Daily Archives: November 11, 2025

North Korean spies used Google Find Hub as remote-wipe tool

Posted on by

North Korean state-backed spies have found a new way to torch evidence of their own cyber-spying – by hijacking Google’s “Find Hub” service to remotely wipe Android phones belonging to their South Korean targets.

Researchers at South Korean cybersecurity firm Genians said the campaign, attributed to the long-running KONNI group, abused Google’s device management features to trigger factory resets on compromised smartphones and tablets. In several cases, victims’ devices were wiped without authorization, erasing messages, photos, and other data that could have revealed traces of the intrusion.

[…]

According to Genians, the attackers used stolen Google account credentials harvested through spear-phishing or fake login pages to access victims’ profiles on the Find My Device platform. The feature, which allows users to locate lost phones, lock them, or perform a factory reset, became an unwitting tool for sabotage. Once logged in, the hackers could trigger remote wipes, locking victims out of their own phones and destroying incriminating evidence of compromise.

The infection chain began with victims being approached via the popular South Korean messaging app KakaoTalk. Attackers sent files masquerading as benign content to victims, lured them into installing signed MSI attachments or ZIPs, and deployed AutoIT scripts that installed RATs such as RemcosRAT, QuasarRAT and RftRAT. These tools harvested Google and Naver account credentials, enabling attackers to manipulate cloud services and use Find My Device to pull the plug.

Immediately after the reset, the attackers reportedly exploited the victim’s still-logged-in KakaoTalk desktop app to send malware-laden files to the victim’s contacts – effectively turning each compromised account into a secondary infection vector. This rapid follow-on phase allowed the KONNI operators to spread their payloads before targets could regain access to their wiped devices.

Additional findings show the attackers used the GPS location feature in Find My Device to identify when a target was outside and less likely to react quickly. In one incident, the attacker executed the wipe command not just once but three times, further delaying device recovery and ensuring the victim remained locked out.

The tactic underscores a growing risk for anyone relying on “lost device” features that are tied to online identity systems. While the ability to remotely reset a stolen phone is designed as a security safeguard, it also offers attackers an easy way to destroy evidence or cause disruption once account credentials are stolen.

[…]

Genians recommends that users of Find My Device tools enable multifactor or biometric authentication. For victims of KONNI’s latest stunt, however, the damage is already done. Once a factory reset is triggered through Google’s own service, there’s no undo button – just a blank phone and the tidy handiwork of a state hacker covering their tracks.

Source: North Korean spies used Google Find Hub as remote-wipe tool • The Register

Landfall spyware used in 0-day, 0 click attacks on Samsung phones

Posted on by

A previously unknown Android spyware family called LANDFALL exploited a zero-day in Samsung Galaxy devices for nearly a year, installing surveillance code capable of recording calls, tracking locations, and harvesting photos and logs before Samsung finally patched it in April.

The surveillance campaign likely began in July 2024 and abused CVE-2025-21042, a critical bug in Samsung’s image-processing library that affects Galaxy devices running Android versions 13, 14, 15, and 16, according to Palo Alto Networks Unit 42 researchers who discovered the commercial-grade spyware and revealed details of the espionage attacks in a Friday report.

“This was a precision espionage campaign, targeting specific Samsung Galaxy devices in the Middle East, with likely victims in Iraq, Iran, Turkey, and Morocco,” Itay Cohen, a senior principal researcher at Unit 42, told The Register. “The use of zero-day exploits, custom infrastructure, and modular payload design all indicate an espionage-motivated operation.”

According to the cyber sleuths, exploiting CVE-2025-21042 likely involved sending a maliciously crafted image to the victim’s device via a messaging application in a “zero-click” attack, meaning that infecting targeted phones didn’t require any user interaction.

“It’s not clear exactly how many people were targeted or exploited, but in a recent, related campaign, involving iOS and WhatsApp, WhatsApp shared that less than 200 were targeted in that campaign, so we can reasonably expect this could be a similar very targeted volume,” Cohen said.

Unit 42’s cyber sleuths originally uncovered Landfall while investigating these other two similar zero-days. In August, Apple patched a critical out-of-bounds write issue (CVE-2025-43300) in the ImageIO framework used in iPhones and iPads that had already been exploited in “extremely sophisticated” attacks.

That same month, Meta issued its own security advisory warning that attackers may have chained a WhatsApp bug (CVE-2025-55177) with this Apple OS-level flaw “in a sophisticated attack against specific targeted users.”

