Friendica Social Network

Eugene McParland 🇺🇦

2 mesi fa • •

Eugene McParland 🇺🇦
2 mesi fa • •

#Zelenskyy: Peace Plan Must Include Equal Withdrawals and Clear Governance

Zelenskyy said that the US proposal for a compromise regarding Donetsk contains a number of unresolved questions and does not align with Ukraine’s interests.

united24media.com/latest-news/…

Zelenskyy: Peace Plan Must Include Equal Withdrawals and Clear Governance

President Zelenskyy critiques the US compromise on Donetsk, highlighting unanswered questions and urging equitable troop withdrawal for Ukraine's interests.

^{Dariia Mykhailenko (UNITED24 Media)}

#zelenskyy

reshared this

quinta - Stefano Quintarelli

2 mesi fa • •

quinta - Stefano Quintarelli
2 mesi fa • •

Erik Soelberg Blames ChatGPT for a Murder-Suicide That Shattered His Family – WSJ blog.quintarelli.it/2025/12/er…

Erik Soelberg Blames ChatGPT for a Murder-Suicide That Shattered His Family – WSJ – Quinta’s weblog

^{blog.quintarelli.it}

quinta - Stefano Quintarelli

2 mesi fa • •

quinta - Stefano Quintarelli
2 mesi fa • •

Satelliti LEO D2C e D2D: mai sostitutivi delle torri mobili – Key4biz blog.quintarelli.it/2025/12/sa…

Satelliti LEO D2C e D2D: mai sostitutivi delle torri mobili – Key4biz – Quinta’s weblog

^{blog.quintarelli.it}

cR0w

2 mesi fa • •

cR0w
2 mesi fa • •

RE: infosec.exchange/@catsalad/115…

I wonder what happens if I quote your toot and you edit yours to quote mine.

Cat 🐈🥗 (D.Burch) :blobcatrainbow: (@catsalad@infosec.exchange)

Hey @cR0w, I heard if you post, quote that post, then edit the first to quote the second it does this: :aneobot_explode:

^{Cat 🐈🥗 (D.Burch) :blobcatrainbow: (Infosec Exchange)}

in reply to cR0w

Jerry 🦙💝🦙

in reply to cR0w • 2 mesi fa • •

why do I get the feeling I’m gonna get an outage alert for this instance sometime tonight?

SwiftOnSecurity

2 mesi fa • •

SwiftOnSecurity
2 mesi fa • •

Months ago I got a nut milk maker.

"I don't remember being drunk enough to buy this."

Put it away.

Today, pick up box - curious. Look at label. It's my neighbor's lol.

in reply to SwiftOnSecurity

Jerry 🦙💝🦙

in reply to SwiftOnSecurity • 2 mesi fa • •

🏴‍☠️

Matt Nordhoff

2 mesi fa • •

Matt Nordhoff
2 mesi fa • •

The advantage of December birthday is that you can beg your parents for one really expensive present, instead of separate birthday and Christmas presents like normal.

The disadvantage is shit's only festive once per year and they're both sort of diluted.

Questa voce è stata modificata (2 mesi fa)

in reply to Matt Nordhoff

Jerry 🦙💝🦙

in reply to Matt Nordhoff • 2 mesi fa • •

I can relate to that. Mine is shortly after Xmas

Alex Vega Díaz

2 mesi fa • •

Alex Vega Díaz
2 mesi fa • •

Amigos de Mastodon, se termina este día Jueves, por tanto llega el momento adecuado para descansar. Ojalá cada uno de ustedes hayan podido tener un lindo día. Saludos.🤗🤗🤗🤗

quinta - Stefano Quintarelli

2 mesi fa • •

quinta - Stefano Quintarelli
2 mesi fa • •

Scammers are poisoning AI search results to steer you straight into their traps – here’s how | ZDNET blog.quintarelli.it/2025/12/sc…

Scammers are poisoning AI search results to steer you straight into their traps – here’s how | ZDNET – Quinta’s weblog

^{blog.quintarelli.it}

in reply to quinta - Stefano Quintarelli

GaMe

in reply to quinta - Stefano Quintarelli • 2 mesi fa • •

a proposito del tema "come fa un LLM ha valutare la reputazione" dei link che utilizza per fornire la risposta, do per scontato che i chatbot usino un indice esterno (Google o Bing) per fare la ricerca, affidandosi quindi al ranking di questi motori.
Ma non è detto che questo aiuti per contrastare il poisoning

in reply to GaMe

quinta - Stefano Quintarelli

in reply to GaMe • 2 mesi fa • •

@game credo che google, competitor di openai, non lasci openai verificare i suoi dati... potrebbero avere quelli di microsoft, che non sono certamente parimente equivalenti

@GaMe

Dr. Jim Ellsworth

2 mesi fa • •

Dr. Jim Ellsworth
2 mesi fa • •

RE: union.place/@jaythurbershow/11…

This IS a good time to help @jerry for a last-minute...I was GOING to say "tax writeoff," but I honestly don't know whether he's got it set up as a charity or not.

So maybe just a good feeling, at Christmastime 😇

Jay Thurber Show (@jaythurbershow@union.place)

Attached: 1 image Fediverse pals, if your instance is run by a non-profit organization or a volunteer, now is a good time to see if they need a donation.

^{Jay Thurber Show (The Union Place)}

@Jerry 🦙💝🦙

in reply to Dr. Jim Ellsworth

Jerry 🦙💝🦙

in reply to Dr. Jim Ellsworth • 2 mesi fa • •

well, I have no income and the donations go to hosting expenses so it is a wash on taxes.

Questa voce è stata modificata (2 mesi fa)

in reply to Jerry 🦙💝🦙

Jerry 🦙💝🦙

in reply to Jerry 🦙💝🦙 • 2 mesi fa • •

and thank you for the support!

in reply to Jerry 🦙💝🦙

Dr. Jim Ellsworth

in reply to Jerry 🦙💝🦙 • 2 mesi fa • •

Thank you for YOUR hard work!

in reply to Jerry 🦙💝🦙

Dr. Jim Ellsworth

in reply to Jerry 🦙💝🦙 • 2 mesi fa • •

I meant for your donors. If you've incorporated the instance as a 501(c)(3) then they could deduct their contributions....

in reply to Dr. Jim Ellsworth

Jerry 🦙💝🦙

in reply to Dr. Jim Ellsworth • 2 mesi fa • •

ah - fair point. I should do look into that. Sorry

macfranc

2 mesi fa • •

macfranc
2 mesi fa • •

Liam Neeson presta la propria voce a un documentario novax e pro-RFK e definisce i vaccini mRNA contro il COVID "esperimenti pericolosi"

Il "documentario" Plague of Corruption: 80 Years of Pharmaceutical Corruption Exposed presenta una serie di affermazioni screditate sui vaccini, tra cui il fatto che causino autismo e tossicità da alluminio, e presenta la leadership di Kennedy nella politica sanitaria degli Stati Uniti come promettente.

Il film è basato su un libro scritto a quattro mani dalla ricercatrice caduta in disgrazia Dr. Judy Mikovits, nota per il suo ruolo nella serie Plandemic , e dall'avvocato Kent Heckenlively. Il libro è stato pubblicato da Children's Health Defense, il gruppo anti-vaccino multimilionario fondato da Kennedy.

L'addetto stampa di Neeson si troverà costretto a gestire una tempesta reputazionale che si profila ricca di criticità

... mostra di più

Liam Neeson Narrates Anti-Vax, Pro-RFK Documentary

The Taken actor can be heard calling mRNA COVID vaccines “dangerous experiments.”

^{Walker Bragman (Important Context)}

@Il Disinformatico @Dr Alex 🩺🚼 @Pills of Science 🧬 @Scienza e tecnologia @Enrico Bucci @Gerardo D’Amico

macfranc

2 mesi fa • •

macfranc
2 mesi fa • •

Contro la casa di vetro. Opacità, schedatura e potere nell’età digitale. 17° Convegno Nexa su Internet & Società a Torino Lunedì 15 dicembre 2025

Lunedì 15 dicembre 2025
ore 9.00 – 18.00

Sala Conferenze “Luigi Ciminiera”
DAUIN, Politecnico di Torino, 5° piano
Corso Castelfidardo 34/D, Torino (mappa)

Hashtag del convegno: #nexa2025

Per motivi organizzativi, è gradita la segnalazione della propria partecipazione all’indirizzo: Mobilizon

Con @smaurizi @RL @RossellaLatempa @avetro e altri che non sono ancora su mastodon 😅

L’ingresso è libero e gratuito fino ad esaurimento posti.

nexa.polito.it/conv2025/

@eticadigitale

17° Convegno Nexa su Internet & Società - Nexa Center for Internet & Society

Contro la casa di vetro. Opacità, schedatura e potere nell'età digitale | Lunedì 15 dicembre 2025 | Sala Luigi Ciminiera, DAUIN, Politecnico di Torino

^{Nexa Admin (Nexa Center for Internet & Society)}

#nexa2025 @stefania maurizi @Etica Digitale (Feddit) @Antonio Vetrò @Rossella Latempa

reshared this

Alex Vega Díaz

2 mesi fa • •

Alex Vega Díaz
2 mesi fa • •

Hermosa vista de Valparaíso, cuando se terminaba esta tarde.😃😃😃😃

Cybersecurity & cyberwarfare

2 mesi fa • •

Cybersecurity & cyberwarfare
2 mesi fa • •

Designing a Simpler Cycloidal Drive

A man's hands are holding an assembly of 3D-printed parts. There is a white backplate, with a yellow circular piece running through the middle. The yellow piece is surrounded by metal rods. Another blue shaft runs through the left side of the assembly. A rougly-diamond shaped plate encompasses both of these shafts.

Cycloidal drives have an entrancing motion, as well as a few other advantages – high torque and efficiency, low backlash, and compactness among them. However, much as [Sergei Mishin] likes them, it can be difficult to 3D-print high-torque drives, and it’s sometimes inconvenient to have the input and output shafts in-line. When, therefore, he came across a video of an industrial three-ring reducing drive, which works on a similar principle, he naturally designed his own 3D-printable drive.

The main issue with 3D-printing a normal cycloidal drive is with the eccentrically-mounted cycloidal plate, since the pins which run through its holes need bearings to keep them from quickly wearing out the plastic plate at high torque. This puts some unfortunate constraints on the size of the drive. A three-ring drive also uses an eccentric drive shaft to cause cycloidal plates to oscillate around a set of pins, but the input and output shafts are offset so that the plates encompass both the pins and the eccentric driveshaft. This simplifies construction significantly, and also makes it possible to add more than one input or output shaft.

As the name indicates, these drives use three plates 120 degrees out of phase with each other; [Sergei] tried a design with only two plates 180 degrees out of phase, but since there was a point at which the plates could rotate just as easily in either direction, it jammed easily. Unlike standard cycloidal gears, these plates use epicycloidal rather than hypocycloidal profiles, since they move around the outside of the pins. [Sergei] helpfully wrote a Python script that can generate profiles, animate them, and export to DXF. The final performance of these drives will depend on their design parameters and printing material, but [Sergei] tested a 20:1 drive and reached a respectable 9.8 Newton-meters before it started skipping.

Even without this design’s advantages, it’s still possible to 3D-print a cycloidal drive, its cousin the harmonic drive, or even more exotic drive configurations.

youtube.com/embed/WMgny-yDjvs?…

hackaday.com/2025/12/11/design…

Cybersecurity & cyberwarfare

2 mesi fa • •

Cybersecurity & cyberwarfare
2 mesi fa • •

Amiibo Emulator Becomes Pocket 2.4 GHz Spectrum Analyzer

As technology marches on, gear that once required expensive lab equipment is now showing up in devices you can buy for less than a nice dinner. A case in point: those tiny displays originally sold as Nintendo amiibo emulators. Thanks to [ATC1441], one of these pocket-sized gadgets has been transformed into 2.4 GHz spectrum analyzer.

These emulators are built around the Nordic nRF52832 SoC, the same chip found in tons of low-power Bluetooth devices, and most versions come with either a small LCD or OLED screen plus a coin cell or rechargeable LiPo. Because they all share the same core silicon, [ATC1441]’s hack works across a wide range of models. Don’t expect lab-grade performance; the analyzer only covers the range the Bluetooth chip inside supports. But that’s exactly whe

... mostra di più

Cybersecurity & cyberwarfare

2 mesi fa da Open app • •

Cybersecurity & cyberwarfare
2 mesi fa da Open app • •

Extremely Rare Electric Piano Restoration

Not only are pianos beautiful musical instruments that have stood the test of many centuries of time, they’re also incredible machines. Unfortunately, all machines wear out over time, which means it’s often not feasible to restore every old piano we might come across. But a few are worth the trouble, and [Emma] had just such a unique machine roll into her shop recently.

What makes this instrument so unique is that it’s among the first electric pianos to be created, and one of only three known of this particular model that survive to the present day. This is a Vivi-Tone Clavier piano which dates to the early 1930s. In an earlier video she discusses more details of its inner workings, but essentially it uses electromagnetic pickups like a guitar to detect vibrations in plucked metal re

... mostra di più

Extremely Rare Electric Piano Restoration

To begin the restoration, [Emma] removes the action and then lifts out all of the keys from the key bed. This instrument is almost a century old so it was quite dirty and needed to be cleaned. The key pins are lubricated, then the keys are adjusted so that they all return after being pressed. From there the keys are all adjusted so that they are square and even with each other. With the keys mostly in order, her attention turns to the action where all of the plucking mechanisms can be filed, and other adjustments made. The last step was perhaps the most tedious, which is “tuning” the piano by adjusting the pluckers so that all of the keys produce a similar amount or volume of sound, and then adding some solder to the reeds that were slightly out of tune.

With all of those steps completed, the piano is back in working order, although [Emma] notes that since these machines were so rare and produced so long ago there’s no real way to know if the restoration sounds like what it would have when it was new. This is actually a similar problem we’ve seen before on this build that hoped to model the sound of another electric instrument from this era called the Luminaphone.

youtube.com/embed/cEG7hD28dW4?…

Thanks to [Eluke] for the tip!

hackaday.com/2025/12/11/extrem…

Cybersecurity & cyberwarfare

2 mesi fa da Open app • •

Cybersecurity & cyberwarfare
2 mesi fa da Open app • •

CSRA: Perché serve un nuovo modo di percepire ciò che non riusciamo più a controllare

La cybersecurity vive oggi in una contraddizione quasi paradossale: più aumentano i dati, più diminuisce la nostra capacità di capire cosa sta accadendo. I SOC traboccano di log, alert, metriche e pannelli di controllo, eppure gli attacchi più gravi — dai ransomware alle campagne stealth di spionaggio — continuano a sfuggire alla vista proprio nel momento decisivo: quando tutto sta per cominciare.

Il problema non è l’informazione. Il problema è lo sguardo: la capacità di visualizzare ciò che conta!

Esistono strumenti perfetti per contare, classificare, correlare; molti meno per percepire.

Così, mentre la superficie digitale cresce in com

... mostra di più

CSRA: Perché serve un nuovo modo di percepire ciò che non riusciamo più a controllare

Il problema non è l’informazione. Il problema è lo sguardo: la capacità di visualizzare ciò che conta!

Esistono strumenti perfetti per contare, classificare, correlare; molti meno per percepire.

Così, mentre la superficie digitale cresce in complessità e velocità, continuiamo a osservare il cyberspace come un inventario di oggetti — server, IP, pacchetti — quando in realtà è un ambiente vivo, dinamico, pulsante, fatto di relazioni che cambiano forma.

Per provare a cambiare le cose nasce il Cyber Situational-Relational Awareness (CSRA): un modello che mette al centro la percezione.

1. Il vero problema non è tecnico: è percettivo.

Viviamo in un ecosistema digitale dove tutto produce segnali. Ogni servizio, applicazione, sensore, utente, processo automatico lascia una o più tracce. Non c’è mai stata così tanta “visibilità” a disposizione dei difensori. Eppure il paradosso persiste: gli attacchi vanno a segno, gli indicatori non bastano, la complessità ci sovrasta.

Il motivo è semplice: abbiamo un’enorme quantità di dati e di informazioni, ma pochissima consapevolezza del loro significato nel momento in cui cambia.

Gli strumenti tradizionali ci dicono cosa è successo, a volte cosa sta succedendo al momento, quasi mai cosa sta per accadere.
Manca la percezione del mutamento, di quella variazione sottile che precede l’incidente.

Il CSRA, concettualmente, nasce proprio per cogliere queste trasformazioni minime, che oggi si perdono nei rumori di fondo.

2. Il cyberspace non è un inventario di oggetti, ma un ecosistema di relazioni

Per trent’anni abbiamo sentito descrivere il cyberspace come un insieme di entità isolate: host, server, IP, router. Abbiamo costruito strumenti pensati per monitorare questi oggetti, ciascuno con i propri attributi e comportamenti misurabili. Ma la realtà degli attacchi moderni mostra un quadro completamente diverso.

