"Unknown hackers last month targeted leaders of the exiled Uyghur community in a campaign involving Windows spyware, researchers revealed Monday.
Citizen Lab, a digital rights research group based at the University of Toronto, detailed an espionage campaign against members of the World Uyghur Congress (WUC), an organization that represents the Muslim-minority group, which has for years faced repression, discrimination, surveillance, and hacking from China’s government."
"The DOGE employees, who are effectively led by White House adviser and billionaire tech CEO Elon Musk, appeared to have their sights set on accessing the NLRB's internal systems. They've said their unit's overall mission is to review agency data for compliance with the new administration's policies and to cut costs and maximize efficiency.
But according to an official whistleblower disclosure shared with Congress and other federal overseers that was obtained by NPR, subsequent interviews with the whistleblower and records of internal communications, technical staff members were alarmed about what DOGE engineers did when they were granted access, particularly when those staffers noticed a spike in data leaving the agency. It's possible that the data included sensitive information on unions, ongoing legal cases and corporate secrets — data that four labor law experts tell NPR should almost never leave the NLRB and that has nothing to do with making the government more efficient or cutting spending.
Meanwhile, according to the disclosure and records of internal communications, members of the DOGE team asked that their activities not be logged on the system and then appeared to try to cover their tracks behind them, turning off monitoring tools and manually deleting records of their access — evasive behavior that several cybersecurity experts interviewed by NPR compared to what criminal or state-sponsored hackers might do."
https://www.npr.org/2025/04/15/nx-s1-5355896/doge-nlrb-elon-musk-spacex-security
"Browsers keep track of the pages that a user has visited, and they use this information to style anchor elements on a page differently if a user has visited that link before. Most browsers give visited links a different color by default; some web developers rely on the :visited CSS selector to style visited links according to their own preferences.
It is well-known that styling visited links differently from unvisited links opens the door to side-channel attacks that leak the user’s browsing history. One notable attack used window.getComputedStyle and the methods that return a NodeList of HTMLCollection of anchor elements (e.g. document.querySelectorAll, document.getElementsByTagName, etc.) to inspect the styles of each link that was rendered on the page. Once attackers had the style of each link, it was possible to determine whether each link had been visited, leaking sensitive information that should have only been known to the user.
In 2010, browsers implemented a mitigation for this attack: (1) when sites queried link styling, the browser always returned the “unvisited” style, and (2) developers were now limited in what styles could be applied to links. However, these mitigations were complicated for both browsers to implement and web developers to adjust to, and there are proponents of removing these mitigations altogether." https://github.com/explainers-by-googlers/Partitioning-visited-links-history
"Today, in response to the U.K.’s demands for a backdoor, Apple has stopped offering users in the U.K. Advanced Data Protection, an optional feature in iCloud that turns on end-to-end encryption for files, backups, and more.
Had Apple complied with the U.K.’s original demands, they would have been required to create a backdoor not just for users in the U.K., but for people around the world, regardless of where they were or what citizenship they had. As we’ve said time and time again, any backdoor built for the government puts everyone at greater risk of hacking, identity theft, and fraud.
This blanket, worldwide demand put Apple in an untenable position. Apple has long claimed it wouldn’t create a backdoor, and in filings to the U.K. government in 2023, the company specifically raised the possibility of disabling features like Advanced Data Protection as an alternative."
"And it’s crazy that people can be so into their ideology that they just refuse to look at reality. It can’t all just be “America’s fault.” People in Zimbabwe are just regular people like you and me, and they’re not better than anyone or worse. Their leaders do bad things and are corrupt, just like anywhere else. In what country in the world does one party remain in power for thirty, forty years and not become corrupt? And it’s interesting to me how easily people are still able to call on the boogeyman of the West and say, “Oh, yeah. Now forget all of the things that are going wrong. America did everything.” America does lots of things wrong. America has its own problems, and America spreads its problems around the world.
I have people that still tell me that the West caused the situation in Ukraine. And I’m like, but [Vladimir Putin] has done this in Crimea. He did this in Georgia; he did this in Chechnya. So America just did all of these? America is the reason that Russia took Abkhazia and Ossetia? They took Crimea; they took Donbas."
"In the 1970s, ostensibly leftist movements were in power in many parts of the Middle East and also were the dominant groups fighting for revolution and liberation in Palestine. And here we are now. The failure of those governments, the rise of political Islam, and the failures of the secular state in the Middle East have profoundly changed the whole dynamic. Now if you’re talking about the Middle East and resistance movements, you’re almost always talking about movements that are religious in nature. And you see the rise of political Islam and the sidelining of socialism.
