Member
Rating
Created At
🔰 Discover top-notch protection against malware, phishing, and spyware with our practical tips and clear guides. Stay secure and confident online with the latest news and expert resources to keep you ahead of digital threats.
No related blogs yet
Hey, if you're using a Samsung Galaxy, this one's a wake-up call. Palo Alto Networks' Unit 42 team dropped a bombshell in October 2025: a sophisticated spyware called Landfall hid in Android 13-16 devices for nearly a year, exploiting CVE-2025-21042—a flaw Samsung didn't know about until April 2025. It spread through innocent-looking images in messengers, no clicks required, and grabbed everything from calls to locations. Think about it: your phone could be silently feeding data to watchers without you ever noticing. The modular setup, reminiscent of Pegasus, let attackers customize payloads on the fly, making it a nightmare for security folks.
It all starts with a crafted image triggering a buffer overflow in Samsung's libraries, giving root access without alerts. From there, it runs in the background, pulling messages, contacts, photos, and even audio logs. Unit 42 caught it during a wider mobile exploit hunt, linking it to Stealth Falcon—a group with a decade of targeting journalists and activists in the Gulf. The spyware's adaptability meant it could evolve fast, dodging detection while exfiltrating data to hidden servers. This isn't isolated; similar flaws hit Apple too, patched in August 2025, showing how messengers are prime vectors for zero-click attacks.
The hits focused on users in Iraq, Iran, Turkey, and Morocco—likely state-sponsored, given the precision. But it's a broader issue: these tools turn everyday phones into surveillance devices, exposing anyone to risks like identity theft or targeted harassment. In 2025, with spyware markets booming, even non-activists aren't safe if their data's valuable. Samsung's response was a patch, but the long undetected run shows how vendors lag behind threats.
This highlights Android's ongoing battles with zero-days: attackers exploit before patches roll out, leaving millions exposed. For devs, it's a lesson in secure coding; for users, a reminder to layer defenses. Custom OS like GrapheneOS or /e/OS strip vulnerabilities by ditching bloat and adding hardening—worth switching if privacy's key.
Ditch stock ROMs: GrapheneOS bolsters Pixels with verified boots, while /e/OS offers de-Googled Android for more devices. Both cut spyware risks significantly.
#Samsung #Android #MobileSecurity #Spyware #Landfall #ZeroDay #Malware
@PrivacyNotACrime
Linux isn't just a server OS or development environment—it's a tool that lets you dive deep into systems: spot weak points, automate routine tasks, and quickly get a "snapshot" of the host's state.
For practical security, it's key to master not only individual commands but also how to gather info fast, automate repetitive actions, and apply safe methods.
#Linux #Hacking #Commands #Scripts #Bash #Cybersecurity
@PrivacyNotACrime
Four years after its shutdown, the AN0M encrypted messaging app—secretly built by the FBI and Australian police as a honeypot—continues to lead to arrests. Australian authorities just nabbed 55 more suspects in Operation Ironside, seizing $26 million in assets like cash, drugs, and luxury vehicles. Launched in 2018, AN0M was distributed through criminal networks, capturing 27 million messages from 12,000 users across 100 countries. The app's backdoor allowed real-time monitoring, resulting in over 1,000 arrests globally since 2021, including 224 in Australia alone.
The FBI developed AN0M as a "secure" app for criminals, complete with end-to-end encryption—but with a twist: every message was intercepted. Distributed via informants, it spread like wildfire among drug traffickers and organized crime groups. Police combed through nearly 2.5 million messages over four years, gathering evidence for charges ranging from drug trafficking to money laundering. The recent wave in South Australia targeted encrypted phone networks, with 800 new charges filed, showing the long tail of this operation.
AN0M's success has inspired similar stings worldwide, like the EU's push for chat control laws. It prevented 21 murders and seized tons of drugs in initial busts, but the ongoing arrests—now totaling hundreds—demonstrate how one honeypot can dismantle networks over time. In the US, FBI involvement tied AN0M to Operation Trojan Shield, leading to seizures worth millions and disrupting international crime syndicates.
