03 Jul 2025

feedSlashdot

Data Breach Reveals Catwatchful 'Stalkerware' Is Spying On Thousands of Phones

An anonymous reader quotes a report from TechCrunch: A security vulnerability in a stealthy Android spyware operation called Catwatchful has exposed thousands of its customers, including its administrator. The bug, which was discovered by security researcher Eric Daigle, spilled the spyware app's full database of email addresses and plaintext passwords that Catwatchful customers use to access the data stolen from the phones of their victims. [...] According to a copy of the database from early June, which TechCrunch has seen, Catwatchful had email addresses and passwords on more than 62,000 customers and the phone data from 26,000 victims' devices. Most of the compromised devices were located in Mexico, Colombia, India, Peru, Argentina, Ecuador, and Bolivia (in order of the number of victims). Some of the records date back to 2018, the data shows. The Catwatchful database also revealed the identity of the spyware operation's administrator, Omar Soca Charcov, a developer based in Uruguay. Charcov opened our emails, but did not respond to our requests for comment sent in both English and Spanish. TechCrunch asked if he was aware of the Catwatchful data breach, and if he plans to disclose the incident to its customers. Without any clear indication that Charcov will disclose the incident, TechCrunch provided a copy of the Catwatchful database to data breach notification service Have I Been Pwned. The stalkerware operation uses a custom API and Google's Firebase to collect and store victims' stolen data, including photos and audio recordings. According to Daigle, the API was left unauthenticated, exposing sensitive user data such as email addresses and passwords. The hosting provider temporarily suspended the spyware after TechCrunch disclosed this vulnerability but it returned later on HostGator. Despite being notified, Google has yet to take down the Firebase instance but updated Google Play Protect to detect Catwatchful. While Catwatchful claims it "cannot be uninstalled," you can dial "543210" and press the call button on your Android phone to reveal the hidden app. As for its removal, TechCrunch has a general how-to guide for removing Android spyware that could be helpful.

Read more of this story at Slashdot.

03 Jul 2025 3:30am GMT

Proposed Budget Seeks To Close Mauna Loa Observatory's Climate CO2 Study

"Slashdot regularly posts milestones on CO2 levels reported by the Mauna Loa Observatory," writes longtime Slashdot reader symbolset, pointing to a new article highlighting how the Trump administration's proposed budget would eliminate funding for the lab's carbon dioxide monitoring. "Continuous observation records since 1958 will end with the new federal budget as ocean and atmospheric sciences are defunded." From a report: [I]t's the Mauna Loa laboratory that is the most prominent target of the President Donald Trump's climate ire, as measurements that began there in 1958 have steadily shown CO2's upward march as human activities have emitted more and more of the planet-warming gas each year. The curve produced by the Mauna Loa measurements is one of the most iconic charts in modern science, known as the Keeling Curve, after Charles David Keeling, who was the researcher who painstakingly collected the data. His son, Ralph Keeling, a professor at the Scripps Institution of Oceanography at UC San Diego, now oversees collecting and updating that data. Today, the Keeling Curve measurements are made possible by the National Oceanic and Atmospheric administration, but the data gathering and maintenance of the historical record also is funded by Schmidt Sciences and Earth Networks, according to the Keeling Curve website. In the event of a NOAA shut down of the lab, Scripps could seek alternate sources of funding to host the instruments atop the same peak or introduce a discontinuity in the record by moving the instruments elsewhere in Hawaii. The proposal to shut down Mauna Loa had been made public previously but was spelled out in more detail on Monday when NOAA submitted a budget document (PDF) to Congress. It made more clear that the Trump administration envisions eliminating all climate-related research work at NOAA, as had been proposed in Project 2025, the conservative blueprint for overhauling the government. It would do this in large part by cutting NOAA's Office of Oceanic and Atmospheric Research entirely, including some labs that are also involved in improving weather forecasting. NOAA has long been one of the world's top climate science agencies, but the administration would steer it instead towards being more focused on operational weather forecasting and warning responsibilities.

