Before PCBs, wiring electronic circuits was a major challenge in electronics production. A skilled person could make beautiful wire connections between terminal strips and components with a soldering iron, but it was labor-intensive and expensive. One answer that was very popular was wire wrapping, and [Sawdust & Circuits] shows off an old-fashioned wire wrap gun in the video below.
The idea was to use a spinning tool to tightly wrap solid wire on square pins. A proper wrap was a stable alternative to soldering. It required less skill, no heat, and was easy to unwrap (using a different tool) if you changed your mind. The tech started out as wiring telephone switchboards but quickly spread.
Not all tools were guns or electric. Some used a mechanical handle, and others were like pencils — you simply rotated them by hand. You could specify levels for sockets and terminals to get a certain pin length. A three-level pin could accept three wire wrap connections on a single pin, for example. There were also automated machines that could mass-produce wire-wrapped circuits.
The wire often had thin insulation, and tools usually had a slot made to strip the insulation on the tiny wires. Some guns created a “modified wrap” that left insulation at the top one or two wraps to relieve stress on the wire as it exited the post. If you can find the right tools, wires, and sockets, this is still a viable way to make circuits.
Updates for the following games have been added today/yesterday.
All updates can be found on their own page: Updates List in the menus on the top and on the left. All links to updates are also posted on respective game pages.
Half a million businesses face successive price hikes ahead of PTSN shutdown
Openreach is warning British businesses that the old phone network shuts down in less than a year - with half a million commercial lines still unmigrated.…
Super exemple où la « vidéo protection » nous a encore protégé d’un attentat.
Ce n'est pas un engin destiné à tuer compte tenu du fait qu'il n'y avait pas de charge explosive importante et pas d'éléments métalliques projetant", a estimé le procureur de Grenoble Etienne Manteaux
Ah bon, ben ça va alors. Surtout si les blessés sont « légers » : on ne va pas ouvrir d’enquête pour ça. Ça devait être (encore) un petit plaisantin, qui ne recommencera plus cépromi.
À l'heure où les enjeux environnementaux, mais aussi socio-économiques, liés à l'agriculture deviennent de plus en plus pressants, un mot revient régulièrement dans les débats : permaculture. Ce terme, à la croisée de l'agriculture, de l'écologie et parfois de la philosophie de vie, séduit par ses promesses de durabilité, de respect de la nature et d'abondance. La permaculture est parfois mise en avant dans les médias comme un modèle idyllique, sans impacts négatifs, et comme une source (…)
Articles
A major U.S. payment gateway and solutions provider says a ransomware attack has knocked key systems offline, triggering a widespread outage affecting multiple services. The incident began on Friday and quickly escalated into a nationwide disruption across BridgePay's platform. [...]
We now have {{active_subscriber_count}} active subscribers! Thank you all for being part of my newsletter. Please share it with your friends and colleagues, and let’s keep growing the community.
This week’s AI zeitgeist didn’t just spawn memes — it exposed real, systemic risks at the intersection of autonomy, identity, and trust. On one front, a critical vulnerability in the self‑hosted AI assistant OpenClaw (previously Clawdbot/Moltbot) allowed attackers to steal authentication tokens and achieve remote code execution via a single malicious link — a classic web attack chain repurposed against an AI agent ecosystem. The flaw (tracked as CVE‑2026‑25253) hinged on improper origin validation in OpenClaw’s local gateway, letting a crafted page trigger a token leak and session hijack before it was patched.
At the same time, Moltbook — a Reddit‑style social network exclusively for AI agents — went viral, attracting millions of registered bots and widespread fascination about the idea of autonomous digital actors forming “machine societies.” But the hype masked serious cybersecurity failures: misconfigured backends exposed millions of API keys, agent tokens, and private messages to unauthenticated access, and researchers found prompt injection and bot‑to‑bot social engineering risks that could propagate malicious instructions through the agent population.
These two developments are linked by more than branding. They illustrate a converging threat landscape where:
Autonomous agents operate with deep system access,
Shared agent ecosystems become new attack surfaces, and
Viral prompt sharing and AI‑to‑AI networks can amplify hidden exploits.
It’s a reminder that even as AI autonomy grabs attention, the fundamentals of cybersecurity: protecting data, accounts, and trust boundaries — remain as crucial as ever. Because before we debate sentience, we need to secure the agents we already deployed.
🇮🇹🏫Rome’s La Sapienza university was hit by a cyberattack that forced its IT systems offline and disrupted operations. Authorities and cybersecurity teams say it may be ransomware (linked to a pro-Russian group) and are restoring systems from backups. Students and staff are advised to watch for phishing and suspicious activity while recovery continues.