Even closed, AN0M's data keeps yielding intel, with anomalies in user behavior flagging new suspects. This raises alarms for privacy: if one "secure" app was a trap, others could follow, especially with advancing AI surveillance. Criminals now face heightened risks, but so do ordinary users if similar tactics spread.
#AFP #AN0M #IronSide #Australia #FBI #Encryption #EE2E #Cybersecurity
@PrivacyNotACrime
Hey everyone, if you're into networking or cybersecurity, I've just stumbled upon something that's bound to become a staple in your bookmarks. Networking Toolbox is this handy resource packed with hundreds of tools for everything from DNS and TLS checks to DHCP, HTTP, and email server verifications. It's like a one-stop shop for troubleshooting and optimizing your network setup, and the best part? It's all free and open-source.
The site covers a ton of ground: convert CIDR notations, handle subnet calculators, play with IPv4/IPv6 addresses, or even tinker with MAC addresses. There's stuff for performance testing, encryption tweaks, routing simulations, and more. Plus, it includes guides on IPv6 basics and network protocols—super useful if you're brushing up on fundamentals or debugging a tricky issue. I love how it's organized; you can jump straight to what you need without wading through clutter.
For OSINT or pentesting, tools here help verify server configs or spot vulnerabilities in real time. Imagine quickly testing a domain's TLS setup or generating custom configs for a lab—it's all there. And since it's GitHub-hosted, you can fork and customize if you want.
Whether you're fixing a home network or auditing a corporate one, this toolbox saves time. No more hunting across sites for calculators or testers—everything's centralized.
#Tools #Networking #Toolbox #Cybersecurity #Internet #OSINT #Web #Security
@PrivacyNotACrime
I've been on the hunt for easy ways to send files without the usual hassle of servers or sign-ups, and AltSendme popped up as a real gem. It's an open-source service that uses peer-to-peer encryption to let you transfer stuff directly between devices. Totally free, no accounts needed, and it keeps everything off third-party servers—great for folks who want quick, secure sharing without the worry.
AltSendme sets up a straight encrypted link between you and the receiver, skipping any middlemen. It relies on solid end-to-end encryption, meaning only the person you're sending to can open the files, even if you're on a sketchy public Wi-Fi. The device-to-device approach cuts down on risks like hacks or leaks, and it works across phones, computers, whatever you've got. I love how it handles big files smoothly without compromising speed.
In today's world of constant data grabs, AltSendme shines by staying local— no metadata trails or corporate snooping. It's perfect for swapping confidential docs or hefty media, and being open-source means you can peek under the hood to verify it's clean. For me, that's a big win in trusting what I'm using.
The P2P setup boosts privacy, but stick to networks you trust to dodge potential intercepts. Double-check the receiver's device ID to avoid slip-ups.
Installation's a breeze—just set it up, pair devices, and start sending securely.
#FileSharing #Share #P2P #Encryption #Privacy #Cybersecurity #AltSendme
@PrivacyNotACrime
GitHub
GitHub - tonyantony300/alt-sendme: Send files and folders anywhere in the world without storing in cloud - any size, any format…Send files and folders anywhere in the world without storing in cloud - any size, any format, no accounts, no restrictions. - tonyantony300/alt-sendme
If you've ever hit a wall with Cloudflare's bot defenses while scraping sites or extracting data, FlareSolverr is your go-to fix. This open-source proxy server mimics a real browser, letting you sail past security checks and grab page content without headaches. It's a game-changer for researchers, devs, and bounty hunters needing reliable access to protected sites.
FlareSolverr uses headless Chrome to handle JavaScript challenges, captchas, and fingerprinting that Cloudflare throws at bots. It runs as a server, so you send requests through it, and it returns the clean HTML. Key perks: supports multiple sessions, auto-retries failed requests, and integrates with tools like Scrapy or Selenium for automated workflows.
Run it locally or on a VPS for privacy. Docker makes deployment easy—pull the image and spin up a container. For example, in Python: use requests with the proxy URL to fetch pages. Test on tough sites like those with IUAM protection; adjust timeouts if needed. Pro tip: Combine with rotating proxies to avoid IP bans.