Quando una minaccia si manifesta, non è l’oggetto a tradirla, ma la relazione tra oggetti.
Non è il server anomalo a dirci che sta succedendo qualcosa: è il modo in cui sta comunicando con altri nodi.
Non è un singolo pacchetto strano: è il ritmo delle sue interazioni.
Non è un evento isolato: è il cambiamento di una costellazione di micro-eventi.

Ecco la prima grande intuizione del CSRA: il nodo cyber non è un dispositivo, ma un piccolo ecosistema composto da un’entità — umana o automatica — e dalla tecnologia che usa per comunicare. Per comprenderlo occorre osservare come evolve nel tempo, non cosa è staticamente.

3. Comprendere un attacco significa ascoltare il ritmo della rete.

Ogni rete possiede un suo proprio ritmo: qualcuna presenta un alternarsi di picchi e quiete, altre una regolarità nelle connessioni, e poi ci sono le reti di lavoro con un andamento che si ripete giorno dopo giorno.
È proprio quando questo ritmo naturale si spezza — anche in maniera quasi impercettibile — che qualcosa comincia a muoversi.

Il CSRA si concentra su questo: sulla capacità di percepire un cambiamento di ritmo prima che diventi un incidente conclamato. Naturalmente non ogni deviazione implica un attacco: a volte si tratta di un malfunzionamento o di un cambio di abitudini. Ma è sempre meglio verificare.

Un attacco nelle prime fasi è quasi invisibile. Modifica una sequenza di azioni, altera un’abitudine, crea una piccola vibrazione nella rete. Una procedura automatica che diventa più attiva del solito; un nodo che stabilisce collegamenti imprevisti; un cluster che sembra muoversi in modo più irrequieto.

Queste vibrazioni sono i segnali precoci dell’incidente. Il CSRA è progettato per ascoltarli.

4. Lo “spazio locale”: dove la rete ci dice di guardare.

La rete è troppo vasta per essere osservata tutta allo stesso modo.
E qui nasce la seconda intuizione del CSRA: non tutto merita attenzione, almeno non nello stesso momento. Ogni trasformazione significativa parte da un punto preciso della rete. È lì, in quella piccola regione, che il ritmo si altera. Il CSRA identifica questa regione emergente e la trasforma in un “spazio locale”: una sorta di lente dinamica che si concentra proprio dove sta avvenendo il cambiamento.

Lo spazio locale non è predefinito: viene generato dalla rete stessa. È lei a segnalare dove posare lo sguardo. È questo meccanismo che permette a un sistema CSRA di non affogare nei dati e, allo stesso tempo, di accorgersi dei segnali giusti nel momento giusto.

5. La rete come paesaggio: quando ciò che era invisibile diventa evidente

Uno dei punti più affascinanti del CSRA è la sua capacità di trasformare la rete in un paesaggio visivo. Non una dashboard piena di numeri, ma una rappresentazione quasi geografica delle attività: alture che indicano intensità, valli che rivelano stabilità, creste che segnalano turbolenze.

Per la prima volta, l’analista può “vedere” l’incidente come si vede una perturbazione meteorologica: una zona che si scalda, si deforma, si muove. È un modo più naturale, quasi intuitivo, di percepire il cyberspace, che consente di cogliere immediatamente ciò che non torna, anche senza sapere in anticipo di cosa si tratti.

Questa rappresentazione non è un vezzo grafico: è una forma di consapevolezza.

Ciò che era nascosto diventa visibile.

6. Perché il CSRA potenzialmente potrebbe vedere ciò che gli altri strumenti non vedono.

La ragione è semplice e, allo stesso tempo, rivoluzionaria: il CSRA non cerca ciò che conosce, osserva ciò che cambia. Gli strumenti basati su firme, regole e pattern riconoscono solo ciò che è già stato codificato. Funzionano benissimo contro minacce note, molto meno contro tecniche nuove, attacchi creativi o comportamenti deliberatamente irregolari.

Il CSRA, invece, affronta il cyberspace come un organismo in continuo mutamento.
Quando un nodo inizia a comportarsi in modo inusuale, quando due sistemi improvvisano un dialogo imprevisto, quando una parte della rete si anima in modo anomalo, il CSRA lo percepisce immediatamente.

È un’attenzione simile a quella umana: istintiva, sensibile al movimento, orientata alla variazione. Dietro questa capacità percettiva c’è una matematica precisa: quella delle variazioni, dell’entropia e dei cambiamenti tra nodi connessi. Non servono formule per capirlo: conta il principio, quello di misurare come la rete si trasforma nel tempo.

7. Il CSRA è prima di tutto un nuovo modo di pensare.

Non è un software da aggiungere, né un modulo da integrare. È una nuova mentalità per affrontare la sicurezza in un mondo che cambia troppo velocemente. Il CSRA porta con sé un messaggio chiaro: non possiamo più limitarci a raccogliere dati. Dobbiamo imparare a percepire le trasformazioni.

Una rete osservata con il CSRA non è una collezione di oggetti tecnici, ma un ambiente vivo. Il SOC smette di essere un centro di allarmi e diventa un luogo di interpretazione, in cui la difesa non è una reazione tardiva ma un esercizio continuo di comprensione.

Conclusione: il CSRA è la percezione cyber del XXI secolo.

Il CSRA non introduce un altro strumento nell’infinita collezione già esistente. Introduce qualcosa di più importante: un nuovo modo di guardare il cyberspace.

Non come un elenco di entità isolate, ma come un tessuto di relazioni che respira, cambia e ci parla — se sappiamo ascoltarlo.

In un’epoca in cui gli attacchi si trasformano più rapidamente dei nostri modelli di difesa, percepire il cambiamento diventa una necessità strategica. E il CSRA rappresenta il primo passo verso questa nuova forma di consapevolezza.

Non è solo tecnologia. È una nuova capacità umana: vedere ciò che prima era invisibile.

L'articolo CSRA: Perché serve un nuovo modo di percepire ciò che non riusciamo più a controllare proviene da Red Hot Cyber.

Cybersecurity & cyberwarfare

2 mesi fa da Open app • •

Cybersecurity & cyberwarfare
2 mesi fa da Open app • •

Jenny’s Daily Drivers: Haiku R1/beta5

Back in the mid 1990s, the release of Microsoft’s Windows 95 operating system cemented the Redmond software company’s dominance over most of the desktop operating system space. Apple were still in their period in the doldrums waiting for Steve Jobs to return with his NeXT, while other would-be challengers such as IBM’s OS/2 or Commodore’s Amiga were sinking into obscurity.

... mostra di più

Jenny’s Daily Drivers: Haiku R1/beta5

Into this unpromising marketplace came Be inc, with their BeBox computer and its very nice BeOS operating system. To try it out as we did at a trade show some time in the late ’90s was to step into a very polished multitasking multimedia OS, but sadly one which failed to gather sufficient traction to survive. The story ended in the early 2000s as Be were swallowed by Palm, and a dedicated band of BeOS enthusiasts set about implementing a free successor OS. This has become Haiku, and while it’s not BeOS it retains API compatibility with and certainly feels a lot like its inspiration. It’s been on my list for a Daily Drivers article for a while now, so it’s time to download the ISO and give it a go. I’m using the AMD64 version.

A Joy To Use, After A Few Snags

If you ignore the odd font substitution in WebPositive, it’s a competent browser.
This isn’t the first time I’ve given Haiku a go in an attempt to write about it for this series, and I have found it consistently isn’t happy with my array of crusty old test laptops. So this time I pulled out something newer, my spare Lenovo Thinkpad X280. I was pleased to see that the Haiku installation USB volume booted and ran fine on this machine, and I was soon at the end of the install and ready to start my Haiku journey.

Here I hit my first snag, because sadly the OS hadn’t quite managed to set up its UEFI booting correctly. I thus found myself unexpectedly in a GRUB prompt, as the open source bootloader was left in place from a previous Linux install. Fixing this wasn’t too onerous as I was able to copy the relevant Haiku file to my UEFI partition, but it was a little unexpected. On with the show then, and in to Haiku.

In use, this operating system is a joy. Its desktop look and feel is polished, in a late-90s sense. There was nothing jarring or unintuitive, and though I had never used Haiku before I was never left searching for what I needed. It feels stable too, I was expecting the occasional crash or freeze, but none came. When I had to use the terminal to move the UEFI file it felt familiar to me as a Linux user, and all my settings were easy to get right.

Never Mind My Network Card

If only the network setup on my Thinkpad was as nice as the one in the VM.
I hit a problem when it came to network setup though, I found its wireless networking to be intermittent. I could connect to my network, but while DHCP would give it an IP address it failed to pick up the gateway and thus wasn’t a useful external connection. I could fix this by going to a fixed IP address and entering the gateway and DNS myself, and that gave me a connection, but not a reliable one. I would have it for a minute or two, and then it would be gone. Enough time for a quick software update and to load Hackaday on its WebPositive web browser, but not enough time to do any work. We’re tantalisingly close to a useful OS here, and I don’t want this review to end on that note.

The point of this series has been to try each OS in as real a situation as possible, to do my everyday Hackaday work of writing articles and manipulating graphics. I have used real hardware to achieve this, a motley array of older PCs and laptops. As I’ve described in previous paragraphs I’ve reached the limits of what I can do on real hardware due to the network issue, but I still want to give this one a fair evaluation. I have thus here for the first time used a test subject in a VM rather than on real hardware. What follows then is courtesy of Gnome Boxes on my everyday Linux powerhouse, so please excuse the obvious VM screenshots.

This One Is A True Daily Driver

There’s plenty of well-ported software, but nothing too esoteric.
With a Haiku install having a working network connection, it becomes an easy task to install software updates, and install new software. The library has fairly up-to-date versions of many popular packages, so I was easily able to install GIMP and LibreOffice. WebPositive is WebKit-based and up-to-date enough that the normally-picky Hackaday back-end doesn’t complain at me, so it more than fulfils my Daily Drivers requirement for an everyday OS I can do my work on. In fact, the ’90s look-and-feel and the Wi-Fi issues notwithstanding, this OS feels stable and solid in a way that many of the other minority OSes I’ve tried do not. I could use this day-to-day, and the Haiku Thinkpad could accompany me on the road.

There is a snag though, and it’s not the fault of the Haiku folks but probably a function of the size of their community; this is a really great OS, but sadly there are software packages it simply doesn’t have available for it. They’ve concentrated on multimedia, the web, games, and productivity in their choice of software to port, and some of the more esoteric or engineering-specific stuff I use is unsurprisingly not there. I can not fault them for this given the obvious work that’s gone into this OS, but it’s something to consider if your needs are complex.

Haiku then, it’s a very nice desktop operating system that’s polished, stable, and a joy to use. Excuse it a few setup issues and take care to ensure your Wi-Fi card is on its nice list, and you can use it day-to-day. It will always have something of the late ’90s about it, but think of that as not a curse but the operating system some of us wished we could have back in the real late ’90s. I’ll be finding a machine to hang onto a Haiku install, this one bears further experimentation.

hackaday.com/2025/12/11/jennys…

Cybersecurity & cyberwarfare

2 mesi fa • •

Cybersecurity & cyberwarfare
2 mesi fa • •

tinyCore Board Teaches Core Microcontroller Concepts

Looking for an educational microcontroller board to get you or a loved one into electronics? Consider the tinyCore – a small and nifty hexagon-shaped ESP32 board by [MR. INDUSTRIES], simplified for learning yet featureful enough to offer plenty of growth, and fully open.

The tinyCore board’s hexagonal shape makes it more flexible for building wearables than the vaguely rectangular boards we’re used to, and it’s got a good few onboard gadgets. Apart from already expected WiFi, BLE, and GPIOs, you get battery management, a 6DoF IMU (LSM6DSOX) in the center of the board, a micro SD card slot for all your data needs, and two QWIIC connectors. As such, you could easily turn it into, say, a smartwatch, a motion-sensitive tracker, or a controller for a small robot

... mostra di più

Droppie [opensoc]

2 mesi fa da Straya • •

Droppie [opensoc]
2 mesi fa da Straya • •

Hello @Raroun hope you're well. every now & then, when i have joined a different #Friendica instance in the past, i ask this same question of its Owners / Admins. always it's the same negative answer, but i live in hope!

on Masto & Sharkey instances, if the Admins are willing, it is technically possible to add FOSS emojis to the servers. consequently, on many of my instances i've been able to include these in various posts when applicable:

:linux: :archlinux: :kde: :plasma: :zenbrowser: :floorp: :firefox_nightly: :firefox: :thunderbird: :fedora: :opensuse: :debian:

so... is there yet any way that such emojis can be added to your instance, please?

cc: @Friendica Support

#FOSSemojis

#friendica #FOSSemojis @Friendica Support @Raroun

in reply to Droppie [opensoc]

Rainer "friendica" Sokoll

in reply to Droppie [opensoc] • 2 mesi fa • •

Use UTF-8.

Unknown parent

Droppie [opensoc]

Unknown parent • 2 mesi fa da Straya • •

@gme 🇺🇸🇺🇦🏳️‍⚧️🏳️‍🌈 thank you... albeit afaik i, as a mere end-user of this instance, cannot personally do anything with that info per se. @Raroun

@Raroun @users/gme

securityaffairs

2 mesi fa • •

securityaffairs
2 mesi fa • •

Critical #Gogs zero-day under attack, 700 servers hacked
securityaffairs.com/185593/hac…
#securityaffairs #hacking

Critical Gogs zero-day under attack, 700 servers hacked

Hackers exploited an unpatched Gogs zero-day, allowing remote code execution and compromising around 700 Internet-facing servers.

^{Pierluigi Paganini (Security Affairs)}

#hacking #securityaffairs #gogs

Cybersecurity & cyberwarfare

2 mesi fa • •

Cybersecurity & cyberwarfare
2 mesi fa • •

700.000 record di un Registro Professionale Italiano in vendita nel Dark Web

Un nuovo allarme arriva dal sottobosco del cybercrime arriva poche ore fa. A segnalarlo l’azienda ParagonSec, società specializzata nel monitoraggio delle attività delle cyber gang e dei marketplace clandestini, che ha riportato la comparsa su un forum underground di un presunto database contenente oltre 700.000 record appartenenti ad un Registro Professionale Italiano non meglio precisato.

L’annuncio, pubblicato da un utente che si firma gtaviispeak, descrive la disponibilità di una “fresh db” contenente una quantità impressionante di informazioni sensibili di un database ad oggi sconosciuto che contiene

... mostra di più

700.000 record di un Registro Professionale Italiano in vendita nel Dark Web

Disclaimer: Questo rapporto include screenshot e/o testo tratti da fonti pubblicamente accessibili. Le informazioni fornite hanno esclusivamente finalità di intelligence sulle minacce e di sensibilizzazione sui rischi di cybersecurity. Red Hot Cyber condanna qualsiasi accesso non autorizzato, diffusione impropria o utilizzo illecito di tali dati. Al momento, non è possibile verificare in modo indipendente l’autenticità delle informazioni riportate, poiché l’organizzazione coinvolta non ha ancora rilasciato un comunicato ufficiale sul proprio sito web. Di conseguenza, questo articolo deve essere considerato esclusivamente a scopo informativo e di intelligence.
Print Screen fornito da Paragon Sec a Red Hot Cyber

Il contenuto del database: un rischio elevatissimo

Secondo quanto riportato nel post, il database includerebbe una lunga lista di campi, tra cui:

Dati anagrafici completi: nome, cognome, sesso, luogo di nascita, data di nascita
Codice fiscale
Email e numeri telefonici (fissi e cellulari)
Password (non è noto di quale sito siano riferite)
Dati lavorativi: ente di lavoro, ruolo, categoria professionale
Indirizzi di residenza e domicilio
CAP, provincia, comune
Eventuali informazioni di gruppo e stato professionale
Dati amministrativi di registrazione
Indirizzo IP associato all’utente

La presenza di password in chiaro (o comunque disponibili nel dump) aumenta notevolmente il rischio di compromissioni successive, soprattutto se gli utenti riutilizzano le stesse credenziali su altri servizi.

La vendita avviene su Telegram

Il venditore invita gli interessati a contattarlo tramite un canale Telegram dedicato, una prassi ormai consolidata nelle dinamiche di vendita di database sottratti illegalmente. Nel post è presente anche un link a un presunto sample del dataset, finalizzato a dimostrare l’autenticità del materiale.

