The housing crisis in Canada’s North, which has particularly affected the majority Indigenous population in northern communities, has been of ongoing concern to firms such as Taylor Architecture Group (TAG). Formerly known as Pin/Taylor, the firm was established in Yellowknife in 1983. TAG’s Principal, Simon Taylor, says that despite recent political gains for First Nations, “by and large, life is not improving up here.” Taylor and his colleagues have designed many different types of housing across the North. But the problems exceed the normal scope of architectural practice. TAG’s Manager of Research and Development, Kristel Derkowski, says, “We can design the units well, but it doesn’t solve many of the underlying problems.” To respond, she says, “we’ve backed up the process to look at the root causes more.” As a result, “the design challenges are informed by much broader systemic research.”  We spoke to Derkowski about her research, and the work that Taylor Architecture Group is doing to act on it. Here’s what she has to say. Inadequate housing from the start The Northwest Territories is about 51% Indigenous. Most non-Indigenous people are concentrated in the capital city of Yellowknife. Outside of Yellowknife, the territory is very much majority Indigenous.  The federal government got involved in delivering housing to the far North in 1959. There were problems with this program right from the beginning. One issue was that when the houses were first delivered, they were designed and fabricated down south, and they were completely inadequate for the climate. The houses from that initial program were called “Matchbox houses” because they were so small. These early stages of housing delivery helped establish the precedent that a lower standard of housing was acceptable for northern Indigenous residents compared to Euro-Canadian residents elsewhere. In many cases, that double-standard persists to this day. The houses were also inappropriately designed for northern cultures. It’s been said in the research that the way that these houses were delivered to northern settlements was a significant factor in people being divorced from their traditional lifestyles, their traditional hierarchies, the way that they understood home. It was imposing a Euro-Canadian model on Indigenous communities and their ways of life.  Part of what the federal government was trying to do was to impose a cash economy and stimulate a market. They were delivering houses and asking for rent. But there weren’t a lot of opportunities to earn cash. This housing was delivered around the sites of former fur trading posts—but the fur trade had collapsed by 1930. There weren’t a lot of jobs. There wasn’t a lot of wage-based employment. And yet, rental payments were being collected in cash, and the rental payments increased significantly over the span of a couple decades.  The imposition of a cash economy created problems culturally. It’s been said that public housing delivery, in combination with other social policies, served to introduce the concept of poverty in the far North, where it hadn’t existed before. These policies created a situation where Indigenous northerners couldn’t afford to be adequately housed, because housing demanded cash, and cash wasn’t always available. That’s a big theme that continues to persist today. Most of the territory’s communities remain “non-market”: there is no housing market. There are different kinds of economies in the North—and not all of them revolve wholly around cash. And yet government policies do. The governments’ ideas about housing do, too. So there’s a conflict there.  The federal exit from social housing After 1969, the federal government devolved housing to the territorial government. The Government of Northwest Territories created the Northwest Territories Housing Corporation. By 1974, the housing corporation took over all the stock of federal housing and started to administer it, in addition to building their own. The housing corporation was rapidly building new housing stock from 1975 up until the mid-1990s. But beginning in the early 1990s, the federal government terminated federal spending on new social housing across the whole country. A couple of years after that, they also decided to allow operational agreements with social housing providers to expire. It didn’t happen that quickly—and maybe not everybody noticed, because it wasn’t a drastic change where all operational funding disappeared immediately. But at that time, the federal government was in 25- to 50-year operational agreements with various housing providers across the country. After 1995, these long-term operating agreements were no longer being renewed—not just in the North, but everywhere in Canada.  With the housing corporation up here, that change started in 1996, and we have until 2038 before the federal contribution of operational funding reaches zero. As a result, beginning in 1996, the number of units owned by the NWT Housing Corporation plateaued. There was a little bump in housing stock after that—another 200 units or so in the early 2000s. But basically, the Northwest Territories was stuck for 25 years, from 1996 to 2021, with the same number of public housing units. In 1990, there was a report on housing in the NWT that was funded by the Canada Mortgage and Housing Corporation (CMHC). That report noted that housing was already in a crisis state. At that time, in 1990, researchers said it would take 30 more years to meet existing housing need, if housing production continued at the current rate. The other problem is that houses were so inadequately constructed to begin with, that they generally needed replacement after 15 years. So housing in the Northwest Territories already had serious problems in 1990. Then in 1996, the housing corporation stopped building more. So if you compare the total number of social housing units with the total need for subsidized housing in the territory, you can see a severely widening gap in recent decades. We’ve seen a serious escalation in housing need. The Northwest Territories has a very, very small tax base, and it’s extremely expensive to provide services here. Most of our funding for public services comes from the federal government. The NWT on its own does not have a lot of buying power. So ever since the federal government stopped providing operational funding for housing, the territorial government has been hard-pressed to replace that funding with its own internal resources. I should probably note that this wasn’t only a problem for the Northwest Territories. Across Canada, we have seen mass homelessness visibly emerge since the ’90s. This is related, at least in part, to the federal government’s decisions to terminate funding for social housing at that time. Today’s housing crisis Getting to present-day conditions in the NWT, we now have some “market” communities and some “non-market” communities. There are 33 communities total in the NWT, and at least 27 of these don’t have a housing market: there’s no private rental market and there’s no resale market. This relates back to the conflict I mentioned before: the cash economy did not entirely take root. In simple terms, there isn’t enough local employment or income opportunity for a housing market—in conventional terms—to work.  Yellowknife is an outlier in the territory. Economic opportunity is concentrated in the capital city. We also have five other “market” communities that are regional centres for the territorial government, where more employment and economic activity take place. Across the non-market communities, on average, the rate of unsuitable or inadequate housing is about five times what it is elsewhere in Canada. Rates of unemployment are about five times what they are in Yellowknife. On top of this, the communities with the highest concentration of Indigenous residents also have the highest rates of unsuitable or inadequate housing, and also have the lowest income opportunity. These statistics clearly show that the inequalities in the territory are highly racialized.  Given the situation in non-market communities, there is a severe affordability crisis in terms of the cost to deliver housing. It’s very, very expensive to build housing here. A single detached home costs over a million dollars to build in a place like Fort Good Hope (Rádeyı̨lı̨kóé). We’re talking about a very modest three-bedroom house, smaller than what you’d typically build in the South. The million-dollar price tag on each house is a serious issue. Meanwhile, in a non-market community, the potential resale value is extremely low. So there’s a massive gap between the cost of construction and the value of the home once built—and that’s why you have no housing market. It means that private development is impossible. That’s why, until recently, only the federal and territorial governments have been building new homes in non-market communities. It’s so expensive to do, and as soon as the house is built, its value plummets.  The costs of living are also very high. According to the NWT Bureau of Statistics, the estimated living costs for an individual in Fort Good Hope are about 1.8 times what it costs to live in Edmonton. Then when it comes to housing specifically, there are further issues with operations and maintenance. The NWT is not tied into the North American hydro grid, and in most communities, electricity is produced by a diesel generator. This is extremely expensive. Everything needs to be shipped in, including fuel. So costs for heating fuel are high as well, as are the heating loads. Then, maintenance and repairs can be very difficult, and of course, very costly. If you need any specialized parts or specialized labour, you are flying those parts and those people in from down South. So to take on the costs of homeownership, on top of the costs of living—in a place where income opportunity is limited to begin with—this is extremely challenging. And from a statistical or systemic perspective, this is simply not in reach for most community members. In 2021, the NWT Housing Corporation underwent a strategic renewal and became Housing Northwest Territories. Their mandate went into a kind of flux. They started to pivot from being the primary landlord in the territory towards being a partner to other third-party housing providers, which might be Indigenous governments, community housing providers, nonprofits, municipalities. But those other organisations, in most cases, aren’t equipped or haven’t stepped forward to take on social housing. Even though the federal government is releasing capital funding for affordable housing again, northern communities can’t always capitalize on that, because the source of funding for operations remains in question. Housing in non-market communities essentially needs to be subsidized—not just in terms of construction, but also in terms of operations. But that operational funding is no longer available. I can’t stress enough how critical this issue is for the North. Fort Good Hope and “one thing that (kind of) worked” I’ll talk a bit about Fort Good Hope. I don’t want to be speaking on behalf of the community here, but I will share a bit about the realities on the ground, as a way of putting things into context.  