Read more of this story at Slashdot.

03 Jul 2025 2:02am GMT

Foxconn Mysteriously Tells Chinese Workers To Quit India and Return To China

Apple's expansion in India has hit a snag as Foxconn has sent over 300 Chinese workers back to China, potentially reducing production efficiency just as mass manufacturing of the iPhone 17 begins. AppleInsider reports: It's not known why Foxconn has done this, nor is it clear whether workers have been laid off or redeployed to the company's facilities in China. The move, though, does follow Beijing officials reportedly working to prevent firms moving away from China. Those officials are said to have been verbally encouraging China's local governments and regulatory bodies to curb exports of equipment or technologies to India and Southeast Asia. Overall, China has been making it harder for skilled labor to leave the country. It's not clear how any changes have specifically affected Chinese workers who had already left.What is clear is that Foxconn has used many experienced Chinese engineers as it attempts to rapidly expand in India. It's said, too, that Chinese managers have been vital in training Foxconn staff in India. Since that training has been ongoing for some years, and since at least most of Foxconn's production lines have been set up, it's said that there will not be an impact on the quality of manufacturing. But one source said the changes will impact efficiency on the production line.

Read more of this story at Slashdot.

03 Jul 2025 1:25am GMT

02 Jul 2025

feedOSnews

Servers and thin clients in every home is the future they stole from us

I've used thin clients at home for quite a while - both for their intended use (remotely accessing a desktop of another system); and in the sense of "modern thin clients are x86 boxes that are wildly overpowered for what they run, so they make good mini servers." Recently, I saw a bulk lot of Sun Ray thin clients pop up on Trade Me (NZ's eBay-like auction site) - and with very little idea of how many clients were actually included in this lot, I jumped on it. After a 9 hour round-trip drive (on some of the worst roads I've seen!), I returned home with the back of my car completely packed with Sun Rays. Time for some interesting shenanigans! ↫ catstret.ch I was unaware you could still set up a Sun Ray environment with latest versions of OpenIndiana, and that has me quite interested in buying a few Sun Rays off eBay and follow in the author's footsteps. It seems like it's not too difficult, and while there's some manual nonsense you have to do to get everything to install correctly, it's nothing crazy. To this day, I firmly believe that the concept of dumb thin clients connected to powerful servers is an alluring and interesting way of computing. I'm not talking about connecting up to servers owned by massive technology corporations - I'm talking about a few powerful servers down in your own basement or attic or whatever, serving applications and desktops straight to basic thin clients all around your house. These thin clients can take the shape of anything, from something like a desktop setup in your office, down to a basic display in your kitchen for showing recipes, setting timers, and other basic stuff - and everything in between. Sun Rays could 'hot desk' using personal smart cards, but of course, in this day and age you'd have your smartphone. The thin clients around your house would know it was you through your smartphone, and serve up the applications, desktop, tools, and so on that you use, but everything would be running on the servers in your house. Of course, my wife would have her own account on the server, as would our children, when they are old enough. None of this is impossible with today's tools and computing power, but it wouldn't be easy to set up. There are no integrated solutions out there to make this happen; you'd have to scrap it together from disparate parts and tools, and I doubt such a house of cards would end up being reliable enough not to quickly become a massive annoyance and time sink. On top of that, we live in a rental apartment, so we don't even have a basement or attic to store loud servers in, nor are we allowed to drill holes and route Ethernet cabling for optimal performance. Anyway, there's no chance in hell any of the major technology companies would build such a complex ecosystem in a world where it's much easier and more profitable to force people to subscribe to shitty services. In my ideal computing world, though - a server in every home, with cheap thin clients in every room.

02 Jul 2025 9:35pm GMT

feedArs Technica

TikTok is being flooded with racist AI videos generated by Google’s Veo 3

Google and TikTok have rules against this sort of thing, but it doesn't seem to matter.

02 Jul 2025 9:18pm GMT

Everything that could go wrong with X’s new AI-written community notes

X says AI can supercharge community notes, but that comes with obvious risks.

