SoylentNews

An Anonymous Coward writes:

Over 9,000 ASUS routers are compromised by a novel botnet dubbed "AyySSHush" that was also observed targeting SOHO routers from Cisco, D-Link, and Linksys.

The campaign was discovered by GreyNoise security researchers in mid-March 2025, who reports that it carries the hallmarks of a nation-state threat actor, though no concrete attributions were made.

The threat monitoring firm reports that the attacks combine brute-forcing login credentials, bypassing authentication, and exploiting older vulnerabilities to compromise ASUS routers, including the RT-AC3100, RT-AC3200, and RT-AX55 models.

Specifically, the attackers exploit an old command injection flaw tracked as CVE-2023-39780 to add their own SSH public key and enable the SSH daemon to listen on the non-standard TCP port 53282. This modifications allow the threat actors to retain backdoor access to the device even between reboots and firmware updates.

"Because this key is added using the official ASUS features, this config change is persisted across firmware upgrades," explains another related report by GreyNoise.

"If you've been exploited previously, upgrading your firmware will NOT remove the SSH backdoor."

The attack is particularly stealthy, involving no malware, while the attackers also turn off logging and Trend Micro's AIProtection to evade detection.

Characteristically, GreyNoise reports logging just 30 malicious requests associated with this campaign over the past three months, though 9,000 ASUS routers have been infected.

Still, three of those requests were enough to trigger GreyNoise's AI-powered analysis tool that flagged them for human inspection.

The campaign likely overlaps with the activity Sekoia tracks as "Vicious Trap," disclosed last week, though the French cybersecurity firm reported that threat actors leveraged CVE-2021-32030 to breach ASUS routers.

In the campaign seen by Sekoia, the threat actors were observed targeting SOHO routers, SSL VPNs, DVRs, and BMC controllers from D-Link, Linksys, QNAP, and Araknis Networks.

The exact operational goal of AyySSHush remains unclear, as there are no signs of distributed denial of service (DDoS) or using the devices to proxy malicious traffic through the ASUS routers.

However, in the router breaches observed by Sekoia, a malicious script was downloaded and executed to redirect network traffic from the compromised system to third-party devices controlled by the attacker.

Currently, it appears the campaign quietly builds a network of backdoored routers to create the groundwork for a future botnet.

ASUS has released security updates that address CVE-2023-39780 for the impacted routers, though the exact time of availability varies per model.

Users are recommended to upgrade their firmware as soon as possible and look for suspicious files and the addition of the attacker's SSH key (IoCs here) on the 'authorized_keys' file.

Also, GreyNoise lists four IP addresses associated with this activity, which should be added to a block list.

101.99.91[.]151
101.99.94[.]173
79.141.163[.]179
111.90.146[.]237

If a compromise is suspected, a factory reset is recommended to clean the router beyond doubt and then reconfigure it from scratch using a strong password.

Links in article:

https://www.greynoise.io/blog/stealthy-backdoor-campaign-affecting-asus-routers
https://nvd.nist.gov/vuln/detail/CVE-2023-39780
http://www.labs.greynoise.io/grimoire/2025-03-28-ayysshush/
https://blog.sekoia.io/vicioustrap-infiltrate-control-lure-turning-edge-devices-into-honeypots-en-masse/
https://www.labs.greynoise.io/grimoire/2025-03-28-ayysshush/

Original Submission

taylorvich writes:

https://phys.org/news/2025-05-bed-bugs-human-pest.html

Ever since a few enterprising bed bugs hopped off a bat and attached themselves to a Neanderthal walking out of a cave 60,000 years ago, bed bugs have enjoyed a thriving relationship with their human hosts.

Not so for the unadventurous bed bugs that stayed with the bats—their populations have continued to decline since the Last Glacial Maximum, also known as the ice age, which was about 20,000 years ago.

A team led by two Virginia Tech researchers recently compared the whole genome sequence of these two genetically distinct lineages of bed bugs. Published in Biology Letters, their findings indicate the human-associated lineage followed a similar demographic pattern as humans and may well be the first true urban pest.

"We wanted to look at changes in effective population size, which is the number of breeding individuals that are contributing to the next generation, because that can tell you what's been happening in their past," said Lindsay Miles, lead author and postdoctoral fellow in the Department of Entomology.

