end of life

3 Articles

This Week In Security: Second Verse, Worse Than The First

March 27, 2026 by 16 Comments

Isn’t there some claim events come in threes? After the extremely rare leak of the iOS Coruna exploit chain recently, now we have details from Google on a second significant exploit in the wild, dubbed Darksword.

Like Coruna, Darksword appears to have followed the path of government security contractors, to different government actors, to crypto stealer. It appears to focus on exploits already fixed in modern iOS releases, with most affecting iOS 18 and all patched by iOS 26.3.

Going from almost no public examples of modern iOS exploits to two in as many weeks is wild, so if mobile device security is of interest, be sure to check out the Google write-up.

Another FBI Router Warning

The second too early to be retro – but too important to ignore – repeat security item is a second alert by the FBI cautioning about end-of-life consumer network hardware under active exploitation, with the FBI tracking almost 400,000 device infections so far.

Like the warning two weeks ago, the FBI calls out a handful of consumer routers – but this time they’re devices that may actually still be service in some of our homes (or our less cutting edge friends and family), calling out devices from Netgear, TP-Link, D-Link, and Zyxel:

  • Netgear DGN2200v4 and AC1900 R700
  • TP-Link Archer C20, TL-WR840N, TL-WR849N, and WR841N
  • D-Link DIR-818LW, 850L, and 860L
  • Zyxel EMG6726-B10A, VMG1312-B10D, VMG1312-T20B, VMG3925-B10A, VMG3925-B10C, VMG4825-B10A, VMG4927-B50A, VMG8825-T50K

While many of these devices are over ten years old, they still support modern networking – some of them even supporting 802.11ac (also called Wi-Fi 5).  Unfortunately, since support has been ended by the manufacturers, publicly disclosed vulnerabilities have not been patched (and now never will be, officially) Continue reading “This Week In Security: Second Verse, Worse Than The First”

This Week In Security: Plenty Of Patches, Replacing Old Gear, And Phrack Calls For Papers

March 13, 2026 by 7 Comments

When Friday the Thirteenth and Patch Tuesday happen on the same week, we’re surely in for a good time.

Anyone who maintains any sort of Microsoft ecosystem knows by now to brace for impact come Patch Tuesday; March brings the usual batch of “interesting” issues, including:

  • Two high-risk Microsoft Office vulnerabilities (CVE-2026-26110 and CVE-2026-26113), both of which allow execution of arbitrary code with no user interaction other than opening a hostile file. Vulnerabilities like these are especially dangerous in environments where transferring Office documents is considered normal, such as (unsurprisingly) offices, but also for home users who may not be savvy enough to avoid opening hostile files. Arbitrary code execution allows the attacker to run essentially any commands the user would be able to run themselves, typically leveraging it to install remote access or keyboard logging malware.
  • Excel gets a different vulnerability, CVE-2026-26144, which allows leaking of data through a cross-site scripting vulnerability. Coupled with CoPilot Agent, this can be used to leak contents of spreadsheets, again with no direct user interaction.

On the server and container side, this month includes a fairly typical collection of patches for SQL Server, and vulnerabilities in the Microsoft-hosted device pricing and payment orchestrator services, which have been automatically patched by Microsoft. Continue reading “This Week In Security: Plenty Of Patches, Replacing Old Gear, And Phrack Calls For Papers”

End Of An Era, As LEGO To Discontinue Mindstorms

November 3, 2022 by 46 Comments

When there are so many single board computers and other products aimed at providing children with the means to learn about programming and other skills, it is easy to forget at time before the Arduino or the Raspberry Pi and their imitators, when a computer was very much an expensive closed box.

Into this late-’90s vacuum left in the wake of the 8-bit home computer revolution came LEGO’s Mindstorms kits, a box of interlocking goodies with a special programmable brick, which gave kids the chance to make free-form computerized robotic projects all of their own. The recent news that after 24 years the company will discontinue the Mindstorms range at the end of the year thus feels like the end of an era to anyone who has ridden the accessible microcontroller train since then.

What became Mindstorms has its roots in the MIT Media Lab’s Programmable Brick project, a series of chunky LEGO bricks with microcontrollers and the Mindstorms LEGO brick contacts for motors and sensors. Their Logo programming language implementation was eschewed by LEGO in favor of a graphical system on a host computer, and the Mindstorms kit was born. The brand has since been used on a series of iterations of the controller, and a range of different robotics kits.

In 1998, a home computer had morphed from something programmable in BASIC to a machine that ran Windows and Microsoft Office. Boards such as Parallax’s BASIC Stamp were available but expensive, and didn’t come with anything to control. The Mindstorms kit was revolutionary then in offering an accessible fully programmable microcontroller in a toy, along with a full set of LEGO including motors and sensors to use with it.

We’re guessing Mindstorms has been seen off by better and cheaper single board computers here in 2022, but that doesn’t take away its special place in providing ’90s kids with their first chance to make a proper robot their way. The kits have found their place here at Hackaday, but perhaps most of the projects we’ve featured using them being a few years old now underlines why they are to meet their end. So long Mindstorms, you won’t be forgotten!

Header image: Mairi, (CC BY-SA 3.0).