Ideal for bug bounties: scan for exposed data on Cloudflare-protected apps. For OSINT, pull public info without alerts. Always respect robots.txt and terms—use ethically to avoid legal issues.
Install with Docker:
docker run -d -p 8191:8191 flaresolverr/flaresolverr
curl "http://localhost:8191/v1" -H "Content-Type: application/json" --data '{"cmd": "request.get", "url":"https://example.com"}'
During a standard security review of a platform for building online communities (think Discord-style hubs for teams or interest groups), a researcher stumbled on something deceptively simple yet devastating: email case sensitivity bypass. The app let users sign up with emails like user@gmail.com, but its backend didn’t properly normalize case when checking uniqueness. That meant user@gmail.com and User@Gmail.com — or even user@gmail.coM — were treated as different during registration, even though they resolve to the same inbox.
This isn’t just theoretical. The researcher registered myemail5@gmail.coM (note the capital M), received the OTP, and instantly overwrote the original account tied to myemail5@gmail.com. Full access — messages, settings, admin rights — all gone in under a minute.
Here’s the chain that makes it deadly:
The same flaw worked with fake corporate emails like employee@company.coM. If the real user had already signed up with employee@company.com, the attacker could hijack it — perfect for targeted social engineering.
This isn’t rare. Similar bugs have hit major players before — remember the 2016 Uber breach via case manipulation? Or PayPal’s early struggles with paypal.com vs PayPal.com?
An attacker with this could:
All without malware, exploits, or social engineering — just a registration form and a Gmail trick.
Test it yourself:
# Try registering both
test@gmail.com
Test@Gmail.com
test@gmail.coM
# Python example
email = email.strip().lower()
if not re.match(r"^[^@]+@([a-z0-9-]+\.)+[a-z]{2,}$", email):
reject
Hey folks, the past seven days have been a whirlwind in tech and security. Physicists are challenging if reality is even physical, Japan's pushing waste-free fusion power, and China's dropping humanoid robots at smartphone prices.
Meanwhile, cybercriminals are ramping up, old vulnerabilities linger, and pros share quick tips to calm chaos during incidents. Let's break down the highlights so you stay in the loop without the overload.
Prioritize updates on routers and mobiles to dodge lingering exploits like BadCandy or DeliveryRAT. Test tools like Runtime Radar in non-prod for instant visibility. As fusion and bio-tech advance, watch for new attack surfaces in emerging hardware.
Happy Sunday👋
An anonymous insider, going by rogueFed, infiltrated two Cellebrite briefings for law enforcement via Microsoft Teams and leaked screenshots detailing how their tools unlock and extract data from Google Pixel phones. This happened in October 2025, shedding light on what works against stock Android versus custom secure OS like GrapheneOS. It's a wake-up call for anyone using these devices, showing how forensic firms like Cellebrite stay ahead in the cat-and-mouse game with tech.
The screenshots list support for Pixel 6, 7, 8, and 9 on stock Google firmware, covering all states: BFU (before first unlock, fully encrypted), AFU (after first unlock), and unlocked. Cellebrite can pull data but can't brute-force passwords or copy eSIM info. The Pixel 10 is notably absent, hinting at new protections. One slip-up even revealed the organizer's name, which might tighten Cellebrite's security for future sessions.
The leak highlights GrapheneOS's strength: Cellebrite's tools only work on versions older than late 2022. For Pixel 8 and 9, BFU and AFU are locked down tight. Even unlocked devices since late 2024 limit extraction to user-visible data. This custom AOSP-based OS, focused on privacy, strips Google services and adds hardening—making it a top choice for those paranoid about data grabs.
This exposes how stock firmware leaves doors open for law enforcement, potentially affecting activists or journalists. With Cellebrite used globally, it's a reminder that "secure" phones aren't always safe from pros. For everyday folks, it means considering custom ROMs or extra layers like full-disk encryption.
Switch to GrapheneOS if your Pixel supports it—it's free and boosts privacy. Regularly update firmware and use strong PINs to complicate extractions.