According to the researchers, the historical and evolutionary symbiotic relationship between humans and bed bugs will inform models that predict the spread of pests and diseases under urban population expansion.

By directly tying human global expansion to the emergence and evolution of urban pests like bed bugs, researchers may identify the traits that co-evolved in both humans and pests during urban expansion.

"Initially with both populations, we saw a general decline that is consistent with the Last Glacial Maximum; the bat-associated lineage never bounced back, and it is still decreasing in size," said Miles, an affiliate with the Fralin Life Sciences Institute. "The really exciting part is that the human-associated lineage did recover and their effective population increased."

Miles points to the early establishment of large human settlements that expanded into cities such as Mesopotamia about 12,000 years ago.
"That makes sense because modern humans moved out of caves about 60,000 years ago," said Warren Booth, the Joseph R. and Mary W. Wilson Urban Entomology Associate Professor.

fliptop writes:

At 22, I left LA for a traditional Oxford education. I mocked it then—but this stodgy approach might be our best hope right now:

The level of AI cheating has reached such an extreme that many fear we've reached a point of no return.

• "Everyone is cheating their way through college," New York magazine recently announced. "ChatGPT has unraveled the entire academic project."
• The Wall Street Journal has reached a similar conclusion: "There's a good chance your kid uses AI to cheat," declared a recent article.
• "AI cheating is getting worse," The Atlantic agrees, and "colleges don't have a plan."

Even worse, cheaters are getting all the rewards. A Columbia student recently got kicked out for cheating—and he turned around and raised millions to turn his system into a startup.

[...] When I was 22 years old, I woke up one morning in a hot dingy apartment on the cusp of South Central LA—where I'd been sleeping on the floor. I grabbed two suitcases I'd packed the night before, and caught a ride to the Los Angeles International Airport.

[...] My destination was the University of Oxford—a place I'd never seen and only knew through hearsay and Hollywood movies.

[...] How would the Oxford system kill AI?

[...] If implemented today, the Oxford system would totally elminate AI cheating—in these five ways:

1. EVERYTHING WAS HANDWRITTEN—WE DIDN'T EVEN HAVE TYPEWRITERS.
2. [...] MY PROFESSORS TAUGHT ME AT TUTORIALS IN THEIR OFFICES. THEY WOULD GRILL ME VERBALLY—AND I WAS EXPECTED TO HAVE IMMEDIATE RESPONSES TO ALL THEIR QUESTIONS.
3. [...] ACADEMIC RESULTS WERE BASED ENTIRELY ON HANDWRITTEN AND ORAL EXAMS. YOU EITHER PASSED OR FAILED—AND MANY FAILED.
4. [...] THE SYSTEM WAS TOUGH AND UNFORGIVING—BUT THIS WAS INTENTIONAL. OTHERWISE THE CREDENTIAL GOT DEVALUED.
5. [...] EVEN THE INFORMAL WAYS OF BUILDING YOUR REPUTATION WERE DONE FACE-TO-FACE—WITH NO TECHNOLOGY INVOLVED.

The author goes into detail on each of the 5 points, and speculates why it wouldn't be feasible in the US.

Related:

• Parents Sue After Student Punished For Using AI In Class
• OpenAI Afraid to Release ChatGPT Detection Tool That Might Piss Off Cheaters
• Dishonor Code: What Happens When Cheating Becomes the Norm?
• These Students Figured Out their Tests Were Graded by AI -- And The Easy Way to Cheat

Original Submission

Arthur T Knackerbracket has processed the following story:

Chinese hardware giant Lenovo thought it had prepared for a trade war, but its plan proved insufficient once the US started to rapidly change its tax policies in imported goods.

"We are not worried about the tariff," CEO Yuanqing Yang told investors on Thursday during the company's Q4 FY24/25 earnings call. "We are worried about the uncertainty and the quick changes."

Yang explained that Lenovo manufactures its products in many countries, using a mixture of its own facilities and contract manufacturing firms. The company moves production to the optimal location to cope with customer needs and geopolitical conditions, and calls its strategy "China Plus".

The CEO told investors "no other country can replace China" as the Middle Kingdom is "the most competitive manufacturing country with low cost, high efficiency and aggregation of supply chain."