The Meta and WhatsApp security teams also found and disclosed to Samsung another DNG-related zero-day in Galaxy devices in August, and in September, Samsung patched CVE-2025-21043.

Despite the similarities between all of these attack chains, Unit 42 says it can’t definitively connect Landfall to the three other zero-days.

[…]

Source: Landfall spyware used in 0-day attacks on Samsung phones • The Register

Mozilla fellow Esra’a Al Shafei watches the spies through SurveillanceWatch

Posted on by

Digital rights activist Esra’a Al Shafei found FinFisher spyware on her device more than a decade ago. Now she’s made it her mission to surveil the companies providing surveillanceware, their customers, and their funders.

“You cannot resist what you do not know, and the more you know, the better you can protect yourself and resist against the normalization of mass surveillance today,” she told The Register.

To this end, the Mozilla fellow founded Surveillance Watch last year. It’s an interactive map that documents the growing number of surveillance software providers, which regions use the various products, and the investors funding them. Since its launch, the project has grown from mapping connections between 220 spyware and surveillance entities to 695 today.

These include the very well known spy tech like NSO Group’s Pegasus and Cytrox’s Predator, both famously used to monitor politicians, journalists and activists in the US, UK, and around the world.

They also include companies with US and UK government contracts, like Palantir, which recently inked a $10 billion deal with the US Army and pledged a £1.5 billion ($2 billion) investment in the UK after winning a new Ministry of Defense contract. Then there’s Paragon, an Israeli company with a $2 million Immigration and Customs Enforcement (ICE) contract for its Graphite spyware, which lets law enforcement hack smartphones to access content from encrypted messaging apps once the device is compromised.

Even LexisNexis made the list. “People think of LexisNexis and academia,” Al Shafei said. “They don’t immediately draw the connection to their product called Accurint, which collects data from both public and non-public sources and offers them for sale, primarily to government agencies and law enforcement.”

Accurint compiles information from government databases, utility bills, phone records, license plate tracking, and other sources, and it also integrates analytics tools to create detailed location mapping and pattern recognition.

“And they’re also an ICE contractor, so that’s another company that you wouldn’t typically associate with surveillance, but they are one of the biggest surveillance agencies out there,” Al Shafei said.

It also tracks funders. Paragon’s spyware is boosted by AE Industrial Partners, a Florida-based investment group specializing in “national security” portfolios. Other major backers of surveillance technologies include CIA-affiliated VC firm In-Q-Tel, Andreessen Horowitz (also known as a16z), and mega investment firm BlackRock.

This illustrates another trend: It’s not just authoritarian countries using and investing in these snooping tools. In fact, America now leads the world in surveillance investment, with the Atlantic Council think tank identifying 20 new US investors in the past year.

[…]

They know who you are’

The Surveillance Watch homepage announces: “They know who you are. It’s time to uncover who they are.”

It’s creepy and accurate, and portrays all of the feelings that Al Shafei has around her spyware encounters. Her Majal team has “faced persistent targeting by sophisticated spyware technologies, firsthand, for a very long time, and this direct exposure to surveillance threats really led us to launch Surveillance Watch,” she said. “We think it’s very important for people to understand exactly how they’re being surveilled, regardless of the why.”

The reality is, everybody – not just activists and politicians – is subject to surveillance, whether it’s from smart-city technologies, Ring doorbell cameras, or connected cars. Users will always choose simplicity over security, and the same can be said for data privacy.

“We want to show that when surveillance goes not just unnoticed, but when we start normalizing it in our everyday habits, we look at a new, shiny AI tool, and we say, ‘Yes, of course, take access to all my data,'” Al Shafei said. “There’s a convenience that comes with using all of these apps, tracking all these transactions, and people don’t realize that this data can and does get weaponized against you, and not just against you, but also your loved ones.”

Source: Mozilla fellow Esra’a Al Shafei watches the watchers • The Register

LLM side-channel attack allows traffic sniffers to know what you are talking about with your GPT

Posted on by

[…]

Streaming models send responses to users incrementally, in small chunks or tokens, as opposed to sending the complete responses all at once. This makes them susceptible to an attacker-in-the-middle scenario, where someone with the ability to intercept network traffic could sniff those LLM tokens.

“Cyberattackers in a position to observe the encrypted traffic (for example, a nation-state actor at the internet service provider layer, someone on the local network, or someone connected to the same Wi-Fi router) could use this cyberattack to infer if the user’s prompt is on a specific topic,” researchers Jonathan Bar Or and Geoff McDonald wrote.