#Cellebrite #PixelLeak #GrapheneOS #Privacy #Cybersecurity #Google
@PrivacyNotACrime
Elon Musk announced X Chat, a standalone messaging app from the X platform, on November 1, 2025. Built on Rust with what he calls "Bitcoin-style" peer-to-peer encryption, it promises vanishing messages, file sharing, audio/video calls, and no ad hooks. Available as a standalone app while staying embedded in X, it's positioned as a privacy-focused rival to Signal. But with Musk's track record, can we trust it? From past data breaches to vague security claims, nothing from Elon seems truly safe.
X Chat offers end-to-end encryption (E2EE) for chats, but Musk's "Bitcoin-style" label raises eyebrows—Bitcoin uses cryptography for transactions, not message encryption like Signal. Experts in a 2025 TechCrunch review called it "marketing fluff" without audits or open-source code. The app supports disappearing messages and calls without phone numbers, but metadata collection remains a concern, as X's history includes a 2025 breach exposing 200 million records. It's "degrees of insecurity," per Musk, not absolute safety—enough to make you doubt its claims.
Musk's ventures have a pattern: X's April 2025 breach leaked user data, and Tesla's Autopilot faced hacking demos in 2024. X Chat lacks independent audits, relying on a 4-digit PIN for login, which The Register called "underwhelming." In a CoinDesk interview, Musk admitted security is relative, but with no transparency, it's vulnerable to interception or model poisoning. For privacy, it's a gamble—better than nothing, but far from Signal's proven E2EE.
X Chat could amplify surveillance: metadata reveals patterns, and AI integration (via Grok) risks prompt injection exposing credentials. In 2025, with EU's Chat Control pushing message scanning, Musk's app might comply quietly. Crypto users beware—leaked chats could drain wallets. It's a "WhatsApp killer," but with hooks to X's data-hungry model, it threatens true privacy.
Test X Chat for its features, but use it for non-sensitive chats only. Enable 2FA, avoid sharing keys, and audit permissions. If it proves secure, great—but with Elon, expect the unexpected.
#XChat #ElonMusk #Encryption #Privacy #Cybersecurity
@PrivacyNotACrime
European Union countries are shifting to Matrix, an open-source decentralized platform, replacing foreign apps like WhatsApp and Signal for government use. France leads with Tchap, serving over 600,000 public servants, and has joined Matrix.org as a silver member. Germany uses it in healthcare and agencies, while Sweden plans its own. The European Commission is testing Matrix as a backup for resilience.
This move aims to reduce reliance on unstable providers amid geopolitical tensions. Matrix's distributed architecture ensures continuity, as seen when its main server failed but self-hosted nodes continued seamlessly. Version 2 of the specification is nearing release, enhancing secure communication.
Matrix offers enhanced privacy through self-controlled servers, avoiding foreign dependencies and boosting fault tolerance. Over 20 EU structures are adopting or testing it, prioritizing internal channel protection.
While officials gain secure tools, the EU pushes Chat Control, enabling mass monitoring of personal messages. This contrast highlights a double standard: privacy for elites, surveillance for citizens, as criticized at Strasbourg conferences.
#Matrix #EUMessaging #Privacy #Cybersecurity #Surveillance #ChatControl #Internet
@PrivacyNotACrime
Analysts studying internet infrastructure have uncovered major inconsistencies in Starlink's IP address allocation, raising questions about global statistics accuracy. Starlink's database shows rapid expansion, with IPv4 blocks growing from 592 to 1,379 /24 segments (over 350,000 addresses), and IPv6 reaching over 150 sextillion addresses—far beyond practical use, reserved for network distribution. This highlights Starlink's infrastructure growth but distorts user location data.
Key issues include inaccurate user counts: Yemen shows six million Starlink users despite only ten million total internet users, possibly from ships or intermediaries smuggling terminals. Saint Barthélemy lists 6,000 terminals for 9,000 residents, likely due to confusion with Guadeloupe. These errors make hacker tracking unreliable, as satellite networks defy traditional geolocation, complicating cyberattack investigations and copyright enforcement.
Huston excluded Starlink data from 20 countries to avoid skewing national figures, labeling them "unclassified." This underscores satellite internet's impact on data accuracy, potentially underestimating or overestimating connectivity in regions, affecting policy and resource allocation.
