pcguro

09/03/2026

Take care of yourself.
https://www.facebook.com/share/p/1MmHonpuUU/

A study published in Scientific Reports investigated whether the use of Bluetooth headsets is linked to the development of thyroid nodules. Researchers analyzed 600 survey responses collected through an online platform and used advanced statistical and machine-learning methods to examine possible risk factors. After adjusting the data to reduce bias, the study evaluated how different lifestyle factors might influence thyroid nodule risk.

The results showed that age and the length of daily Bluetooth headset use were the two most significant factors associated with thyroid nodules. Participants who used Bluetooth headsets for longer periods each day were more likely to report thyroid nodules. The researchers suggested that prolonged exposure to non-ionizing radiation from wireless devices could be a contributing factor, highlighting the need for further research and encouraging people to be mindful of how long they use such devices.

PMID: 38906901

07/03/2026

🔧 𝐋𝐞𝐧𝐨𝐯𝐨 𝐋𝐞𝐠𝐢𝐨𝐧 𝟓 𝟏𝟓𝐀𝐂𝐇𝟔 (𝟐𝟎𝟐𝟏) 𝐂𝐏𝐔 𝐅𝐚𝐧 𝐑𝐞𝐩𝐥𝐚𝐜𝐞𝐦𝐞𝐧𝐭!
Quick repair today for a Legion 5 that was not overheating but making loud fan noise. Opened it up, swapped the CPU fan, cleaned the cooling system, and applied PTM 7950 for better temps. 💨❄️
📽️ Full video here: https://youtu.be/vqZycV6tk7M

03/01/2026

head-jack
Link: https://www.facebook.com/share/p/1AMxDyS2FJ/

Your headphones just became a backdoor to your phone. No pairing. No popup. Just Bluetooth range. 70 million chips. Sony. Bose. Marshall. JBL. A debug protocol active on production devices. Attackers can dump your Bluetooth keys, impersonate your headphones, and hijack your phone. 🤔

Three CVEs. Zero authentication required. Full technical disclosure: December 27, 2025 at 39C3.

The vulnerabilities

→ CVE-2025-20700: No authentication on Bluetooth Low Energy
→ CVE-2025-20701: No authentication on Bluetooth Classic
→ CVE-2025-20702: Debug protocol exposed that should never be accessible

RACE is Airoha's factory protocol. Meant for testing and firmware updates during production. It exposes read/write access to RAM and flash memory over three channels: USB HID, Bluetooth Classic RFCOMM (channel 21), and BLE GATT services.

The protocol was never disabled before shipping.

An attacker within 10 meters connects via BLE or Bluetooth Classic. No user interaction. The connection is silent.

Once connected, RACE commands dump the flash. Inside: the Bluetooth Link Key. This 128-bit key is what your phone uses to verify your headphones are trusted.

With the Link Key, the attacker clones your headphones' Bluetooth identity. Your phone sees "Sony WH-1000XM5" connecting. It trusts it automatically. No pairing popup.

→ Get your phone number using HFP commands
→ Access contacts and call history
→ Trigger Siri or Google Assistant
→ Accept incoming calls silently
→ Make outgoing calls to premium numbers
→ Activate your phone's microphone and listen

At 39C3 the researchers demonstrated WhatsApp and Amazon account takeover. Live.

Confirmed vulnerable

Sony WH-1000XM4, WH-1000XM5, WH-1000XM6, WF-1000XM5, LinkBuds S
Bose QuietComfort Earbuds
Marshall Major V, Minor IV, Acton III, Stanmore III
JBL Live Buds 3, Endurance Race 2
Jabra Elite 8 Active (patched)
Beyerdynamic Amiron 300
Teufel Tatws2
JLab Epic Air Sport ANC

Not the complete list. Airoha chips are in hundreds of products. Some manufacturers do not even know they use Airoha because they outsourced the Bluetooth module.

NOT vulnerable: Apple AirPods.

→ Airoha released a fix to manufacturers June 4, 2025. Six months later, most devices still run vulnerable firmware.
→ Jabra acknowledged the CVEs. Marshall quietly patched. Sony did not respond until they heard about the public disclosure.

Firmware updates come through manufacturer apps. Most users never open these apps after setup. Patches exist but are not reaching devices.