“This especially poses real-world risks to users by oppressive governments where they may be targeting topics such as protesting, banned material, election process, or journalism,” the duo added.

Redmond disclosed the flaw to affected vendors and says some of them – specifically, Mistral, Microsoft, OpenAI, and xAI – have all implemented mitigations to protect their models from the type of side-channel attack.

[…]

Proof-of-concept shows how the attack would work

Redmond’s team produced a Whisper Leak attack demo and proof-of-concept code that uses the models to conclude a probability (between 0.0 and 1.0) of a topic being “sensitive” – in this case, money laundering.

For this proof-of-concept, the researchers used a language model to generate 100 variants of a question about the legality of money laundering, mixed them with general traffic, and then trained a binary classifier to distinguish the target topic from background queries.

Then they collected data from each language model service individually, recording response times and packet sizes via network sniffing (via tcpdump). Additionally, they shuffled the order of positive and negative samples for collection, and introduced variants by inserting extra spaces between words – this helps avoid caching interference risk.

[…]

The duo then measured the models’ performance using Area Under the Precision-Recall Curve (AUPRC).

In several of the models, including ones hosted by providers Alibaba, DeepSeek, Mistral, Microsoft, xAI, and OpenAI, classifiers achieved over 98 percent AUPRC, indicating near-perfect separation between sensitive and normal traffic.

They then simulated a “more realistic surveillance scenario” in which an attacker monitored 10,000 conversations, with only one about the target topic in the mix. They performed this test several times, and in many cases had zero false positives, while catching the money-laundering messages between 5 percent and 50 percent of the time. They wrote:

For many of the tested models, a cyberattacker could achieve 100% precision (all conversations it flags as related to the target topic are correct) while still catching 5-50% of target conversations … To put this in perspective: if a government agency or internet service provider were monitoring traffic to a popular AI chatbot, they could reliably identify users asking questions about specific sensitive topics – whether that’s money laundering, political dissent, or other monitored subjects – even though all the traffic is encrypted.

There are a few different ways to protect against size and timing information leakage. Microsoft and OpenAI adopted a method introduced by Cloudflare to protect against a similar side-channel attack: adding a random text sequence to response fields to vary token sizes, making them unpredictable, and thus mostly defending against size-based attacks.

[…]

Source: LLM side-channel attack could allow snoops to guess topic • The Register

Critics call proposed changes to landmark EU privacy law ‘death by a thousand cuts’ – “legitimate interest” would allow personal data exfiltration

Posted on by
Privacy activists say proposed changes to Europe’s landmark privacy law, including making it easier for Big Tech to harvest Europeans’ personal data for AI training, would flout EU case law and gut the legislation.
The changes proposed by the European Commission are part of a drive to simplify a slew of laws adopted in recent years on technology, environmental and financial issues which have in turn faced pushback from companies and the U.S. government.
Sign up here.
EU antitrust chief Henna Virkkunen will present the Digital Omnibus, in effect proposals to cut red tape and overlapping legislation such as the General Data Protection Regulation, the Artificial Intelligence Act, the e-Privacy Directive and the Data Act, on November 19.
According to the plans, Google (GOOGL.O)

, opens new tab, Meta Platforms (META.O)

, opens new tab, OpenAI and other tech companies may be allowed to use Europeans’ personal data to train their AI models based on legitimate interest.
In addition, companies may be exempted from the ban on processing special categories of personal data “in order not to disproportionately hinder the development and operation of AI and taking into account the capabilities of the controller to identify and remove special categories of personal data”.
“The draft Digital Omnibus proposes countless changes to many different articles of the GDPR. In combination this amounts to a death by a thousand cuts,” Austrian privacy group noyb said in a statement.
Noyb is known for filing complaints against American companies such as Apple (AAPL.O)
, opens new tab, Alphabet and Meta that have triggered several investigations and resulted in billions of dollars in fines.
“This would be a massive downgrading of Europeans’ privacy 10 years after the GDPR was adopted,” noyb’s Max Schrems said.
European Digital Rights, an association of civil and human rights organisations across Europe, slammed a proposal to merge the ePrivacy Directive, known as the cookie law that resulted in the proliferation of cookie consent pop-ups, into the GDPR.
“These proposals would change how the EU protects what happens inside your phone, computer and connected devices,” EDRi policy advisor Itxaso Dominguez de Olazabal wrote in a LinkedIn post.
“That means access to your device could rely on legitimate interest or broad exemptions like security, fraud detection or audience measurement,” she said.
The proposals would need to be thrashed out with EU countries and European Parliament in the coming months before they can be implemented.