#InternetSociety #Internet #Starlink #Satellites #Statistics #Cybersecurity
@PrivacyNotACrime
WebVM is an innovative project that lets you run a full Debian OS directly in your browser—even from your phone. It's completely serverless: users access the same disk image from a CDN, with personal changes saved locally in the browser. This makes it perfect for testing code or running Linux commands without setting up a full system.
No active server component means fast, secure sessions. It's ideal for experiments in a functional environment, handling file operations seamlessly. For developers or privacy enthusiasts, it's a lightweight way to spin up Linux on the fly.
Beyond WebVM, explore these tools for virtual setups:
These resources simplify OS testing without downloads or installs.
Launch in your browser for instant Debian access.
#Android #VM #VirtualBox #VMware #WebVM #Web #Cybersecurity #Tools
@PrivacyNotACrime
Google has unveiled "vibe-coding" in Google AI Studio, a new approach that lets you build multimodal apps without writing code, linking APIs, or diving into SDKs. Simply describe your idea—like "turn my photo into a fantasy portrait"—and Gemini handles the interface, tools, and launch. Announced on October 27, 2025, this update makes AI Studio a creative playground for developers and beginners alike.
The refreshed gallery now serves as a library of ready-made solutions, with loading screens offering fresh ideas. For spontaneous fun, the "I’m Feeling Lucky" button generates random concepts. Editing is conversational: just say "make this button blue" or "let the photo appear on the left," and the AI adjusts the code instantly.
This empowers non-coders to prototype quickly, promising game creation for all by year's end. However, reliance on AI could introduce vulnerabilities if outputs aren't audited—always review for secure implementations in sensitive apps.
Vibe-coding democratizes app building, blending natural language with AI to accelerate innovation. It's a step toward intuitive tech, but raises questions about code quality and dependency on proprietary models.
Try it free at:
https://aistudio.google.com
Experiment with prompts and see your ideas come to life.
#Google #AIStudio #Gemini #AICoding #Development #Cybersecurity #Innovation
@PrivacyNotACrime
Google AI StudioThe fastest path from prompt to production with Gemini
Pavel Durov unveiled Cocoon, a decentralized network powered by AI and the TON blockchain, at the Blockchain Life 2025 forum in Dubai on October 23, 2025. Set for a November launch, this project aims to restore digital freedoms amid what Durov calls the "gradual disappearance" of privacy in centralized internet.
Cocoon taps into GPU miners' computing power, rewarding them with Toncoin (TON). Telegram provides audience and traffic, enabling developers to build anonymous AI services independent of big corporations. Users gain access to AI tools without tracking or registration, with computations distributed across independent nodes for enhanced security.
This follows Durov's 2024 Token2049 announcements, including USDT on TON and tokenized Telegram gifts. Cocoon continues integrating crypto, AI, and messaging, positioning Telegram as a privacy-focused ecosystem.
Explore the project on the official TON site.
Consider contributing to open-source elements for community-driven security.
#TON #AI #Cocoon #Telegram #Privacy #Cybersecurity #Decentralized
@PrivacyNotACrime
TON
TON: The Open Network for everyoneA decentralized and open internet designed to onboard 500M people on-chain, built by the community using technology developed by Telegram.
Smol Developer is an innovative open-source AI agent that transforms text descriptions into complete codebases. Leveraging GPT-4 and advanced prompting techniques, it's perfect for rapid prototyping across various languages and technologies. With a lean design under 200 lines of code, it empowers users to generate projects efficiently.
Smol Developer excels in:
This makes it a valuable asset for automating repetitive tasks in development.
Pros
Cons
Suited for startups in prototyping, solo developers automating routines, and students or researchers experimenting with AI—particularly those studying AI, as it provides hands-on experience with model-driven code generation.
#SmolDeveloper #AI #CodeGeneration #Tools #Pentest #Cybersecurity #Development
@PrivacyNotACrime 🗽
GitHub
GitHub - smol-ai/developer: the first library to let you embed a developer agent in your own app!the first library to let you embed a developer agent in your own app! - smol-ai/developer
Python Backdoor is an open-source, cross-platform (Windows/Linux/macOS) backdoor written in Python. It includes robust functionality like multi-client support, keylogging, simultaneous command sending to all clients, screenshots, file transfer, LaZagne for password retrieval, and auto-start addition. This makes it a versatile resource for controlled security experiments.