→ Update firmware through your manufacturer's app
→ Remove old Bluetooth pairings from your phone
→ Disable Bluetooth when not in use
→ High-value targets: use wired headphones

Want to learn how wireless attacks work and how to test network security? I cover WiFi hacking, man-in-the-middle attacks, and network protocols in my ethical hacking course:

→ https://www.udemy.com/course/ethical-hacking-complete-course-zero-to-expert/?couponCode=FEBRUARY26

Hacking is not a hobby but a way of life.



Writing: Jolanda de Koff | HackingPassion.com
Sharing is fine. Copying without credit is not.

21/12/2025

Ban Urban

Tel Aviv-based security firm Koi revealed that Urban VPN Proxy, a Chrome browser extension with about 6 million users, is collecting private AI chatbot conversations for marketing analytics.

Researcher Idan Dardikman found the extension uses built-in scripts to intercept chats from ChatGPT, Claude, Gemini, DeepSeek, and Grok, collecting sensitive data even when the VPN is turned off.

Urban VPN’s privacy policy states that it shares data with its affiliated data broker, BiScience, which creates commercially used insights.

Forbes also reported similar AI data harvesting across seven other apps by the same publisher, most of which carry Google’s featured badge.

11/12/2025

Thank you Linus Torvalds

In 1991, a 21-year-old Finnish computer science student named Linus Torvalds created and released the initial version of the Linux kernel, consisting of approximately 10,239 lines of code.

He made it publicly available under an open-source license, inviting developers around the world to use, modify, and improve it.

This collaborative, open-source model led to the rapid development and global adoption of Linux.

Today, the Linux kernel is the backbone of Android, the world’s most widely used mobile operating system, which runs on over 3 billion devices globally, according to Google’s official statistics.

Furthermore, Linux is the operating system of choice for nearly all of the world’s most powerful supercomputers.

As of the November 2023 TOP500 list, all 500 of the fastest supercomputers run on Linux-based systems, highlighting its performance, scalability, and flexibility.

Linux’s evolution from a hobby project into a foundational technology for global computing infrastructure is one of the most remarkable success stories in tech history.

Its impact extends from smartphones and servers to embedded systems and space technologies.

27/11/2025

how-fi?

In the 1990s, a team of Australian scientists at the "CSIRO", led by "John O’Sullivan", was working on a highly complex astrophysical problem: detecting faint radio signals emitted by evaporating "black holes". While pursuing this esoteric goal, they encountered a major technical hurdle related to signal distortion.

To fix the interference they were observing, the team accidentally developed a revolutionary signal processing technique aimed at reducing "signal echoes". This ingenious solution, while useless for tracking black holes, proved to be absolutely perfect for solving the exact problems of signal distortion that plagued early wireless data transmission indoors.

Their accidental discovery became the foundational pillar of modern "Wi-Fi technology". This breakthrough not only revolutionized the way the world connects wirelessly but also earned the CSIRO millions in licensing royalties, cementing its status as one of the most impactful scientific accidents in history.

\ \ \

13/11/2025

Join us in this exciting tutorial to discover how to effortlessly implement an automated Item Analysis system with ZipGrade! It’s a fantastic opportunity for teachers eager to save time ⏱️ while enhancing accuracy 📊. Don’t miss out on trying this innovative tool!
Watch here: https://youtu.be/ZzlIdmMnvZ8
DO NOT CLICK THIS: https://bit.ly/33SViLM

26/10/2025

G-wash out

(October 28)
UPDATE: The alleged GCash data leak forum post has been taken down. According to reports also, the Cybercrime Investigation and Coordinating Center (CICC) has also cleared GCash of any breach.

: GCash User Data Allegedly Sold on Dark Web — Millions of Accounts Affected

A data leak allegedly involving G-Xchange/GCash has surfaced on a dark web forum. The post, made by a user named Oversleep8351, claims to be selling records from 2019 up to October 2025, including eKYC (Know Your Customer) information, linked bank accounts, and GCash numbers.

According to the listing, the data includes both merchant and basic users — with personal details such as names, addresses, employment, and even valid Philippine IDs. The seller claims the dump contains up to 7–8 million users, offered in bundles priced up to $25,000, payable only through Monero (XMR) cryptocurrency.

The forum post states that all data is “unorganized,” meaning it must be sorted manually, and that the seller will only deal with “existing buyers” from previous dark web transactions.

If confirmed, this would be one of the largest alleged data leaks involving a Philippine fintech company to date.

📰 Read the full story in the comment section.

25/10/2025

Quan-tomorrow