Una minaccia concreta per cittadini e aziende

Se confermato, questo leak rappresenta un rischio significativo per:

Frodi fiscali grazie alla disponibilità del codice fiscale
Phishing altamente mirato (spear phishing) basato su dati personali e professionali
Furti d’identità attraverso combinazioni di dati anagrafici, contatti e credenziali
Attacchi contro enti pubblici o professionali, sfruttando i dati lavorativi e l’email associata

Il livello di dettaglio dei campi elencati suggerisce che si tratti di un database istituzionale o comunque proveniente da una piattaforma amministrativa con dati certificati.

Sebbene un utente del forum abbia precisato che gli account non sarebbero ‘fresh’, ciò incide ben poco: informazioni come dati anagrafici, codice fiscale e recapiti non cambiano nel tempo. Di conseguenza, il materiale resta estremamente sensibile e può essere sfruttato con facilità per diverse tipologie di frodi.

Le fughe di dati provenienti da enti pubblici e registri professionali stanno aumentando in tutta Europa. I cybercriminali puntano sempre più su database certificati e ufficiali, poiché consentono attacchi più credibili e redditizi.

L'articolo 700.000 record di un Registro Professionale Italiano in vendita nel Dark Web proviene da Red Hot Cyber.

Cybersecurity & cyberwarfare

2 mesi fa • •

Cybersecurity & cyberwarfare
2 mesi fa • •

NetSupport RAT: il malware invisibile che gli antivirus non possono fermare

Gli specialisti di Securonix hanno scoperto una campagna malware multilivello volta a installare segretamente lo strumento di accesso remoto NetSupport RAT. L’attacco si sviluppa attraverso una serie di fasi accuratamente nascoste, ciascuna progettata per garantire la massima discrezione e lasciare tracce minime sul dispositivo compromesso.

Il download iniziale del codice dannoso inizia con un file JavaScript iniettato nei siti web hackerati. Questo script ha una struttura complessa e una logica nascosta che si attiva solo quando vengono soddisfatte determinate condizioni.

È in grado di rilevare il tipo di dispositivo dell’utente e

... mostra di più

NetSupport RAT: il malware invisibile che gli antivirus non possono fermare

È in grado di rilevare il tipo di dispositivo dell’utente e anche di registrare se è la prima volta che visita la pagina, consentendogli di eseguire azioni dannose una sola volta per dispositivo. Se le condizioni sono soddisfatte, lo script inietta un frame invisibile nella pagina o carica la fase successiva: un’applicazione HTML.

La seconda fase, riportano i ricercatori, prevede l’avvio di un file HTA, un’applicazione nascosta eseguita tramite lo strumento nativo di Windows mshta.exe. Estrae lo script PowerShell crittografato, lo decrittografa utilizzando un processo a più fasi e lo esegue direttamente in memoria. Ciò garantisce che tutte le attività dannose si verifichino senza creare file persistenti, ostacolando significativamente il rilevamento da parte del software antivirus.

Il passaggio finale prevede il download e l’installazione del NetSupport RAT. Per farlo, uno script di PowerShell scarica l’archivio, lo decomprime in una directory poco visibile e avvia il file eseguibile tramite un wrapper JScript. Per mantenerne la presenza nel sistema, viene creato un collegamento nella cartella di avvio, camuffato da componente di Windows Update. Questo approccio consente agli aggressori di mantenere l’accesso anche dopo il riavvio del dispositivo.

NetSupport RAT è uno strumento di amministrazione remota inizialmente legittimo, utilizzato attivamente dagli aggressori per attività di spionaggio, furto di dati e controllo remoto. Durante questa campagna, ottiene il pieno controllo del sistema infetto, intercettando l’input da tastiera, gestendo i file, eseguendo comandi e utilizzando funzioni proxy per navigare all’interno della rete.

Gli esperti stimano che l’infrastruttura dannosa sia costantemente sottoposta a manutenzione e aggiornamento e che la sua architettura indichi l’elevata competenza degli sviluppatori. L’attacco prende di mira gli utenti dei sistemi aziendali e si diffonde attraverso siti web falsi e reindirizzamenti nascosti. Nonostante l’elevato livello di sofisticazione, non è stato ancora possibile stabilire l’esatta affiliazione degli operatori con alcun gruppo criminale informatico noto.

La campagna rilevata evidenzia l’importanza di bloccare l’esecuzione di script non firmati, rafforzare il controllo sul comportamento dei processi di sistema, monitorare le directory di avvio e analizzare le attività di rete sospette. Si raccomanda particolare attenzione nel limitare l’uso di mshta.exe e nel monitorare i tentativi di download di file nelle cartelle %TEMP% e ProgramData.

L'articolo NetSupport RAT: il malware invisibile che gli antivirus non possono fermare proviene da Red Hot Cyber.

Antonella Ferrari

2 mesi fa da Fedilab • •

Antonella Ferrari
2 mesi fa da Fedilab • •

Repubblica e La Stampa. Una vicenda destinata a stravolgere quello che resta del mercato editoriale e del pluralismo dell’informazione

articolo21.org/2025/12/repubbl…

securityaffairs

2 mesi fa • •

securityaffairs
2 mesi fa • •

#GeminiJack zero-click flaw in #Gemini Enterprise allowed corporate data exfiltration
securityaffairs.com/185574/hac…
#securityaffairs #hacking

GeminiJack zero-click flaw in Gemini Enterprise allowed corporate data exfiltration

Google fixed GeminiJack, a zero-click Gemini Enterprise flaw that could leak corporate data via crafted emails, invites, or documents.

^{Pierluigi Paganini (Security Affairs)}

#hacking #gemini #securityaffairs #geminijack

Alex Vega Díaz

2 mesi fa • •

Alex Vega Díaz
2 mesi fa • •

Sigue esta nublada tarde en Valparaíso.😃😃😃😃

Random Penguin

2 mesi fa • •

Random Penguin
2 mesi fa • •

In the new theme I'm working on I've implemented an option to show a blue checkmark in posts for local accounts that have been self-verified. I was considering expanding the usefulness of that by having it show some other icon/color for Moderators and Administrators on that server, but when I looked into how to figure out who a Moderator is I learned there is no way to distinguish a Moderator from an Admin because there is no actual Moderator role in Friendia.

In UserSession.php the isModerator() function references the same function in User.php which says:

	/**
	 * Returns if the given uid is valid and a moderator
	 *
	 * @param int $uid
	 *
	 * @return bool
	 * @throws Exception

... mostra di più

In UserSession.php the isModerator() function references the same function in User.php which says:

	/**
	 * Returns if the given uid is valid and a moderator
	 *
	 * @param int $uid
	 *
	 * @return bool
	 * @throws Exception
	 */
	public static function isModerator(int $uid): bool
	{
		// @todo Replace with a moderator check in the future
		return self::isSiteAdmin($uid);
	}

So it seems there is no actual "Moderator" role, just "Administrator." And isSiteAdmin() just checks the user's email against getAdminEmailList() which, in turn, just gets the list of email addresses from the "admin_email" line of the site config file?

Is that "todo" slated to happen in the next release? Is Friendica going to have that actual "Moderator" role added so moderation can be delegated to people who are not also Admins? I assume it would be implemented similarly to the Admin Emails in the site config with similar functions for checking users against that list, and of course, anyone with Admin privileges would automatically also be a Moderator.

Still, this almost feels like something that should be part of the "Delegation" feature so someone with "Admin" privileges could just designate some other user as a "Moderator" without also granting them control of the admin account or giving them admin privileges. Since the "Moderation" screens are separate from the "Admin" ones anyway.

@Friendica Developers

in reply to Random Penguin

Hypolite Petovan

in reply to Random Penguin • 2 mesi fa • •

@Random Penguin The admin screen separation was the first step to have a proper Moderator role. I don’t know what Michael has in mind for granting the role but I think it’d be best to have a flag on the User model that wouldn’t require a config change for promotions/demotions.

@Random Penguin

in reply to Hypolite Petovan

Random Penguin

in reply to Hypolite Petovan • 2 mesi fa • •

Yeah, it feels like there should be another column in the user table for "role" or "capabilities." I suppose it would be relatively easy to copy the existing functions used for Admins and have a "moderator_emails" hard-coded into the config file. But as you say it would be nice if promotion/demotion didn't require editing the config file.

I know WordPress originally had a "user_level" meta key in the wp_usermeta table that was just an integer between 0-10. Zero basically couldn't do or see anything. 10 was a site Admin. In the Registered Users list the level had a minus sign before it and a plus sign after it, which Admins or Authors could click, respectively, to demote or promote a user. They abandoned this system sometime after version 2 in favor of a "capabilities" meta key (which is actually the user's "roles"). It's an array that allows fine-grain control of multiple roles:

array( 
       'administrator' => false, 
       'editor' => false,
       'author' => true,
       'contributor' => true,
       'su

... mostra di più

array( 
       'administrator' => false, 
       'editor' => false,
       'author' => true,
       'contributor' => true,
       'subscriber' => true
)

Which looks like this in the database:
"a:5:{s:13:"administrator";b:0;s:6:"editor";b:0;s:6:"author";b:1;s:11:"contributor";b:1;s:10:"subscriber";b:1;}"

The actual capabilities corresponding to each role are stored in the wp_options table under option_name "wp_user_roles" the value of which is also an array. A HUGE array, because there are so many capabilities.

WordPress clearly switched from integers to arrays so plugins (membership, e-commerce, forum, etc.) could define custom roles and capabilities, which could also be descriptive and immediately understood better than "user_level = 6" could.

The WordPress model might be a good way to implement proper roles in Friendica that could also mean being able to delegate to another user but have checkboxes for which of YOUR capabilities you want to extend to THEM, or better yet have sub-roles that can be delegated to them like "Group Moderator" or "Page Contributor" etc. And add-ons could add new roles and capabilities for some custom context. I mean, if Friendica is supposed to be a "Swiss Army Knife" of social media who knows what third-party devs might do with that?

As for implementing this and in a secure way, I'm not sure what all would need to be taken into account.

in reply to Random Penguin

Hypolite Petovan

in reply to Random Penguin • 2 mesi fa • •

@Random Penguin Capabilities are really flexible, but it would have to be wired in so many parts of the Friendica codebase that it isn't realistic given the (lack of) manpower Friendica enjoys at the moment.

It will have to be a simple flag at first, and then if need arises it could be made more complex.

@Random Penguin

in reply to Random Penguin

Michael 🇺🇦

in reply to Random Penguin • 2 mesi fa • •

I would like to have a separated "Moderator" role, but the sad truth is that I guess that I don't have the capacity to add it. There are a lot of things that would be nice to see them being added to Friendica, but my available time is limited. The list of issues on our repository is constantly growing and just maintaining and improving already existing functionality eats up most of my time.

I guess that we will only have this in the system when we find additional coding resources.

stefania maurizi

2 mesi fa • •

stefania maurizi
2 mesi fa • •

"The extremists do not want a two-state solution or a one-state solution. The extremists do not want to give us our state or be part of their state. They want the land without the people. They just want us gone".

Don't miss #EwenMacAskill's reportage from the #WestBank:

theguardian.com/world/2025/dec…

I used to report from the West Bank. Twenty years after my last visit, I was shocked by how much worse it is today

The long read: Among the many people I met, there was a pervasive feeling of hopelessness and a sense that resistance is slowly becoming a memory

^{Ewen MacAskill (The Guardian)}

#westbank #EwenMacAskill

JP

2 mesi fa • •

JP
2 mesi fa • •

TIME Magazine, which of course is now owned by tech billionaire Marc Benioff, used a riff on the famous 1932 photo of immigrant ironworkers "Lunch Atop a Skyscraper" to present various other tech billionaires as "the Architects of AI".
en.wikipedia.org/wiki/Lunch_at…

magazine cover with a photoshop composition showing Mark Zuckerberg, Sam Altman, Jensen Huang, Elon Musk and others sitting on a high rise construction beam in the style of the old photo, talking on or looking at their phones or laptops.

1932 photograph of workers atop the steelwork of 30 Rockefeller Plaza

^{Contributors to Wikimedia projects (Wikimedia Foundation, Inc.)}

in reply to JP

Hypolite Petovan

in reply to JP • 2 mesi fa • •

@JP I only learned about the headline because it has made a bunch of people angry on gambling platforms Polymarket and Kalshi, but I hadn't seen the picture, which is jarring. Both the terrible graphic design job, and the total job displacement that it implies.

@JP

CF Bolz-Tereick

2 mesi fa • •

CF Bolz-Tereick
2 mesi fa • •

I'm back on my bullshit: I just hacked together an abstract interpretation transfer function for addition to the JIT optimizations that QEMU does on its IR. I checked the transfer function for soundness with Z3 and the resulting binaries don't seem entirely broken 🎉 . no benchmarks yet though.

Unknown parent

CF Bolz-Tereick

Unknown parent • 2 mesi fa • •

it's fairly boring abstract interpretation, but the qemu jit optimizer/middle end does it. It has a known bits abstract domain and reasons about signed ranges (but rounded up to nearest power of two). Code is here: github.com/qemu/qemu/blob/mast…

Why do you ask?

qemu/tcg/optimize.c at master · qemu/qemu

Official QEMU mirror. Please see https://www.qemu.org/contribute/ for how to submit changes to QEMU. Pull Requests are ignored. Please only use release tarballs from the QEMU website. - qemu/qemu

^GitHub

Unknown parent

CF Bolz-Tereick

Unknown parent • 2 mesi fa • •

ah, you work on compcert, super cool!

I'm moving in the opposite direction. I've worked on JIT compilers for ages and have started to become more interested in pragmatic approaches for verifying parts of them. would you be interested in setting up a call some time next year?

Catalin Cimpanu

2 mesi fa • •

Catalin Cimpanu
2 mesi fa • •

MITRE has published the list of Top 25 most common software vulnerabilities of 2025, also known as the CWE Top 25

cwe.mitre.org/top25/archive/20…

CWE - 2025 CWE Top 25 Most Dangerous Software Weaknesses

Common Weakness Enumeration (CWE) is a list of software and hardware weaknesses.

^{cwe.mitre.org}

Catalin Cimpanu

2 mesi fa • •

Catalin Cimpanu
2 mesi fa • •

Looks like Notepad++ has fixed its update system: community.notepad-plus-plus.or…

This is after reports that users received malicious Notepad++ updates containing malware: doublepulsar.com/small-numbers…

Notepad++ v8.8.9: Vulnerability-fix

Notepad++ release 8.8.9 is available: https://notepad-plus-plus.org/news/v889-released/ Notepad++ v8.8.9 new security enhancement, new features, regression f...

^Community

Cybersecurity & cyberwarfare

2 mesi fa da Open app • •

Cybersecurity & cyberwarfare
2 mesi fa da Open app • •

Hunting for Mythic in network traffic

Post-exploitation frameworks

Threat actors frequently employ post-exploitation frameworks in cyberattacks to maintain control over compromised hosts and move laterally within the organization’s network. While they once favored closed-source frameworks, such as Cobalt Strike and Brute Ratel C4, open-source projects like Mythic, Sliver, and Havoc have surged in popularity in recent years. Malicious actors are also quick to adopt relatively new frameworks, such as Adaptix C2.

... mostra di più

Hunting for Mythic in network traffic

Post-exploitation frameworks

Analysis of popular frameworks revealed that their development focuses heavily on evading detection by antivirus and EDR solutions, often at the expense of stealth against systems that analyze network traffic. While obfuscating an agent’s network activity is inherently challenging, agents must inevitably communicate with their command-and-control servers. Consequently, an agent’s presence in the system and its malicious actions can be detected with the help of various network-based intrusion detection systems (IDS) and, of course, Network Detection and Response (NDR) solutions.

This article examines methods for detecting the Mythic framework within an infrastructure by analyzing network traffic. This framework has gained significant traction among various threat actors, including Mythic Likho (Arcane Wolf) и GOFFEE (Paper Werewolf), and continues to be used in APT and other attacks.

The Mythic framework

Mythic C2 is a multi-user command and control (C&C, or C2) platform designed for managing malicious agents during complex cyberattacks. Mythic is built on a Docker container architecture, with its core components – the server, agents, and transport modules – written in Python. This architecture allows operators to add new agents, communication channels, and custom modifications on the fly.

Since Mythic is a versatile tool for the attacker, from the defender’s perspective, its use can align with multiple stages of the Unified Kill Chain, as well as a large number of tactics, techniques, and procedures in the MITRE ATT&CK® framework.