Fort Good Hope, or Rádeyı̨lı̨kóé, is on the Mackenzie River, close to the Arctic Circle. There’s a winter road that’s open at best from January until March—the window is getting narrower because of climate change. There were also barges running each summer for material transportation, but those have been cancelled for the past two years because of droughts linked to climate change. Aside from that, it’s a fly-in community. It’s very remote. It has about 500-600 people. According to census data, less than half of those people live in what’s considered acceptable housing.  The biggest problem is housing adequacy. That’s CMHC’s term for housing in need of major repairs. This applies to about 36% of households in Fort Good Hope. In terms of ownership, almost 40% of the community’s housing stock is managed by Housing NWT. That’s a combination of public housing units and market housing units—which are for professionals like teachers and nurses. There’s also a pretty high percentage of owner-occupied units—about 46%.  The story told by the community is that when public housing arrived in the 1960s, the people were living in owner-built log homes. Federal agents arrived and they considered some of those homes to be inadequate or unacceptable, and they bulldozed those homes, then replaced some of them—but maybe not all—with public housing units. Then residents had no choice but to rent from the people who took their homes away. This was not a good way to start up a public housing system. The state of housing in Fort Good Hope Then there was an issue with the rental rates, which drastically increased over time. During a presentation to a government committee in the ’80s, a community member explained that they had initially accepted a place in public housing for a rental fee of $2 a month in 1971. By 1984, the same community member was expected to pay $267 a month. That might not sound like much in today’s terms, but it was roughly a 13,000% increase for that same tenant—and it’s not like they had any other housing options to choose from. So by that point, they’re stuck with paying whatever is asked.  On top of that, the housing units were poorly built and rapidly deteriorated. One description from that era said the walls were four inches thick, with windows oriented north, and water tanks that froze in the winter and fell through the floor. The single heating source was right next to the only door—residents were concerned about the fire hazard that obviously created. Ultimately the community said: “We don’t actually want any more public housing units. We want to go back to homeownership, which was what we had before.”  So Fort Good Hope was a leader in housing at that time and continues to be to this day. The community approached the territorial government and made a proposal: “Give us the block funding for home construction, we’ll administer it ourselves, we’ll help people build houses, and they can keep them.” That actually worked really well. That was the start of the Homeownership Assistance Program (HAP) that ran for about ten years, beginning in 1982. The program expanded across the whole territory after it was piloted in Fort Good Hope. The HAP is still spoken about and written about as the one thing that kind of worked.  Self-built log cabins remain from Fort Good Hope’s 1980s Homeownership Program (HAP). Funding was cost-shared between the federal and territorial governments. Through the program, material packages were purchased for clients who were deemed eligible. The client would then contribute their own sweat equity in the form of hauling logs and putting in time on site. They had two years to finish building the house. Then, as long as they lived in that home for five more years, the loan would be forgiven, and they would continue owning the house with no ongoing loan payments. In some cases, there were no mechanical systems provided as part of this package, but the residents would add to the house over the years. A lot of these units are still standing and still lived in today. Many of them are comparatively well-maintained in contrast with other types of housing—for example, public housing units. It’s also worth noting that the one-time cost of the materials package was—from the government’s perspective—only a fraction of the cost to build and maintain a public housing unit over its lifespan. At the time, it cost about $50,000 to $80,000 to build a HAP home, whereas the lifetime cost of a public housing unit is in the order of $2,000,000. This program was considered very successful in many places, especially in Fort Good Hope. It created about 40% of their local housing stock at that time, which went from about 100 units to about 140. It’s a small community, so that’s quite significant.  What were the successful principles? The community-based decision-making power to allocate the funding. The sweat equity component, which brought homeownership within the range of being attainable for people—because there wasn’t cash needing to be transferred, when the cash wasn’t available. Local materials—they harvested the logs from the land, and the fact that residents could maintain the homes themselves. The Fort Good Hope Construction Centre. Rendering by Taylor Architecture Group The Fort Good Hope Construction Centre The HAP ended the same year that the federal government terminated new spending on social housing. By the late 1990s, the creation of new public housing stock or new homeownership units had gone down to negligible levels. But more recently, things started to change. The federal government started to release money to build affordable housing. Simultaneously, Indigenous governments are working towards Self-Government and settling their Land Claims. Federal funds have started to flow directly to Indigenous groups. Given these changes, the landscape of Northern housing has started to evolve. In 2016, Fort Good Hope created the K’asho Got’ine Housing Society, based on the precedent of the 1980s Fort Good Hope Housing Society. They said: “We did this before, maybe we can do it again.” The community incorporated a non-profit and came up with a five-year plan to meet housing need in their community. One thing the community did right away was start up a crew to deliver housing maintenance and repairs. This is being run by Ne’Rahten Developments Ltd., which is the business arm of Yamoga Land Corporation (the local Indigenous Government). Over the span of a few years, they built up a crew of skilled workers. Then Ne’Rahten started thinking, “Why can’t we do more? Why can’t we build our own housing?” They identified a need for a space where people could work year-round, and first get training, then employment, in a stable all-season environment. This was the initial vision for the Fort Good Hope Construction Centre, and this is where TAG got involved. We had some seed funding through the CMHC Housing Supply Challenge when we partnered with Fort Good Hope. We worked with the community for over a year to get the capital funding lined up for the project. This process required us to take on a different role than the one you typically would as an architect. It wasn’t just schematic-design-to-construction-administration. One thing we did pretty early on was a housing design workshop that was open to the whole community, to start understanding what type of housing people would really want to see. Another piece was a lot of outreach and advocacy to build up support for the project and partnerships—for example, with Housing Northwest Territories and Aurora College. We also reached out to our federal MP, the NWT Legislative Assembly and different MLAs, and we talked to a lot of different people about the link between employment and housing. The idea was that the Fort Good Hope Construction Centre would be a demonstration project. Ultimately, funding did come through for the project—from both CMHC and National Indigenous Housing Collaborative Inc. The facility itself will not be architecturally spectacular. It’s basically a big shed where you could build a modular house. But the idea is that the construction of those houses is combined with training, and it creates year-round indoor jobs. It intends to combat the short construction seasons, and the fact that people would otherwise be laid off between projects—which makes it very hard to progress with your training or your career. At the same time, the Construction Centre will build up a skilled labour force that otherwise wouldn’t exist—because when there’s no work, skilled people tend to leave the community. And, importantly, the idea is to keep capital funding in the community. So when there’s a new arena that needs to get built, when there’s a new school that needs to get built, you have a crew of people who are ready to take that on. Rather than flying in skilled labourers, you actually have the community doing it themselves. It’s working towards self-determination in housing too, because if those modular housing units are being built in the community, by community members, then eventually they’re taking over design decisions and decisions about maintenance—in a way that hasn’t really happened for decades. Transitional homeownership My research also looked at a transitional homeownership model that adapts some of the successful principles of the 1980s HAP. Right now, in non-market communities, there are serious gaps in the housing continuum—that is, the different types of housing options available to people. For the most part, you have public housing, and you have homelessness—mostly in the form of hidden homelessness, where people are sleeping on the couches of relatives. Then, in some cases, you have inherited homeownership—where people got homes through the HAP or some other government program. But for the most part, not a lot of people in non-market communities are actually moving into homeownership anymore. I asked the local housing manager in Fort Good Hope: “When’s the last time someone built a house in the community?” She said, “I can only think of one person. It was probably about 20 years ago, and that person actually went to the bank and got a mortgage. If people have a home, it’s usually inherited from their parents or from relatives.” And that situation is a bit of a problem in itself, because it means that people can’t move out of public housing. Public housing traps you in a lot of ways. For example, it punishes employment, because rent is geared to income. It’s been said many times that this model disincentivizes employment. I was in a workshop last year where an Indigenous person spoke up and said, “Actually, it’s not disincentivizing, it punishes employment. It takes things away from you.” Somebody at the territorial housing corporation in Yellowknife told me, “We have clients who are over the income threshold for public housing, but there’s nowhere else they can go.” Theoretically, they would go to the private housing market, they would go to market housing, or they would go to homeownership, but those options don’t exist or they aren’t within reach.  So the idea with the transitional homeownership model is to create an option that could allow the highest income earners in a non-market community to move towards homeownership. This could take some pressure off the public housing system. And it would almost be like a wealth distribution measure: people who are able to afford the cost of operating and maintaining a home then have that option, instead of remaining in government-subsidized housing. For those who cannot, the public housing system is still an option—and maybe a few more public housing units are freed up.  