Yang said Lenovo's plans worked when the Trump administration announced universal ten percent tariffs, but not so much when the 25 percent tariff on goods from Mexico and Canada was announced in March and "implemented so suddenly that we didn't even have time to prepare.

"It had a significant impact on our performance last quarter," he said, suggesting an impact of $50 million to $60 million last quarter. He later labelled the overall impact of tariffs as "notable."

That impact didn't stop Lenovo from posting stonking quarterly results [PDF] for the financial year ended March 31, 2025.

[...] Lenovo has long hoped to build an enterprise hardware business to rival the likes of HPE or Dell. Its cloud service provider business is now a profitable $10 billion revenue concern, meaning enterprise sales were around $4.5 billion.

It will come as no surprise to readers that Lenovo attributed its enterprise hardware growth to demand for AI infrastructure, which boosted sales of its servers and liquid cooling kit.

Original Submission

An Anonymous Coward writes:

When you build a server according to your plan and requirements, you want it to run quickly and efficiently, right? But did you know that modern Linux systems, especially those using systemd, often install and run many services by default, even if you don't need them? These unwanted services consume precious system resources and can even become security risks.

In this article, we'll walk through how to identify and disable unnecessary services on systemd-based Linux distributions like Fedora, CentOS, Ubuntu, Debian, and others.

Why Should You Care About Unwanted Services?

When you install Linux, the OS typically enables several services automatically. For example, you might end up with web servers, FTP servers, print servers, or network services running without you asking for them. But if your server doesn't need those, they're just wasting CPU, memory, and opening attack surfaces.

https://www.tecmint.com/remove-unwanted-services-from-linux/

Original Submission

Arthur T Knackerbracket has processed the following story:

Russia's official customs data suggests the country's once-thriving market for US-made processors has nearly disappeared. Figures from the Federal Customs Service (FCS), reported by Russian publication Kommersant, show Intel CPU imports fell by 95 percent last year compared to the previous year. By comparison, AMD shipments dropped by 81 percent. That amounts to just 37,000 CPUs total – a steep decline from 537,000 units in 2023.

Executives in Russia's tech manufacturing sector paint a different picture. Leaders at major domestic assemblers like Lotos Group and Rikor told Kommersant that processor deliveries are not only continuing but increasing. Rikor reports purchasing over 120,000 processors last year – about 30 percent more than the year before. Many Russian tech firms also say chip supplies have improved for the third consecutive year.

Sanctions enforcement is struggling to keep up with a growing number of workarounds. Hong Kong remains a key hub in this network, with one address reportedly managing billions of dollars in smuggled semiconductors. Meanwhile, other chips enter Russia through countries like Malaysia and India, often relabeled or bundled within broader product categories that conceal their true nature from customs officials.

Industry insiders say many processors arrive without being labeled as such. A Russian tech executive told Kommersant that the word "processor" often doesn't appear on delivery sheets. This practice helps explain why the Federal Customs Service's import numbers look so anemic, even though factory shelves remain well-stocked.

It's not all smooth sailing, however. Suppliers warn Russian buyers to expect a 10 to 12 percent price increase in 2025, citing inflation and ongoing tensions in US-China trade relations as key factors. Still, prices for mainstream processors have remained relatively stable for the time being.

Original Submission

Arthur T Knackerbracket has processed the following story:

A team of scientists has unveiled a breakthrough that could one day propel computers to operate at speeds millions of times faster than today's most advanced processors.

The discovery, led by researchers at the University of Arizona and their international collaborators, centers on harnessing ultrafast pulses of light to control the movement of electrons in graphene – a material just one atom thick.

The research, recently published in Nature Communications, demonstrates that electrons can be made to bypass barriers almost instantaneously by firing laser pulses lasting less than a trillionth of a second at graphene. This phenomenon, known as quantum tunneling, has long intrigued physicists, but the team's ability to observe and manipulate it in real time marks a significant milestone.

Mohammed Hassan, an associate professor of physics and optical sciences at the University of Arizona, explained that this advance could usher in processing speeds in the petahertz range – over a thousand times faster than the chips powering today's computers. Such a leap, he said, would transform the landscape of computing, enabling dramatic progress in fields ranging from artificial intelligence and space research to chemistry and health care.

