Cybersecurity & cyberwarfare
Cybersecurity & cyberwarfare
RedhotcyberMalware nascosto nelle immagini SVG nei siti per adulti: il nuovo schema per nascondere Trojan
📌
Link all'articolo : https://www.redhotcyber.com/post/malware-nascosto-nelle-immagini-svg-nei-siti-per-adulti-il-nuovo-schema-per-nascondere-trojan/
#redhotcyber #hacking #cti #ai #online #it #cybercrime #cybersecurity #technology #news #cyberthreatintelligence #innovation #privacy
Cybersecurity & cyberwarfareMalware nascosto nelle immagini SVG nei siti per adulti: il nuovo schema per nascondere Trojan
Un nuovo schema per distribuire codice dannoso camuffato da immagini .svg è stato scoperto su decine di siti di contenuti per adulti stranieri. Come hanno scoperto gli esperti di Malwarebytes, gli aggressori incorporano codice JavaScript offuscato in tali file che, una volta cliccati, avviano una catena nascosta di script che termina con il download di Trojan.JS.Likejack.
Questo malware clicca silenziosamente sul pulsante “Mi piace” su un post predefinito di Facebook se la vittima ha un account aperto sul social network in quel momento. In questo modo, le pagine con contenuti espliciti ottengono maggiore visibilità e visibilità grazie ai browser compromessi.
SVG (Scalable Vector Graphics) si differenzia dai consueti .jpg e .png in quanto memorizza i dati come testo XML. Questo consente di ridimensionare l’immagine senza perdere qualità, ma consente anche di incorporare HTML e JavaScript al suo interno. Questa funzionalità ha da tempo attirato gli aggressori, poiché apre la strada ad attacchi XSS , HTML injection e attacchi DoS. In questo caso, gli autori dei file dannosi hanno utilizzato una tecnica JSFuck modificata, che codifica JavaScript in un set di caratteri, rendendo difficile l’analisi.
Dopo la decodifica iniziale, lo script carica nuovi frammenti di codice, anch’essi nascosti all’analisi. La fase finale dell’attacco è l’interazione forzata con gli elementi di Facebook, che viola le regole della piattaforma. Facebook blocca tali account, ma gli autori dello schema tornano rapidamente con nuovi profili.
Tecniche simili sono già state osservate in precedenza. Nel 2023, gli hacker hanno utilizzato il tag .svg per sfruttare una vulnerabilità XSS nel client web Roundcube e, nel giugno 2025, i ricercatori hanno registrato attacchi di phishing con una falsa finestra di accesso Microsoft, aperta anch’essa da un file SVG.
Malwarebytes ora collega i casi identificati a decine di siti WordPress che distribuiscono contenuti dannosi in modo simile.
L'articolo Malware nascosto nelle immagini SVG nei siti per adulti: il nuovo schema per nascondere Trojan proviene da il blog della sicurezza informatica.
Cybersecurity & cyberwarfare
RedhotcyberLa Cina punta sui robot umanoidi! Un pacchetto di misure in arrivo per 10.000 unità entro il 2027
📌 Link all'articolo : https://www.redhotcyber.com/post/la-cina-punta-sui-robot-umanoidi-un-pacchetto-di-misure-in-arrivo-per-10-000-unita-entro-il-2027/
#redhotcyber #hacking #cti #ai #online #it #cybercrime #cybersecurity #technology #news #cyberthreatintelligence #innovation #privacy
Cybersecurity & cyberwarfareLa Cina punta sui robot umanoidi! Un pacchetto di misure in arrivo per 10.000 unità entro il 2027
Pechino ha annunciato un pacchetto di misure di supporto per i robot umanoidi alla World Robot Conference (WRC) 2025, con l’obiettivo di raggiungere una capacità produttiva annuale di 10.000 unità entro il 2027. La nuova politica comprende iniziative volte ad ampliare gli scenari reali da parte dei robot e ampi sussidi che copriranno l’intera catena del valore della produzione di robot umanoidi.
