Daily Archives: December 7, 2025

New EU Jolla Phone Now Available for Pre-Order as an Independent No Spyware Linux Phone

Posted on by

Jolla kicked off a campaign for a new Jolla Phone, which they call the independent European Do It Together (DIT) Linux phone, shaped by the people who use it.

“The Jolla Phone is not based on Big Tech technology. It is governed by European privacy thinking and a community-led model.”

The new Jolla Phone is powered by a high-performing Mediatek 5G SoC, and features 12GB RAM, 256GB storage that can be expanded to up to 2TB with a microSDXC card, a 6.36-inch FullHD AMOLED display with ~390ppi, 20:9 aspect ratio, and Gorilla Glass, and a user-replaceable 5,500mAh battery.

The Linux phone also features 4G/5G support with dual nano-SIM and a global roaming modem configuration, Wi-Fi 6 wireless, Bluetooth 5.4, NFC, 50MP Wide and 13MP Ultrawide main cameras, front front-facing wide-lens selfie camera, fingerprint reader on the power key, a user-changeable back cover, and an RGB indication LED.

On top of that, the new Jolla Phone promises a user-configurable physical Privacy Switch that lets you turn off the microphone, Bluetooth, Android apps, or whatever you wish.

The device will be available in three colors, including Snow White, Kaamos Black, and The Orange. All the specs of the new Jolla Phone were voted on by Sailfish OS community members over the past few months.

Honouring the original Jolla Phone form factor and design, the new model ships with Sailfish OS (with support for Android apps), a Linux-based European alternative to dominating mobile operating systems that promises a minimum of 5 years of support, no tracking, no calling home, and no hidden analytics.

“Mainstream phones send vast amounts of background data. A common Android phone sends megabytes of data per day to Google even if the device is not used at all. Sailfish OS stays silent unless you explicitly allow connections,” said Jolla.

The new Jolla Phone is now available for pre-order for 99 EUR and will only be produced if at least 2000 pre-orders are reached in one month from today, until January 4th, 2026. The full price of the Linux phone will be 499 EUR (incl. local VAT), and the 99 EUR pre-order price will be fully refundable and deducted from the full price.

The device will be manufactured and sold in Europe, but Jolla says that it will design the cellular band configuration to enable global travelling as much as possible, including e.g. roaming in the U.S. carrier networks. The initial sales markets are the EU, the UK, Switzerland, and Norway.

Source: New Jolla Phone Now Available for Pre-Order as an Independent Linux Phone – 9to5Linux

Brickstorm used to backdoor into critical US networks for over a year

Posted on by

Chinese cyberspies maintained long-term access to critical networks – sometimes for years – and used this access to infect computers with malware and steal data, according to Thursday warnings from government agencies and private security firms.

PRC-backed goons infected at least eight government services and IT organizations with Brickstorm backdoors, according to a joint security alert from the US Cybersecurity and Infrastructure Security Agency, the US National Security Agency, and the Canadian Cyber Security Centre.

However, “it’s a logical conclusion to assume that there are additional victims out there until we have not yet had the opportunity to communicate with,” CISA’s Nick Andersen, executive assistant director for cybersecurity, told reporters on Thursday, describing Brickstorm as a “terribly sophisticated piece of malware.”

The backdoor works across Linux, VMware, and Windows environments, and while Andersen declined to attribute the malware infections to a specific People’s Republic of China cyber group, he said it illustrates the threat PRC crews pose to US critical infrastructure.

“State-sponsored actors are not just infiltrating networks,” Andersen said. “They’re embedding themselves to enable long term access, disruption, and potential sabotage.”

In one incident that CISA responded to, the PRC goons gained access to the organization’s internal network in April 2024, uploaded Brickstorm to an internal VMware vCenter server, and used the backdoor for persistent access until at least September 3.

While in the victim’s network, the crew also gained access to two domain controllers and an Active Directory Federation Services server, which they used to steal cryptographic keys.

Dozens of organizations in the US have been impacted by Brickstorm, not including downstream victims

Google Threat Intelligence, which first sounded the alarm on Brickstorm in a September report, “strongly” recommended organizations run the open-source scanner that Google-owned Mandiant published on GitHub to help detect the backdoor on their appliances.

“We believe dozens of organizations in the US have been impacted by Brickstorm, not including downstream victims,” Google Threat Intelligence Group principal analyst Austin Larsen told The Register. “These actors are still actively targeting US organizations and are evolving Brickstorm and their techniques after our September report.”

[…]

Source: PRC spies Brickstormed their way into critical US networks • The Register

Cloudflare suffers second outage in as many months

Posted on by

Routine Cloudflare maintenance went awry this morning, knocking over the company’s dashboard and API and sending sites around the world into error screens.

Cloudflare was working through its scheduled servicing when things went sideways. Maintenance was in progress in its Chicago datacenter from 0700 UTC, with work due to begin in its Detroit datacenter at 0900 UTC when red lights began flashing at administrators around the world.

Cloudflare status

Cloudflare status this morning

The content delivery network giant admitted a problem with its service at 0856 UTC, rolled out a fix shortly after, and seemed to be back up and running by 0930 UTC. It has, however, now reported issues with Workers (the serverless functions, not the employees likely frantically trying to stop the company’s systems from falling over again).

Cloudflare on Down Detector

Cloudflare on Down Detector

We’ve asked the company for more information, and will update this piece should an explanation be forthcoming.

Cloudflare proudly proclaims that “20 percent of all websites are protected by Cloudflare.” Unfortunately, this also means that 20 percent of all websites could catch a cold should Cloudflare sneeze. Two outages in two months is less than ideal, and could cause affected customers to take a hard look at their dependencies.

[…]

A spokesperson at Cloudflare sent us a statement after publication:

“A change made to how Cloudflare’s Web Application Firewall parses requests impacted the availability of Cloudflare’s network at approximately 8:47 GMT and concluded approximately 9:13 GMT. This was not an attack; the change was deployed by our team to help mitigate the industry-wide vulnerability disclosed this week in React Server Components.”

Source: Cloudflare suffers second outage in as many months • The Register