Hassan, who previously led the development of the world's fastest electron microscope, worked alongside colleagues from the University of Arizona, the California Institute of Technology's Jet Propulsion Laboratory, and Ludwig Maximilian University of Munich. Their initial focus was studying how graphene conducts electricity when exposed to laser light. Typically, the symmetrical structure of graphene causes the currents generated on either side to cancel each other out, resulting in no net current.

However, the team made a surprising discovery after modifying the graphene samples. They observed that a single electron could "tunnel" through the material – and that this fleeting event could be captured in real time. This unexpected result prompted further investigation and ultimately led to the creation of what Hassan calls "the world's fastest petahertz quantum transistor."

hubie writes:

Prediction: General-purpose AI could start getting worse:

Opinion: I use AI a lot, but not to write stories. I use AI for search. When it comes to search, AI, especially Perplexity, is simply better than Google.

Ordinary search has gone to the dogs. Maybe as Google goes gaga for AI, its search engine will get better again, but I doubt it. In just the last few months, I've noticed that AI-enabled search, too, has been getting crappier.

In particular, I'm finding that when I search for hard data such as market-share statistics or other business numbers, the results often come from bad sources. Instead of stats from 10-Ks, the US Securities and Exchange Commission's (SEC) mandated annual business financial reports for public companies, I get numbers from sites purporting to be summaries of business reports. These bear some resemblance to reality, but they're never quite right. If I specify I want only 10-K results, it works. If I just ask for financial results, the answers get... interesting,

This isn't just Perplexity. I've done the exact same searches on all the major AI search bots, and they all give me "questionable" results.

Welcome to Garbage In/Garbage Out (GIGO). Formally, in AI circles, this is known as AI model collapse. In an AI model collapse, AI systems, which are trained on their own outputs, gradually lose accuracy, diversity, and reliability. This occurs because errors compound across successive model generations, leading to distorted data distributions and "irreversible defects" in performance. The final result? A Nature 2024 paper stated, "The model becomes poisoned with its own projection of reality."

Model collapse is the result of three different factors. The first is error accumulation, in which each model generation inherits and amplifies flaws from previous versions, causing outputs to drift from original data patterns. Next, there is the loss of tail data: In this, rare events are erased from training data, and eventually, entire concepts are blurred. Finally, feedback loops reinforce narrow patterns, creating repetitive text or biased recommendations.

I like how the AI company Aquant puts it: "In simpler terms, when AI is trained on its own outputs, the results can drift further away from reality."

I'm not the only one seeing AI results starting to go downhill. In a recent Bloomberg Research study of Retrieval-Augmented Generation (RAG), the financial media giant found that 11 leading LLMs, including GPT-4o, Claude-3.5-Sonnet, and Llama-3-8 B, using over 5,000 harmful prompts would produce bad results.

Arthur T Knackerbracket has processed the following story:

Just when you thought you knew all the worlds in the solar system, astronomers go and discover a new object that could rewrite the space map. 

This icy world, temporarily named 2017 OF201, could be a distant cousin of Pluto — and scientists mean "distant" quite literally. At its farthest point, it's more than 1,600 times the distance of Earth from the sun. At its closest, it's still 44.5 times farther than Earth.

What makes 2017 OF201 stand out is its very stretched-out path around the sun, which takes an incredible 25,000 Earth-years to complete. For comparison, Pluto makes a lap around the sun every 248 Earth-years. 

How this world got to the edge of the solar system is a mystery — perhaps the result of close encounters with a giant planet like Jupiter or Neptune that tossed it out into a wide orbit. Or maybe when it was originally ejected, it ended up in the so-called Oort Cloud before returning. The Oort Cloud is thought to be a sphere of ancient, icy objects surrounding the solar system. NASA says the cloud remains a theory because the comets there have been too faint and distant to be directly observed.

The International Astronomical Union’s Minor Planet Center, which catalogs new moons and other small bodies in the solar system, announced the discovery on May 21. At roughly 435 miles wide, 2017 OF201 could qualify as a dwarf planet, the same designation Pluto has had since its demotion from ninth planet in 2006. 