Source: Critics call proposed changes to landmark EU privacy law ‘death by a thousand cuts’ | Reuters

Anyone can claim anything as being “legitimate interest”. It is what terms and conditions have been using for decades to pass any and all data on to third parties. At least the GDPR kind of stood in the way from it going to countries like the USA and China.

The FBI Is Trying to Unmask the Registrar Behind Archive.Today

Posted on by

The FBI is looking to ascertain the identity of the creator of a long-running archiving site that is used by millions of people all over the world.

Archive.Today is a popular archiving website—similar in many ways to the Internet Archive’s Wayback Machine—that keeps copies of news articles and government websites that users have submitted. The site can also be used for skirting paywalls. However, it can also be useful for documenting government websites that may be subject to change. The big difference is that the Internet Archive is a transparent and legitimate non-profit that gives websites the option to opt-out of having their content stored on its platform.

If you haven’t heard of Archive.Today, you may have run into mirror sites hosted at Archive.is or Archive.ph.

About a week ago, the X account belonging to Archive posted a link to a federal subpoena, which is dated October 30th. The subpoena, which was originally spotted by a German news site, is for a Canadian web registration company called Tucows, and demands that the company turn over “customer or subscriber name, address of service, and billing address” as well as an extensive list of other information related to the “customer behind archive.today.”

404 Media notes that Archive.Today has hundreds of millions of webpages saved. The outlet further notes that “very little is known about the person or people who work on archive.today.” There is a modest FAQ page on the site, but it doesn’t offer anything in the way of identifying information about the creator of the site.

The subpoena states:

The information sought through this subpoena relates to a federal criminal investigation being conducted by the FBI. Your company is required to furnish this information. You are requested not to disclose the existence of this subpoena indefinitely as any such disclosure could interfere with an ongoing investigation and enforcement of the law.

Well, I guess that ship has sailed.

Source: The FBI Is Trying to Unmask the Registrar Behind Archive.Today

EU’s minimum wage laws may get shot down by (who else) Denmark

Posted on by

The European Court of Justice (ECJ) is set to deliver a landmark ruling on Tuesday that could determine the future of the EU’s Minimum Wage Directive – and, with it, define the limits of the bloc’s authority over national social policies.

Denmark – backed by Sweden – has taken the Commission to the EU’s top court, arguing that the directive breaches EU treaties by legislating directly on pay, an area beyond the EU’s legal remit.

Adopted in 2022, the Minimum Wage Directive aims to ensure “adequate minimum wages” and stronger collective bargaining – negotiations between workers and employers over pay and conditions – across the EU.

While countries don’t have to introduce a mandatory minimum wage, the rules require those with less than 80% collective-bargaining coverage to come up with a plan to strengthen wage-setting systems.

Belgium, Portugal, Germany, Greece, Spain, France, and Luxembourg all sided with the European Commission wanting to keep the law in place.

“This a real clash here between the Nordic model – collective bargaining – and the EU’s tradition of individual rights,” said Laust Høgedahl, associate professor of employment relations at Aalborg University in Denmark.

In January, the court’s advocate general – an independent expert helping judges decide in complex cases – recommended that judges rule in favour of Denmark in a non-binding opinion.

An ‘earthquake’ under EU’s social pillar

If the court follows the advocate general’s reasoning, it would be “a political earthquake” for the EU’s social policy, said Christina Hiessl, who is a professor of labour law at Belgium’s KU Leuven.

“Up to now, the Court has always sided with the Commission,” Hiessl said.

“The EU also wants to build social rights alongside the single market,” Høgedahl said. “Those social rights will become much harder to advance if this directive falls.”

Hiessl believes Danish fears are exaggerated. “It’s a common misconception that the directive imposes statutory minimum wages,” she said. “It very clearly does not.”

Current figures put Denmark’s collective bargaining rate at 82%, slightly above the 80% threshold – the level of worker coverage below which EU countries are expected to take steps to promote collective bargaining.

According to Høgedahl, Danish resistance is a principled stance rather than one of substance.

“Wage is sacred in Denmark,” he says. “It belongs to the social partners, not to politicians – not in Copenhagen, and certainly not in Brussels.”

Source: EU’s minimum wage faces judgment day | Euractiv

Of course, the Danish, who also want to implement Chat Control (blanket espionage of all EU citizens through their smartphones) would hate to see fair wages for EU citizens as well.