I’ve developed about 36 recommendations for a transitional homeownership model in northern non-market communities. The recommendations are meant to be actioned at various scales: at the scale of the individual household, the scale of the housing provider, and the scale of the whole community. The idea is that if you look at housing as part of a whole system, then there are certain moves that might make sense here—in a non-market context especially—that wouldn’t make sense elsewhere. So for example, we’re in a situation where a house doesn’t appreciate in value. It’s not a financial asset, it’s actually a financial liability, and it’s something that costs a lot to maintain over the years. Giving someone a house in a non-market community is actually giving them a burden, but some residents would be quite willing to take this on, just to have an option of getting out of public housing. It just takes a shift in mindset to start considering solutions for that kind of context. One particularly interesting feature of non-market communities is that they’re still functioning with a mixed economy: partially a subsistence-based or traditional economy, and partially a cash economy. I think that’s actually a strength that hasn’t been tapped into by territorial and federal policies. In the far North, in-kind and traditional economies are still very much a way of life. People subsidize their groceries with “country food,” which means food that was harvested from the land. And instead of paying for fuel tank refills in cash, many households in non-market communities are burning wood as their primary heat source. In communities south of the treeline, like Fort Good Hope, that wood is also harvested from the land. Despite there being no exchange of cash involved, these are critical economic activities—and they are also part of a sustainable, resilient economy grounded in local resources and traditional skills. This concept of the mixed economy could be tapped into as part of a housing model, by bringing back the idea of a ‘sweat equity’ contribution instead of a down payment—just like in the HAP. Contributing time and labour is still an economic exchange, but it bypasses the ‘cash’ part—the part that’s still hard to come by in a non-market community. Labour doesn’t have to be manual labour, either. There are all kinds of work that need to take place in a community: maybe taking training courses and working on projects at the Construction Centre, maybe helping out at the Band Office, or providing childcare services for other working parents—and so on. So it could be more inclusive than a model that focuses on manual labour. Another thing to highlight is a rent-to-own trial period. Not every client will be equipped to take on the burdens of homeownership. So you can give people a trial period. If it doesn’t work out and they can’t pay for operations and maintenance, they could continue renting without losing their home. Then it’s worth touching on some basic design principles for the homeownership units. In the North, the solutions that work are often the simplest—not the most technologically innovative. When you’re in a remote location, specialized replacement parts and specialized labour are both difficult to come by. And new technologies aren’t always designed for extreme climates—especially as we trend towards the digital. So rather than installing technologically complex, high-efficiency systems, it actually makes more sense to build something that people are comfortable with, familiar with, and willing to maintain. In a southern context, people suggest solutions like solar panels to manage energy loads. But in the North, the best thing you can do for energy is put a woodstove in the house. That’s something we’ve heard loud and clear in many communities. Even if people can’t afford to fill their fuel tank, they’re still able to keep chopping wood—or their neighbour is, or their brother, or their kid, and so on. It’s just a different way of looking at things and a way of bringing things back down to earth, back within reach of community members.  Regulatory barriers to housing access: Revisiting the National Building Code On that note, there’s one more project I’ll touch on briefly. TAG is working on a research study, funded by Housing, Infrastructure and Communities Canada, which looks at regulatory barriers to housing access in the North. The National Building Code (NBC) has evolved largely to serve the southern market context, where constraints and resources are both very different than they are up here. Technical solutions in the NBC are based on assumptions that, in some cases, simply don’t apply in northern communities. Here’s a very simple example: minimum distance to a fire hydrant. Most of our communities don’t have fire hydrants at all. We don’t have municipal services. The closest hydrant might be thousands of kilometres away. So what do we do instead? We just have different constraints to consider. That’s just one example but there are many more. We are looking closely at the NBC, and we are also working with a couple of different communities in different situations. The idea is to identify where there are conflicts between what’s regulated and what’s actually feasible, viable, and practical when it comes to on-the-ground realities. Then we’ll look at some alternative solutions for housing. The idea is to meet the intent of the NBC, but arrive at some technical solutions that are more practical to build, easier to maintain, and more appropriate for northern communities.  All of the projects I’ve just described are fairly recent, and very much still ongoing. We’ll see how it all plays out. I’m sure we’re going to run into a lot of new barriers and learn a lot more on the way, but it’s an incremental trial-and-error process. Even with the Construction Centre, we’re saying that this is a demonstration project, but how—or if—it rolls out in other communities would be totally community-dependent, and it could look very, very different from place to place.  In doing any research on Northern housing, one of the consistent findings is that there is no one-size-fits-all solution. Northern communities are not all the same. There are all kinds of different governance structures, different climates, ground conditions, transportation routes, different population sizes, different people, different cultures. Communities are Dene, Métis, Inuvialuit, as well as non-Indigenous, all with different ways of being. One-size-fits-all solutions don’t work—they never have. And the housing crisis is complex, and it’s difficult to unravel. So we’re trying to move forward with a few different approaches, maybe in a few different places, and we’re hoping that some communities, some organizations, or even some individual people, will see some positive impacts.  As appeared in the June 2025 issue of Canadian Architect magazine  The post Insites: Addressing the Northern housing crisis appeared first on Canadian Architect.

Asus' routers and popular and well-reviewed. As such, there's a good chance you have one of its devices powering your home wifi. If you do, you should probably check on it, since thousands of Asus' routers are now compromised. What happened?Cybersecurity company GreyNoise published a blog post about this router attack on Wednesday. GreyNoise says attackers used brute-force login attempts (running millions of login attempts until the right match is found) and authentication bypasses (forcing your way in around traditional authentication protocols) to break into these routers. Notably, hackers used authentication bypass techniques that aren't assigned CVEs (common vulnerabilities and exposures). CVEs are labels used to track publicly disclosed security vulnerabilities, which means the security vulnerabilities were either unknown or known only to a limited circle.Once in, hackers exploited the Asus router's CVE-2023-39780 vulnerability to run whatever commands they wanted. Hackers enabled SSH (secure shell) access through Asus' settings, which let them connect to and control the devices. They then stored the configuration—or backdoor—in NVRAM, rather than the disk of the router. The hackers did not leave malware behind, and even disabled logging, which makes their attacks difficult to detect. It's not clear who is behind these attacks, but GreyNoise did say the following: "The tactics used in this campaign—stealthy initial access, use of built-in system features for persistence, and careful avoidance of detection—are consistent with those seen in advanced, long-term operations, including activity associated with advanced persistent threat (APT) actors and operational relay box (ORB) networks. While GreyNoise has made no attribution, the level of tradecraft suggests a well-resourced and highly capable adversary."How did GreyNoise find out?Sift, GreyNoise’s AI technology, first detected an issue on March 17, noticing unusual traffic. GreyNoise uses fully emulated Asus profiles running factory firmware to test for issues like these, which let researchers observe the attackers' full behavior, reproduce the attack, and discover how the backdoor was installed. Researchers at the company received Sift’s report the following day, and began researching, coordinating with “government and industry partners.” GreyNoise reported that, as of May 27, nearly 9,000 routers were confirmed compromised. The company is pulling that data from Censys, which keeps tabs on internet-facing devices throughout the world. To make matters worse, the affected devices only continue to increase: As of this piece, there were 9,022 impacted routers listed on Censys' site. Luckily, GreyNoise reports that Asus patched the security vulnerability in a recent firmware update. However, if the router was compromised before the patch was installed, the backdoor hackers put into the router will not be removed. Even if this is the case, you can take action to protect your router.If you have an Asus router, do thisFirst, confirm your router is actually made by Asus. If it is, log in to your router via your internet browser. Logging into your router varies by device, but according to Asus, you can head to www.asusrouter.com, or enter your router's IP address into your address bar, then log in with your Asus router username and password. Asus says if this is the first time you've logged into the router, you'll need to set up your account.From here, identify the "Enable SSD" settings option. (You may find this under "Service" or "Administration," according to PCMag.) You'll know the router is compromised if you see that someone can log in via SSH over port 53828 with the following key: ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAo41nBoVFfj4HlVMGV+YPsxMDrMlbdDZ (the rest of the key has been cut for length).Now, disable the SSH entry and block these IP addresses: 101.99.91.151101.99.94.17379.141.163.179111.90.146.237From here, factory reset your router. Unfortunately, the patch alone won't be enough, since the attack survives any update. A total reset is the only way to be sure your router is protected. However, if you see your router was not affected here, install the latest firmware update ASAP. Unaffected routers that install the latest patch will be protected from this type of attack going forward.