"Even though advances in telescopes have enabled us to explore distant parts of the universe," said Sihao Cheng, the Institute for Advanced Study researcher who led the discovery, in a statement, "there is still a great deal to discover about our own solar system."

fliptop writes:

Unitree director Wang Qixin says the robotics company used AI and motion capture to train the robots on real fight moves:

Four artificial intelligence-enhanced robots have been put through their paces in a Chinese robot fighting competition, duking it out in kickboxing matches until one was declared the champion.

The World Robot Competition Mecha Fighting Series had four human-controlled robots built by China-based firm Unitree compete in three, two-minute rounds with winners crowned through a points system, according to a May 26 report from the China state-owned outlet the Global Times.

[...] The robots reportedly weighed 35 kilograms and stood 132 centimeters tall. Ahead of the boxing rounds, the pint-sized robots were put through tests to demonstrate a variety of kicks and punches and assist the organizers in refining the rules.

The team with the highest points across the three rounds moves on to fight another opponent. A punch to the head was worth one point, and a kick to the head was worth three. Teams lost five points if their robot fell and 10 points if their robot was down for over eight seconds.

[...] Chen Xiyun, a Unitree team member, said the “robots fight in a human-machine collaborative way,” with the machines pre-taught moves, but ultimately, a person controls the bot’s movements.

Original Submission

Arthur T Knackerbracket has processed the following story:

An insider and an outside allegedly colluded to embezzle over $840,000 from Intel.

Israeli news source Calcalist has reported that Intel Israel has initiated legal action against Natalia Avtsin, a former employee, and Yafim Tsibolevsky, a previous component supplier, for their alleged conspiracy to embezzle over NIS 3 million, approximately $842,000. This embezzlement allegedly took place between October 2023 and November 2024, remaining undetected until Intel exposed the fraud.

Avtsin was employed in Intel Israel's hardware production department until her dismissal in November 2024. Intel stated that her termination was part of a strategy to reduce operations in Israel and was unrelated to her alleged crimes, which were still undiscovered at that time. In September 2023, Tsibolevsky registered as an authorized dealer under the name "Energy Electronics 2000" and subsequently became an official Intel supplier the following month.

Avtsin and Tsibolevsky's operation began with Avtsin asking Tsibolevsky for price quotes on hardware components. Avtsin then sent the quotes to her manager for approval, but supposedly altered the transaction classification afterward. She is said to have changed the classification from "components" to "services," which bypasses essential verification protocols. Logically, only an insider could know how a reclassification can easily bypass many security checks.

Intel Israel informed Calcalist that payments for services were less strict compared to payments for components. For service payments, a signed delivery note or confirmation receipt was not required. With no verification barriers, Tsibolevsky could submit invoices and receive payments at his convenience.

If the purchase had been classified as "services," Tsibolevsky would not have escaped scrutiny, as Energy Electronics 2000 failed to register with Intel for service provision. To evade detection, Tsibolevsky issued invoices of $20,000 or less, aligning with Avtsin's transaction limit. Once more, Tsibolevsky would have likely been unaware of this information without an insider's involvement.

Intel Israel's investigation suggests possible third-party involvement. It appears that certain transactions were processed through Levanon Kogan, a company providing purchasing services to firms that are not registered with Intel. The chipmaker has not accused Levanon Kogan of any misdemeanor, but these activities appear to correlate with the scheme of Avtsin and Tsibolevsky.

In certain operations, Avtsin obtained a quote from Tsibolevsky and requested Levanon Kogan to make payments to him. Like with other fraudulent schemes, she allegedly reclassified these transactions from components to services. Intel found that as many as 30 counterfeit orders were processed via Levanon Kogan, amounting to over NIS 2 million, or approximately $561,000.

Intel is suing Avtsin and Tsibolevsky in the Haifa District Court, asking the defendants to repay the stolen funds and any profits they made from them.

Original Submission

Arthur T Knackerbracket has processed the following story:

The Sun’s outer atmosphere—the corona—is the piping hot outer limit of our star, and is usually hidden from view except during rare total eclipses. Now, scientists have gotten their clearest look ever at this mysterious region, thanks to a new adaptive optics system that scrubs away atmospheric blur, revealing fine views of the wispy plasma on the star’s surface.