Pivoting is a tactic where the attacker uses an already compromised system as a pivot point to gain access to other systems within the network. In this way, they gradually expand their presence within the organization’s infrastructure, bypassing firewalls, network segmentation, and other security controls.
Collection (TA0009) is a tactic focused on gathering and aggregating information of value to the attacker: files, credentials, screenshots, and system logs. In the context of network operations, collection is often performed locally on compromised hosts, with data then packaged for transfer. Tools like Mythic automate the discovery and selection of data sought by the adversary.
Exfiltration (TA0010) is the process of moving collected information out of the secured network via legitimate or covert channels, such as HTTP(s), DNS, or SMB, etc. Attackers may use resident agents or intermediate relays (pivot hosts) to conceal the exfiltration source and route.
Command and Control (TA0011) encompasses the mechanisms for establishing and maintaining a communication channel between the operator and compromised hosts to transmit commands and receive status updates. This includes direct connections, relaying through pivot hosts, and the use of covert protocols. Frameworks like Mythic provide advanced C2 capabilities, such as scheduled command execution, tunneling, and multi-channel communication, which complicate the detection and blocking of their activity.

This article focuses exclusively on the Command and Control (TA0011) tactic, whose techniques can be effectively detected within the network traffic of Mythic agents.

Detecting Mythic agent activity in network traffic

At the time of writing, Mythic supports data transfer over HTTP/S, WebSocket, TCP, SMB, DNS, and MQTT. The platform also boasts over a dozen different agents, written in Go, Python, and C#, designed for Windows, macOS, and Linux.

Mythic employs two primary architectures for its command network:

In this model, agents communicate with adjacent agents forming a chain of connections which eventually leads to a node communicating directly with the Mythic C2 server. For this purpose, agents utilize TCP and SMB.
In this model, agents communicate directly with the C2 server via HTTP/S, WebSocket, MQTT, or DNS.

P2P communication

Mythic provides pivoting capabilities via named SMB pipes and TCP sockets. To detect Mythic agent activity in P2P mode, we will examine their network traffic and create corresponding Suricata detection rules (signatures).

P2P communication via SMB

When managing agents via the SMB protocol, a named pipe is used by default for communication, with its name matching the agent’s UUID.

Although this parameter can be changed, it serves as a reliable indicator and can be easily described with a regular expression. Example:
[a-z0-9]{8}\-[a-z0-9]{4}\-[a-z0-9]{4}\-[a-z0-9]{4}\-[a-z0-9]{12}

For SMB communication, agents encode and encrypt data according to the pattern: base64(UUID+AES256(JSON)). This data is then split into blocks and transmitted over the network. The screenshot below illustrates what a network session for establishing a connection between agents looks like in Wireshark.

Commands and their responses are packaged within the MythicMessage data structure. This structure contains three header fields, as well as the commands themselves or the corresponding responses:

Total size (4 bytes)
Number of data blocks (4 bytes)
Current block number (4 bytes)
Base64-encoded data

The screenshot below shows an example of SMB communication between agents.

The agent (10.63.101.164) sends a command to another agent in the MythicMessage format. The first three Write Requests transmit the total message size, total number of blocks, and current block number. The fourth request transmits the Base64-encoded data. This is followed by a sequence of Read Requests, which are also transmitted in the MythicMessage format.

Below are the data transmitted in the fourth field of the MythicMessage structure.

The content is encoded in Base64. Upon decoding, the structure of the transmitted information becomes visible: it begins with the UUID of the infected host, followed by a data block encrypted using AES-256.

The fact that the data starts with a UUID string can be leveraged to create a signature-based detection rule that searches network packets for the identifier pattern.

To search for packets containing a UUID, the following signature can be applied. It uses specific request types and protocol flags as filters (Command: Ioctl (11), Function: FSCTL_PIPE_WAIT (0x00110018)), followed by a check to see if the pipe name matches the UUID pattern.
alert tcp any any -> any [139, 445] (msg: "Trojan.Mythic.SMB.C&C"; flow: to_server, established; content: "|fe|SMB"; offset: 4; depth: 4; content: "|0b 00|"; distance: 8; within: 2; content: "|18 00 11 00|"; distance: 48; within: 12; pcre: "/\x48\x00\x00\x00[\x00-\xFF]{2}([a-z0-9]\x00){8}\-\x00([a-z0-9]\x00){4}\-\x00([a-z0-9]\x00){4}\-\x00([a-z0-9]\x00){4}\-\x00([a-z0-9]\x00){12}$/R"; threshold: type both, track by_src, count 1, seconds 60; reference: url, github.com/MythicC2Profiles/sm… classtype: ndr1; sid: 9000101; rev: 1;)
Agent activity can also be detected by analyzing data transmitted in SMB WriteRequest packets with the protocol flag Command: Write (9) and a distinct packet structure where the BlobOffset and BlobLen fields are set to zero. If the Data field is Base64-encoded and, after decoding, begins with a UUID-formatted string, this indicates a command-and-control channel.
alert tcp any any -> any [139, 445] (msg: "Trojan.Mythic.SMB.C&C"; flow: to_server, established; dsize: > 360; content: "|fe|SMB"; offset: 4; depth: 4; content: "|09 00|"; distance: 8; within: 2; content: "|00 00 00 00 00 00 00 00 00 00 00 00|"; distance: 86; within: 12; base64_decode: bytes 64, offset 0, relative; base64_data; pcre: "/^[a-z0-9]{8}\-[a-z0-9]{4}\-[a-z0-9]{4}\-[a-z0-9]{4}\-[a-z0-9]{12}/"; threshold: type both, track by_src, count 1, seconds 60; reference: url, github.com/MythicC2Profiles/sm… classtype: ndr1; sid: 9000102; rev: 1;)
Below is the KATA NDR user interface displaying an alert about detecting a Mythic agent operating in P2P mode over SMB. In this instance, the first rule – which checks the request type, protocol flags, and the UUID pattern – was triggered.

It should be noted that these signatures have a limitation. If the SMBv3 protocol with encryption enabled is used, Mythic agent activity cannot be detected with signature-based methods. A possible alternative is behavioral analysis. However, in this context, it suffers from low accuracy and a high false-positive rate. The SMB protocol is widely used by organizations for various legitimate purposes, making it difficult to isolate behavioral patterns that definitively indicate malicious activity.

P2P communication via TCP

Mythic also supports P2P communications via TCP. The connection initialization process appears in network traffic as follows:

As with SMB, the MythicMessage structure is used for transmitting and receiving data. First, the data length (4 bytes) is sent as a big-endian DWORD in a separate packet. Subsequent packets transmit the number of data blocks, the current block number, and the data itself. However, unlike SMB packets, the value of the current block number field is always 0x00000000, due to TCP’s built-in packet fragmentation support.

The data encoding scheme is also analogous to what we observed with SMB and appears as follows: base64(UUID+AES256(JSON)). Below is an example of a network packet containing Mythic data.

The decoded data appears as follows:

Similar to communication via SMB, signature-based detection rules can be created for TCP traffic to identify Mythic agent activity by searching for packets containing UUID-formatted strings. Below are two Suricata detection rules. The first rule is a utility rule. It does not generate security alerts but instead tags the TCP session with an internal flag, which is then checked by another rule. The second rule verifies the flag and applies filters to confirm that the current packet is being analyzed at the beginning of a network session. It then decodes the Base64 data and searches the resulting content for a UUID-formatted string.
alert tcp any any -> any any (msg: "Trojan.Mythic.TCP.C&C"; flow: from_server, established; dsize: 4; stream_size: server, <, 6; stream_size: client, <, 3; content: "|00 00|"; depth: 2; pcre: "/^\x00\x00[\x00-\x5C]{1}[\x00-\xFF]{1}$/"; flowbits: set, mythic_tcp_p2p_msg_len; flowbits: noalert; threshold: type both, track by_src, count 1, seconds 60; reference: url, github.com/MythicC2Profiles/tc… classtype: ndr1; sid: 9000103; rev: 1;)

alert tcp any any -> any any (msg: "Trojan.Mythic.TCP.C&C"; flow: from_server, established; dsize: > 300; stream_size: server, <, 6000; stream_size: client, <, 6000; flowbits: isset, mythic_tcp_p2p_msg_len; content: "|00 00 00|"; depth: 3; content: "|00 00 00 00|"; distance: 1; within: 4; base64_decode: bytes 64, offset 0, relative; base64_data; pcre: "/^[a-z0-9]{8}\-[a-z0-9]{4}\-[a-z0-9]{4}\-[a-z0-9]{4}\-[a-z0-9]{12}/"; threshold: type both, track by_src, count 1, seconds 60; reference: url, github.com/MythicC2Profiles/tc… classtype: ndr1; sid: 9000104; rev: 1;)
Below is the NDR interface displaying an example of the two rules detecting a Mythic agent operating in P2P mode over TCP.

Egress transport modules

Covert Egress communication

For stealthy operations, Mythic allows agents to be managed through popular services. This makes its activity less conspicuous within network traffic. Mythic includes transport modules based on the following services:

Discord
GitHub
Slack

Of these, only the first two remain relevant at the time of writing. Communication via Slack (the Slack C2 Profile transport module) is no longer supported by the developers and is considered deprecated, so we will not examine it further.

The Discord C2 Profile transport module

The use of the Discord service as a mediator for C2 communication within the Mythic framework has been gaining popularity recently. In this scenario, agent traffic is indistinguishable from normal Discord activity, with commands and their execution results masquerading as messages and file attachments. Communication with the server occurs over HTTPS and is encrypted with TLS. Therefore, detecting Mythic traffic requires decrypting this.

Analyzing decrypted TLS traffic

Let’s assume we are using an NDR platform in conjunction with a network traffic decryption (TLS inspection) system to detect suspicious network activity. In this case, we operate under the assumption that we can decrypt all TLS traffic. Let’s examine possible detection rules for that scenario.

Agent and server communication occurs via Discord API calls to send messages to a specific channel. Communication between the agent and Mythic uses the MythicMessageWrapper structure, which contains the following fields:

message: the transmitted data
sender_id: a GUID generated by the agent, included in every message
to_server: a direction flag – a message intended for the server or the agent
id: not used
final: not used

Of particular interest to us is the message field, which contains the transmitted data encoded in Base64. The MythicMessageWrapper message is transmitted in plaintext, making it accessible to anyone with read permissions for messages on the Discord server.

Below is an example of data transmission via messages in a Discord channel.

To establish a connection, the agent authenticates to the Discord server via the API call /api/v10/gateway/bot. We observe the following data in the network traffic:

After successful initialization, the agent gains the ability to receive and respond to commands. To create a message in the channel, the agent makes a POST request to the API endpoint /channels/<channel.id>/messages. The network traffic for this call is shown in the screenshot below.

After decoding the Base64, the content of the message field appears as follows:

A structure characteristic of a UUID is visible at the beginning of the packet.

After processing the message, the agent deletes it from the channel via a DELETE request to the API endpoint /channels/{channel.id}/messages/{message.id}.

Below is a Suricata rule that detects the agent’s Discord-based communication activity. It checks the API activity for creating HTTP messages for the presence of Base64-encoded data containing the agent’s UUID.
alert tcp any any -> any any (msg: "Trojan.Mythic.HTTP.C&C"; flow: to_server, established; content: "POST"; http_method; content: "/api/"; http_uri; content: "/channels/"; distance: 0; http_uri; pcre: "/\/messages$/U"; content: "|7b 22|content|22|"; depth: 20; http_client_body; content: "|22|sender_id"; depth: 1500; http_client_body; pcre: "/\x22sender_id\x5c\x22\x3a\x5c\x22[a-z0-9]{8}\-[a-z0-9]{4}\-[a-z0-9]{4}\-[a-z0-9]{4}\-[a-z0-9]{12}/"; threshold: type both, track by_src, count 1, seconds 60; reference: url, github.com/MythicC2Profiles/di… classtype: ndr1; sid: 9000105; rev: 1;)
Below is the NDR user interface displaying an example of detecting the activity of the Discord C2 Profile transport module for a Mythic agent within decrypted HTTP traffic.

Analyzing encrypted TLS traffic

If Discord usage is permitted on the network and there is no capability to decrypt traffic, it becomes nearly impossible to detect agent activity. In this scenario, behavioral analysis of requests to the Discord server may prove useful. Below is network traffic showing frequent TLS connections to the Discord server, which could indicate commands being sent to an agent.

In this case, we can use a Suricata rule to detect the frequent TLS sessions with Discord servers:
alert tcp any any -> any any (msg: "NetTool.PossibleMythicDiscordEgress.TLS.C&C"; flow: to_server, established; tls_sni; content: "discord.com"; nocase; threshold: type both, track by_src, count 4, seconds 420; reference: url, github.com/MythicC2Profiles/di… classtype: ndr3; sid: 9000106; rev: 1;)
Another method for detecting these communications involves tracking multiple DNS queries to the discord.com domain.

The following rule can be applied to detect these:
alert udp any any -> any 53 (msg: "NetTool.PossibleMythicDiscordEgress.DNS.C&C"; content: "|01 00 00 01 00 00 00 00 00 00|"; depth: 10; offset: 2; content: "|07|discord|03|com|00|"; nocase; distance: 0; threshold: type both, track by_src, count 4, seconds 60; reference: url, github.com/MythicC2Profiles/di… classtype: ndr3; sid: 9000107; rev: 1;)
Below is the NDR user interface showing an example of a custom rule in operation, detecting the activity of the Discord C2 Profile transport module for a Mythic agent within encrypted traffic based on characteristic DNS queries.

The proposed rule options have low accuracy and can generate a high number of false positives. Therefore, they must be adapted to the specific characteristics of the infrastructure in which they will run. Threshold and count parameters, which control the triggering frequency and time window, require tuning.

GitHub C2 Profile transport module

GitHub’s popularity has made it an attractive choice as a mediator for managing Mythic agents. The core concept is the same as in other covert Egress communication transport modules. Communication with GitHub utilizes HTTPS. Successful operation requires an account on the target platform and the ability to communicate via API calls. The transport module utilizes the GitHub API to send comments to pre-created Issues and to commit files to a branch within a repository controlled by the attackers. In this model, the agent interacts only with GitHub: it creates and reads comments, uploads files, and manages branches. It does not communicate with any other servers. The communication algorithm via GitHub is as follows:

The agent posts a comment (check-in) to a designated Issue on GitHub, intended for agents to report their results.
The Mythic server validates the comment, deletes it, and posts a reply in an issue designated for server use.
The agent creates a branch with a name matching its UUID and writes a get_tasking file to it (performs a push request).
The Mythic server reads the file and writes a response file to the same branch.
The agent reads the response file, deletes the branch, pauses, and repeats the cycle.

Analyzing decrypted TLS traffic

Let’s consider an approach to detecting agent activity when traffic decryption is possible.

Agent communication with the server utilizes API calls to GitHub. The payload is encoded in Base64 and published in plaintext; therefore, anyone who can view the repository or analyze the traffic contents can decode it.

Analysis of agent communication revealed that the most useful traffic for creating detection rules is associated with publishing check-in comments, creating a branch, and publishing a file.

During the check-in phase, the agent posts a comment to register a new agent and establish communication.

The transmitted data is encoded in Base64 and contains the agent’s UUID and the portion of the message encrypted using AES-256.

This allows for a signature that detects UUID-formatted substrings within GitHub comment creation requests.
alert tcp any any -> any any (msg: "Trojan.Mythic.HTTP.C&C"; flow: to_server, established; content: "POST"; http_method; content: "api.github.com"; http_host; content: "/repos/"; depth: 8; http_uri; pcre: "/\/comments$/U"; content: "|22|body|22|"; depth: 8; http_client_body; base64_decode: bytes 300, offset 2, relative; base64_data; pcre: "/^[a-z0-9]{8}\-[a-z0-9]{4}\-[a-z0-9]{4}\-[a-z0-9]{4}\-[a-z0-9]{12}/"; threshold: type both, track by_src, count 1, seconds 60; reference: url, github.com/MythicC2Profiles/gi… classtype: ndr1; sid: 9000108; rev: 1;)
Another stage suitable for detection is when the agent creates a separate branch with its UUID as the name. All subsequent relevant communication with the server will occur within this branch. Here is an example of a branch creation request:

Therefore, we can create a detection rule to identify UUID-formatted strings within branch creation requests.
alert tcp any any -> any any (msg: "Trojan.Mythic.HTTP.C&C"; flow: to_server, established; content: "POST"; http_method; content: "api.github.com"; http_host; content: "/repos/"; depth: 100; http_uri; content: "/git/refs"; distance: 0; http_uri; content: "|22|ref|22 3a|"; depth: 10; http_client_body; content: "refs/heads/"; distance: 0; within: 50; http_client_body; pcre: "/refs\/heads\/[a-z0-9]{8}\-[a-z0-9]{4}\-[a-z0-9]{4}\-[a-z0-9]{4}\-[a-z0-9]{12}\x22/"; threshold: type both, track by_src, count 1, seconds 60; reference: url, github.com/MythicC2Profiles/gi… classtype: ndr1; sid: 9000109; rev: 1;)
After creating the branch, the agent writes a file to it (sends a push request), which contains Base64-encoded data.