Nell’ambito dell’iniziativa, hanno fatto parlare il Robomall, descritto come un negozio di robot 4S, e il Robot Restaurant aperto a Pechino. I locali sono progettati per creare canali di vendita per i robot e, al contempo, offrire al pubblico l’opportunità di interagire con la tecnologia.
Morgan Stanley ha affermato in una nota: “Riteniamo che il continuo sostegno del governo sarà fondamentale per accelerare l’adozione in Cina e affermare la leadership della Cina nel settore dei robot intelligenti su scala globale”.
Le iniziative della capitale rappresentano un passo significativo negli sforzi della Cina per diventare leader mondiale nella tecnologia e nella produzione di robot umanoidi.
Le misure annunciate a Pechino segnano un’accelerazione strategica nella corsa alla leadership globale nel settore dei robot umanoidi. Con obiettivi produttivi ambiziosi, sussidi estesi e iniziative concrete, la capitale cinese sta creando un ecosistema in cui industria, ricerca e consumatori possono interagire in maniera diretta, riducendo la distanza tra sviluppo tecnologico e applicazione pratica.
Se queste politiche avranno successo, la Cina non solo potrà consolidare il proprio vantaggio competitivo, ma potrebbe anche ridefinire il panorama mondiale della robotica intelligente.
Il sostegno governativo, unito a un’adozione più rapida in scenari reali, potrebbe trasformare i robot umanoidi da curiosità tecnologiche a componenti centrali della vita quotidiana e dell’economia globale.
L'articolo La Cina punta sui robot umanoidi! Un pacchetto di misure in arrivo per 10.000 unità entro il 2027 proviene da il blog della sicurezza informatica.
Cybersecurity & cyberwarfarePhysical Aimbot Shoots For Success In Valorant
Modern competitive games have a great deal of anti-cheat software working to make sure you can’t hack the games to get a competitive advantage. [[Kamal Carter] decided to work around this by building a physical aimbot for popular FPS Valorant.](https://www.youtube.com/watch?v=fr02fxc-5jo)
The concept is straightforward enough. [Kamal] decided to hardmount an optical mouse to a frame, while moving a mousepad around beneath it with an off-the-shelf Cartesian CNC platform, but modified to be driven by DC motors for quick response. This gave him direct control over the cursor position which is largely undistinguishable from a human being moving the mouse. Clicking the mouse is achieved with a relay. As for detecting enemies and aiming at them, [Kamal] used an object detection system called YOLO. He manually trained the classifier to detect typical Valorant enemies and determine their position on the screen. The motors are then driven to guide the aim point towards the enemy, and the fire command is then given.
The system has some limitations—it’s really only capable of completing the shooting range challenges in Valorant. The vision model isn’t trained on the full range of player characters in Valorant, and it would prove difficult to use such a system in a competitive match. Still, it’s a neat way to demonstrate how games can be roboticized and beaten outside of just the software realm. Video after the break.
youtube.com/embed/fr02fxc-5jo?…
hackaday.com/2025/08/11/physic…
Cybersecurity & cyberwarfareCalipers: Do You Get What You Pay For?
Generally, you think that if you pay more for something, it must be better, right? But that’s not always true. Even if it is true at the lower end, sometimes premium brands are just barely better than the midrange. [Project Farm] looks at a bunch of different calipers — a constant fixture around the shop if you do any machining, 3D printing, or PCB layout. The price range spans from less than $10 for some Harbor Freight specials to brands like Mitutoyo, which cost well over $100. Where’s the sweet spot? See the video below to find out.
The first part of the video covers how much the units weigh, how smooth the action is, and how much force it takes to push it down. However, those are not what you probably care most about. The real questions are how accurate and repeatable they are.
