dragosr

Trivially spoofed packets from an SDR can derail trains. It's a seriously low bar for attackers and I'm so glad Neil is finally getting some folks to pay attention.

US railroad industry

Updated: Neil Smith has been trying to get the railroad industry to listen since 2012, but it took a CISA warning to get there

Critical Meshtastic Vulnerability: CVE-2025-52464: Meshtastic 2.5.0–2.6.10 shipped cloned or low-entropy X25519 keys via vendor pre-flash + weak RNG. Collisions let attackers decrypt LoRa direct-msgs, replay/forge admin RPCs, hijack nodes; no forward secrecy, so old captures stay cleartext. Firmware 2.6.11 defers key-gen, hardens entropy, flags compromised pairs.

Critical Meshtastic Flaw Allows Attackers to Decrypt Private Messages - Mander

Meshtastic developers released firmware version 2.6.11 with critical fixes: Key generation delay: Keys are now generated when users first set their...

Time to update microcode on your Intel processors (gen >9)... New speculative prediction bug lets you capture /etc/shadow with 99% reliability. They didn't make anything like it work on AMD or ARM... yet...

Branch Privilege Injection: Exploiting Branch Predictor Race Conditions – Computer Security Group

Intel

INTEL-SA-01247

INTEL-SA-01247

GitHub

Release microcode-20250512 Release · intel/Intel-Linux-Processor-Microcode-Data-Files

Release Notes microcode-20250512 Purpose Security updates for INTEL-SA-01153 Security updates for INTEL-SA-01244 Security updates for INTEL-SA-012...

The Czech Republic, Ukraine joint satellite reconnaissance project sucessfully launched TROLL satellite, developing the higher-resolution Drak satellite, to provide Ukraine with independent, high-quality optical intelligence to enhance defense capabilities, autonomy.

Czech Republic, Ukraine launch spy satellite project – SatNews

Oh, is that all? A few (billion?) ESP32 devices let attackers establish persistency in local flash using an undocumented commands set accessible from an over the air pivot, and low level protocol injection and spoofing control... ESP32 chips have 29 undocumented Bluetooth vendor-specific HCI commands (0xFC01–0xFC44) allowing direct RAM/Flash access, MAC address spoofing, injecting LMP and LLCP packets, direct Bluetooth register manipulation.

BleepingComputer

Undocumented commands found in Bluetooth chip used by a billion devices

The ubiquitous ESP32 microchip made by Chinese manufacturer Espressif and used by over 1 billion units as of 2023 contains undocumented commands th...

2025 RootedCon BluetoothTools

Framework Desktop: It's not a $3k 1Petaflop 128k Blackwell DIGITS, but it does have Strix Halo/Ryzen AI Max+ 395 unified memory(DDR5x tho) with a 256 wide bus soldered memory on the board - capability that would cost $6k in a Macbook for $2k. New Framework desktop, engineering sample torn down by iFixit - skip to 7:20.

Admittedly below our already not high expectations for a WiFi accessible space heater: An unverified OTA update process in a Govee smart space heater—using HTTP with weak integrity checks (a simple checksum and HMAC with a hardcoded key)—allows MITM attackers to inject modified firmware, enabling arbitrary control or bricking. Exposed debug interfaces with weak credentials compound the vulnerability.

Include Security Research Blog

Replacing a Space Heater Firmware Over WiFi - Include Security Research Blog

Our team hacks space heater firmware updates over wifi in the latest Include Security blog post. We break down, literally and figuratively, each st...

Congratulations to the new American administration, achieving something no Canadian politician has been able to - rallying the entire country around the flag. Uniting BC's left wing Eby, Ford's right wing Conservatives, Trudeau/Carney's centrist Liberals, even separatist CAQ François Legault saying Quebec must stand together with the rest of Canada and fight (!!!). I don't think we have seen ALL of Canada synchronize and unify like this to respond to a threat since WW2.

The CCC 38 Saal1 Presentation - BlinkenCity: Radio-Controlling Street Lamps and Power Plants by Fabian Bräunlein and Luca Melette ...on reversing streetlamps, ripple controls, Versacom and Semagyr, power gear, smart meters, controlling FREs with flashlights and flipper zero's(!), was a tour de force in reverse engineering, critical infrastructure risk analysis, and hacking excellence. If you use electricity or streets, you should watch it.

BlinkenCity: Radio-Controlling Street Lamps and Power Plants 38C3

A significant portion of Europe's renewable energy production can be remotely controlled via longwave radio. While this system is intended to stabi...

Trying to extend reach of GDPR to BlueSky LLM training is problematic. Data is declared public, so free to train on it. The problems start trying to claim GDPR rights *after the data is no longer needed.* The GDPR right to access, erasure, and modification do not extend to mandated memory wipes for any human who has ever viewed(processed) the data. It's unreasonable, and technically infeasible, to expect that kind of access to LLMs. Significant technical and legal challenges are coming up.