Improved and Open Source: Non-Planar Infill for FDM

Strenghtening FDM prints has been discussed in detail over the last years. Solutions and results vary as each one’s desires differ. Now [TenTech] shares his latest improvements on his post-processing …read more
#hacking #projects
https://hackaday.com/2025/04/23/improved-and-open-source-non-planar-infill-for-fdm/

Abusing DuckDB-WASM To Create Doom In SQL

These days you can run Doom anywhere on just about anything, with things like porting Doom to JavaScript these days about as interesting as writing Snake in BASIC on one’s …read more
#hacking #projects
https://hackaday.com/2025/04/23/abusing-duckdb-wasm-to-create-doom-in-sql/

Abusing DuckDB-WASM To Create Doom In SQL

These days you can run Doom anywhere on just about anything, with things like porting Doom to JavaScript these days about as interesting as writing Snake in BASIC on one’s …read more
#hacking #projects
https://hackaday.com/2025/04/23/abusing-duckdb-wasm-to-create-doom-in-sql/

Abusing DuckDB-WASM To Create Doom In SQL

These days you can run Doom anywhere on just about anything, with things like porting Doom to JavaScript these days about as interesting as writing Snake in BASIC on one’s …read more
#hacking #projects
https://hackaday.com/2025/04/23/abusing-duckdb-wasm-to-create-doom-in-sql/

Abusing DuckDB-WASM To Create Doom In SQL

These days you can run Doom anywhere on just about anything, with things like porting Doom to JavaScript these days about as interesting as writing Snake in BASIC on one’s …read more
#hacking #projects
https://hackaday.com/2025/04/23/abusing-duckdb-wasm-to-create-doom-in-sql/

Abusing DuckDB-WASM To Create Doom In SQL

These days you can run Doom anywhere on just about anything, with things like porting Doom to JavaScript these days about as interesting as writing Snake in BASIC on one’s …read more
#hacking #projects
https://hackaday.com/2025/04/23/abusing-duckdb-wasm-to-create-doom-in-sql/

How many unauthenticated file transfer servers are still exposed online in 2025?

A critical flaw in CrushFTP, tracked as CVE-2025-2825, is being actively exploited in the wild. The vulnerability affects versions 10.0.0 through 10.8.3 and version 11.0.0, and it allows remote attackers to bypass authentication entirely using specially crafted HTTP or HTTPS requests. Public proof-of-concept code is already circulating, lowering the barrier for exploitation.

Shadowserver, a nonprofit security watchdog, reported that over 1,500 vulnerable instances remain online as of March 30, 2025. Just two days earlier, around 1,800 instances were detected, with more than half located in the U.S. These numbers suggest that many organizations haven't taken mitigation steps despite clear warnings.

The CrushFTP team has urged users to either patch immediately or, if an update isn't feasible, isolate installations using a DMZ configuration. This can reduce the attack surface but is not a long-term fix.

This type of vulnerability is particularly concerning because unauthenticated access to managed file transfer software often leads to sensitive data exposure or ransomware deployment. Groups like Cl0p have historically targeted platforms like MOVEit, Accellion FTA, and GoAnywhere MFT using similar flaws. In January, Cl0p claimed responsibility for exploiting Cleo file transfer software to breach dozens of companies.

CrushFTP's CVE-2025-2825 carries a CVSS score of 9.8. That reflects the ease of exploitation and the potential impact of compromise. For systems handling regulated or confidential data, the urgency is not optional—patching is essential.

#Infosec #Cybersecurity #Software #Technology #News #CTF #Cybersecuritycareer #hacking #redteam #blueteam #purpleteam #tips #opensource #cloudsecurity

—
P.S. Found this helpful? Tap Follow for more cybersecurity tips and insights! I share weekly content for professionals and people who want to get into cyber. Happy hacking

DATE: April 23, 2025 at 04:41PM
SOURCE: HEALTHCARE INFO SECURITY

Direct article link at end of text block below.