May 30, 2025Ravie LakshmananBrowser Security / Malware A new malware campaign is distributing a novel Rust-based information stealer dubbed EDDIESTEALER using the popular ClickFix social engineering tactic initiated via fake CAPTCHA verification pages. "This campaign leverages deceptive CAPTCHA verification pages that trick users into executing a malicious PowerShell script, which ultimately deploys the infostealer, harvesting sensitive data such as credentials, browser information, and cryptocurrency wallet details," Elastic Security Labs researcher Jia Yu Chan said in an analysis. The attack chains begin with threat actors compromising legitimate websites with malicious JavaScript payloads that serve bogus CAPTCHA check pages, which prompt site visitors to "prove you are not [a] robot" by following a three-step process, a prevalent tactic called ClickFix. This involves instructing the potential victim to open the Windows Run dialog prompt, paste an already copied command into the "verification window" (i.e., the Run dialog), and press enter. This effectively causes the obfuscated PowerShell command to be executed, resulting in the retrieval of a next-stage payload from an external server ("llll[.]fit"). The JavaScript payload ("gverify.js") is subsequently saved to the victim's Downloads folder and executed using cscript in a hidden window. The main goal of the intermediate script is to fetch the EDDIESTEALER binary from the same remote server and store it in the Downloads folder with a pseudorandom 12-character file name. Written in Rust, EDDIESTEALER is a commodity stealer malware that can gather system metadata, receive tasks from a command-and-control (C2) server, and siphon data of interest from the infected host. The exfiltration targets include cryptocurrency wallets, web browsers, password managers, FTP clients, and messaging apps. "These targets are subject to change as they are configurable by the C2 operator," Elastic explained. "EDDIESTEALER then reads the targeted files using standard kernel32.dll functions like CreateFileW, GetFileSizeEx, ReadFile, and CloseHandle." The collected host information is encrypted and transmitted to the C2 server in a separate HTTP POST request after the completion of each task. Besides incorporating string encryption, the malware employs a custom WinAPI lookup mechanism for resolving API calls and creates a mutex to ensure that only one version is running at any given time. It also incorporates checks to determine if it's being executed in a sandboxed environment, and if so, deletes itself from disk. "Based on a similar self-deletion technique observed in Latrodectus, EDDIESTEALER is capable of deleting itself through NTFS Alternate Data Streams renaming, to bypass file locks," Elastic noted. Another noteworthy feature built into the stealer is its ability to bypass Chromium's app-bound encryption to gain access to unencrypted sensitive data, such as cookies. This is accomplished by including a Rust implementation of ChromeKatz, an open-source tool that can dump cookies and credentials from the memory of Chromium-based browsers. The Rust version of ChromeKatz also incorporates changes to handle scenarios where the targeted Chromium browser is not running. In such cases, it spawns a new browser instance using the command-line arguments "--window-position=-3000,-3000 https://google.com," effectively positioning the new window far off-screen and making its invisible to the user. In opening the browser, the objective is to enable the malware to read the memory associated with the network service child process of Chrome that's identified by the "-utility-sub-type=network.mojom.NetworkService" flag and ultimately extract the credentials. Elastic said it also identified updated versions of the malware with features to harvest running processes, GPU information, number of CPU cores, CPU name, and CPU vendor. In addition, the new variants tweak the C2 communication pattern by preemptively sending the host information to the server before receiving the task configuration. That's not all. The encryption key used for client-to-server communication is hard-coded into the binary, as opposed to retrieving it dynamically from the server. Furthermore, the stealer has been found to launch a new Chrome process with the --remote-debugging-port=<port_num> flag to enable DevTools Protocol over a local WebSocket interface so as to interact with the browser in a headless manner, without requiring any user interaction. "This adoption of Rust in malware development reflects a growing trend among threat actors seeking to leverage modern language features for enhanced stealth, stability, and resilience against traditional analysis workflows and threat detection engines," the company said. The disclosure comes as c/side revealed details of a ClickFix campaign that targets multiple platforms, such as Apple macOS, Android, and iOS, using techniques like browser-based redirections, fake UI prompts, and drive-by download techniques. The attack chain starts with an obfuscated JavaScript hosted on a website, that when visited from macOS, initiates a series of redirections to a page that guides victims to launch Terminal and run a shell script, which leads to the download of a stealer malware that has been flagged on VirusTotal as the Atomic macOS Stealer (AMOS). However, the same campaign has been configured to initiate a drive-by download scheme when visiting the web page from an Android, iOS, or Windows device, leading to the deployment of another trojan malware. The disclosures coincide with the emergence of new stealer malware families like Katz Stealer and AppleProcessHub Stealer targeting Windows and macOS respectively, and are capable of harvesting a wide range of information from infected hosts, according to Nextron and Kandji. Katz Stealer, like EDDIESTEALER, is engineered to circumvent Chrome's app-bound encryption, but in a different way by employing DLL injection to obtain the encryption key without administrator privileges and use it to decrypt encrypted cookies and passwords from Chromium-based browsers. "Attackers conceal malicious JavaScript in gzip files, which, when opened, trigger the download of a PowerShell script," Nextron said. "This script retrieves a .NET-based loader payload, which injects the stealer into a legitimate process. Once active, it exfiltrates stolen data to the command and control server." AppleProcessHub Stealer, on the other hand, is designed to exfiltrate user files including bash history, zsh history, GitHub configurations, SSH information, and iCloud Keychain. Attack sequences distributing the malware entail the use of a Mach-O binary that downloads a second-stage bash stealer script from the server "appleprocesshub[.]com" and runs it, the results of which are then exfiltrated back to the C2 server. Details of the malware were first shared by the MalwareHunterTeam on May 15, 2025, and by MacPaw's Moonlock Lab last week. "This is an example of a Mach-O written in Objective-C which communicates with a command and control server to execute scripts," Kandji researcher Christopher Lopez said. Found this article interesting? Follow us on Twitter  and LinkedIn to read more exclusive content we post. SHARE    

Cyber threats don't show up one at a time anymore. They're layered, planned, and often stay hidden until it's too late. For cybersecurity teams, the key isn't just reacting to alerts—it's spotting early signs of trouble before they become real threats. This update is designed to deliver clear, accurate insights based on real patterns and changes we can verify. With today's complex systems, we need focused analysis—not noise. What you'll see here isn't just a list of incidents, but a clear look at where control is being gained, lost, or quietly tested. ⚡ Threat of the Week Lumma Stealer, DanaBot Operations Disrupted — A coalition of private sector companies and law enforcement agencies have taken down the infrastructure associated with Lumma Stealer and DanaBot. Charges have also been unsealed against 16 individuals for their alleged involvement in the development and deployment of DanaBot. The malware is equipped to siphon data from victim computers, hijack banking sessions, and steal device information. More uniquely, though, DanaBot has also been used for hacking campaigns that appear to be linked to Russian state-sponsored interests. All of that makes DanaBot a particularly clear example of how commodity malware has been repurposed by Russian state hackers for their own goals. In tandem, about 2,300 domains that acted as the command-and-control (C2) backbone for the Lumma information stealer have been seized, alongside taking down 300 servers and neutralizing 650 domains that were used to launch ransomware attacks. The actions against international cybercrime in the past few days constituted the latest phase of Operation Endgame. Get the Guide ➝ 🔔 Top News Threat Actors Use TikTok Videos to Distribute Stealers — While ClickFix has become a popular social engineering tactic to deliver malware, threat actors have been observed using artificial intelligence (AI)-generated videos uploaded to TikTok to deceive users into running malicious commands on their systems and deploy malware like Vidar and StealC under the guise of activating pirated version of Windows, Microsoft Office, CapCut, and Spotify. "This campaign highlights how attackers are ready to weaponize whichever social media platforms are currently popular to distribute malware," Trend Micro said. APT28 Hackers Target Western Logistics and Tech Firms — Several cybersecurity and intelligence agencies from Australia, Europe, and the United States issued a joint alert warning of a state-sponsored campaign orchestrated by the Russian state-sponsored threat actor APT28 targeting Western logistics entities and technology companies since 2022. "This cyber espionage-oriented campaign targeting logistics entities and technology companies uses a mix of previously disclosed TTPs and is likely connected to these actors' wide scale targeting of IP cameras in Ukraine and bordering NATO nations," the agencies said. The attacks are designed to steal sensitive information and maintain long-term persistence on compromised hosts. Chinese Threat Actors Exploit Ivanti EPMM Flaws — The China-nexus cyber espionage group tracked as UNC5221 has been attributed to the exploitation of a pair of security flaws affecting Ivanti Endpoint Manager Mobile (EPMM) software (CVE-2025-4427 and CVE-2025-4428) to target a wide range of sectors across Europe, North America, and the Asia-Pacific region. The intrusions leverage the