Therefore, we can create a rule to trigger on file publication requests to a branch whose name matches the UUID pattern.
alert tcp any any -> any any (msg: "Trojan.Mythic.HTTP.C&C"; flow: to_server, established; content: "PUT"; http_method; content: "api.github.com"; http_host; content: "/repos/"; depth:8; http_uri; content: "/contents/"; distance: 0; http_uri; content: "|22|content|22|"; depth: 100; http_client_body; pcre: "/\x22message\x22\x3a\x22[a-z0-9]{8}\-[a-z0-9]{4}\-[a-z0-9]{4}\-[a-z0-9]{4}\-[a-z0-9]{12}\x22/"; threshold: type both, track by_src, count 1, seconds 60; reference: url, github.com/MythicC2Profiles/gi… classtype: ndr1; sid: 9000110; rev: 1;)
The screenshot below shows how the NDR solution logs all suspicious communications using the GitHub API and subsequently identifies the Mythic agent’s activity. The result is an alert with the verdict Trojan.Mythic.HTTP.C&C.

Analyzing encrypted TLS traffic

Communication with GitHub occurs over HTTPS; therefore, in the absence of traffic decryption capability, signature-based methods for detecting agent activity cannot be applied. Let’s consider a behavioral agent activity detection approach.

For instance, it is possible to detect connections to GitHub servers that are atypical in frequency and purpose, originating from network segments where this activity is not expected. The screenshot below shows an example of an agent’s multiple TLS sessions. The traffic reflects the execution of several commands, as well as idle time, manifested as constant polling of the server while awaiting new tasks.

Multiple TLS sessions with the GitHub service from uncharacteristic network segments can be detected using the rule presented below:
alert tcp any any -> any any (msg:"NetTool.PossibleMythicGitHubEgress.TLS.C&C"; flow: to_server, established; tls_sni; content: "api.github.com"; nocase; threshold: type both, track by_src, count 4, seconds 60; reference: url, github.com/MythicC2Profiles/gi… classtype: ndr3; sid: 9000111; rev: 1;)

Additionally, multiple DNS queries to the service can be logged in the traffic.

This activity is detected with the help of the following rule:
alert udp any any -> any 53 (msg: "NetTool.PossibleMythicGitHubEgress.DNS.C&C"; content: "|01 00 00 01 00 00 00 00 00 00|"; depth: 10; offset: 2; content: "|03|api|06|github|03|com|00|"; nocase; distance: 0; threshold: type both, track by_src, count 12, seconds 180; reference: url, github.com/MythicC2Profiles/gi… classtype: ndr3; sid: 9000112; rev: 1;)
The screenshot below shows the NDR interface with an example of the first rule in action, detecting traces of the GitHub profile activity for a Mythic agent within encrypted TLS traffic.

The suggested rule options can produce false positives, so to improve their effectiveness, they must be adapted to the specific characteristics of the infrastructure in which they will run. The parameters of the threshold keyword – specifically the count and seconds values, which control the number of events required to generate an alert and the time window for their occurrence in NDR – must be configured.

Direct Egress communication

The Egress communication model allows agents to interact directly with the C2 server via the following protocols:

HTTP(S)
WebSocket
MQTT
DNS

The first two protocols are the most prevalent. The DNS-based transport module is still under development, and the module based on MQTT sees little use among operators. We will not examine them within the scope of this article.

Communication via HTTP

HTTP is the most common protocol for building a Mythic agent control network. The HTTP transport container acts as a proxy between the agents and the Mythic server. It allows data to be transmitted in both plaintext and encrypted form. Crucially, the metadata is not encrypted, which enables the creation of signature-based detection rules.

Below is an example of unencrypted Mythic network traffic over HTTP. During a GET request, data encoded in Base64 is passed in the value of the query parameter.

After decoding, the agent’s UUID – generated according to a specific pattern – becomes visible. This identifier is followed by a JSON object containing the key parameters of the host, collected by the agent.

If data encryption is applied, the network traffic for agent communication appears as shown in the screenshot below.

After decrypting the traffic and decoding from Base64, the communication data reveals the familiar structure: UUID+AES256(JSON).

Therefore, to create a detection signature for this case, we can also rely on the presence of a UUID within the Base64-encoded data in POST requests.
alert tcp any any -> any any (msg: "Trojan.Mythic.HTTP.C&C"; flow: to_server, established; content: "POST"; http_method; content: "|0D 0A 0D 0A|"; base64_decode: bytes 80, offset 0, relative; base64_data; content: "-"; offset: 8; depth: 1; content: "-"; distance: 4; within: 1; content: "-"; distance: 4; within: 1; content: "-"; distance: 4; within: 1; pcre: "/[0-9a-fA-F]{8}\-[0-9a-fA-F]{4}\-[0-9a-fA-F]{4}\-[0-9a-fA-F]{4}\-[0-9a-fA-F]{12}/"; threshold: type both, track by_src, count 1, seconds 180; reference: md5, 6ef89ccee639b4df42eaf273af8b5ffd; classtype: trojan1; sid: 9000113; rev: 2;)
The screenshot below shows how the NDR platform detects agent communication with the server over HTTP, generating an alert with the name Trojan.Mythic.HTTP.C&C.

Communication via HTTPS

Mythic agents can communicate with the server via HTTPS using the corresponding transport module. In this case, data is encrypted with TLS and is not amenable to signature-based analysis. However, the activity of Mythic agents can be detected if they use the default SSL certificate. Below is an example of network traffic from a Mythic agent with such a certificate.

For this purpose, the following signature is applied:
alert tcp any any -> any any (msg: "Trojan.Mythic.HTTPS.C&C"; flow: established, from_server, no_stream; content: "|16 03|"; content: "|0B|"; distance: 3; within: 1; content: "Mythic C2"; distance: 0; reference: url, github.com/its-a-feature/Mythi… classtype: ndr1; sid: 9000114; rev: 1;)

WebSocket

The WebSocket protocol enables full-duplex communication between a client and a remote host. Mythic can utilize it for agent management.

The process of agent communication with the server via WebSocket is as follows:

The agent sends a request to the WebSocket container to change the protocol for the HTTP(S) connection.
The agent and the WebSocket container switch to WebSocket to send and receive messages.
The agent sends a message to the WebSocket container requesting tasks from the Mythic container.
The WebSocket container forwards the request to the Mythic container.
The Mythic container returns the tasks to the WebSocket container.
The WebSocket container forwards these tasks to the agent.

It is worth mentioning that in this communication model, both the WebSocket container and the Mythic container reside on the Mythic server. Below is a screenshot of the initial agent connection to the server.

An analysis of the TCP session shows that the actual data is transmitted in the data field in Base64 encoding.

Decoding reveals the familiar data structure: UUID+AES256(JSON).

Therefore, we can use an approach similar to those discussed above to detect agent activity. The signature should rely on the UUID string at the beginning of the data field. The rule first verifies that the session data matches the data:base64 format, then decodes the data field and searches for a string matching the UUID pattern.
alert tcp any any -> any any (msg: "Trojan.Mythic.WebSocket.C&C"; flow: established, from_server; content: "|7B 22|data|22 3a 22|"; depth: 14; pcre: "/^[0-9a-zA-Z\/\+]+[=]{0,2}\x22\x7D\x0A$/R"; content: "|7B 22|data|22 3a 22|"; depth: 14; base64_decode: bytes 48, offset 0, relative; base64_data; pcre: "/^[a-z0-9]{8}\-[a-z0-9]{4}\-[a-z0-9]{4}\-[a-z0-9]{4}\-[a-z0-9]{12}/i"; threshold: type both, track by_src, count 1, seconds 30; reference: url, github.com/MythicAgents/; classtype: ndr1; sid: 9000115; rev: 2;)
Below is the Trojan.Mythic.WebSocket.C&C signature triggering on Mythic agent communication over WebSocket.

Takeaways

The Mythic post-exploitation framework continues to gain popularity and evolve rapidly. New agents are emerging, designed for covert persistence within target infrastructures. Despite this evolution, the various implementations of network communication in Mythic share many common characteristics that remain largely consistent over time. This consistency enables IDS/NDR solutions to effectively detect the framework’s agent activity through network traffic analysis.

Mythic supports a wide array of agent management options utilizing several network protocols. Our analysis of agent communications across these protocols revealed that agent activity can be detected by searching for specific data patterns within network traffic. The primary detection criterion involves tracking UUID strings in specific positions within Base64-encoded transmitted data. However, while the general approach to detecting agent activity is similar across protocols, each requires protocol-specific filters. Consequently, creating a single, universal signature for detecting Mythic agents in network traffic is challenging; individual detection rules must be crafted for each protocol. This article has provided signatures that are included in Kaspersky NDR.

Kaspersky NDR is designed to identify current threats within network infrastructures. It enables the detection of all popular post-exploitation frameworks based on their characteristic traffic patterns. Since the network components of these frameworks change infrequently, employing an NDR solution ensures high effectiveness in agent discovery.

Kaspersky verdicts in Kaspersky solutions (Kaspersky Anti-Targeted Attack with NDR module and Kaspersky NGFW)

Trojan.Mythic.SMB.C&C
Trojan.Mythic.TCP.C&C
Trojan.Mythic.HTTP.C&C
Trojan.Mythic.TLS.C&C
Trojan.Mythic.WebSocket.C&C

securelist.com/detecting-mythi…

monumental-movement-records

2 mesi fa • •

monumental-movement-records
2 mesi fa • •

Ambient Music: Satie, Eno, Cage and the Ignorable youtu.be/3aay4XuKsoQ?si=vxI1-8… @YouTube

Ambient Music: Satie, Eno, Cage and the Ignorable

This philosophical deep dive explores ambient music, a genre defined by the paradox that it uniquely asks the listener not to listen to it actively. The core...

^YouTube

monumental-movement-records reshared this.

Cybersecurity & cyberwarfare

2 mesi fa da Open app • •

Cybersecurity & cyberwarfare
2 mesi fa da Open app • •

Creating User-Friendly Installers Across Operating Systems

After you have written the code for some awesome application, you of course want other people to be able to use it. Although simply directing them to the source code on GitHub or similar is an option, not every project lends itself to the traditional configure && make && make install, with often dependencies being the sticking point.

Asking the user to install dependencies and set up any filesystem links is an option, but having an installer of some type tackle all this is of course significantly easier. Typically this would contain the precompiled binaries, along with any other required files which the installer can then copy to their final location before tackling any remaining tasks, like updating configuration files, tweaking a registry, setting up filesystem links and so on.

As simple as this sounds, it comes with a lot of gotchas, with Linux

... mostra di più

Creating User-Friendly Installers Across Operating Systems

As simple as this sounds, it comes with a lot of gotchas, with Linux distributions in particular being a tough nut. Whereas on MacOS, Windows, Haiku and many other OSes you can provide a single installer file for the respective platform, for Linux things get interesting.

Windows As Easy Mode

For all the flak directed at Windows, it is hard to deny that it is a stupidly easy platform to target with a binary installer, with equally flexible options available on the side of the end-user. Although Microsoft has nailed down some options over the years, such as enforcing the user’s home folder for application data, it’s still among the easiest to install an application on.

While working on the NymphCast project, I found myself looking at a pleasant installer to wrap the binaries into, initially opting to use the NSIS (Nullsoft Scriptable Install System) installer as I had seen it around a lot. While this works decently enough, you do notice that it’s a bit crusty and especially the more advanced features can be rather cumbersome.

This is where a friend who was helping out with the project suggested using the more modern Inno Setup instead, which is rather like the well-known InstallShield utility, except OSS and thus significantly more accessible. Thus the pipeline on Windows became the following:

Install dependencies using vcpkg.
Compile project using NMake and the MSVC toolchain.
Run the Inno Setup script to build the .exe based installer.

Installing applications on Windows is helped massively both by having a lot of freedom where to install the application, including on a partition or disk of choice, and by having the start menu structure be just a series of folders with shortcuts in them.

The Qt-based NymphCast Player application’s .iss file covers essentially such a basic installation process, while the one for NymphCast Server also adds the option to download a pack of wallpaper images, and asks for the type of server configuration to use.

Uninstalling such an application basically reverses the process, with the uninstaller installed alongside the application and registered in the Windows registry together with the application’s details.

MacOS As Proprietary Mode

Things get a bit weird with MacOS, with many application installers coming inside a DMG image or PKG file. The former is just a disk image that can be used for distributing applications, and the user is generally provided with a way to drag the application into the Applications folder. The PKG file is more of a typical installer as on Windows.

Of course, the problem with anything MacOS is that Apple really doesn’t want you to do anything with MacOS if you’re not running MacOS already. This can be worked around, but just getting to the point of compiling for MacOS without running XCode on MacOS on real Apple hardware is a bit of a fool’s errand. Not to mention Apple’s insistence on signing these packages, if you don’t want the end-user to have to jump through hoops.

Although I have built both iOS and OS X/MacOS applications in the past – mostly for commercial projects – I decided to not bother with compiling or testing my projects like NymphCast for Apple platforms without easy access to an Apple system. Of course, something like Homebrew can be a viable alternative to the One True Apple Way if you merely want to get OSS o MacOS. I did add basic support for Homebrew in NymphCast, but without a MacOS system to test it on, who knows whether it works.

Anything But Linux

The world of desktop systems is larger than just Windows, MacOS and Linux, of course. Even mobile OSes like iOS and Android can be considered to be ‘desktop OSes’ with the way that they’re being used these days, also since many smartphones and tablets can be hooked up to to a larger display, keyboard and mouse.

How to bootstrap Android development, and how to develop native Android applications has been covered before, including putting APK files together. These are the typical Android installation files, akin to other package manager packages. Of course, if you wish to publish to something like the Google Play Store, you’ll be forced into using app bundles, as well as various ways to signing the resulting package.

The idea of using a package for a built-in package manager instead of an executable installer is a common one on many platforms, with iOS and kin being similar. On FreeBSD, which also got a NymphCast port, you’d create a bundle for the pkg package manager, although you can also whip up an installer. In the case of NymphCast there is a ‘universal installer’ built into the Makefile after compilation via the fully automated setup.sh shell script, using the fact that OSes like Linux, FreeBSD and even Haiku are quite similar on a folder level.

That said, the Haiku port of NymphCast is still as much of a Beta as Haiku itself, as detailed in the write-up which I did on the topic. Once Haiku is advanced enough I’ll be creating packages for its pkgman package manager as well.

The Linux Chaos Vortex

There is a simple, universal way to distribute software across Linux distributions, and it’s called the ‘tar.gz method’, referring to the time-honored method of distributing source as a tarball, for local compilation. If this is not what you want, then there is the universal RPM installation format which died along with the Linux Standard Base. Fortunately many people in the Linux ecosystem have worked tirelessly to create new standards which will definitely, absolutely, totally resolve the annoying issue of having to package your applications into RPMs, DEBs, Snaps, Flatpaks, ZSTs, TBZ2s, DNFs, YUMs, and other easily remembered standards.

It is this complete and utter chaos with Linux distros which has made me not even try to create packages for these, and instead offer only the universal .tar.gz installation method. After un-tar-ing the server code, simply run [url=https://github.com/MayaPosch/NymphCast/blob/master/setup.sh]setup.sh[/url] and lean back while it compiles the thing. After that, run install_linux.sh and presto, the whole shebang is installed without further ado. I also provided an uninstall_linux.sh script to complete the experience.

That said, at least one Linux distro has picked up NymphCast and its dependencies like Libnymphcast and NymphRPC into their repository: Alpine Linux. Incidentally FreeBSD also has an up to date package of NymphCast in its repository. I’m much obliged to these maintainers for providing this service.

Perhaps the lesson here is that if you want to get your neatly compiled and packaged application on all Linux distributions, you just need to make it popular enough that people want to use it, so that it ends up getting picked up by package repository contributors?

Wrapping Up

With so many details to cover, there’s also the easily forgotten topic that was so prevalent in the Windows installer section: integration with the desktop environment. On Windows, the Start menu is populated via simple shortcut files, while one sort-of standard on Linux (and FreeBSD as corollary) are Freedesktop’s XDC Desktop Entry files. Or .desktop files for short, which purportedly should give you a similar effect.

Only that’s not how anything works with the Linux ecosystem, as every single desktop environment has its own ideas on how these files should be interpreted, where they should be located, or whether to ignore them completely. My own experiences there are that relying on them for more advanced features, such as auto-starting a graphical application on boot (which cannot be done with Systemd, natch) without something throwing an XDG error or not finding a display is basically a fool’s errand. Perhaps that things are better here if you use KDE Plasma as DE, but this was an installer thing that I failed to solve after months of trial and error.