🔍 Key features and capabilities
The tool offers advanced capabilities for simulation:
These features allow detailed study of backdoor behavior in safe setups.
This tool is strictly for ethical purposes in controlled environments, such as testing antivirus/firewall responses to backdoors. Use it to simulate threats and evaluate detection rates—never on unauthorized systems, as that violates laws. Ideal for pentesting labs or security training to understand evasion techniques and strengthen defenses.
Clone and run in a VM for safe experimentation.
#Pentest #Cybersecurity #Defenses #Backdoor #Tools #OSINT #SecurityTesting
@PrivacyNotACrime
It's a must-read on practical ways to defend against invasive tech under authoritarian vibes.
He kicks it off with a killer definition: "Technofascism (noun) A form of fascism that uses modern technologies to attain its ends. And the American tech industry is totally on board with it." It's packed with insights on spyware, app censorship, and real defenses like Signal or Lockdown Mode—wonderful stuff that's eye-opening from start to finish.
Worth every paragraph!
I hope you like it and find it useful.
#Technofascism #PrivacyDefenses #SurveillanceResistance #SecureCommunication #DigitalActivism
@PrivacyNotACrime
micahflee
Practical Defenses Against TechnofascismI gave the Saturday morning keynote at BSidesPDX! I spoke honestly and frankly about the terrifying reality that Americans are facing under Trump's fascist regime, alongside practical advice for communities to defend themselves.
Watch my talk below. Of if…
China has unveiled UBIOS, its first national firmware standard, developed by Huawei, UnionTech, ByoSoft, and the China Electronics Standardization Institute. Announced on October 23, 2025, this move marks a significant step toward technological independence, reducing reliance on U.S.-dominated UEFI and BIOS systems. UBIOS is built from the ground up for modern computing needs, focusing on security and self-reliance in critical sectors.
UBIOS introduces a distributed architecture with a virtual bus (UVB), unique identifiers (FID/IID), and a central management module (UBPU) for modularity. It supports chiplets and heterogeneous computing, enabling flexible hardware integration. Unlike UEFI, it's simplified at the core, prioritizing control over the entire boot chain to enhance national security and sovereignty.
This development is China's response to U.S. export restrictions, ensuring full control over microcode and firmware. Initial rollout targets government and key industries, potentially expanding to consumer devices. It signals a shift in global standards, challenging UEFI dominance and promoting digital sovereignty amid rising tech tensions.
UBIOS could strengthen China's cybersecurity by eliminating foreign vulnerabilities, but it raises questions about interoperability with global hardware. As the tech world watches, this could inspire similar initiatives elsewhere.
#Infrastructure #China #NationalTech #Security #UBIOS #Firmware
#UEFI
@PrivacyNotACrime
On October 25, 2025, in Hanoi, Vietnam, 72 countries signed the first UN Convention against cybercrime, a historic pact to combat crimes like terrorism, human trafficking, and financial fraud through information technologies. This initiative aims to curb hackers and cybercriminals with unified measures, but is it really the final blow or just the beginning of more surveillance?
The convention establishes a global mechanism for collecting and sharing electronic evidence in serious crimes, fostering international cooperation and technical assistance, especially for developing countries. It includes a 24/7 network for quick responses, criminalizes cyber-dependent crimes (like online fraud), child sexual exploitation, and non-consensual dissemination of intimate images. For the first time, it addresses threats like ransomware, strengthening cross-border investigations.
This pact could improve digital evidence and response capabilities, unifying efforts against cybercrime evolutions. However, human rights groups criticize the potential for privacy and freedom of expression abuse, warning of mass surveillance.
The benefits include a united front against crime, better evidence, and support for vulnerable nations. The risks involve overreach, with expanded powers for data sharing that could violate rights if not implemented carefully.
#ONU #Cybercrime #Privacy #Cybersecurity #Surveillance
@PrivacyNotACrime