vulnerabilities to obtain a reverse shell and drop malicious payloads like KrustyLoader, which is known to deliver the Sliver command-and-control (C2) framework. "UNC5221 demonstrates a deep understanding of EPMM's internal architecture, repurposing legitimate system components for covert data exfiltration," EclecticIQ said. "Given EPMM's role in managing and pushing configurations to enterprise mobile devices, a successful exploitation could allow threat actors to remotely access, manipulate, or compromise thousands of managed devices across an organization." Over 100 Google Chrome Extensions Mimic Popular Tools — An unknown threat actor has been attributed to creating several malicious Chrome Browser extensions since February 2024 that masquerade as seemingly benign utilities such as DeepSeek, Manus, DeBank, FortiVPN, and Site Stats but incorporate covert functionality to exfiltrate data, receive commands, and execute arbitrary code. Links to these browser add-ons are hosted on specially crafted sites to which users are likely redirected to via phishing and social media posts. While the extensions appear to offer the advertised features, they also stealthily facilitate credential and cookie theft, session hijacking, ad injection, malicious redirects, traffic manipulation, and phishing via DOM manipulation. Several of these extensions have been taken down by Google. CISA Warns of SaaS Providers of Attacks Targeting Cloud Environments — The U.S. Cybersecurity and Infrastructure Security Agency (CISA) warned that SaaS companies are under threat from bad actors who are on the prowl for cloud applications with default configurations and elevated permissions. While the agency did not attribute the activity to a specific group, the advisory said enterprise backup platform Commvault is monitoring cyber threat activity targeting applications hosted in their Microsoft Azure cloud environment. "Threat actors may have accessed client secrets for Commvault's (Metallic) Microsoft 365 (M365) backup software-as-a-service (SaaS) solution, hosted in Azure," CISA said. "This provided the threat actors with unauthorized access to Commvault's customers' M365 environments that have application secrets stored by Commvault." GitLab AI Coding Assistant Flaws Could Be Used to Inject Malicious Code — Cybersecurity researchers have discovered an indirect prompt injection flaw in GitLab's artificial intelligence (AI) assistant Duo that could have allowed attackers to steal source code and inject untrusted HTML into its responses, which could then be used to direct victims to malicious websites. The attack could also leak confidential issue data, such as zero-day vulnerability details. All that's required is for the attacker to instruct the chatbot to interact with a merge request (or commit, issue, or source code) by taking advantage of the fact that GitLab Duo has extensive access to the platform. "By embedding hidden instructions in seemingly harmless project content, we were able to manipulate Duo's behavior, exfiltrate private source code, and demonstrate how AI responses can be leveraged for unintended and harmful outcomes," Legit Security said. One variation of the attack involved hiding a malicious instruction in an otherwise legitimate piece of source code, while another exploited Duo's parsing of markdown responses in real-time asynchronously. An attacker could leverage this behavior – that Duo begins rendering the output line by line rather than waiting until the entire response is generated and sending it all at once – to introduce malicious HTML code that can access sensitive data and exfiltrate the information to a remote server. The issues have been patched by GitLab following responsible disclosure. ‎️‍🔥 Trending CVEs Software vulnerabilities remain one of the simplest—and most effective—entry points for attackers. Each week uncovers new flaws, and even small delays in patching can escalate into serious security incidents. Staying ahead means acting fast. Below is this week's list of high-risk vulnerabilities that demand attention. Review them carefully, apply updates without delay, and close the doors before they're forced open. This week's list includes — CVE-2025-34025, CVE-2025-34026, CVE-2025-34027 (Versa Concerto), CVE-2025-30911 (RomethemeKit For Elementor WordPress plugin), CVE-2024-57273, CVE-2024-54780, and CVE-2024-54779 (pfSense), CVE-2025-41229 (VMware Cloud Foundation), CVE-2025-4322 (Motors WordPress theme), CVE-2025-47934 (OpenPGP.js), CVE-2025-30193 (PowerDNS), CVE-2025-0993 (GitLab), CVE-2025-36535 (AutomationDirect MB-Gateway), CVE-2025-47949 (Samlify), CVE-2025-40775 (BIND DNS), CVE-2025-20152 (Cisco Identity Services Engine), CVE-2025-4123 (Grafana), CVE-2025-5063 (Google Chrome), CVE-2025-37899 (Linux Kernel), CVE-2025-26817 (Netwrix Password Secure), CVE-2025-47947 (ModSecurity), CVE-2025-3078, CVE-2025-3079 (Canon Printers), and CVE-2025-4978 (NETGEAR). 📰 Around the Cyber World Sandworm Drops New Wiper in Ukraine — The Russia-aligned Sandworm group intensified destructive operations against Ukrainian energy companies, deploying a new wiper named ZEROLOT. "The infamous Sandworm group concentrated heavily on compromising Ukrainian energy infrastructure. In recent cases, it deployed the ZEROLOT wiper in Ukraine. For this, the attackers abused Active Directory Group Policy in the affected organizations," ESET Director of Threat Research, Jean-Ian Boutin, said. Another Russian hacking group, Gamaredon, remained the most prolific actor targeting the East European nation, enhancing malware obfuscation and introducing PteroBox, a file stealer leveraging Dropbox. Signal Says No to Recall — Signal has released a new version of its messaging app for Windows that, by default, blocks the ability of Windows to use Recall to periodically take screenshots of the app. "Although Microsoft made several adjustments over the past twelve months in response to critical feedback, the revamped version of Recall still places any content that's displayed within privacy-preserving apps like Signal at risk," Signal said. "As a result, we are enabling an extra layer of protection by default on Windows 11 in order to help maintain the security of Signal Desktop on that platform even though it introduces some usability trade-offs. Microsoft has simply given us no other option." Microsoft began officially rolling out Recall last month. Russia Introduces New Law to Track Foreigners Using Their Smartphones — The Russian government has introduced a new law that makes installing a tracking app mandatory for all foreign nationals in the Moscow region. This includes gathering their real-time locations, fingerprint, face photograph, and residential information. "The adopted mechanism will allow, using modern technologies, to strengthen control in the field of migration and will also contribute to reducing the number of violations and crimes in this area," Vyacheslav Volodin, chairman of the State Duma, said. "If migrants change their actual place of residence, they will be required to inform the Ministry of Internal Affairs (MVD) within three working days." A proposed four-year trial period begins on September 1, 2025, and runs until September 1, 2029. Dutch Government Passes Law to Criminalize Cyber Espionage — The Dutch government has approved a law criminalizing a wide range of espionage activities, including digital espionage, in an effort to protect national security, critical infrastructure, and high-quality technologies. Under the amended law, leaking sensitive information that is not classified as a state secret or engaging in activities on behalf of a foreign government that harm Dutch interests can also result in criminal charges. "Foreign governments are also interested in non-state-secret, sensitive information about a particular economic sector or about political decision-making," the government said. "Such information can be used to influence political processes, weaken the Dutch economy or play allies against each other. Espionage can also involve actions other than sharing information." Microsoft Announces Availability of Quantum-Resistant Algorithms to SymCrypt — Microsoft has revealed that it's making post-quantum cryptography (PQC) capabilities, including ML-KEM and ML-DSA, available for Windows Insiders, Canary Channel Build 27852 and higher, and Linux, SymCrypt-OpenSSL version 1.9.0. "This advancement will enable customers to commence their exploration and experimentation of PQC within their operational environments," Microsoft said. "By obtaining early access to PQC capabilities, organizations can proactively assess the compatibility, performance, and integration of these novel algorithms alongside their existing security infrastructure." New Malware DOUBLELOADER Uses ALCATRAZ for Obfuscation — The open-source obfuscator ALCATRAZ has been seen within a new generic loader dubbed DOUBLELOADER, which has been deployed alongside Rhadamanthys Stealer infections starting December 2024. The malware collects host information, requests an updated version of itself, and starts beaconing to a hardcoded IP address (185.147.125[.]81) stored within the binary. "Obfuscators such as ALCATRAZ end up increasing the complexity when triaging malware," Elastic Security Labs said. "Its main goal is to hinder binary analysis tools and increase the time of the reverse engineering process through different techniques; such as hiding the control flow or making decompilation hard to follow." New Formjacking Campaign Targets WooCommerce Sites — Cybersecurity researchers have detected a sophisticated formjacking campaign targeting WooCommerce sites. The malware, per Wordfence, injects a fake but professional-looking payment form into legitimate checkout processes and exfiltrates sensitive customer data to an external server. Further analysis has revealed that the infection likely originated from a compromised WordPress admin account, which was used to inject malicious JavaScript via a Simple Custom CSS and JS plugin (or something similar) that allows administrators to add custom code. "Unlike traditional card skimmers that simply overlay existing forms, this variant carefully integrates with the WooCommerce site's design and payment workflow, making it particularly difficult for site owners and users to detect," the WordPress security company said. "The malware author repurposed the browser's localStorage mechanism – typically used by websites to remember user preferences – to silently store stolen data and maintain access even after page reloads or when navigating away from the checkout page." E.U. Sanctions Stark Industries — The European