Long story short, OSes like Windows are pretty darn easy to install applications on, MacOS is okay as long as you have bought into the Apple ecosystem and don’t mind hanging out there, while FreeBSD is pretty simple until it touches the Linux chaos via X11 and graphical desktops. Meanwhile I’d strongly advise to only distribute software on Linux as a tarball, for your sanity’s sake.

hackaday.com/2025/12/11/creati…

Boomerissimo.it

2 mesi fa • •

Boomerissimo.it
2 mesi fa • •

Dietro Has Fidanken, l’eroe di Drive In che non poteva sbagliare

Come è nato Has Fidanken: l'assurdo genius dell'immobilità. Aneddoti, il generale paracadutista, gli autori di Drive In e il tormentone che fece ridere l'Italia.

boomerissimo.it/2025/12/11/die…

Dietro Has Fidanken, l’eroe di Drive In che non poteva sbagliare - Boomerissimo

^{Antonio Pintér (Boomerissimo)}

Droppie [opensoc]

2 mesi fa da Straya • •

Droppie [opensoc]
2 mesi fa da Straya • •

this is an experimental quote-share from my #Friendica #newsbots #Circle, whose default Permissions disallow anyone outside this Circle being able to see or access it. i have now done a one-off flip of the Permissions, just for this individual post, to Public, so...

Hello? (Hello, hello, hello)
Is there anybody in there?
Just nod if you can hear me
Is there anyone home?
Come on (Come on, come on), now
I hear you're feeling down
Well, I can ease your pain
And get you on your feet again
Relax (Relax, relax, relax)
I'll need some information first
Just the basic facts
Can you show me where it hurts?

♲ Unofficial SBS News Bot - 2025-12-11 20:24:04 GMT

Time magazine names 'Architects of AI' as Person of the Year. Here's who's pictured sbs.com.au/news/article/time-m… #World

#friendica #world #circle #newsbots

in reply to Droppie [opensoc]

Grow Fediverse

in reply to Droppie [opensoc] • 2 mesi fa • •

@Unofficial SBS News Bot I see it if that was your intent

@Unofficial SBS News Bot

in reply to Grow Fediverse

Droppie [opensoc]

in reply to Grow Fediverse • 2 mesi fa da Straya • •

@Grow Fediverse @Unofficial SBS News Bot thank you!

experiment = successful.

🎉 🥳💃

@Unofficial SBS News Bot @Grow Fediverse

Cybersecurity & cyberwarfare

2 mesi fa • •

Cybersecurity & cyberwarfare
2 mesi fa • •

Iteration3D is Parametric Python in the Cloud

It’s happened to all of us: you find the perfect model for your needs — a bracket, a box, a cable clip, but it only comes in STL, and doesn’t quite fit. That problem will never happen if you’re using Iteration3D to get your models, because every single thing on the site is fully-parametric, thanks to an open-source toolchain leveraging 123Dbuilds and Blender.

... mostra di più

Iteration3D is Parametric Python in the Cloud

Blender gives you preview renderings, including colors where the models are set up for multi-material printing. Build123D is the CAD behind the curtain — if you haven’t heard of it, think OpenSCAD but in Python, but with chamfers and fillets. It actually leverages the same OpenCascade that’s behind everyone’s other favorite open-source CAD suite, FreeCAD. Anything you can do in FreeCAD, you can do in Build123D, but with code. Except you don’t need to learn the code if the model is on Iteration3D; you just set the parameters and push a button to get an STL of your exact specifications.

The downside is that, as of now, you are limited to the hard-coded templates provided by Iteration3D. You can modify their parameters to get the configuration and dimensions you need, but not the pythonic Build123D script that generates them. Nor can you currently upload your own models to be shared and parametrically altered, like Thingiverse had with their OpenSCAD-based customizer. That said, we were told that user-uploads are in the pipeline, which is great news and may well turn Iteration3D into our new favorite.

Right now, if you’re looking for a box or a pipe hanger or a bracket, plugging your numbers into Iteration3D’s model generator is going to be a lot faster than rolling your own, weather that rolling be done in OpenSCAD, FreeCAD, or one of those bits of software people insist on paying for. There’s a good variety of templates — 18 so far — so it’s worth checking out. Iteration3D is still new, having started in early 2025, so we will watch their career with great interest.

Going back to the problem in the introduction, if Iteration3D doesn’t have what you need and you still have an STL you need to change the dimensions of, we can help you with that.

Thanks to [Sylvain] for the tip!

hackaday.com/2025/12/11/iterat…

Eugen Rochko

2 mesi fa • •

Eugen Rochko
2 mesi fa • •

RE: mastodon.social/@Gargron/11569…

There's now free shipping on orders of 70 EUR and over.

Eugen Rochko

2025-12-11 02:36:38

I've realized we don't have a lot of time left to ship orders before Christmas, and the sample of the new "Live laugh federate" pin might take a few more days to arrive at my home for product shots, so I've put it up on the shop with the picture the manufacturer took for me. This is the last new product this year.
shop.joinmastodon.org/products…
#Merchtodon

"Live Laugh Federate" Enamel Pin
Find your fellow fediverse enthusiasts in real life by wearing this soft enamel pin featuring the Mastodon mascot with a shiny copper finish and glitter effect. Size: Approx. 30x30mmBacking: Double rubber clutch
^Mastodon

in reply to Eugen Rochko

sgt1372

in reply to Eugen Rochko • 2 mesi fa • •

Refunds on prior orders over 70 EUR with delivery still pending? Probably not. 🤷‍♂️

Questa voce è stata modificata (2 mesi fa)

in reply to Eugen Rochko

Thomas Svensson 🖖

in reply to Eugen Rochko • 2 mesi fa • •

I should have waited to order then. But glad I didn't since the winter mug apparently is sold out - and I got one 😆

⁂ Fediverso e Social Network ⁂

2 mesi fa • •

⁂ Fediverso e Social Network ⁂
2 mesi fa • •

🔥 Mastodon NON è il Fediverso

Mastodon concentra oltre il 70% degli utenti e rischia di sembrare l’unica cosa che conti.

Ma il Fediverso è infinitamente più grande, ricco e variegato, c'è chi:
🎬 crea video
📸 condivide immagini
🎙️ produce podcast
📚 pubblica libri
🚴 traccia percorsi in bici
e molto altro.

Ridurre tutto a Mastodon significa limitare la nostra visione ma per conoscere gli altri progetti si può seguire:

👉 La lista di account: fedidevs.com/s/Nzcz/

👉 Il gruppo: @fediverso

@Fediverso - social federati indipendenti

Questa voce è stata modificata (2 mesi fa)

Psicospace

2 mesi fa • •

Psicospace
2 mesi fa • •

«I am proud to be a European citizen. 🇪🇺
A united, democratic and free Europe is our future.
Let’s protect it together.»

#Europe #EuropeanUnion #EuropeanCitizen #UnitedEurope #EUvalues #Democracy #HumanRights #Freedom #Unity #EuropeTogether #FutureOfEurope

«I am proud to be a European citizen. It would be extraordinary to be remembered in history as the generation that finally made the United States of Europe possible.» Psicospace

Europe is seen as a threat by those who want a world shaped by authoritarian powers or by superpowers unwilling to accept democratic limits.

This is why some states, political leaders, major corporations and powerful global figures work, openly or indirectly, to divide Europe and weaken it.

Not for the good of Europeans, but for their own interests.

Europe is far from perfect, but it remains the most democratic place in the world.

Defending Europe means protecting our rights, our freedom and our future.

And our future depends on our ability to stay united and build a continent that is stronger, freer and more humane.

#europe #humanrights #democracy #europeanunion #freedom #unity #europeancitizen #unitedeurope #euvalues #europetogether #futureofeurope

Luca Sironi

2 mesi fa • •

Luca Sironi
2 mesi fa • •

Per cortesia, causa crash della istanza, se mi seguite da una istanza friendica su @luca

potreste fare unfollow / follow ?

mi vengono in mente

@informapirata@poliverso.org @informapirata
@simona @lapo

ma ce ne saranno sicuramente altri

@informapirata ⁂ @Informa Pirata @Lapo Luchini @simona @Luca Sironi

in reply to Luca Sironi

simona

in reply to Luca Sironi • 2 mesi fa • •

@Luca Sironi @Informa Pirata @informapirata ⁂ @Lapo Luchini @Luca Sironi cosa devo fare?

@informapirata ⁂ @Informa Pirata @Lapo Luchini @Luca Sironi @Luca Sironi

in reply to simona

informapirata ⁂

in reply to simona • 2 mesi fa • •

devi solo smettere di seguire @underscorner e poi seguirlo di nuovo

@informapirata@poliverso.org @lapo

@Informa Pirata @Lapo Luchini @Luca Sironi

simona

2 mesi fa • •

(42.7902379 10.3402239)

simona
2 mesi fa — (42.7902379 10.3402239) • •

e poi ditemi che quello usa non è diventato uno stato fascista senza libertà di pensiero e parola....

Se stai programmando una vacanza negli USA, controlla i tuoi post sui social anche vecchi di 5 anni

Gli USA vogliono rendere obbligatorio l'accesso ai profili social per i visitatori europei prima di farli entrare alla frontiera. A meno che non siano milionari

^{Riccardo Piccolo (Wired Italia)}

Unknown parent

Luca Sironi

Unknown parent • 2 mesi fa • •

se non hai neanche instagram nel 2025, hai qualcosa da nascondere !

in reply to Luca Sironi

informapirata ⁂

in reply to Luca Sironi • 2 mesi fa • •

è il comma 22... @simona

@simona

informapirata ⁂

2 mesi fa • •

informapirata ⁂
2 mesi fa • •

Come le big tech influenzano i governi per bloccare le leggi che dovrebbero regolamentarle

Da quando diversi fondatori e amministratori delegati delle grandi aziende tecnologiche hanno sposato l’agenda politica dell’amministrazione Trump, il governo degli Stati Uniti si è esposto in prima linea per difendere gli interessi di queste aziende.

valigiablu.it/big-tech-lobby-u…

@politica

Come le big tech influenzano i governi per bloccare le leggi che dovrebbero regolamentarle - Valigia Blu

Le Big Tech stanno diventando un potere politico globale, capace di influenzare governi e bloccare leggi che limitano i loro profitti e modelli di business. Un’inchiesta internazionale ha documentato quasi 3.

^{Valigia Blu}

@Politica interna, europea e internazionale

reshared this

Alex Vega Díaz

2 mesi fa • •

Alex Vega Díaz
2 mesi fa • •

Aprovechando esta nueva tarde en Valparaíso.😀😀😀😀

Cybersecurity & cyberwarfare

2 mesi fa • •

Cybersecurity & cyberwarfare
2 mesi fa • •

IL DOPOGUERRA SINO AL SERVIZIO INFORMAZIONI DIFESA (SID). PRIMA PARTE.

@Informatica (Italy e non Italy 😁)

Nel gennaio 1945 il SIM mutò la denominazione in “Ufficio Informazioni dello Stato Maggiore Generale” ma la struttura rimase pressoché invariata.
L'articolo IL DOPOGUERRA SINO AL SERVIZIO INFORMAZIONI DIFESA (SID). PRIMA PARTE. proviene da GIANO NEWS.
#DIFESA

#difesa @Informatica (Italy e non Italy)

Cybersecurity & cyberwarfare

2 mesi fa da Open app • •

Cybersecurity & cyberwarfare
2 mesi fa da Open app • •

Terremoto? No, AI-Fake! Un’immagine generata dall’IA paralizza i treni britannici

In Inghilterra, i treni sono stati sospesi per diverse ore a causa del presunto crollo di un ponte ferroviario causato da un’immagine falsa generata da una rete neurale. In seguito al terremoto avvenuto durante la notte, avvertito dagli abitanti del Lancashire e del Lake District meridionale, sui social media sono circolate immagini che mostravano il Carlisle Bridge a Lancaster gravemente danneggiato.

Network Rail, la società statale che gestisce l’infrastruttura ferroviaria britannica, ha riferito di aver appreso dell’immagine intorno alle 00:30 GMT e, per precauzione, di aver sospeso il traffico ferroviario sul ponte fino a quando i tecnici non avessero potuto verificarne le condizioni.

Intorno alle 02:00 GMT, il binario è stato completamente riaperto, non sono stat

... mostra di più

Terremoto? No, AI-Fake! Un’immagine generata dall’IA paralizza i treni britannici

Intorno alle 02:00 GMT, il binario è stato completamente riaperto, non sono stati riscontrati danni e un giornalista della BBC che ha visitato il sito ha confermato che la struttura del ponte era intatta.
Una foto scattata da un reporter della BBC North West Tonight ha mostrato che il ponte è intatto
Un giornalista della BBC ha sottoposto l’immagine a un chatbot con intelligenza artificiale, che ha evidenziato diversi segnali rivelatori di un possibile falso. Tuttavia, Network Rail sottolinea che qualsiasi avviso di sicurezza deve essere trattato come se l’immagine fosse autentica, poiché sono in gioco vite umane.

L’azienda ha riferito che 32 treni, sia passeggeri che merci, hanno subito ritardi a causa dell’incidente. Alcuni treni hanno dovuto essere fermati o rallentati in avvicinamento al ponte, mentre altri hanno subito ritardi perché il loro percorso era bloccato da servizi precedentemente in ritardo. Data la lunghezza della West Coast Main Line, le conseguenze hanno raggiunto anche i treni diretti a nord, verso la Scozia.

Network Rail ha esortato gli utenti a considerare le potenziali conseguenze di tali immagini false. Secondo un portavoce dell’azienda, la creazione e la distribuzione di tali immagini comporta ritardi del tutto inutili, comporta costi per i contribuenti e aumenta il carico di lavoro dei dipendenti, già impegnati al massimo per garantire il regolare e sicuro funzionamento della ferrovia.

L’azienda ha sottolineato che la sicurezza dei passeggeri e del personale rimane una priorità assoluta e che pertanto qualsiasi potenziale minaccia all’infrastruttura viene presa estremamente sul serio.

La polizia dei trasporti britannica ha confermato di essere stata informata della situazione, ma al momento non è in corso alcuna indagine specifica sull’incidente.

L'articolo Terremoto? No, AI-Fake! Un’immagine generata dall’IA paralizza i treni britannici proviene da Red Hot Cyber.

securityaffairs

2 mesi fa • •

securityaffairs
2 mesi fa • •

Google fixed a new actively exploited Chrome zero-day
securityaffairs.com/185566/hac…
#securityaffairs #hacking

Google fixed a new actively exploited Chrome zero-day

Google addressed three vulnerabilities in the Chrome browser, including a high-severity bug already exploited in the wild.

^{Pierluigi Paganini (Security Affairs)}

#hacking #securityaffairs

Cybersecurity & cyberwarfare

2 mesi fa da Open app • •

Cybersecurity & cyberwarfare
2 mesi fa da Open app • •

Il Digital Wellness Coaching: i 3 passi per un mindsetfix e l’uso intenzionale della tecnologia

Viviamo nella dissociazione: lodiamo l’equilibrio tra lavoro e vita privata, eppure ci ritroviamo costantemente online, come marionette in balia di fili invisibili

Il vero problema non è la tecnologia, ma come noi, esseri umani, rispondiamo ad essa

Quella che chiamiamo stress digitale non è solo un fastidio; è una crisi profonda che investe il nostro benessere, la nostra identità e la nostra consapevolezza.

Lo Stress Digitale: il nucleo del problema

Esploriamo ciascun aspetto per capire meglio come funziona

Livello Fisiologico

... mostra di più

Il Digital Wellness Coaching: i 3 passi per un mindsetfix e l’uso intenzionale della tecnologia

Viviamo nella dissociazione: lodiamo l’equilibrio tra lavoro e vita privata, eppure ci ritroviamo costantemente online, come marionette in balia di fili invisibili

Il vero problema non è la tecnologia, ma come noi, esseri umani, rispondiamo ad essa

Quella che chiamiamo stress digitale non è solo un fastidio; è una crisi profonda che investe il nostro benessere, la nostra identità e la nostra consapevolezza.

Lo Stress Digitale: il nucleo del problema

Esploriamo ciascun aspetto per capire meglio come funziona

Livello Fisiologico

Quando riceviamo una notifica sul nostro dispositivo, si attiva in noi la risposta di lotta o fuga. Questo costante switch attenzionale provoca un aumento cronico del cortisolo, l’ormone dello stress, come evidenziato dagli studi sul costo del cambio di contesto (switch cost) nel multitasking. A lungo andare, questo stato di allerta costante ci porta a soffrire di insonnia, di fatica visiva e a sviluppare tensioni muscolari (fenomeni ampiamente documentati dall’ergonomia digitale)

Livello Cognitivo

Il nostro cervello è costretto a un continuo switch di contesto. Come sottolineato dalle ricerche sulla carica cognitiva questo “multitasking” erode la nostra capacità di mantenere un’attenzione profonda, essenziale per raggiungere uno stato di flow efficiente e sostenuto

Livello Emotivo

A livello emotivo, la nostra autostima diventa intimamente legata alla nostra disponibilità, alimentando spesso la FOMO (Fear of Missing Out) e la convinzione profonda: “Se non rispondo subito, non sono utile o importante.” Questa convinzione ci può portare a sentirci costantemente sotto pressione e a sottovalutare il nostro valore, distaccandoci dai nostri veri bisogni e desideri. La pratica della Mindfulness è lo strumento ideale per contrastare questa reattività, riportando l’attenzione al momento presente e ai bisogni interni, anziché alla costante richiesta esterna di disponibilità

In sintesi, la nostra esposizione costante alla tecnologia reattiva non solo danneggia il nostro corpo, ma impoverisce anche la nostra mente e, infine, influisce sulla nostra autostima. Comprendere queste dinamiche è il primo passo verso una gestione più sana del nostro benessere digitale

Digital Wellness Coaching: esercizi pratici

Non abbiamo bisogno di un techfix (come disabilitare le app), ma di un mindsetfix.

