Landgericht Leipzig spricht Facebook-Nutzer eine Entschädigung von 5.000 Euro wegen Datenschutzverstößen durch die Business Tools von Meta zu

LG Leipzig, Urteil vom 04.07.2025, 05 O 2351/23

https://www.medienservice.sachsen.de/medien/news/1088732

From 7 July to 18 July 2025, CIRCL will host a two-week online training event featuring hands-on sessions on various tools developed and maintained by CIRCL, as well as training in digital forensics and incident response (DFIR) techniques.

All time slots are in local Luxembourg time. The sessions are open to everyone: just connect using the provided Zoom link.

#training #cybersecurity #threatintel

🔗 https://www.circl.lu/pub/vss-2025/

#directoryTraversalMemes

roses are red,
hackers are leet,
https://arxiv.org/abs/1904.09828

When your salad ingredients see what you just did to their mates.

🎥New video series! Discover how OSINT, storytelling, mapping & teamwork enhance investigations during global crises. Experts unpack tech myths, mapping, & more. By Jürgen Geuter, Riccardo Pravettoni, Kaamil Ahmed, Jasmine Erkan & Wael Eskander. Watch now👉 https://exposingtheinvisible.org/en/films/collections/eti-talks/

We are thrilled to announce that the program for #BornHack 2025 is now available on our website! We still have more slots available, so participants are more than welcome to continue submitting content via the content submission system.

For more information, please check out our news post at https://bornhack.dk/news/2025-07-03-bornhack-2025-program-published/ or go directly to the program at https://bornhack.dk/bornhack-2025/program/

Unveiled at #TROOPERS25 - Hexagon fuzzing unlocked

Hexagon is the architecture in Qualcomm basebands - they power most of the world's leading smartphones.

Until now, this baseband was out of reach.

We released the first open-source toolchain for system-mode Hexagon fuzzing, presented by Luca Glockow (@luglo), Rachna Shriwas, and Bruno Produit (@bruno) at @WEareTROOPERS

Full post: https://www.srlabs.de/blog-post/hexagon-fuzz-full-system-emulated-fuzzing-of-qualcomm-basebands

How we opened up mobile firmware in 3 steps:
1. Boot real iPhone basebands with a custom QEMU fork
2. Rust-powered fuzzer controls execution via JSON configs
3. Ghidra integration maps coverage across threads

This brings full visibility to Qualcomm’s 4G/5G/GPS stacks.

Reproducible. Extendable. Open source.

Hexagon’s no longer off-limits - mobile security just got a lot more transparent.


🔗 Try it yourself: https://github.com/srlabs/hexagon_fuzz
📚 Docs: https://github.com/srlabs/hexagon_fuzz/blob/main/docs/reverse_engineering.md
🖥️ Slides from Troopers25: https://github.com/srlabs/hexagon_fuzz/blob/main/docs/talk/hexagon_fuzz_troopers2025.pdf
🛠️ Issues, ideas, or contributions? PRs welcome.

I am pretty thrilled that @Elastic open-sourced DevFiler, a Desktop interface to continuous profiling, originally written by @athre0z. It's cool stuff, give it a try! And thanks to the Elastic folks that made it happen!!!

https://github.com/elastic/devfiler

LIVESTREAM
🎦 As a reminder, our great speakers and their talk can be watched live at:

https://live.pass-the-salt.org/ 🔥

Powered by the great work of our friends from https://www.ubicast.eu/ 🙏

New CVSS perfect 10 logo.

Catwatchful is now, by our count at TechCrunch, the 26th stalkerware operation to have been hacked, breached, or otherwise lost or exposed its users' or victims' data since 2017.

That's 26 reasons alone why you should never use a stalkerware app.

Here's more from @lorenzofb on the dangers of stalkerware.

https://techcrunch.com/2025/07/02/hacked-leaked-exposed-why-you-should-stop-using-stalkerware-apps/

Massive MicroSD card testing database exposes fakes, charts performance and endurance — 200 cards tested, 51 to destruction; 8 machines running 70 card readers wrote 18 petabytes for testing
https://www.tomshardware.com/pc-components/microsd-cards/microsd-card-testing-database-exposes-fakes-charts-performance-and-endurance-200-cards-tested-51-to-destruction-8-machines-running-70-card-readers-wrote-18-petabytes-for-testing?utm_source=flipboard&utm_medium=activitypub

Posted into SSDs: News, benchmarks, reviews and more @ssds-news-benchmarks-reviews-and-more-TomsHardware

GrapheneOS version 2025063000 released:

https://grapheneos.org/releases#2025063000

See the linked release notes for a summary of the improvements over the previous release.

Forum discussion thread:

https://discuss.grapheneos.org/d/23564-grapheneos-version-2025063000-released

#GrapheneOS #privacy #security

TIL in Firefox about:config:

widget.gtk.overlay-scrollbars.enabled = false
widget.non-native-theme.gtk.scrollbar.thumb-size = 1
widget.non-native-theme.scrollbar.style = 4
widget.non-native-theme.scrollbar.size.override = 16

Gets you scrollbars that are actually visible and clickable with the mouse.

👋 Hello, Fediverse! Your favorite dynamic instrumentation toolkit is here! 🧪

This menu on the #sec25 conference website confuses me - did @usenixassociation build a timetable with only half the papers, or did the conference co-hosting usable security forgot the submenu listing the second half of the papers? https://www.usenix.org/conference/usenixsecurity25/technical-sessions

Really interesting paper by Sharad Agarwal and Marie Vasek of UCL just presented at WEIS:

Examining Newly Registered Phishing Domains at Scale

Shows differences in trends and behavior between compromised websites used for phishing, mixed datasets, and newly registered phishing domains, with a focus on the latter.

#infosec #cybersecurity #threatintel

PDF link: http://kmlabcw.iis.u-tokyo.ac.jp/weis/2025/doc/proceedings/WEIS2025_paper_17.pdf

as promised: a less misogynist version of the meme.

Today we installed the first fibre on the field (1km of single mode fibre)… thanks to everyone who helped out today! :)