#PIHHealth System Pays @HHSOCR $600K to Settle #HIPAA #Phishing #DataBreach Case https://t.co/YxlBGIZrCh

Here are any URLs found in the article text:

https://t.co/YxlBGIZrCh

Articles can be found by scrolling down the page at https://www.healthcareinfosecurity.com/ under the title "Latest"

-------------------------------------------------

Private, vetted email list for mental health professionals: https://www.clinicians-exchange.org

Healthcare security & privacy posts not related to IT or infosec are at @HIPAABot . Even so, they mix in some infosec with the legal & regulatory information.

-------------------------------------------------

#security #healthcare #doctors #itsecurity #hacking #doxxing #psychotherapy #securitynews #psychotherapist #mentalhealth #psychiatry #hospital #socialwork #datasecurity #webbeacons #cookies #HIPAA #privacy #datanalytics #healthcaresecurity #healthitsecurity #patientrecords @infosec #telehealth #netneutrality #socialengineering

The Evertop: a Low-Power, Off-Grid Solar Gem

When was the last time you saw a computer actually outlast your weekend trip – and then some? Enter the Evertop, a portable IBM XT emulator powered by an ESP32 …read more
#hacking #projects
https://hackaday.com/2025/04/23/the-evertop-a-low-power-off-grid-solar-gem/

"Passwort" Folge 30: i-Soon, das Leak aus der chinesischen Cybercrime-Industrie

Die Hosts diskutieren einen seltenen Einblick in die kommerzielle Hacking-Szene in China und was man daraus über die dortige Cybercrime-Industrie lernen kann.

https://www.heise.de/news/Passwort-Folge-30-i-Soon-das-Leak-aus-der-chinesischen-Cybercrime-Industrie-10354478.html?wt_mc=sm.red.ho.mastodon.mastodon.md_beitraege.md_beitraege&utm_source=mastodon

New Open-Source Tool Spotlight

Mandiant's `capa` analyzes executable files to pinpoint their capabilities. From detecting HTTP communications to identifying persistence mechanisms, it helps analysts assess malware functionality quickly. Supports PE, ELF, .NET, shellcode, and sandbox reports. #malwareanalysis #cybersecurity

Project link on #GitHub https://github.com/fireeye/capa

#Infosec #Cybersecurity #Software #Technology #News #CTF #Cybersecuritycareer #hacking #redteam #blueteam #purpleteam #tips #opensource #cloudsecurity

—
P.S. Found this helpful? Tap Follow for more cybersecurity tips and insights! I share weekly content for professionals and people who want to get into cyber. Happy hacking

FLOSS Weekly Episode 830: Vibes

This week, Jonathan Bennett and Randal Schwartz chat with Allen Firstenberg about Google’s AI plans, Vibe Coding, and Open AI! What’s the deal with agentic AI, how close are we …read more
#hacking #projects
https://hackaday.com/2025/04/23/floss-weekly-episode-830-vibes/

DATE: April 23, 2025 at 02:32PM
SOURCE: HEALTHCARE INFO SECURITY

Direct article link at end of text block below.

@kellybenefits1 Notifying Nearly 264,000 of Data Theft Hack https://t.co/qTAEAjCpIf

Here are any URLs found in the article text:

https://t.co/qTAEAjCpIf

Articles can be found by scrolling down the page at https://www.healthcareinfosecurity.com/ under the title "Latest"

-------------------------------------------------

Private, vetted email list for mental health professionals: https://www.clinicians-exchange.org

Healthcare security & privacy posts not related to IT or infosec are at @HIPAABot . Even so, they mix in some infosec with the legal & regulatory information.

-------------------------------------------------

#security #healthcare #doctors #itsecurity #hacking #doxxing #psychotherapy #securitynews #psychotherapist #mentalhealth #psychiatry #hospital #socialwork #datasecurity #webbeacons #cookies #HIPAA #privacy #datanalytics #healthcaresecurity #healthitsecurity #patientrecords @infosec #telehealth #netneutrality #socialengineering

#Crypto #mining campaign targets #Docker environments with new evasion technique
https://securityaffairs.com/176877/malware/crypto-mining-campaign-targets-docker-environments-with-new-evasion-technique.html
#securityaffairs #hacking