Union (E.U.) has announced sanctions against 21 individuals and six entities in Russia over its "destabilising actions" in the region. One of the sanctioned entities is Stark Industries, a bulletproof hosting provider that has been accused of acting as "enablers of various Russian state-sponsored and affiliated actors to conduct destabilising activities including, information manipulation interference and cyber attacks against the Union and third countries." The sanctions also target its CEO Iurie Neculiti and owner Ivan Neculiti. Stark Industries was previously spotlighted by independent cybersecurity journalist Brian Krebs, detailing its use in DDoS attacks in Ukraine and across Europe. In August 2024, Team Cymru said it discovered 25 Stark-assigned IP addresses used to host domains associated with FIN7 activities and that it had been working with Stark Industries for several months to identify and reduce abuse of their systems. The sanctions have also targeted Kremlin-backed manufacturers of drones and radio communication equipment used by the Russian military, as well as those involved in GPS signal jamming in Baltic states and disrupting civil aviation. The Mask APT Unmasked as Tied to the Spanish Government — The mysterious threat actor known as The Mask (aka Careto) has been identified as run by the Spanish government, according to a report published by TechCrunch, citing people who worked at Kaspersky at the time and had knowledge of the investigation. The Russian cybersecurity company first exposed the hacking group in 2014, linking it to highly sophisticated attacks since at least 2007 targeting high-profile organizations, such as governments, diplomatic entities, and research institutions. A majority of the group's attacks have targeted Cuba, followed by hundreds of victims in Brazil, Morocco, Spain, and Gibraltar. While Kaspersky has not publicly attributed it to a specific country, the latest revelation makes The Mask one of the few Western government hacking groups that has ever been discussed in public. This includes the Equation Group, the Lamberts (the U.S.), and Animal Farm (France). Social Engineering Scams Target Coinbase Users — Earlier this month, cryptocurrency exchange Coinbase revealed that it was the victim of a malicious attack perpetrated by unknown threat actors to breach its systems by bribing customer support agents in India and siphon funds from nearly 70,000 customers. According to Blockchain security firm SlowMist, Coinbase users have been the target of social engineering scams since the start of the year, bombarding with SMS messages claiming to be fake withdrawal requests and seeking their confirmation as part of a "sustained and organized scam campaign." The goal is to induce a false sense of urgency and trick them into calling a number, eventually convincing them to transfer the funds to a secure wallet with a seed phrase pre-generated by the attackers and ultimately drain the assets. It's assessed that the activities are primarily carried out by two groups: low-level skid attackers from the Com community and organized cybercrime groups based in India. "Using spoofed PBX phone systems, scammers impersonate Coinbase support and claim there's been 'unauthorized access' or 'suspicious withdrawals' on the user's account," SlowMist said. "They create a sense of urgency, then follow up with phishing emails or texts containing fake ticket numbers or 'recovery links.'" Delta Can Sue CrowdStrike Over July 2024 Mega Outage — Delta Air Lines, which had its systems crippled and almost 7,000 flights canceled in the wake of a massive outage caused by a faulty update issued by CrowdStrike in mid-July 2024, has been given the green light to pursue to its lawsuit against the cybersecurity company. A judge in the U.S. state of Georgia stating Delta can try to prove that CrowdStrike was grossly negligent by pushing a defective update to its Falcon software to customers. The update crashed 8.5 million Windows devices across the world. Crowdstrike previously claimed that the airline had rejected technical support offers both from itself and Microsoft. In a statement shared with Reuters, lawyers representing CrowdStrike said they were "confident the judge will find Delta's case has no merit, or will limit damages to the 'single-digit millions of dollars' under Georgia law." The development comes months after MGM Resorts International agreed to pay $45 million to settle multiple class-action lawsuits related to a data breach in 2019 and a ransomware attack the company experienced in 2023. Storm-1516 Uses AI-Generated Media to Spread Disinformation — The Russian influence operation known as Storm-1516 (aka CopyCop) sought to spread narratives that undermined the European support for Ukraine by amplifying fabricated stories on X about European leaders using drugs while traveling by train to Kyiv for peace talks. One of the posts was subsequently shared by Russian state media and Maria Zakharova, a senior official in Russia's foreign ministry, as part of what has been described as a coordinated disinformation campaign by EclecticIQ. The activity is also notable for the use of synthetic content depicting French President Emmanuel Macron, U.K. Labour Party leader Keir Starmer, and German chancellor Friedrich Merz of drug possession during their return from Ukraine. "By attacking the reputation of these leaders, the campaign likely aimed to turn their own voters against them, using influence operations (IO) to reduce public support for Ukraine by discrediting the politicians who back it," the Dutch threat intelligence firm said. Turkish Users Targeted by DBatLoader — AhnLab has disclosed details of a malware campaign that's distributing a malware loader called DBatLoader (aka ModiLoader) via banking-themed banking emails, which then acts as a conduit to deliver SnakeKeylogger, an information stealer developed in .NET. "The DBatLoader malware distributed through phishing emails has the cunning behavior of exploiting normal processes (easinvoker.exe, loader.exe) through techniques such as DLL side-loading and injection for most of its behaviors, and it also utilizes normal processes (cmd.exe, powershell.exe, esentutl.exe, extrac32.exe) for behaviors such as file copying and changing policies," the company said. SEC SIM-Swapper Sentenced to 14 Months for SEC X Account Hack — A 26-year-old Alabama man, Eric Council Jr., has been sentenced to 14 months in prison and three years of supervised release for using SIM swapping attacks to breach the U.S. Securities and Exchange Commission's (SEC) official X account in January 2024 and falsely announced that the SEC approved Bitcoin (BTC) Exchange Traded Funds (ETFs). Council Jr. (aka Ronin, Agiantschnauzer, and @EasyMunny) was arrested in October 2024 and pleaded guilty to the crime earlier this February. He has also been ordered to forfeit $50,000. According to court documents, Council used his personal computer to search incriminating phrases such as "SECGOV hack," "telegram sim swap," "how can I know for sure if I am being investigated by the FBI," "What are the signs that you are under investigation by law enforcement or the FBI even if you have not been contacted by them," "what are some signs that the FBI is after you," "Verizon store list," "federal identity theft statute," and "how long does it take to delete telegram account." FBI Warns of Malicious Campaign Impersonating Government Officials — The U.S. Federal Bureau of Investigation (FBI) is warning of a new campaign that involves malicious actors impersonating senior U.S. federal or state government officials and their contacts to target individuals since April 2025. "The malicious actors have sent text messages and AI-generated voice messages — techniques known as smishing and vishing, respectively — that claim to come from a senior US official in an effort to establish rapport before gaining access to personal accounts," the FBI said. "One way the actors gain such access is by sending targeted individuals a malicious link under the guise of transitioning to a separate messaging platform." From there, the actor may present malware or introduce hyperlinks that lead intended targets to an actor-controlled site that steals login information. DICOM Flaw Enables Attackers to Embed Malicious Code Within Medical Image Files — Praetorian has released a proof-of-concept (PoC) for a high-severity security flaw in Digital Imaging and Communications in Medicine (DICOM), predominant file format for medical images, that enables attackers to embed malicious code within legitimate medical image files. CVE-2019-11687 (CVSS score: 7.8), originally disclosed in 2019 by Markel Picado Ortiz, stems from a design decision that allows arbitrary content at the start of the file, otherwise called the Preamble, which enables the creation of malicious polyglots. Codenamed ELFDICOM, the PoC extends the attack surface to Linux environments, making it a much more potent threat. As mitigations, it's advised to implement a DICOM preamble whitelist. "DICOM's file structure inherently allows arbitrary bytes at the beginning of the file, where Linux and most operating systems will look for magic bytes," Praetorian researcher Ryan Hennessee said. "[The whitelist] would check a DICOM file's preamble before it is imported into the system. This would allow known good patterns, such as 'TIFF' magic bytes, or '\x00' null bytes, while files with the ELF magic bytes would be blocked." Cookie-Bite Attack Uses Chrome Extension to Steal Session Tokens — Cybersecurity researchers have demonstrated a new attack technique called Cookie-Bite that employs custom-made malicious browser extensions to steal "ESTAUTH" and "ESTSAUTHPERSISTNT" cookies in Microsoft Azure Entra ID and bypass multi-factor authentication (MFA). The attack has multiple moving parts to it: A custom Chrome extension that monitors authentication events and captures cookies; a PowerShell script that automates the extension deployment and ensures persistence; an exfiltration mechanism to send the cookies to a remote collection point; and a complementary extension to inject the captured cookies into the attacker's browser. "Threat actors often use infostealers to extract authentication tokens directly from a victim's machine or buy them directly through darkness markets, allowing adversaries to hijack active cloud sessions without triggering MFA," Varonis said. "By injecting these cookies while mimicking the victim's OS, browser, and network, attackers can evade Conditional Access Policies (CAPs) and maintain persistent access." Authentication cookies can also be stolen using adversary-in-the-middle (AitM) phishing kits in real-time, or using rogue browser extensions that request excessive permissions to interact with web sessions, modify page content, and extract stored authentication data. Once installed, the extension can access the browser's storage API, intercept network requests, or inject malicious JavaScript into active sessions to harvest real-time session cookies. "By leveraging stolen session cookies, an adversary can bypass authentication mechanisms, gaining seamless entry into cloud environments without requiring user credentials," Varonis said. "Beyond initial access, session hijacking can facilitate lateral movement across the tenant, allowing attackers to explore additional resources, access sensitive data, and escalate privileges by abusing existing permissions or misconfigured roles." 