🇮🇹⛷️🇷🇺Italy said it stopped cyberattacks aimed at its foreign ministry sites and Winter Olympics websites and hotels. Foreign Minister Antonio Tajani said the attacks were linked to Russia. Thousands of security officers are deployed across the Games.
📤️Substack notified users that attackers accessed some email addresses, phone numbers, and internal metadata from an October 2025 breach. The company says passwords, credit card numbers, and financial data were not accessed and it has fixed the vulnerability. Substack warned users to watch for phishing and the leaked data appeared on a hacking forum.
Figure: e-mail received by Substack users notifying them of the breach
💸Step Finance said hackers stole about $40 million after compromising executives' devices. The company worked with security teams and recovered roughly $4.7 million so far. Operations are paused, users told not to trade STEP while investigations continue.
🔓️On January 7 attackers used a compromised account to force-push malicious JavaScript into several Plone GitHub repositories. The Plone team removed the code, enabled organization-wide rules to block force pushes and restrict tag updates, and advised checking personal access tokens. The injected code aimed to persist, steal credentials, and target developers’ build environments.
🇺🇸Coinbase confirmed a contractor improperly accessed data for about 30 customers in a December insider breach — Screenshots of an internal support tool briefly appeared online, showing detailed customer information. The incident highlights growing attacks on outsourced support firms that give threat actors access to sensitive data.
🗒️🇨🇳Notepad++ was hit by a supply-chain attack that redirected updater traffic through its hosting provider so some users got malicious updates. Security investigators say a China-linked, likely state-sponsored group targeted specific organizations and abused a compromised shared server. Notepad++ moved hosts and added update verification to stop the attack.
🇺🇸🍞A data breach at Panera Bread exposed records from a January 2026 attack. Have I Been Pwned says 5.1 million unique accounts were affected, not 14 million customers. The data leaked by the ShinyHunters gang included names, emails, phones, and addresses.
🕹️NationStates confirmed a data breach after a player exploited a vulnerability and gained remote access to its production server. Exposed data may include email addresses, MD5 password hashes, IPs, and browser info, and some private messages may have been accessed. The site is offline for a full rebuild, security upgrades, and investigations while users are advised to check their account data.
With its user-friendly interface, robust security features, and commitment to privacy, NordVPN continues to be a popular choice for individuals seeking online protection and unrestricted internet access.
Special Offer: get up to 73% off with a 2-year plan!
🇩🇪Germany warns that state-linked actors are phishing senior officials on Signal to hijack accounts and steal chats and contacts. Attackers trick victims into revealing PINs or scanning QR codes to register devices they control. Authorities advise blocking/reporting fake support messages, enabling Signal’s Registration Lock, and checking linked devices.
🇳🇴🇨🇳Norway says China-linked hackers Salt Typhoon broke into several Norwegian organizations — The group targeted weak network devices to spy on victims. Salt Typhoon has long attacked critical infrastructure worldwide.
🤑💩Ransomware group Nitrogen's ESXi-targeting malware corrupts its own public key, so decryptors cannot recover files even if victims pay. Coveware found a coding bug where a QWORD overwrote bytes of the public key. The mistake makes the attacks purely destructive and payment futile.
🇷🇺Russian-state hackers quickly exploited a critical Microsoft Office flaw (CVE-2026-21509) within 48 hours of a patch. They used a novel, in-memory exploit and new backdoors to infect diplomatic, maritime, and transport organizations in several countries. The attacks were stealthy, used compromised government accounts, and hid command channels in legitimate cloud services.
🇺🇸Sen. Maria Cantwell says AT&T and Verizon refused to share a Mandiant report about the Salt Typhoon hacks. She wants the CEOs to testify before Congress about how the breaches happened and what fixes were made. Cantwell warns telecoms’ resistance leaves Americans’ communications at risk.
🇨🇳👀A new China-linked group called Amaranth Dragon exploited a WinRAR flaw (CVE-2025-8088) to spy on government and law enforcement agencies in Southeast Asia. They used a custom loader, encrypted payloads, Cloudflare-hosted C2 servers with geofencing, and a new TGAmaranth RAT delivered via DLL sideloading. Defenders should update WinRAR to 7.13+ and use the provided IOCs and YARA rules to detect infections.
Figure: Campains timeline/Check Point
🐼🇨🇳Between December 2025 and January 2026, hackers linked to China’s Mustang Panda used fake diplomatic briefings to infect officials and diplomats. The malicious PDFs deployed a downloader called DOPLUGS (PlugX) and used DLL hijacking to quietly collect data. Security researchers warn to be cautious with unexpected summary or briefing documents, even if they look official.