Qui entra in gioco il Digital Wellness Coaching che ci guida verso una gestione sana e consapevole della tecnologia in 3 fasi:

1. Consapevolezza (Awareness)

Il debug dell’abitudine

Usare un diario digitale per monitorare l’uso reattivo e intenzionale, annotando l’emozione provata prima di afferrare il telefono.
Esercizio: la pausa di 3 secondi. Prima di sbloccare il telefono, fermiamoci e chiediamoci: “Qual è l’intenzione specifica per cui sto prendendo questo dispositivo?” Se non c’è un’intenzione chiara, riponiamolo.
Riflessione guida: “Quando prendiamo in mano il telefono, cosa stiamo cercando realmente? L’informazione o una fuga?”

2. Confine (Boundary)

Installare il firewall personale

Adottare pratiche come il time boxing intenzionale, pianificando momenti di disconnessione (es. area rossa dalle 20:00).
Esercizio: il contratto di disconnessione. Stabiliamo una zona della casa (es. la camera da letto) come “No-Phone Zone” e rispettiamo rigorosamente questo confine per due settimane.
La regola della non-urgenza è cruciale: il 99% di ciò che sembra urgente è semplicemente la priorità di qualcun altro

3. Riconnessione (Re-Connection)

Aggiornare il sistema corpo-mente

Introdurre micro-pause consapevoli di 30 secondi (es. stretching o pratiche brevi di Mindfulness e respirazione profonda) e riscoprire hobby analogici. L’obiettivo è quello di ancorare la mente al presente non digitale.
Esercizio: il risveglio analogico. Non tocchiamo dispositivi digitali (telefono, tablet, TV) per almeno una ora dopo esserci svegliati. Usiamo quel tempo per colazione, lettura cartacea o meditazione Mindfulness.
L’obiettivo è separare chi siamo dal nostro ruolo: non siamo un server, ma un essere umano

L’impatto del Coaching: dalla teoria alla trasformazione

Il valore del Digital Wellness Coaching risiede nella sua capacità di trasformare la consapevolezza in azione sostenibile. Non si limita a dare consigli generici (“usa meno il telefono”) ma offre:

Partnership: il Coach funge da “partner di responsabilità”, aiutandoci a rimanere fedeli ai confini che abbiamo stabilito per noi stessi.
Personalizzazione: le strategie del Coach vengono adattate non solo all’uso della tecnologia, ma anche al nostro specifico stile di vita, lavoro e valori emotivi.
Superamento dei blocchi: con il Coach identifichiamo e smantelliamo le convinzioni profonde (come “Devo rispondere subito “) che alimentano il ciclo dello stress digitale

L’idea della Community

La necessità di affrontare questo tema ha dato vita alla community RHC Cyber Angels, un insieme che esplora il lato umano delle sfide digitali, con il benessere digitale come obiettivo centrale. Il benessere digitale non è una dieta temporanea, ma una filosofia operativa.

Significa smettere di considerarci una risorsa infinita e iniziare a riconoscerci come una risorsa limitata e preziosa.

Se sei una donna interessata ai temi del benessere digitale e della cybersecurity in generale, scrivi a redazione@redhotcyber.com per candidarti ad entrare all’interno del gruppo delle RHC Cyber Angels.

Modo reazione vs. modo intenzione: la mappa per l’autonomia

Quando siamo in modalità reazione, diamo il nostro potere al mondo esterno, rispondendo passivamente.

In modalità intenzionale, invece, esercitiamo il nostro potere interno, scegliendo attivamente come spendere il nostro tempo e la nostra energia

Quale delle due modalità scegliamo di allenare da oggi?

Qual è la prima cosa non-digitale che faremo, nel prossimo weekend, per ricordarci che il nostro tempo è prezioso e limitato?

L'articolo Il Digital Wellness Coaching: i 3 passi per un mindsetfix e l’uso intenzionale della tecnologia proviene da Red Hot Cyber.

CF Bolz-Tereick

2 mesi fa • •

CF Bolz-Tereick
2 mesi fa • •

new integer type just dropped: singed int

in reply to CF Bolz-Tereick

MattStudies

in reply to CF Bolz-Tereick • 2 mesi fa • •

… are we saying “singed” like a musical note, or “singed” like gently burnt.

in reply to MattStudies

CF Bolz-Tereick

in reply to MattStudies • 2 mesi fa • •

I was thinking of the latter. But clearly we are just freely associating at this point

Oliver Brux

2 mesi fa • •

Oliver Brux
2 mesi fa • •

682/730

When we bought our new olive oil, I knew immediately that I had to do something with it.

📷 Fujifilm XT-5

#fujiFilm #fuji #photography #fotografie #730Project #dailyPhoto #obxPhoto #stillLife

Stillleben eines hohen Kanisters aus grünem Blech. Davor ist stehend eine halbe Gurke und eine Mango drapiert.

#photography #fujifilm #fotografie #dailyphoto #stilllife #fuji #730project #obxphoto

Bluebabbler

2 mesi fa • •

Bluebabbler
2 mesi fa • •

Mi trovo a dover scrivere la 'letterina' a Babbo Natale e, oltre alla pace del mondo (mai ricevuta), di solito chiedo sempre almeno un libro.

Quest'anno ho seguito poco le novità e quindi ti chiedo: titoli interessanti e originali del 2025, magari di genere fantastico, weird, o (se proprio butta male) saggistica?

(titoli facili da trovare, altrimenti non ricevo niente)

Grazie!

Unknown parent

Bluebabbler

Unknown parent • 2 mesi fa • •

me la segno, grazie. Vanno bene tutti i titoli o c'è qualcosa che spicca in particolare?

Unknown parent

Bluebabbler

Unknown parent • 2 mesi fa • •

sono dei classiconi intramontabili. Di Meyrink avevo letto Il Golem, questa raccolta mi manca.

Cybersecurity & cyberwarfare

2 mesi fa da Open app • •

Cybersecurity & cyberwarfare
2 mesi fa da Open app • •

L’EDR è inutile! Gli hacker di DeadLock hanno trovato un “kill switch” universale

Cisco Talos ha identificato una nuova campagna ransomware chiamata DeadLock: gli aggressori sfruttano un driver antivirus Baidu vulnerabile (CVE-2024-51324) per disabilitare i sistemi EDR tramite la tecnica Bring Your Own Vulnerable Driver (BYOVD). Il gruppo non gestisce un sito di fuga di dati ma comunica con le vittime tramite Session Messenger.

Secondo Talos gli attacchi vengono eseguiti da un operatore motivato finanziariamente che ottiene l’accesso all’infrastruttura della vittima almeno

... mostra di più

L’EDR è inutile! Gli hacker di DeadLock hanno trovato un “kill switch” universale

Secondo Talos gli attacchi vengono eseguiti da un operatore motivato finanziariamente che ottiene l’accesso all’infrastruttura della vittima almeno cinque giorni prima della crittografia e prepara gradualmente il sistema per l’implementazione di DeadLock.

Uno degli elementi chiave della catena è BYOVD : gli aggressori stessi introducono nel sistema un driver Baidu Antivirus legittimo ma vulnerabile, BdApiUtil.sys, camuffato da DriverGay.sys, e il proprio loader, EDRGay.exe. Il loader inizializza il driver in modalità utente, stabilisce una connessione ad esso tramite CreateFile() e inizia a enumerare i processi alla ricerca di soluzioni antivirus ed EDR.

Successivamente, viene sfruttata la vulnerabilità CVE-2024-51324, un errore di gestione dei privilegi nel driver. Il loader invia uno speciale comando DeviceIOControl() al driver con codice IOCTL 0x800024b4 e il PID del processo di destinazione.

Dal lato kernel, il driver interpreta questo come una richiesta di terminazione del processo, ma a causa della vulnerabilità, non verifica i privilegi del programma chiamante. Eseguendo con privilegi kernel, il driver richiama semplicemente ZwTerminateProcess() e “termina” immediatamente il servizio di sicurezza, aprendo la strada ad ulteriori aggressori.

Prima di lanciare il ransomware, l’operatore esegue uno script PowerShell preparatorio sul computer della vittima. Innanzitutto, verifica i privilegi dell’utente corrente e, se necessario, si riavvia con privilegi amministrativi tramite RunAs, bypassando l’UAC e attenuando le restrizioni standard di PowerShell.

Dopo aver ottenuto i privilegi di amministratore, lo script disabilita Windows Defender e altri strumenti di sicurezza, arresta e disabilita i servizi di backup, i database e altri software che potrebbero interferire con la crittografia. Elimina inoltre tutti gli snapshot delle copie shadow del volume, privando la vittima degli strumenti di ripristino standard, e infine si autodistrugge, complicando l’analisi forense.

Lo script include anche un elenco dettagliato di eccezioni per i servizi critici per il sistema. Tra queste rientrano i servizi di rete (WinRM, DNS, DHCP), i meccanismi di autenticazione (KDC, Netlogon, LSM) e i componenti di base di Windows (RPCSS, Plug and Play, registro eventi di sistema).

Ciò consente agli aggressori di disabilitare il maggior numero possibile di componenti di sicurezza e applicativi senza causare l’arresto anomalo dell’intero sistema, consentendo alla vittima di leggere la nota, contattare il ransomware e pagare.

Talos ha notato che alcune sezioni dello script relative all’eliminazione delle condivisioni di rete e ai metodi alternativi per l’arresto dei processi erano commentate, a indicare che gli autori le intendevano come “opzioni” per scopi specifici. Lo script carica dinamicamente alcune eccezioni da un file run[.]txt esterno.

La telemetria indica che gli aggressori stanno accedendo alla rete della vittima tramite account legittimi compromessi. Dopo l’accesso iniziale, configurano l’accesso remoto persistente: utilizzando il comando reg add, modificano il valore di registro fDenyTSConnections per abilitare RDP. Quindi, utilizzando netsh advfirewall, creano una regola che apre la porta 3389, impostano il servizio RemoteRegistry in modalità on-demand e lo avviano, consentendo la gestione remota del registro.

Il giorno prima della crittografia, l’operatore installa una nuova istanza di AnyDesk su una delle macchine , nonostante altre installazioni del software siano già presenti nell’infrastruttura, rendendo questa distribuzione sospetta.

AnyDesk viene distribuito in modo silenzioso, con l’avvio di Windows abilitato, una password configurata per l’accesso silenzioso e gli aggiornamenti disabilitati che potrebbero interrompere le sessioni degli aggressori. Successivamente, inizia la ricognizione attiva e lo spostamento della rete: nltest viene utilizzato per trovare i controller di dominio e la struttura del dominio, net localgroup/domain per enumerare i gruppi privilegiati, ping e quser per verificare la disponibilità e gli utenti attivi, e infine mstsc e mmc compmgmt.msc per connettersi ad altri host tramite RDP o tramite lo snap-in Gestione Desktop remoto.

Il potenziale accesso alle risorse web interne viene rilevato dall’avvio di iexplore.exe con indirizzi IP interni.

L'articolo L’EDR è inutile! Gli hacker di DeadLock hanno trovato un “kill switch” universale proviene da Red Hot Cyber.

Catalin Cimpanu

2 mesi fa • •

Catalin Cimpanu
2 mesi fa • •

Some phishers have taken inspiration from Russian cyber-espionage group UTA0355 and are using a technique that tricks users into sharing their OAuth material in a web page (UAT0355 did it via email replies)

pushsecurity.com/blog/consentf…

ConsentFix: Browser-native ClickFix hijacks OAuth grants

Analysing "ConsentFix", a new browser-native attack technique we've detected in the wild, combining OAuth consent phishing with a ClickFix-style user prompt.

^{Luke Jennings (Push Security)}

Catalin Cimpanu

2 mesi fa • •

Catalin Cimpanu
2 mesi fa • •

Google is rolling out a new feature for Android users that will let them share live video with emergency services.

The new feature is being rolled out in the US and some regions in Mexico and Germany.

It will be available for Android 8 (2017) devices or higher

blog.google/products/android/e…

Share live video with emergency services to get the help you need

During an emergency call or text, a dispatcher can send a request to your Android phone to share live video.

^{Alastair Breeze (Google)}

Catalin Cimpanu

2 mesi fa • •

Catalin Cimpanu
2 mesi fa • •

RE: mastodon.social/@campuscodi/11…

More research of this type

Intruder found 43k secrets across 5 million single-page apps: businesswire.com/news/home/202…

Bitsight has found more than 1,000 MCP servers exposed on the internet with no authorization in place and exposing sensitive data: bitsight.com/blog/exposed-mcp-…

It’s 2 AM. Do You Know Which AIs Your MCP Server Is Talking To?

Bitsight TRACE research team found roughly 1,000 exposed MCP servers with no authorization in place, revealing new AI vulnerabilities. Read the report now.

^{João Cruz (BitSight)}

Catalin Cimpanu

2025-12-11 11:10:59

Security firm Flare has scanned the Docker Hub portal and found secrets and tokens, including for production systems, in more than 10,000 images
flare.io/learn/resources/docke…

Thousands of Exposed Secrets Found on Docker Hub - Flare
In a month, we found Docker Hub images that contained leaked secrets (including live credentials to production systems) from over 100 companies.
^Flare

OpenSoul ✅

2 mesi fa • •

OpenSoul ✅
2 mesi fa • •

Piccolo gioiello che sto sentendo in questi giorni dei favolosi #Frost (super)gruppo #Prog

Dobbiamo pensare di vivere ogni momento, come se fosse l'ultimo, senza paura, con coraggio e leggerezza

youtube.com/watch?v=hQjvSda3po…

[Verse]The air is warming up again
The summer sounds are like old friends
I see the sunlight through the trees
I wonder if the sun can see me?

[Pre-Chorus]
I hear the echoes of those days
Reflecting back at me in waves
Carved into
1/2

Last Day

Provided to YouTube by InsideOutMusicLast Day · Frost*Falling Satellites℗ 2016 Century Media Records Ltd. under exclusive license from InsideOutMusicReleased...

^YouTube

#prog #frost

Catalin Cimpanu

2 mesi fa • •

Catalin Cimpanu
2 mesi fa • •

CA/B Forum to sunset 11 domain validation methods used to issue TLS certificates

security.googleblog.com/2025/1…

HTTPS certificate industry phasing out less secure domain validation methods

Posted by Chrome Root Program Team Secure connections are the backbone of the modern web, but a certificate is only as trustworthy as the...

^{Google Online Security Blog}

Redhotcyber

2 mesi fa • •

Redhotcyber
2 mesi fa • •

700.000 record di un Registro Professionale Italiano in vendita nel Dark Web

📌 Link all'articolo : redhotcyber.com/post/700-000-r…

Un nuovo allarme arriva dal sottobosco del cybercrime arriva poche ore fa. A segnalarlo l’azienda ParagonSec, società specializzata nel #monitoraggio delle #attività delle cyber gang e dei marketplace clandestini, che ha riportato la comparsa su un #forum #underground di un presunto #database contenente oltre 700.000 record #appartenenti ad un Registro Professionale Italiano.

A cura di Redazione RHC

#redhotcyber #news #cybersecurity #hacking #malware #database #registroprofessionale #nazionalitaliano #sicurezzainformatica #protezionedatidipersonali #databreach #furtodidati #informazionisensibili #violazione sicurezza

700.000 record di un Registro Professionale Italiano in vendita nel Dark Web

Un database con 700.000 record di un Registro Professionale Italiano è in vendita su un forum underground, con informazioni sensibili e dati personali.