Scientists turn body fat into bone to heal spinal fractures

Posted on by

Researchers at Osaka Metropolitan University have developed a promising new method to repair spinal fractures using stem cells extracted from adipose tissue, or body fat. In animal studies, the treatment successfully healed spinal injuries in rats that mimic osteoporosis-related fractures seen in humans. Because these cells are easy to collect, even from older adults, and cause minimal strain on the body, the technique could provide a gentle, non-invasive alternative for treating bone diseases.

Osteoporosis weakens bones, making them fragile and more likely to break. As Japan’s population continues to age, the number of people affected is projected to surpass 15 million. Among the various types of fractures caused by osteoporosis, compression fractures of the spine, known as osteoporotic vertebral fractures, are the most common. These injuries can result in long-term disability and severely reduce quality of life, highlighting the need for safer and more effective treatments.

How Fat-Derived Stem Cells Help Rebuild Bone

Stem cells derived from adipose tissue (ADSCs) show strong potential for repairing bone damage. These multipotent cells can develop into various types of tissue, including bone. When ADSCs are cultivated into three-dimensional spherical groups called spheroids, their ability to promote tissue repair increases. Pre-differentiating these spheroids toward bone-forming cells further enhances their effectiveness in stimulating bone regeneration.

Led by Graduate School of Medicine student Yuta Sawada and Dr. Shinji Takahashi, the Osaka research team used ADSCs to create bone-differentiated spheroids and combined them with β-tricalcium phosphate, a material commonly used in bone reconstruction. The mixture was applied to rats with spinal fractures, resulting in significant improvements in bone healing and strength.

The researchers also observed that genes responsible for bone formation and regeneration became more active after the treatment, suggesting that the approach stimulates the body’s natural healing processes.

Promising Outlook for Future Treatments

“This study has revealed the potential of bone differentiation spheroids using ADSCs for the development of new treatments for spinal fractures,” said Sawada. “Since the cells are obtained from fat, there is little burden on the body, ensuring patient safety.”

Dr. Takahashi added, “This simple and effective method can treat even difficult fractures and may accelerate healing. This technique is expected to become a new treatment that helps extend the healthy life of patients.”

The findings were published in Bone & Joint Research.

Story Source:

Materials provided by Osaka Metropolitan University. Note: Content may be edited for style and length.

Journal Reference:

  1. Yuta Sawada, Shinji Takahashi, Kumi Orita, Akito Yabu, Masayoshi Iwamae, Yuki Okamura, Yuto Kobayashi, Hiroshi Taniwaki, Hiroaki Nakamura, Hidetomi Terai. Development of a new treatment for osteoporotic vertebral fractures using adipose-derived stem cell spheroids. Bone, 2025; 14 (10): 915 DOI: 10.1302/2046-3758.1410.BJR-2025-0092.R1

Source: Scientists turn body fat into bone to heal spinal fractures | ScienceDaily

Honda’s ‘Bending’ Platform Shatters Decades of Car Design Rigidity

Posted on by

When your next-generation Honda Pilot or Civic goes around a corner the front-end structure is going to deform in the name of handling. Yes, really.

In Japan, Honda engineers explained last week that it’s completely rethought how vehicles are designed in an effort to lower weight, lower cost, and most interestingly, improve dynamics. The solution? A front end structure that bends, twists, and deforms while cornering.

For forever and a day automakers have sold everyone how they’ve increased the rigidity of their latest model and then improved the tuning of their suspension system to enhance corning capabilities. Honda’s now done the opposite.

Honda 0 Series Platform
Joel Feder

The new platform, which will underpin both its midsize and large vehicles ranging from the Civic and CR-V to the Pilot and Odyssey, will optimize body rigidity rather than simply aim to increase it. To that point, Honda’s shifted where the structural reinforcements are placed around the front structure rather than having it all centralized under the engine. The same principles are being applied to the upcoming 0 Series EV platform as well.

The result? When a vehicle goes around a corner the outside of the structure will deform to push the outer wheel down and load up the grip to help improve steering and cornering for less push and more feel thanks to more tire contact. The car’s going to handle better. It should also be quieter and more comfortable thanks to the ability to absorb impacts.

Honda said the new structure is modular with fixed dimensions for the front and rear sections improving commonality. The modularity and new platform design is expected to shave 198 pounds and reduce cost by 10% compared to today’s structure.

The new structure is expected to enter production in 2027.

Source: Honda’s ‘Bending’ Platform Shatters Decades of Car Design Rigidity