02 Jul 2025 9:00pm GMT

New evidence that some supernovae may be a “double detonation”

It may be possible to blow up a white dwarf before it reaches a critical mass.

02 Jul 2025 8:39pm GMT

feedOSnews

The new troll diet

We need a new framework for how to defend against "trolls". The feeding metaphor ran its course many years ago. It is done and will not be coming back. New online risks demand that we adapt and become proactive in protecting our spaces. We have to loudly and proudly set the terms of what is permissible. Those holding social or institutional power in communities should be willing to drop a few loud fuck offs to anyone trying to work their way in by weaponizing optics, concern trolling, or the well known "tolerance paradox". Conceding through silence, or self-censorship, only emboldens those who benefit from attacking a community. ↫ diegoebe Een volk dat voor tirannen zwicht, zal meer dan lijf en goed verliezen, dan dooft het licht.

02 Jul 2025 7:31pm GMT

01 Jul 2025

feedOSnews

Donkey Kong Country 2 and open bus

Apparently, Donkey Kong Country 2 has runs into a bug in the old SNES emulator ZSNES, where one of the barrels that you're supposed to be able to precisely control the spinning direction of ends up spinning forever. This bug is caused by ZSNES not emulating open bus behavior. I believe this was originally discovered by Anomie roughly two decades ago, who subsequently fixed the same bug in Snes9x. This original fix hardcoded the specific addresses to return the values that the game depends on rather than properly emulating open bus, but it fixed DKC2 and probably didn't break anything else. The bug was never fixed in ZSNES, which is now a long abandoned project (last release in 2007). Purely out of curiosity, I wanted to dig into this a little more to figure out what exactly in the game code causes these barrels to spin forever in an emulator that doesn't emulate open bus behavior. ↫ jsgroth Just in case you've always wanted to know.

01 Jul 2025 8:48pm GMT

21 Jun 2025

feedPlanet Arch Linux

linux-firmware >= 20250613.12fe085f-5 upgrade requires manual intervention

With 20250613.12fe085f-5, we split our firmware into several vendor-focused packages. linux-firmware is now an empty package depending on our default set of firmware. Unfortunately, this coincided with upstream reorganizing the symlink layout of the NVIDIA firmware, resulting in a situation that Pacman cannot handle. When attempting to upgrade from 20250508.788aadc8-2 or earlier, you will see the following errors: linux-firmware-nvidia: /usr/lib/firmware/nvidia/ad103 exists in filesystem linux-firmware-nvidia: /usr/lib/firmware/nvidia/ad104 exists in filesystem linux-firmware-nvidia: /usr/lib/firmware/nvidia/ad106 exists in filesystem linux-firmware-nvidia: /usr/lib/firmware/nvidia/ad107 exists in filesystem To progress with the system upgrade, first remove linux-firmware, then reinstall it as part of the upgrade: # pacman -Rdd linux-firmware # pacman -Syu linux-firmware

21 Jun 2025 12:00am GMT

20 Jun 2025

feedPlanet Arch Linux

Plasma 6.4.0 will need manual intervention if you are on X11

On Plasma 6.4 the wayland session will be the only one installed when the users does not manually specify kwin-x11. With the recent split of kwin into kwin-wayland and kwin-x11, users running the old X11 session needs to manually install plasma-x11-session, or they will not be able to login. Currently pacman is not able to figure out your personal setup, and it wouldn't be ok to install plasma-x11-session and kwin-x11 for every one using Plasma. tldr: Install plasma-x11-session if you are still using x11

20 Jun 2025 12:00am GMT

16 Jun 2025

feedPlanet Arch Linux

Transition to the new WoW64 wine and wine-staging

We are transitioning the wine and wine-staging package to a pure wow64 build. This change removes the dependency on the multilib repository for wine and wine-staging. The main reason for this is to align with upstream Wine development, which simplifies packaging and the dependency chain. Potential Issues:

If you are facing issues with 32 bit prefixes, please recreate these and reinstall the application.

16 Jun 2025 12:00am GMT