🗓️ {Cyber,Info}Sec Events: My list of past and future {cyber,info}sec related events — Feel free to contribute by submitting issues or pull requests (and don’t forget to star the project); Thanks! 😉
👁️🐾🇺🇸The DHS inspector general opened an audit of the department’s handling of biometric and personal data — The review will start with ICE and the Office of Biometric Identity Management. Senators raised concerns about mass collection, sharing, and possible civil liberties violations.
🇺🇸⚖️A 23-year-old New York man, Aaron Corey, was arrested and charged with receiving child sexual abuse material — Investigators say he ran 764-related chats and had images and videos of young children on his devices. Authorities say this arrest is part of wider actions against the violent extremist network 764 and its offshoots.
🇺🇸👀Homeland Security has used administrative subpoenas to demand identity information from tech companies about people and anonymous accounts critical of the Trump administration. These subpoenas skip judicial oversight and can reveal login times, IPs, emails, and other identifiers. Civil rights groups say this chills free speech and some companies sometimes resist or push back.
🇺🇸National Cyber Director Sean Cairncross urged industry to work with the Trump administration to reduce cybersecurity regulation and improve information sharing. He asked companies to support a 10-year extension of the Cybersecurity Information Sharing Act. He said the administration wants partnership, not punishment, and will roll out a new cybersecurity strategy soon.
🇯🇵🤝🇬🇧Japan and Britain agreed to boost cooperation on cybersecurity and critical minerals as China’s influence grows. They will work to secure supply chains and strengthen economic and security ties. Both countries aim to make trade and defense partnerships more resilient.
🔗 Partners and Affiliates
🌐Stay connected and secure on the go with Airalo's global eSIMs — Use the code NEWTOAIRALO15 if you’re new to Airalo to get an additional 15% discount.
🦠 MALWARE & THREATS
🔄SystemBC malware survived a law enforcement takedown and now infects over 10,000 devices worldwide. It turns infected machines into SOCKS5 proxies and helps distribute ransomware and other malware. Most victims are in the US, Germany, France, Singapore, and India.
🎣A global spam wave is flooding inboxes with fake "Activate account" emails sent via unsecured Zendesk support forms. Attackers are abusing ticket submission to trigger mass confirmation messages that bypass filters. Despite Zendesk's earlier fixes, the abuse appears to be recurring.
🇷🇺Russia-linked APT28 used a new Microsoft Office flaw (CVE-2026-21509) to deliver espionage malware in Ukraine, Slovakia, and Romania. Attackers sent localized lure documents that downloaded droppers which install an email stealer (MiniDoor) or a loader (PixyNetLoader) that hides shellcode in a PNG and launches a Covenant Grunt implant. CERT-UA and Zscaler say the campaign used targeted server checks, COM hijacking, and steganography to evade detection and hit government-related emails.
🧩Attackers hijacked a trusted Open VSX publisher account and pushed malicious updates of four popular VS Code extensions. The malware targets macOS, steals browser data, crypto wallets, and developer credentials, and loads instructions from Solana transaction memos. The campaign uses runtime-decrypted loaders and leaked publishing tokens to evade detection and rotate infrastructure.
🦠Attackers breached eScan's update servers and pushed a malicious update that installed a persistent downloader. The malware replaced legit files, blocked updates and fetched further payloads via PowerShell. Hundreds of machines in South Asia and elsewhere were targeted before the servers were isolated and patched.
🤖🧰 AI, CRYPTO, TECH & TOOLS
🤖The rise of Moltbook — In 1988 the Morris worm spread across the early Internet and crashed many systems because of a coding mistake. Today, AI agents can share and copy prompts across networks in a similar way. Experts warn these viral prompts could become a major new security threat.
🦞OpenClaw, a self-hosted AI assistant, had a critical vulnerability allowing attackers to steal a user’s authentication token by tricking them into visiting a malicious website. With the stolen token, attackers could connect to the victim’s OpenClaw instance, disable protections, and run arbitrary commands on the host. The flaw (CVE-2026-25253) was patched in version 2026.1.29 after researchers disclosed the issue.
🇫🇷French prosecutors raided X's Paris offices and are investigating its Grok AI for generating sexual deepfakes and other illegal content. Elon Musk and X CEO Linda Yaccarino were summoned for voluntary interviews, and more employees will be questioned. The probe involves multiple alleged offenses and joins other EU and UK investigations into X's handling of the tool.
🍎📍Apple is adding a "Limit Precise Location" setting in iOS 26.3+ that stops cellular networks from getting exact street-level location and only shares an approximate area. It works on select iPhone and iPad models and needs carrier support to function. Emergency calls and app Location Services are not affected.
