that have been noticed were reverted to known safe versions. including alvr.
THAT NPM PACKAGE HAS BEEN TAKEN DOWN, but there is another wave of this attack still ongoing! this time, the infected packages are installing js-digest or lockfile-js, also from npm registry (but using bun). js-digest was already taken down, but lockfile-js was published 2026-06-12 13:01:03 UTC (2026-06-12T13:01:03.000Z) and is still live right now !!
this is an infostealer, meaning it exfiltrates sensitive data from your system such as browser cookies, discord tokens, ssh keys, and container registry logins. removing the malware will not undo the damage; the attacker now has all your credentials. moreover, uninstalling the malicious package will not remove the malware because it persists as a systemd service that stays on your system indefinitely.
it executes as an npm preinstall script, and the npm package is installed by the AUR packages. this means that simply installing the malicious versions of any of these packages will compromise you. it does not require you to do anything more afterwards. again, the malware persists if you uninstall the malicious packages
to check if you've been compromised, look in /etc/systemd/system and ~/.config/systemd/user for a recently added .service file with a random name. that's the persistence mechanism and the most obvious mark that you've been compromised.
---
Attached is a screenshot of an announcement from the "Linux VR Adventures" discord.
i know we all hate discord, but LVRA has a lot of auxiliary discussion, so here's an invite link. (or at least, it had a lot of relevant discussion when the news broke and this post was much shorter; it's mostly quiet now as we realized the scope goes way beyond VR. this post is also now more complete than it was)
of special interest, here's a malware analysis thread. Feel free to follow it in real time, or contribute, or whatever. Whanos has produced a preliminary analysis blog post that contains a lot of important information about the malware.
Discord
Join the Linux VR Adventures Discord Server!
We discuss topics about the Linux VR experience. Anyone who uses VR on Linux or is interested is welcome. | 7875 members
#IntelligenzaArtificiale alla polizia, il Governo approva i decreti. #Piantedosi: “Non sarà un Grande Fratello”.
Il Consiglio dei ministri ha approvato in esame preliminare due decreti legislativi per adeguare la normativa italiana ai regolamenti europei. Uno dei passaggi riguarda l’uso dei sistemi di #AI da parte delle forze di polizia per attività di videosorveglianza, riconoscimento facciale e trattamento di dati biometrici collegati all’identificazione.
@tecnologia
https://www.greenme.it/scienza-e-tecnologia/social-e-web/intelligenza-artificiale-alla-polizia-il-governo-approva-i-decreti-piantedosi-non-sara-un-grande-fratello/
Il Consiglio dei ministri ha approvato in esame preliminare due decreti legislativi per adeguare la normativa italiana ai regolamenti europei. Uno dei passaggi riguarda l’uso dei sistemi di #AI da parte delle forze di polizia per attività di videosorveglianza, riconoscimento facciale e trattamento di dati biometrici collegati all’identificazione.
@tecnologia
https://www.greenme.it/scienza-e-tecnologia/social-e-web/intelligenza-artificiale-alla-polizia-il-governo-approva-i-decreti-piantedosi-non-sara-un-grande-fratello/
greenMe
Intelligenza artificiale alla polizia, il Governo approva i decreti. Piantedosi: "Non sarà un Grande Fratello"
Il decreto porta l’intelligenza artificiale nelle attività di polizia: biometria, riconoscimento facciale e garanzie da verificare.
🖕3👎2
The Arch Linux AUR had over 400 packages compromised with malware https://www.gamingonlinux.com/2026/06/the-arch-linux-aur-had-over-400-packages-compromised-with-malware/
#Linux #ArchLinux #Security
#Linux #ArchLinux #Security
GamingOnLinux
The Arch Linux AUR had over 400 packages compromised with malware
Looks like the Arch Linux AUR (Arch User Repository) needs some better security and package checks - as some malicious users compromised a lot of packages.
😁7🥰1😱1
HERE WE GO! @stopkillinggames.bsky.social@bsky.brid.gy seems unstoppable now!
Despite the constant misrepresentation from industry lobbyists, the demands from the movement have a high chance of leading to actual protection legislation. The latest update:
The decision is being made on Stop Killing Games! + The ESA can't stop lying.
