Hackaday Columns

4596 Articles

This excellent content from the Hackaday writing crew highlights recurring topics and popular series like Linux-Fu, 3D-Printering, Hackaday Links, This Week in Security, Inputs of Interest, Profiles in Science, Retrotechtacular, Ask Hackaday, Teardowns, Reviews, and many more.

This Week In Security: Landfall, Imunify AV, And Sudo Rust

November 14, 2025 by 7 Comments

Let’s talk about LANDFALL. That was an Android spyware campaign specifically targeted at Samsung devices. The discovery story is interesting, and possibly an important clue to understanding this particular bit of commercial malware. Earlier this year Apple’s iOS was patched for a flaw in the handling of DNG (Digital NeGative) images, and WhatsApp issued an advisory with a second iOS vulnerability, that together may have been used in attacks in the wild.

Researchers at Unit 42 went looking for real-world examples of this iOS threat campaign, and instead found DNG images that exploited a similar-yet-distinct vulnerability in a Samsung image handling library. These images had a zip file appended to the end of these malicious DNG files. The attack seems to be launched via WhatsApp messaging, just like the iOS attack. That .zip contains a pair of .so shared object files, that are loaded to manipulate the system’s SELinux protections and install the long term spyware payload.

The earliest known sample of this spyware dates to July of 2024, and Samsung patched the DNG handling vulnerability in April 2025. Apple patched the similar DNG problem in August of 2025. The timing and similarities do suggest that these two spyware campaigns may have been related. Unit 42 has a brief accounting of the known threat actors that could have been behind LANDFALL, and concludes that there just isn’t enough solid evidence to make a determination.

Not as Bad as it Looks

Watchtowr is back with a couple more of their unique vulnerability write-ups. The first is a real tease, as they found a way to leak a healthy chunk of memory from Citrix NetScaler machines. The catch is that the memory leak is a part of an error message, complaining that user authentication is disabled. This configuration is already not appropriate for deployment, and the memory leak wasn’t assigned a CVE.

There was a second issue in the NetScaler system, an open redirect in the login system. This is where an attacker can craft a malicious link that points to a trusted NetScaler machine, and if a user follows the link, the NetScaler will redirect the user to a location specified in the malicious link. It’s not a high severity vulnerability, but still got a CVE and a fix. Continue reading “This Week In Security: Landfall, Imunify AV, And Sudo Rust”

FLOSS Weekly Episode 854: The Big Daddy Core

November 12, 2025 by No comments

This week Jonathan and Ben chat with Jason Shepherd about Ocre and Atym.io! That’s the lightweight WebAssembly VM that lets you run the same containers on Linux and a host of embedded platforms, on top of the Zephyr embedded OS. What was the spark that led to this project’s creation, what does Atym.io bring to the equation, and what are people actually doing with it? Watch to find out!

Continue reading “FLOSS Weekly Episode 854: The Big Daddy Core”

Gene Therapy Aims To Slow Huntington’s Disease To A Crawl

November 11, 2025 by 22 Comments

Despite the best efforts of modern medicine, Huntington’s disease is a condition that still comes with a tragic prognosis. Primarily an inherited disease, its main symptoms concern degeneration of the brain, leading to issues with motor control, mood disturbance, with continued degradation eventually proving fatal.

Researchers have recently made progress in finding a potential treatment for the disease. A new study has indicated that an innovative genetic therapy could hold promise for slowing the progression of the disease, greatly improving patient outcomes.

Continue reading “Gene Therapy Aims To Slow Huntington’s Disease To A Crawl”

The Strange Depression Switch Discovered Deep Inside The Brain

November 10, 2025 by 49 Comments

As humans, we tend to consider our emotional states as a direct response to the experiences of our lives. Traffic may make us frustrated, betrayal may make us angry, or the ever-grinding wear of modern life might make us depressed.

Dig into the science of the brain, though, and one must realize that our emotional states are really just electrical signals zinging around our neurons. And as such, they can even be influenced by direct electrical stimulation.

One group of researchers found this out when they inadvertently discovered a “switch” that induced massive depression in a patient in mere seconds. For all the complexities of the human psyche, a little electricity proved more than capable of swaying it in an instant.

Continue reading “The Strange Depression Switch Discovered Deep Inside The Brain”

Hackaday Links Column Banner

Hackaday Links: November 9, 2025

November 9, 2025 by 25 Comments

We’re always a wee bit suspicious about articles that announce some sort of “World’s first” accomplishment. With a couple of hundred thousand years of history, most of which wasn’t recorded, over which something like 117 billion humans have lived, any claims of primacy have to be taken with a grain of salt. So when the story of the world’s first instance of a car being hit by a meteorite came across our feed, we had to check it out. The car in question, a Tesla, was being driven in South Australia by veterinarian Andrew Melville-Smith when something suddenly crashed into its windshield.

Continue reading “Hackaday Links: November 9, 2025”

Hackaday Podcast Episode 344: Board With Lasers, Op-Amp Torture, And Farewell Supercon 9

November 7, 2025 by No comments

Hackaday Editors Tom Nardi and Al Williams spent the weekend at Supercon and had to catch up on all the great hacks. Listen in as they talk about their favorites. Plus, stick around to the end to hear about some of the highlights from their time in Pasadena.

If you’re still thinking about entering the Component Abuse Contest, you’re just about out of time. Need some inspiration? Tom and Al talk about a few choice entries, and discuss how pushing parts out of their comfort zone can come in handy. Do you make your own PCBs? With vias? If you have a good enough laser, you could. Or maybe you’d rather have a $10 Linux server? Just manage your expectations. The guys both admit they aren’t mechanical geniuses and, unlike [4St4r], aren’t very good at guessing sounds either. They round up with some 3D printing projects and a collection of quick hacks.

Check out the links below if you want to follow along, and as always, tell us what you think about this episode in the comments!

Download in DRM-free MP3 no PDP-1, 3D Printer, or lasers needed to listen.

Where to Follow Hackaday Podcast

Places to follow Hackaday podcasts:

Continue reading “Hackaday Podcast Episode 344: Board With Lasers, Op-Amp Torture, And Farewell Supercon 9”

This Week In Security: Bogus Ransom, WordPress Plugins, And KASLR

November 7, 2025 by 16 Comments

There’s another ransomware story this week, but this one comes with a special twist. If you’ve followed this column for long, you’re aware that ransomware has evolved beyond just encrypting files. Perhaps we owe a tiny bit of gratitude to ransomware gangs for convincing everyone that backups are important. The downside to companies getting their backups in order is that these criminals are turning to other means to extort payment from victims. Namely, exfiltrating files and releasing them to the public if the victim doesn’t pay up. And this is the situation in which the Akira ransomware actors claim to have Apache’s OpenOffice project.

There’s just one catch. Akira is threatening to release 23 GB of stolen documents, which include employee information — and the Apache Software Foundation says those documents don’t exist. OpenOffice hasn’t received a demand and can’t find any evidence of a breach. It seems likely that Akira has hit some company, but not part of the Apache Software Foundation. Possibly someone that heavily uses OpenOffice, or even provides some level of support for that application. There is one more wrinkle here.

Since Apache OpenOffice is an open source software project, none of our contributors are paid employees for the project or the foundation…

Continue reading “This Week In Security: Bogus Ransom, WordPress Plugins, And KASLR”