Researchers from the National Solar Observatory and New Jersey Institute of Technology unveiled the system today, along with dazzling new images and videos of the Sun’s corona. The findings, published in Nature Astronomy, show fine-scale structures in solar prominences, short-lived plasma jets called spicules, and even coronal rain: cooling plasma that falls back to the solar surface along the star’s magnetic field lines.

The team’s imaging breakthrough hinges on a technology called coronal adaptive optics. Installed on the 5.25-foot (1.6-meter) Goode Solar Telescope in California, the new system—nicknamed “Cona”—adjusts a mirror 2,200 times per second to correct for distortions caused by the churn of Earth’s atmosphere. The remarkable technology counterbalances any would-be wobble in the telescope, thereby producing particularly sharp images of the corona.

“This technological advancement is a game-changer,” said Dirk Schmidt, an adaptive optics scientist at NSO and the study’s lead author, in an observatory release. “There is a lot to discover when you boost your resolution by a factor of 10.”

Until now, solar telescopes have used adaptive optics mainly to study the Sun’s surface, the release stated. Observing the fainter corona has remained a challenge, with coronal features blurred to scales of 621 miles (1,000 kilometers)—a limit that’s existed for 80 years. But Cona now resolves features down to just 39 miles (63 km), the theoretical limit of the Goode telescope.

Among the new footage captured by the team are shots of a twisting solar prominence reshaping in real time, spicules flickering on the surface, and fine, hair-like strands of coronal rain narrower than 12.5 miles (20 km). When you consider how far the Sun is from Earth, how faint the corona is relative to the rest of the star, and how much of Earth’s turbulent atmosphere the team had to cut through and correct for, the sharpness of the images is a triumph.

“This transformative technology, which is likely to be adopted at observatories world-wide, is poised to reshape ground-based solar astronomy,” said study co-author Philip Goode, a physicist at NJIT-CSTR, in the same release. “With coronal adaptive optics now in operation, this marks the beginning of a new era in solar physics, promising many more discoveries in the years and decades to come.”

The observations offer crucial data for unraveling enduring solar mysteries—like why the corona is millions of degrees hotter than the solar surface.

The team plans to bring the coronal adaptive optics technology to the 13-foot (4-meter) Daniel K. Inouye Solar Telescope in Hawaiʻi—potentially revealing even smaller details of the Sun’s atmosphere.

Original Submission

Arthur T Knackerbracket has processed the following story:

US President Donald Trump can huff, puff, and threaten to blow Tim Cook's house down with a 25 percent iPhone import tariff, but analysts say even that threat is unlikely to bring Apple's manufacturing home.

In response to Trump's statement last week, analysts from Morgan Stanley published a research brief on Tuesday that concluded Apple is unlikely to respond to Trump's latest tariff threat in a way that will please him. 

The report, provided to The Register, concluded that the original 145 percent tariff imposed by Trump on certain imports from China last month might have made Apple budge on the matter, but since the President lost his international staredown and promised to reduce that rate, the economics no longer make sense for Cupertino.

According to the Morgan Stanley number crunchers, an iPhone manufactured in the United States would be at least 35 percent more expensive than one made overseas when accounting for tariffs on single-source components still made in China and higher US labor costs. That means a $999 iPhone would be $1,350 - at a minimum - if Apple wanted to retain a similar gross margin.

[A] 25 percent tariff will have no effect; it will need to be many times higher to compensate for the local production cost

With a 25 percent tariff on iPhone imports from China or India in place, on the other hand, Apple would need to increase prices on iPhones by only four to six percent globally to keep profits up. 

Canalys smartphone and IoT analyst Runar Bjorhovde agreed with Morgan Stanley's analysis in an email to The Register. "[A] 25 percent tariff will have no effect; it will need to be many times higher to compensate for the local production cost," Bjorhovde told us. 

Arthur T Knackerbracket has processed the following story:

The internet has seen its fair share of weird, but a Star Wars fan site secretly run by the CIA to communicate with overseas spies might top the list. StarWarsWeb.net looked like any other 2010-era fan page, complete with lightsabers, Yoda quotes ("Like these games you will"), LEGO ads, and hyped-up mentions of games like Battlefront 2 and The Force Unleashed II. But behind that nostalgic facade was a covert login system. If you entered the right password into the search bar, you'd unlock a secure line to CIA handlers. Or at least, that was the plan.