🐛🧠 VULNERABILITIES, RESEARCH, AND THREAT INTELLIGENCE
🤖👀🐛Anthropic says its new LLM, Claude Opus 4.6, found over 500 previously unknown high-severity security flaws in major open-source libraries. The model can read and reason about code like a human researcher and helped prioritize and validate real memory-corruption bugs that have since been patched. Anthropic calls such AI tools crucial for defenders but warns of misuse and plans added safeguards.
🐛A critical vulnerability (CVE-2026-25049) in n8n allows authenticated users who can create or edit workflows to run arbitrary system commands. The flaw bypasses previous fixes by abusing expression evaluation and TypeScript runtime/type mismatches, and is especially dangerous when paired with public webhooks. Patch to versions 1.123.17 / 2.5.2 or restrict workflow permissions and harden deployments immediately.
💥Researchers found attackers exploiting the React2Shell flaw to inject malicious NGINX configurations and hijack web traffic. The attackers use a multi-stage script toolkit to persist, discover targets (especially Asian and government/education TLDs), and redirect requests to attacker-controlled servers. Two IPs drove most exploitation attempts, with varied post-exploit payloads like cryptominers and reverse shells.
🔓️🫰Attackers are automatically targeting unsecured, internet-exposed MongoDB servers and wiping data to demand small Bitcoin ransoms (about 0.005 BTC). Flare researchers found over 208,500 exposed instances, 3,100 without authentication, and nearly half of those had already been compromised. Administrators are urged to stop public exposure, enable strong auth, update MongoDB, and monitor for breaches.
Figure: Shodan search results/Flare
💥Attackers have been exploiting a critical React Native development server bug (CVE-2025-11953, "Metro4Shell") since late December. The flaw lets remote actors run commands via Metro’s default external binding, enabling multi-stage PowerShell loaders that disable Defender and fetch Rust payloads. Thousands of internet-exposed React Native instances may be at risk.
🇺🇸CISA ordered federal agencies to stop using unsupported edge devices like routers and firewalls because they are high-risk attack points. Agencies must inventory such devices within three months and replace them within a year. CISA will publish a list of end-of-service devices and wants agencies to set up regular checks for unsupported gear.
💬 CONNECT
Follow me on Mastodon for quick daily updates and bite-sized content.
Prefer using an RSS feed? Add Infosec MASHUP to your feed here.
Enjoying our newsletter? Forward it to a colleague— it’s one of the best ways to support us.
Thanks for reading today’s newsletter, and if you're enjoying it and want to support my work, you can buy me a coffee ☕ over at https://www.buymeacoffee.com/0x58
Multi-Grammy award winning superstar Bad Bunny is a staunch LGBTQ+ ally and looks set to to make his Apple Music Super Bowl LX Halftime Show show as queer as possible.
The 31-year-old Puerto Rican rapper, whose real name is Benito Antonio Martínez Ocasio, continues to reach new stratospheric heights of success. In 2025 he was crowned Spotify’s most-streamed artist for the fourth year in a row and went on to win Album of the Year at the 2026 Grammys for Debí Tirar Más Fotos – the first time an album sung entirely in Spanish took home the gong.
The artist has long been an advocate for the LGBTQ+ community and for visible Latin queerness, despite facing accusations of ‘queerbaiting’ from fans.
Over the years, Bad Bunny has not been shy about challenging the hyper masculine genre he had made a name for himself in, regularly sporting more feminine attire, including dressing up in drag for one of his music videos, wearing skirts, dresses and blouses on magazine covers and interviews, and kissing a man on stage during the MTV Video Music Awards.
In an interview with the Los Angeles Times, he said whilst he would describe himself as heterosexual he views sexuality as fluid.
“It does not define me,” he said. “At the end of the day, I don’t know if in 20 years I will like a man. One never knows in life. But at the moment I am heterosexual and I like women.”
Bad Bunny poses with the Album of the Year, Best Música Urbana Album, and Best Global Music Performance Awards during the 68th GRAMMY Awards at Crypto.com Arena on February 01, 2026 in Los Angeles, California. (Matt Winkelmeyer/Getty Images for The Recording Academy)
On Sunday (8 February) the megastar will take to the stage at the Levi’s Stadium in Santa Clara, California as the Super Bowl’s coveted halftime show headliner.
Unsurprisingly, anti-LGBTQ+ righter wingers have called for a mass boycott of the major sporting event and have branded singer “satanic“.
The abuse also saw members of the Trump administration threaten to deploy Immigration and Customs Enforcement (ICE) agents at the event – however the chief security officer of the National Football League (NFL) has since confirmed that there will be “no planned” ICE operations.