Despite the constant misrepresentation from industry lobbyists, the demands from the movement have a high chance of leading to actual protection legislation. The latest update:
The decision is being made on Stop Killing Games! + The ESA can't stop lying.
❤3❤🔥1🌚1
Double the updates! Our mobile beta is now available on Github for Android users, AND, we are excited to launch Fluxer v2!
https://fluxer.app/blog/mobile-clients-and-fluxer-v2
Mobile clients and Fluxer v2 |...
https://fluxer.app/blog/mobile-clients-and-fluxer-v2
Mobile clients and Fluxer v2 |...
Fluxer
Mobile clients and Fluxer v2 | Fluxer
Fluxer v2 is out, mobile clients are open source, self-hosting is improving, and public development is moving back to GitHub.
❤4👎2
The idea of a smart-dumb flip phone that doesn't spy on you is really cool and features like a high quality DAC and the LEDs are quite unique, but the high price and the abundance of "AI" slop images on the website killed the hype for me almost immediately. Feels somewhat insulting. The choice of OS (SailfishOS) is probably fine, even though they could have chosen a slightly more open option, but the UIs they showed are all different and likely "AI" slop too.
@82mhz@mastodon.bsd.cafe https://mastodon.bsd.cafe/@82mhz/116758732689711358
@82mhz@mastodon.bsd.cafe https://mastodon.bsd.cafe/@82mhz/116758732689711358
BSD.cafe Mastodon Portal
Andreas (82MHz) (@82mhz@bsd.cafe)
#Commodore event right now:
https://www.youtube.com/watch?v=ixD_fqrnA_c
https://www.youtube.com/watch?v=ixD_fqrnA_c
🤡1
Since the bridge bot is still dogshit, I gotta specify I'm talking about the Commodore Callback.
https://commodore.net/callback/
https://commodore.net/callback/
Plasma 6.7 is out and landing soon on your distro of choice!
You can look forward to easier menu customization, better control over your mics, and, as for virtual desktops... Well, well, well! You get keyboard navigation and the much anticipated feature of having separate virtual desktops on different monitors.
Find out about all the new stuff packed into Plasma 6.7 here:
https://kde.org/announcements/plasma/6/6.7.0/
#Plasma6 #desktop #FreeSoftware #OpenSource
---
Become a Supporting Member:
https://kde.org/anniversaries/30/
You can look forward to easier menu customization, better control over your mics, and, as for virtual desktops... Well, well, well! You get keyboard navigation and the much anticipated feature of having separate virtual desktops on different monitors.
Find out about all the new stuff packed into Plasma 6.7 here:
https://kde.org/announcements/plasma/6/6.7.0/
#Plasma6 #desktop #FreeSoftware #OpenSource
---
Become a Supporting Member:
https://kde.org/anniversaries/30/
💩1
European Commission rejects new laws for Stop Destroying Videogames https://www.gamingonlinux.com/2026/06/european-commission-rejects-new-laws-for-stop-destroying-videogames/
#EU #Gaming #StopDestroyingVideogames #StopKillingGames
#EU #Gaming #StopDestroyingVideogames #StopKillingGames
GamingOnLinux
European Commission rejects new laws for Stop Destroying Videogames
The European Commission released their full position now on the Stop Destroying Videogames initiative, and it's not the response many will have been hoping for.
😭10💩4🌚1
La scadenza del certificato Secure Boot di Microsoft sta creando dubbi tra gli utenti Linux. Ecco cosa cambia davvero e quali controlli conviene effettuare sul proprio sistema. #Linux #SecureBoot #UEFI #Fedora #Ubuntu #OpenSource
https://www.linuxeasy.org/scade-certificato-secure-boot-microsoft-linux/?utm_source=mastodon&utm_medium=jetpack_social
https://www.linuxeasy.org/scade-certificato-secure-boot-microsoft-linux/?utm_source=mastodon&utm_medium=jetpack_social
Linux Easy
Scade il certificato Secure Boot Microsoft per Linux: cosa cambia davvero
Il certificato Secure Boot Microsoft del 2011 per Linux scade a giugno 2026, ma i sistemi moderni continueranno ad avviarsi senza problemi.
💋2
Just found out Yotsuba&! came out in Italy.
Enjoy everything!
Enjoy everything!
❤12