Some of that is also the failure of ostensibly socialist states that just became kleptocracies and dictatorships. There’s nothing wrong with wanting and desiring revolution. But [there should be] some level of recognition that in any revolution you’re letting a tiger out of the cage. What’s going to happen after that is hard to say."
"At a press conference in the Oval Office this week, Elon Musk promised the actions of his so-called Department of Government Efficiency (DOGE) project would be “maximally transparent,” thanks to information posted to its website.
At the time of his comment, the DOGE website was empty. However, when the site finally came online Thursday morning, it turned out to be little more than a glorified feed of posts from the official DOGE account on Musk’s own X platform, raising new questions about Musk’s conflicts of interest in running DOGE.
DOGE.gov claims to be an “official website of the United States government,” but rather than giving detailed breakdowns of the cost savings and efficiencies Musk claims his project is making, the homepage of the site just replicated posts from the DOGE account on X."
https://www.wired.com/story/doge-website-is-just-one-big-x-ad/
Fascists love to surveil and harass... 😕
"The Italian founder of the NGO Mediterranea Saving Humans, who has been a vocal critic of Italy’s alleged complicity in abuses suffered by migrants in Libya, has revealed WhatsApp informed him his mobile phone was targeted by military-grade spyware made by the Israel-based company Paragon Solutions.
Luca Casarini, an activist whose organisation is estimated to have saved 2,000 people crossing the Mediterranean to Italy, is the most high profile person to come forward since WhatsApp announced last week that 90 journalists and other members of civil society had probably had their phones compromised by a government client using Paragon’s spyware.
The work of the three alleged targets to have come forward so far – Casarini, the journalist Francesco Cancellato, and the Sweden-based Libyan activist Husam El Gomati – have one thing in common: each has been critical of the prime minister, Giorgia Meloni. The Italian government has not responded to a request for comment on whether it is a client of Paragon."
"Paragon’s spyware was allegedly delivered to targets who were placed on group chats without their permission, and sent malware through PDFs in the group chat. Paragon makes no-click spyware, which means users do not have to click on any link or attachment to be infected; it is simply delivered to the phone.
It is not clear how long Cancellato may have been compromised. But the editor published a high-profile investigative story last year that exposed how members of Meloni’s far-right party’s youth wing had engaged in fascist chants, Nazi salutes and antisemitic rants.
Fanpage’s undercover reporters – although not Cancellato personally – had infiltrated groups and chat forums used by members of the National Youth, a wing of Meloni’s Brothers of Italy party. The outlet published clips of National Youth members chanting “Duce” – a reference to Benito Mussolini – and “sieg Heil”, and boasting about their familial connections to historical figures linked to neo-fascist terrorism. The stories were published in May."
"An Italian investigative journalist who is known for exposing young fascists within prime minister Giorgia Meloni’s far-right party was targeted with spyware made by Israel-based Paragon Solutions, according to a WhatsApp notification received by the journalist.
Francesco Cancellato, the editor-in-chief of the Italian investigative news outlet Fanpage, was the first person to come forward publicly after WhatsApp announced on Friday that 90 journalists and other members of civil society had been targeted by the spyware.
The journalist, like dozens of others whose identities are not yet known, said he received a notification from the messaging app on Friday afternoon.
WhatsApp, which is owned by Meta, has not identified the targets or their precise locations, but said they were based in more than two dozen countries, including in Europe.
WhatsApp said it had discovered that Paragon was targeting its users in December and shut down the vector used to “possibly compromise” the individuals. Like other spyware makers, Paragon sells use of its spyware, known as Graphite, to government agencies, who are supposed to use it to fight and prevent crime."
https://www.theguardian.com/technology/2025/jan/31/italian-journalist-whatsapp-israeli-spyware
"In just 20 minutes this morning, an automated license plate recognition (ALPR) system in Nashville, Tennessee captured photographs and detailed information from nearly 1,000 vehicles as they passed by. Among them: eight black Jeep Wranglers, six Honda Accords, an ambulance, and a yellow Ford Fiesta with a vanity plate.
This trove of real-time vehicle data, collected by one of Motorola's ALPR systems, is meant to be accessible by law enforcement. However, a flaw discovered by a security researcher has exposed live video feeds and detailed records of passing vehicles, revealing the staggering scale of surveillance enabled by this widespread technology.
More than 150 Motorola ALPR cameras have exposed their video feeds and leaking data in recent months, according to security researcher Matt Brown, who first publicised the issues in a series of YouTube videos after buying an ALPR camera on eBay and reverse engineering it."
https://www.wired.com/story/license-plate-reader-live-video-data-exposed/
https://web.archive.org/web/20250516183023/https://github.com/xai-org/grok-prompts/pull/3