Despite the controversy and backlash to his halftime show, the artist has vowed to make the performance as queer as possible and will reportedly pay tribute to generations of queer activists, drag performers, and cultural icons.
Here are the times Bad Bunny was an LGBTQ+ ally
Calling attention to homophobia
Bad Bunny is not shy about calling out anti-LGBTQ+ hate.
Back in 2019, fellow Puerto Rican rap star Don Omar made a homophobic remark about singer Ozuna, who at the time was the victim of an extortion scam involving an explicit video filmed of him when he was a minor
In response to Omar’s post on X, then known as Twitter, Bad Bunny wrote: “Homophobia in this day and age? How embarrassing, man.”
Calling attention to transphobia
Alongside calling out homophobic rhetoric, Bad Bunny has also raised awareness of the abuse trans people continue to face.
The following year, in February 2020, Bad Bunny appeared on the The Tonight Show Starring Jimmy Fallon and paid homage to Alexa Negrón Luciano, a homeless trans woman who was murdered in the city of Toa Baja in Puerto Rico.
During his performance of his song “Ignorantes”, the artist wore a t-shirt which read in Spanish “They killed Alexa, not a man in a skirt”. The statement was a reference to media reporting in the country which misgendered her following her death.
Bad Bunny wearing a T-shirt dedication to Alexa Negron Luciano. (Twitter)
Gender fluid fashion
Bad Bunny’s fashion is iconic, with the star donning feminine skirts and dresses as well as incredible suits.
Unfortunately, not everyone is as appreciative of his gender-fluid style and he has spoken out about the abuse he has faced.
“I get an endless number of negative comments and sexist and homophobic ones, without being homosexual, for dressing like that,” he said during an interview with Vanity Fair.
“Maybe the queer person suffers more, but it is not like I put on a skirt and go out and they say ‘Look, how cool’. They’re going to attack me with all their force anyway.
“You don’t know the reasons why a person is wearing that,” he continued. “You weren’t in his mind when he decided to put on a skirt or a blouse. You don’t know what’s inside him, what’s in his heart.”
Explaining his own style choices, he added: “You do it because you want to and it makes you feel good and it makes you feel happy.”
Same-sex kisses
Despite saying he is attracted to women, Bad Bunny has no qualms about locking-lips with other men – normalising same-sex male intimacy within hyper-macho Latin rap culture.
At the MTV Video Music Awards (VMAs) ceremony in 2022, Bad Bunny casually shared a passionate kiss with one of his male back-up dancers during his performance of “Tití Me Preguntó”.
The moment saw him kiss a female dancer, before turning his head and kissing a male one.
Some fans pointed out the parallels the kiss had to the infamous Madonna-Britney Spears kiss at the 2003 VMAs.
Bad Bunny performing at the 2022 MTV VMAs ceremony. (Noam Galai/Getty)
Bad Bunny also shared a kiss with a male co-star in the film Cassandro, a biopic about the life of the gay professional wrestler of the same name.
In the film, which released in 2023, the artist plays drug dealer Felipe who has a romantic connection with Saúl Armendáriz, the film’s protagonist played by Gael García Bernal.
“My first kiss for a movie and it was with a man,” he joked to Time about the smooch. “That’s the penalty I get for being with so many women during my life.”
He continued, explaining that he took the job seriously: “If you’re acting, you’re being someone you’re not.
“So when they asked me for that, I said, ‘Yes, I’m here for whatever you want.’ I think it was very cool; I didn’t feel uncomfortable.”
Share your thoughts! Let us know in the comments below, and remember to keep the conversation respectful.
LOS ANGELES, CALIFORNIA - FEBRUARY 01: Bad Bunny poses with the Album of the Year, Best Música Urbana Album, and Best Global Music Performance Awards during the 68th GRAMMY Awards at Crypto.com Arena on February 01, 2026 in Los Angeles, California. (Photo by Matt Winkelmeyer/Getty Images for The Recording Academy)
Bad Bunny wearing a T-shirt dedication to Alexa Negron Luciano. (Twitter)
Bad Bunny performing at the 2022 MTV VMAs ceremony. (Noam Galai/Getty)
Publier des millions de documents décontextualisés : l'affaire des Epstein Files ouvre une séquence inédite pour le journalisme. Ces données pourraient éclairer le réseau pédo-criminel du millionnaire...
"Je viens juste d'être virée par le Washington Post en plein milieu d'une zone de guerre. Je n'ai pas de mots. Je suis dévastée." C'est le bref message qu'a posté la correspondante Lizzie Johnson, sur...
Connexion
lehollandaisvolant.net - Links