^{Redazione RHC (Red Hot Cyber)}

#redhotcyber #hacking #cybersecurity #malware #News #forum #sicurezzainformatica #database #appartenenti #violazione #monitoraggio #databreach #underground #attivita #protezionedatidipersonali #registroprofessionale #nazionalitaliano #furtodidati #informazionisensibili

José Luis Ballester

2 mesi fa • •

José Luis Ballester
2 mesi fa • •

Hora del paseo....👍

Catalin Cimpanu

2 mesi fa • •

Catalin Cimpanu
2 mesi fa • •

UK ICO fines LastPass £1.2m for 2022 data breach

ico.org.uk/about-the-ico/media…

Password manager provider fined £1.2m by ICO for data breach affecting up to 1.6 million people in the UK

The Information Commissioner’s Office (ICO) has fined password manager provider LastPass UK Ltd £1.2 million following a 2022 data breach that compromised the personal information of up to 1.6 million of its UK users.

^ico.org.uk

SaverioPhoto

2 mesi fa • •

SaverioPhoto
2 mesi fa • •

Osservare, immaginare, aspettare; l'atto di scattare è puramente marginale.

#photography #photo #fotografia #foto #Milano #christmas

#photography #fotografia #photo #milano #foto #christmas

SiestⒶcorta

2 mesi fa • •

SiestⒶcorta
2 mesi fa • •

#CluesBySam

Hébé ç'a été long.
Longtemps au début pour deviner de qui deux indices ne parlaient PAS mais disaient quelque chose ; et oubli de compter Will, me demande pas comment, il s'est mis derrière un autre je sais pas.

cluesbysam.com/

Clues by Sam

A daily logic puzzle where you deduce who is a criminal!

^{cluesbysam.com}

#CluesBySam

in reply to SiestⒶcorta

Hypolite Petovan

in reply to SiestⒶcorta • 2 mesi fa • •

@SiestⒶcorta Bien joué ! Pour moi il y avait beaucoup trop de 50/50 qui allaient dans tous les sens. 😵‍💫

Clues by Sam - Dec 11th 2025 (Tricky)
Less than 10 minutes
🟩🟩🟩🟩
🟩🟩🟩🟩
🟩🟩🟩🟩
🟩🟩🟩🟩
🟩🟩🟩🟩

@SiestⒶcorta

Cybersecurity & cyberwarfare

2 mesi fa • •

Cybersecurity & cyberwarfare
2 mesi fa • •

Vulnerabilità zero-day in Chrome: Google rilascia una patch urgente, installiamola subito

@Informatica (Italy e non Italy 😁)
Google ha rilasciato un aggiornamento urgente per Chrome a causa di un bug zero-day sfruttato attivamente. L’analisi esplora le implicazioni per le aziende e gli utenti, fornendo consigli pratici per proteggersi e mitigare i rischi

@Informatica (Italy e non Italy)

Boomerissimo.it

2 mesi fa • •

Boomerissimo.it
2 mesi fa • •

Winston Churchill, la scuola non era fatta per lui

🛑I fallimenti di un giovane troppo brillante👇

boomerissimo.it/2024/05/27/win…

Winston Churchill somaro: troppo geniale per una scuola normale - Boomerissimo

Winston Churchill è stato un gigante del suo tempo ma uno scolaro fallimentare. Aveva un problema che nemmeno la scuola moderna è riuscita a superare.

^{Antonio Pintér (Boomerissimo)}

Redhotcyber

2 mesi fa • •

Redhotcyber
2 mesi fa • •

NetSupport RAT: il malware invisibile che gli antivirus non possono fermare

📌 Link all'articolo : redhotcyber.com/post/netsuppor…

#redhotcyber #news #cybersecurity #hacking #malware #ransomware #netSupportRAT #javascript

NetSupport RAT: il malware invisibile che gli antivirus non possono fermare

Gli specialisti di Securonix hanno scoperto una campagna malware multilivello per installare NetSupport RAT. L'attacco si sviluppa attraverso fasi nascoste per garantire massima discrezione.

^{Redazione RHC (Red Hot Cyber)}

#redhotcyber #hacking #cybersecurity #malware #javascript #ransomware #News #netsupportrat

The 19th

2 mesi fa • •

The 19th
2 mesi fa • •

This single mom is squeezed by LA’s cost of living. Now she’s running for mayor.
https://19thnews.org/2025/12/rae-huang-la-mayor-campaign/?utm_source=flipboard&utm_medium=activitypub

Posted into The 19th @the-19th-19thnews

Rae Huang struggled with LA's affordability. Now she's running for mayor.

Progressive housing advocate and single mom Rae Huang is challenging Karen Bass for Los Angeles mayor, promising free transit and social housing.

^{Jireh Deng, LA Public Press (19th News)}

@The 19th

Catalin Cimpanu

2 mesi fa • •

Catalin Cimpanu
2 mesi fa • •

Looks like Twitter finally took down the NoName057 account after yesterday's indictment

x.com/Safety/status/1998528342…

Rapita dagli alieni

2 mesi fa • •

Rapita dagli alieni
2 mesi fa • •

Sensitive content

#Mastocartolaio

Unknown parent

Rapita dagli alieni

Unknown parent • 2 mesi fa • •

Sensitive content

@giga 🔻

Redhotcyber

2 mesi fa • •

Redhotcyber
2 mesi fa • •

Terremoto? No, AI-Fake! Un’immagine generata dall’IA paralizza i treni britannici

📌 Link all'articolo : redhotcyber.com/post/terremoto…

#redhotcyber #news #intelligenzaartificiale #rete neurale #cybersecurity #sicurezzainformatica #treni #trasporti

Terremoto? No, AI-Fake! Un’immagine generata dall’IA paralizza i treni britannici

Treni sospesi in Inghilterra per un'immagine falsa di un ponte danneggiato generata da una rete neurale.

^{Redazione RHC (Red Hot Cyber)}

#redhotcyber #cybersecurity #intelligenzaartificiale #News #rete #sicurezzainformatica #treni #trasporti

Neil Craig

2 mesi fa • •

Neil Craig
2 mesi fa • •

This is what our cats do when they want their dinner now. Both of them come down to my cabin where I work, sit on the decking outside and stare at me until I feed them.

Hustlers. The pair of them.

#Cats #CateOfMastodon

View from inside my cabin (outbuilding) at the end of my garden looking out onto some decking attached to the cabin. 2 black and white cats are sitting on the decking, staring in, giving me the guilt trip.

#cats #cateofmastodon

Design Thinking! Comic

2 mesi fa • •

Design Thinking! Comic
2 mesi fa • •

While we're all having a pop at Disney and AI, here's one I did about them from the beginning of the year...

4 panel comic strip showing Mickey Mouse telling two marketing execs that hate will spread their product further than love, and so uses AI to create horrible movie posters to get more attention on social media.

Questa voce è stata modificata (2 mesi fa)

in reply to Design Thinking! Comic

Hypolite Petovan

in reply to Design Thinking! Comic • 2 mesi fa • •

@Design Thinking! Comic Prescient!

@Design Thinking! Comic

myrmepropagandist

2 mesi fa • •

myrmepropagandist
2 mesi fa • •

Is this geometry problem fun or is it evil?
“prove LMNO is a parallelogram” #matheducation

A geometric diagram that looks like a spiderweb at the center is a and around it three triangles joined by their mid segments a quadrilateral LMNO is highlighted in blue

#matheducation

in reply to myrmepropagandist

Hypolite Petovan

in reply to myrmepropagandist • 2 mesi fa • •

@myrmepropagandist Evil, too many steps.

@myrmepropagandist

Catalin Cimpanu

2 mesi fa • •

Catalin Cimpanu
2 mesi fa • •

SOAPwn -- new bugs that can lead to RCE in .NET apps

Vulnerable applications include the Umbraco CMS, Barracuda's Service Center, the Ivanti Endpoint Manager, and more

Microsoft did not fix them

labs.watchtowr.com/soapwn-pwni…

SOAPwn: Pwning .NET Framework Applications Through HTTP Client Proxies And WSDL

Welcome back! As we near the end of 2025, we are, of course, waiting for the next round of SSLVPN exploitation to occur in January (as it did in 2024 and 2025). Weeeeeeeee.

^{Piotr Bazydlo (@chudyPB) (watchTowr Labs)}

⚛️Revertron

2 mesi fa • •

⚛️Revertron
2 mesi fa • •

Ух ты! Опять начали предлагать обновиться на 11-ку.

#Windows #Win10

#windows #win10

NOELREPORTS 🇪🇺 🇺🇦

2 mesi fa • •

NOELREPORTS 🇪🇺 🇺🇦
2 mesi fa • •

Zelensky says the peace plan isn’t final. Kyiv rejects losing Donbas or the ZNPP, and insists decisions like Donetsk’s status must be left to the people. The US wants a quick deal, but key issues remain. Ukraine eyes separate deals with Washington on aid, security, and postwar recovery.

Ulfh3dnar

2 mesi fa • •

Ulfh3dnar
2 mesi fa • •

Sensitive content

#ukraine #russia #UkraineRussiaWar #war

Ulfh3dnar

2 mesi fa • •

Ulfh3dnar
2 mesi fa • •

Sensitive content

#usa #redsea #Israel #Navy #middleeast

reshared this

Tendar

2 mesi fa • •

Tendar
2 mesi fa • •

For the first time Ukrainian drones struck an oil rig belonging to Russia. The Filanovsky oil platform in the Caspian Sea was struck by at least 4 UAVs. This is one of Lukoil's key oil rigs in this region.

воля

2 mesi fa • •

воля
2 mesi fa • •

воля

2 mesi fa • •

воля
2 mesi fa • •

NOELREPORTS 🇪🇺 🇺🇦

2 mesi fa • •

NOELREPORTS 🇪🇺 🇺🇦
2 mesi fa • •

The EU aims to agree by Friday on a long-term freeze of Russian central bank assets, a major legal shift that would remove the need to renew the freeze every six months. This would block veto threats from Hungary or Slovakia and pave the way for using the €210B as collateral for loans to Ukraine.

Belgium, holding €185B, remains cautious due to legal risks, but the EU is preparing guarantees to protect it from Russian lawsuits.

воля

2 mesi fa • •

воля
2 mesi fa • •

воля

2 mesi fa • •

воля
2 mesi fa • •

воля

2 mesi fa • •

воля
2 mesi fa • •

NOELREPORTS 🇪🇺 🇺🇦

2 mesi fa • •

NOELREPORTS 🇪🇺 🇺🇦
2 mesi fa • •

Two villains, one goal - the cover of the latest issue of German magazine Der Spiegel.

воля

2 mesi fa • •

воля
2 mesi fa • •

Коррупция Трампа хуже украинской, — The Atlantic

воля

2 mesi fa • •

воля
2 mesi fa • •

воля

2 mesi fa • •

воля
2 mesi fa • •

воля

2 mesi fa • •

воля
2 mesi fa • •

NOELREPORTS 🇪🇺 🇺🇦

2 mesi fa • •

NOELREPORTS 🇪🇺 🇺🇦
2 mesi fa • •

UK banks are warning the government over plans to use £8bn in frozen Russian assets to back loans for Ukraine, fearing legal retaliation from Moscow and no guarantees of repayment. With no indemnity offered, lenders say they’re exposed to high risk, especially if Ukraine defaults and Russia sues. Like France, bankers insist the scheme lacks legal clarity and sets a dangerous precedent.

NOELREPORTS 🇪🇺 🇺🇦

2 mesi fa • •

NOELREPORTS 🇪🇺 🇺🇦
2 mesi fa • •

Ukraine’s defense industry is working to localize S-300 and S-400 missile production with the goal of integrating them with European radar systems, Fire Point’s chief designer Denys Shtylerman told the BBC. The company has already cloned key components and plans to begin engine tests in January 2026.

Until full integration is possible, the FP-7 is being used as a short-range ballistic missile with a 200 km range. The longer-range FP-9, reaching up to 855 km, is also in development.

NOELREPORTS 🇪🇺 🇺🇦

2 mesi fa • •

NOELREPORTS 🇪🇺 🇺🇦
2 mesi fa • •

During a meeting with military leadership, Putin claimed that Russian forces hold the strategic initiative and ordered the continuation of combat operations “according to plan.” Gerasimov reported advances in Sumy and near Vovchansk, control over parts of Kostyantynivka, and the capture of Kurylivka, Kucherivka, and Siversk. Putin praised the army’s performance and said progress in Donbas and “Novorossiya” is on track.

🤷‍♂️

NOELREPORTS 🇪🇺 🇺🇦

2 mesi fa • •

NOELREPORTS 🇪🇺 🇺🇦
2 mesi fa • •

On December 13, the US will meet with delegations from Ukraine, France, Germany, and the UK in Paris to discuss Trump’s “peace plan,” Axios reports. The closed-door talks come amid rising concern over the plan’s pro-Russian bias and its impact on Ukraine’s sovereignty.

Auschwitz Memorial

2 mesi fa • •

Auschwitz Memorial
2 mesi fa • •

11 December 1904 | A German Jew, Felix Nussbaum, was born in Osnabrück. A painter.

From 1933 in exile. During the war he was interned in Saint-Cyprien camp. He escaped & went into hiding in Belgium. Arrested in 1944 & deported with his wife to Auschwitz where they perished.

Black and white portrait of a man, wearing a heavy knit sweater and staring thoughtfully to the side.

Painting titled 'Self-Portrait with Jewish Identity Card' by Felix Nussbaum, depicting an individual wearing a hat and coat with a yellow Star of David, holding an identity card and appearing anxious, set against a gloomy urban background with a barren tree.

Surreal painting featuring a diverse group of individuals in various attire, positioned around iconic artworks and artifacts, displayed both inside cases and in the open. Notable landmarks like the Brandenburg Gate and a classical statue are visible in the background, suggesting a historical and cultural theme. A whimsical flying figure and an automobile also appear, adding to the scene's eclectic nature.

Two stones, commemorating Felix Nussbaum and Felka Platek, embedded in a cobblestone walkway. The golden plaques provide names, birthplaces, deportation and assassination dates.

NOELREPORTS 🇪🇺 🇺🇦

2 mesi fa • •

NOELREPORTS 🇪🇺 🇺🇦
2 mesi fa • •

Ukraine’s General Staff confirms it's streamlining transfers between units by shifting to a fully electronic system. Requests now go directly to HQ, cutting out lower-level approvals and reducing manipulation.

But the key message: self-inflicted absences (СЗЧ) won't help soldiers transfer to preferred units. All returns from СЗЧ go to combat brigades in need, including Air Assault and assault forces.

NOELREPORTS 🇪🇺 🇺🇦

2 mesi fa • •

NOELREPORTS 🇪🇺 🇺🇦
2 mesi fa • •

Dictator playbook 101.

Bloomberg reports Viktor Orbán is preparing for life after the April 2026 election by planning a power grab through the presidency. Orbán is exploring how to rewrite laws to turn Hungary’s ceremonial presidential role into the most powerful office in the country. Fidesz has already passed a law making it harder to remove the president, and insiders say Orbán is considering using his supermajority to push through constitutional changes before the vote.

kravietz 🦇

2 mesi fa • •

kravietz 🦇
2 mesi fa • •

The UN General Assembly adopted a resolution initiated by #Ukraine and a group of states to strengthen international cooperation and mitigate the consequences of the #Chornobyl disaster.

You would think it’s a no brainer.

Guess who voted against it 😂

Results of the vote in UN where US, Russia, Belarus, China, North Korea, Nicaragua, and Niger voted against

#ukraine #Chornobyl

NOELREPORTS 🇪🇺 🇺🇦

2 mesi fa • •

NOELREPORTS 🇪🇺 🇺🇦
2 mesi fa • •

Belgorod, sounds of last night’s missile strike.

Lorenzo Franceschi-Bicchierai

2 mesi fa • •

Lorenzo Franceschi-Bicchierai
2 mesi fa • •

NEW: Right-wing messaging app Freedom Chat had security flaws that allowed a researcher to guess all numbers registered on the platform, and one that exposed user PINs to other users.

The researcher enumerated around 2,000 phone numbers.

techcrunch.com/2025/12/11/secu…

Security flaws in Freedom Chat app exposed users' phone numbers and PINs | TechCrunch

The founder of Freedom Chat said the company has reset user PINs and released a new version to app stores.

^{Zack Whittaker (TechCrunch)}

Catalin Cimpanu

2 mesi fa • •

Catalin Cimpanu
2 mesi fa • •

Dutch prosecutors are seeking an eight-month prison sentence for a man who launched DDoS attacks against the country's 112 emergency line.

The suspect allegedly tried to frame some business partners for the attack

om.nl/actueel/nieuws/2025/12/1…

Zakelijk conflict leidt tot DDoS-aanval 112-centrale: celstraf geëist

Het Landelijk Parket (LP) van het Openbaar Ministerie (OM) heeft woensdag een onvoorwaardelijke gevangenisstraf van acht maanden en een geldboete geëist tegen een 47-jarige man uit Delft.

^www.om.nl

Questo sito web utilizza cookie tecnici e di sessione. Proseguendo la navigazione su questo sito, accetti l'utilizzo dei cookie.

⇧