This bizarre piece of intel comes courtesy of Ciro Santilli, an independent researcher with a knack for rooting around the dusty corners of the web, who spoke to 404media.

Santili took it upon himself to dig deeper after a Reuters uncovering piece titled "America's Throwaway Spies" revealed a handful of suspicious domains back in 2022. Armed with little more than open-source tools, web dev know-how, and apparently endless patience, he ended up uncovering hundreds of similar sites.

As it turned out, the Star Wars page was just one star in a galaxy of CIA-run covert communication sites.

There were comedy pages, extreme sports sites, and even a Brazilian music fan page. Some were clearly geared toward users in states like Iran and China, where their discovery led to devastating consequences, including the execution of CIA sources around 2011-2012. But others appeared to target France, Germany, Spain, and Brazil.

The fatal flaw, according to both Santilli and the Reuters report, was that many of the sites were sloppily coded, reusing sequential IP addresses or other easily traceable breadcrumbs. Once one site was found, identifying others was often just a matter of basic detective work. This was something Iranian and Chinese counterintelligence teams apparently figured out over a decade ago. You can read this in more detail on Santilli's writeup.

Despite the deadly fallout, this digital forensics saga is now a cold case. Santilli described it as being "like a museum," saying that thanks to the Wayback Machine, people can still go back and view the site.

All said, fifteen years later, the CIA's attempt at geek-coded spycraft remains a cautionary tale that even intelligence agencies are only human. And that on the internet, your secrets have a shelf life.

Original Submission

Arthur T Knackerbracket has processed the following story:

Evidence of an attack on administration officials appeared last week on leak site Distributed Denial of Secrets, hosted an archive of messages that included details of over 60 government workers, a White House staffer, and members of the Secret.

The leak, first reported by Reuters, isn't as serious as Signalgate - no one was discussing air strikes and possible war crimes - but it's still suboptimal.

The White House said that it was "aware of the cyber security incident" but didn't comment further.

TeleMessage servers are reportedly closed while an investigation is carried out.

Europol had already detailed attempts to take down the Qakbot and Danabot malware groups, and last Friday it announced the disruption of the following five malware crews:

Operation Endgame II, a combined operation involving police from the EU, UK, US, and Canada, has now led to 20 arrests and 18 suspects have been added to the EU's most wanted list. In addition a total of €21.2 million has been seized.

"This new phase demonstrates law enforcement’s ability to adapt and strike again, even as cybercriminals retool and reorganise," said Catherine De Bolle, Europol executive director. "By disrupting the services criminals rely on to deploy ransomware, we are breaking the kill chain at its source."

Two government boffins have proposed a method for predicting which security vulnerabilities criminals are likely to exploit, and think it could be used to improve patching choices.

In a recent paper [PDF], cybersecurity specialist Jono Spring of CISA and Peter Mell, a former senior computer scientist retired from Uncle Sam's NIST this month, suggest a new system that addresses a blind spot in current flaw fixing methodologies.

Here's the current list of patches under active attack, courtesy of US government security guards at CISA.

CVSS 9.8 - CVE-2025-4632 is a path traversal vulnerability in Samsung MagicINFO 9 Server which would allow anyone with the skill to write arbitrary files as a system authority.

CVSS 7.2 - CVE-2025-4428 is a vulnerability in Ivanti Endpoint Manager Mobile 12.5.0.0 and earlier builds. It allows full remote code execution using a specially crafted API request.

One current tool to help users prioritize the fixes to deploy is the US Cybersecurity and Infrastructure Security Agency’s (CISA’s) known exploited vulnerabilities (KEV) database that lists which CVEs under active attack. Regulations require US federal government agencies to patch bugs on the list within six months. Private sector admins also use the list.

Further help comes from an industry group known as the Forum of Incident Response and Security Teams (FIRST) which feeds CVE data into a separate Exploit Prediction Scoring System (EPSS). This machine-learning system predicts which vulnerabilities criminals are likely to attack in the next 30 days.

Spring and Mell have suggested a new system to help admins that combines KEV and EPSS and called it a likely exploited vulnerabilities (LEV) list, and assert that it offers helpfully accurate indicators to focus patching priorities.