If you just want a summary of the first part of the video, skip to the ten minute mark. The table there shows that the three instruments that have the most consistent force on the slide range in price from $27 to $72. The $454 pair (which, to be fair, included a micrometer) was number six by that measure. The smoothness factor, which is somewhat subjective, came in favor of the most expensive pair, but there was a $25 caliper that was nearly as good in the number two slot.
Using a calibration block and some special techniques, he attempts to see how accurate they all are. We wish he’d used millimeters instead of inches, but in the inch range, none of them are bad. Only one set had a real problem of not making consistent readings.
If you want to jump right to the tables again, jump to the 17:20 mark. With two exceptions, they were all mostly accurate and fell into three groups. We wondered if there are three different chipsets involved. The cheapest caliper in the first group cost $27 and was as good as the expensive Mitutoyo. The second group ranged from $18 to as much as $40 and were only 0.000675 inches (only 0.017145 mm) off from the higher group.
Which was the best? That table is at about the 18:00 minute mark. In all fairness, the best, by his estimation, did cost $144, so it was the second most expensive set in the review. But that’s still cheaper than the Mitutoyo, which placed third. The fourth-place set was good, too, and came in at $27. For a few bucks less, the sixth-place caliper was also good.
Do you know how to do all the measurements your calipers are capable of? Ever wonder what’s inside those things? We did too.
youtube.com/embed/z5KtKAee0jw?…
hackaday.com/2025/08/11/calipe…
Cybersecurity & cyberwarfare
Catalin CimpanuTalks from the What Hackers Yearn 2025 security conference, which took place over the weekend in the Netherlands, are available on YouTube.
https://www.youtube.com/playlist?list=PLnOI9rJWBVjGeiOrzhanv1Hjp9Xlf-Sqy
Cybersecurity & cyberwarfare
Catalin CimpanuSome Russian software companies raised prices by up to nine times after Western companies left the Russian market
The Russian Duma now wants to remove their intellectual property rights if they abuse the market
https://www.kommersant.ru/doc/7956905
Cybersecurity & cyberwarfareWatertight and Wireless in One Go: The DIY Sea Scooter
To every gadget, tool, or toy, you can reasonably think: ‘Sure I could buy this… but can I make it myself?’ And that’s where [Ben] decided he could, and got to work. On a sea scooter, to be exact.
This sea scooter was to be a fully waterproof, hermetically sealed 3D-printed underwater personal propulsion device, with the extreme constraint that the entire hull and mechanical interfaces are printed in one go. No post-printing holes for shafts, connectors, or seals. It also meant [Ben] needed to embed all electronics, motor, magnetic gearbox, custom battery pack, wireless charging, and non-contact magnetic control system inside the print during the actual print process.
As [Ben] explains, both Bluetooth and WiFi ranges are laughable once underwater. He elegantly solves this with a reed-switch-based magnetic control system. The non-contact magnetic drive avoids shaft penetrations entirely. Power comes from a custom 8S LiFePO₄ pack, charged wirelessly through the hull. Lastly, everything’s wrapped in epoxy to make it as watertight as a real submarine.
The whole trick of ‘print-in-place’ is that [Ben] pauses the builder mid-print, and drops in each subsystem like a secret ingredient. Continuing, he tweaks the printer’s Z-offset, and onwards it goes. It’s tense, high-stakes work; a 14-hour print where one nozzle crash means binning hundreds of dollars’ worth of embedded components.
Still, [Ben] took the chance, and delivered a cool, fully packed and fully working sea scooter. Comment below to discuss the possibilities of building one yourself.
youtube.com/embed/6IO8PidCOrc?…
hackaday.com/2025/08/11/watert…
Cybersecurity & cyberwarfare
Filippo ValsordaWish I had the time to get involved in the new code hosts. So many opportunities GitHub consistently missed.
e.g. a tlog of (optionally signed) git pushes, to use as offline-verifiable proof of provenance for any tag or commit. Unlike commit signing, no key management or client config. Instant win.