🎥 Cybersecurity Webinars Non-Human Identities: The AI Backdoor You're Not Watching → AI agents rely on Non-Human Identities (like service accounts and API keys) to function—but these are often left untracked and unsecured. As attackers shift focus to this hidden layer, the risk is growing fast. In this session, you'll learn how to find, secure, and monitor these identities before they're exploited. Join the webinar to understand the real risks behind AI adoption—and how to stay ahead. Inside the LOTS Playbook: How Hackers Stay Undetected → Attackers are using trusted sites to stay hidden. In this webinar, Zscaler experts share how they detect these stealthy LOTS attacks using insights from the world's largest security cloud. Join to learn how to spot hidden threats and improve your defense. 🔧 Cybersecurity Tools ScriptSentry → It is a free tool that scans your environment for dangerous logon script misconfigurations—like plaintext credentials, insecure file/share permissions, and references to non-existent servers. These overlooked issues can enable lateral movement, privilege escalation, or even credential theft. ScriptSentry helps you quickly identify and fix them across large Active Directory environments. Aftermath → It is a Swift-based, open-source tool for macOS incident response. It collects forensic data—like logs, browser activity, and process info—from compromised systems, then analyzes it to build timelines and track infection paths. Deploy via MDM or run manually. Fast, lightweight, and ideal for post-incident investigation. AI Red Teaming Playground Labs → It is an open-source training suite with hands-on challenges designed to teach security professionals how to red team AI systems. Originally developed for Black Hat USA 2024, the labs cover prompt injections, safety bypasses, indirect attacks, and Responsible AI failures. Built on Chat Copilot and deployable via Docker, it's a practical resource for testing and understanding real-world AI vulnerabilities. 🔒 Tip of the Week Review and Revoke Old OAuth App Permissions — They're Silent Backdoor → You've likely logged into apps using "Continue with Google," "Sign in with Microsoft," or GitHub/Twitter/Facebook logins. That's OAuth. But did you know many of those apps still have access to your data long after you stop using them? Why it matters: Even if you delete the app or forget it existed, it might still have ongoing access to your calendar, email, cloud files, or contact list — no password needed. If that third-party gets breached, your data is at risk. What to do: Go through your connected apps here: Google: myaccount.google.com/permissions Microsoft: account.live.com/consent/Manage GitHub: github.com/settings/applications Facebook: facebook.com/settings?tab=applications Revoke anything you don't actively use. It's a fast, silent cleanup — and it closes doors you didn't know were open. Conclusion Looking ahead, it's not just about tracking threats—it's about understanding what they reveal. Every tactic used, every system tested, points to deeper issues in how trust, access, and visibility are managed. As attackers adapt quickly, defenders need sharper awareness and faster response loops. The takeaways from this week aren't just technical—they speak to how teams prioritize risk, design safeguards, and make choices under pressure. Use these insights not just to react, but to rethink what "secure" really needs to mean in today's environment. Found this article interesting? Follow us on Twitter  and LinkedIn to read more exclusive content we post.

Hot water is like internet connectivity for most Verge readers: you just expect it to be there. But that’s unlikely to be the case this summer when tent camping at a music festival or road-tripping into the great unknown. That’s where BougeRV’s battery-powered shower comes in. The $310 “Portable Propane Outdoor Camping Water Heater” from BougeRV is not only optimized for search engine discovery, it also delivers a luxurious spray of hot steaming water to the unwashed, be they human, canine, or stubborn pots and pans. Charge up the battery, attach a propane canister, drop the pump into a jug of water, and you’re ready to get sudsing.It’s so useful and flexible that I’ve ditched my plans to install a permanent shower cabin and expensive hot water system inside my adventure van, even if I don’t completely trust it.8Verge Score$310The GoodBattery-powered portabilityTemperature controlAdjustable flow to save waterLots of safety featuresThe BadLots of hoses and cables to snagWeak shower head holderNo bag to carry all the accessoriesLongevity concerns$310 at BougeRVHow we rate and review productsMy current portable shower consists of an 11-liter water bag, a manual foot pump, and a spray nozzle. To make it hot, I have to heat water on the stove or hang the bag in the sun for several hours, yet it still costs over $150. For $310, the BougeRV heated shower seems like a bargain.The BougeRV system can produce a maximum heat output of 20,500 BTUs — about half of a typical residential gas water heater. It measures 15.75 x 6.7 x 14.57 inches (40 x 17 x 31cm) and weighs 13.2 pounds (6.21kg), making it compact and fairly lightweight with two big handles for easy carry. The hoses and cabling make it a little unwieldy — capable of chaos inside a small space unless handled with care.Assembly starts with screwing in an easy to find one pound (454g) propane canister that attaches at the rear of the unit. That’s the size BougeRV recommends, but you wouldn’t be the first to instead run a hose from your RV’s existing propane tank to the pressure regulator on the water heater. Two quick-connect water hoses — labeled blue and red for idiot-proof attachment — route the water from your chosen receptacle, through that gas furnace, and out through the showerhead. The long 2.5m (8.2 feet) shower hose allows for flexible placement of the heater.The small water pump measures just 2.24 inches (5.7cm) across, so it easily fits through the opening of standard jerry cans. The pump is electrically powered by the BougeRV unit, which is powered by its rechargeable battery, an AC wall jack, or 12V adapter that plugs into the cigarette jack of your vehicle or solar generator.My outdoor shower using a standard jerry can for water. Magnets hold the towel in place and I’d buy a magnetic shower head holder to complete the setup. Photo by Thomas Ricker / The VergeCan place the BougeRV system on my sliding tray for a gear cleaning station. A long press on the pump button bypasses the heater to save gas. Photo by Thomas Ricker / The VergeA makeshift outdoor sink. The included holder is too weak to hold the shower head in more extreme positions. Photo by Thomas Ricker / The VergeHank hates getting hosed off with cold water but enjoyed this lush heated rinse. (He rolled in dirt immediately after.) Photo by Thomas Ricker / The VergeThe 2500mAh / 12V (30Wh) integrated Lithium-ion battery takes about three hours to charge from the included charger. A full battery and one-pound (454g) canister of liquid propane gas can pump out about an hour’s worth of hot water before both run dry. The shower’s gas consumption rate is 20MJ/h. Alternatively, you can save gas with a long press on the pump button to put the shower into cold water mode — ideal for rinsing off your mountain bike, hiking shoes, or wet suit, for example.The dial on the front of the heater controls the size of the flame. I did a handful of tests, starting with water measuring between 13 and 16 degrees Celsius (55–61 degrees Fahrenheit) according to the display on the BougeRV water heater. With the dial turned all the way to the left, the water pouring from the shower head rose to 23–25C (73–77F) after just a few seconds. Turned all the way to the right, the temperature maxed out at a steamy 34–41C (93–105F) in about 30 seconds.Recycling the water can make it even hotter, if you dareRecycling the water can make it even hotter, if you dare. After two or three cycles on max, the heater boosted the temperature above 51C (124F) before the unit shut down with an error, by design. It’s not meant to exceed an average water temperature above 50C (122F). A simple on/off reset the E6 error.Water flow is between 2.2 and 3 liters per minute — well below what you can expect from a 9 to 12 L/min flow of a modern home shower. That’s still acceptable, in my opinion, and far superior to nothing, which is the typical alternative when camping away from home. The shower head has a rocker switch to toggle between hardish, mixed, and soft water flow rates as well as an on/off limiter button to help conserve water between lathers.It’s surprisingly quiet even with the pump turned on. There’s some rapid clicking to ignite the gas (followed by a whoosh of flame) whenever the flow of water returns, and the pump produces a low-level hum that’s quickly drowned out by the sound of spraying water.The water heater is also protected from tilts, bumps, and an empty water source. When I leaned my review unit over about 30 degrees, the unit shut off. It also shut off automatically after two minutes of trying to pump from an empty bucket. A master override on/off switch on the button prevents the unit from turning on accidentally if the on/off button on the front is bumped during transport or storage.I’m impressed by BougeRV’s water heater, but I’m a little concerned about its durability over time. After using it on the beach on a windy day, I ran into trouble once I returned inside: the heater didn’t heat and the water was reduced to a trickle out of the showerhead. It’s possible that some sediment trapped in the lines reduced the flow rate below the 1.2L/min required for ignition. Nevertheless, the issue was resolved after a few minutes of fiddling with the hoses and filters, and turning the unit on and off again. BougeRV offers a two-year warranty and says the water heater is rated at IPX4. So while it’s resistant to splashing water, there’s no assurance offered against dust and blowing sand. I do have a few other gripes. Those hoses can be a tripping and snagging hazard, and the plastic clip meant to hold the showerhead to one of the lifting handles is too weak to keep it from rotating and spraying your surroundings. I also wish BougeRV bundled the heater with an accessory bag to carry all the power adapters and hoses. And when putting the device away, you have to tip it forward to drain all the collected water from the inlet and outlet — there’s no automatic expulsion mechanism.But really, these are trivial issues for what the unit does at this price.1/8A cold water option is great for cleaning gear.Prior to this review, I had been in the late planning stages of having a shower cabin, water pump, gas heater, extra-large water tank, and all necessary plumbing installed in my Sprinter van. Total cost: about $4,000. I’m now convinced that a portable system like what BougeRV offers is a better option. Why pay so much for something so permanent that’s only used a few minutes each week, for maybe half the year?Instead, BougeRV’s $310 portable water heater can function as an outdoor shower during the summer months or be moved inside (with ventilation) when coupled with a portable shower curtain and basin, all for less than $600. That sounds like a better use of my money, and probably yours if you’re an aspiring vanlifer.And when the van is parked, I can bring those hot (or cold) jets of water anywhere my adventures might take me: to clean up after mountain biking in the muddy forest or kitesurfing in the salty sea, to wash the dog outside after rolling in shit again, or to take a refreshing shower during a sweaty four-day music festival.A near-identical water heater is sold under the Ranien and Camplux brands, but those have larger 4000mAh (48Wh) batteries and list for between $349 and $399. So it might pay to shop around.Photos by Thomas Ricker / The VergeSee More:

A Microsoft employee has managed to circumvent a block instituted earlier this week that limited mentions of “Palestine,” “Gaza,” and “Genocide” in email subject lines or in the body of a message. Nisreen Jaradat, a senior tech support engineer at Microsoft, emailed thousands of employees on May 23rd with the subject line: “You can’t get rid of us.”“As a Palestinian worker, I am fed up with the way our people have been treated by this company,” the note, a copy of which was obtained by The Verge, reads. “I am sending this email as a message to Microsoft leaders: the cost of trying to silence all voices that dare to humanize Palestinians is far higher than simply listening to the concerns of your employees.”It’s not immediately clear how Jaradat got around the block. The email calls on Microsoft employees to sign a petition by the No Azure for Apartheid (NOAA) group, which urges Microsoft to end its contracts with the Israeli government. NOAA is behind several high-profile protest actions in recent weeks, and Jaradat, a member, also encourages colleagues to join the group in different capacities. Microsoft spokesperson Frank Shaw directed The Verge to a previous statement it shared when the block was initially reported, saying that mass emailing colleagues “about any topic not related to work is not appropriate,” and that the company has “taken measures to try and reduce those emails to those that have not opted in.”NOAA organizer Hossam Nasr called Microsoft’s decision to block words “particularly egregious.”“Microsoft keeps telling its workers to go through the appropriate channels, and yet time and time again, those who speak up in ‘appropriate channels’ from viva engage posts to HR tickets are silenced or ignored,” Nasr said in a statement. “What Microsoft is really telling us is: make it convenient for us to ignore you. Nisreen’s email summarizes it: they cannot get rid of us. We will continue protesting in all ways big and small until our demands are met.”Microsoft put this email block into place the same week as its Build developer conference, during which current and former Microsoft employees, as well as hundreds of others, have been protesting against the company’s contracts with the Israeli government. Microsoft employee Joe Lopez disrupted Build’s opening keynote on May 19th and then sent an email to thousands of Microsoft employees. The company fired him the same day.A Palestinian tech worker then disrupted Microsoft’s CoreAI head during his presentation at Build on May 20th. The next day, two former Microsoft employees disrupted a Build session, and a Microsoft executive inadvertently revealed internal messages regarding Walmart’s use of AI moments later. There were also protests outside the conference venue on multiple days this week.This week’s protests and emails come just days after Microsoft acknowledged its cloud and AI contracts with Israel, but it claimed that an internal and external review had found “no evidence” that its tools were used to “target or harm people” in Gaza.Read the full email below:Yesterday, Microsoft chose to utterly and completely discriminate against an entire nation, an entire people, and an entire community by blocking all employees from sending any outbound email containing the words “Palestine”, “Gaza”, “genocide”, or “apartheid”. Microsoft leaders justified this blatant censorship by saying it was to prevent you from receiving emails like the email that you are reading right now. Even though Microsoft SLT are aware that this “short term solution” is easily bypassable, as this email clearly proves, Microsoft still doubled down, insisted on not rolling back the policy, and decided to continue targeting and repressing their Palestinian, Arab, Muslim, and allied workers. They refused to revoke this censorship tactic, despite its potential illegality, dozens of employees expressing how racist of a decision it was, and even leaders admitting they see how it can be perceived as discriminatory and targeted. This further proves how little Microsoft values Palestinian lives and Palestinian suffering.As a Palestinian worker, I am fed up with the way our people have been treated by this company. I am sending this email as a message to Microsoft leaders: the cost of trying to silence all voices that dare to humanize Palestinians is far higher than simply listening to the concerns of your employees. Had this useless and discriminatory policy been revoked, as I tried to request numerous times through so-called “proper channels”[1][2], I would not be sending you all this email.Despite claiming to have “heard concerns from our employees and the public regarding Microsoft technologies used by the Israeli military to target civilians or cause harm in the conflict in Gaza” in a statement riddled with lies, admissions, and absurd justifications, Microsoft has shown that they are utterly uninterested in hearing what we have to say.Microsoft claims that they “provide many avenues for all voices to be heard”. However, whenever we try to discuss anything substantial about divesting from genocide in the “approved channels”, workers are retaliated against, doxxed, or silenced. Microsoft has deleted relevant employee questions in AMAs with executives and shut down Viva Engage posts in dedicated channels for asking SLT questions. Managers have warned outspoken directs to stay quiet and have even openly retaliated against them. When my community tries to flag issues and concerns to HR/GER/WIT, we have been met with racist outcomes with double standards. Throughout all this, Microsoft has sent a clear message to their employees: There are no proper channels at Microsoft to express your concerns, disagreements, or even questions about how Microsoft is using your labor to kill Palestinian babies.Over this past week, Microsoft has shown their true face, brutalizing, detaining, firing, pepper spraying, threatening and insulting workers and former workers protesting at Microsoft Build. This email censorship is simply the latest example in a long list of recent extreme and outrageous escalations by Microsoft against my community. Enough is enough.It has become clear that Microsoft will not listen to us out of the goodness of their hearts.Microsoft will not change their stance just because it is the moral or even legal thing to do. Microsoft will only divest from genocide once it becomes more expensive for them to kill Palestinians than not. Right now, Microsoft makes a lot of money from genocide-profiteering, so we must make support for genocide even more expensive.The situation in Palestine is more urgent by the minute. More and more Palestinians are being killed of starvation under the Israeli Occupation Forces (IOF)‘s bombing campaign, invasion, and siege that has martyred an estimated 400,000 Palestinians. The IOF have kidnapped over 16,000 Palestinians and placed them in torture and rape camps. 1.93 million Palestinians in Gaza have been displaced, and over 40,000 Palestinians have been displaced in the West Bank.While a hostile work environment is difficult, it cannot compare to the horrors taking place in Palestine - horrors that we as Microsoft employees are complicit in. These futile attempts to silence our community, while painful at times, are evidence that the pressure we are applying is working. This is not the time for baby steps or gradual progress. Starving infants cannot wait any longer. We, as a company of over 200,000 employees, are providing the technological backbone for Israel’s genocidal war machine in Palestinian. We, as employees of this company, have a responsibility to end our employer’s complicity in this AI-assisted genocide! Now is the time to escalate against Microsoft and end this Microsoft-powered genocide!I am calling on every employee of conscience to:Sign No Azure for Apartheid’s petition calling for a termination of all Microsoft contracts with the Israeli military and government: https://noaa.cc/petitionStrongly consider whether you want to stay in the company and fight for change from within, or if you want to leave and stop contributing labor to genocide.If you choose to leave Microsoft to no longer be complicit in genocide, do not go quietly. The No Azure for Apartheid campaign is ready to help you make an impact on your way out for Palestine, and we will also do our best to provide you support before leaving. Reach out to us expressing your interest to leave here.If you choose to stay, continue to fight from the inside to end Microsoft’s, and your own, complicity in war crimes, join the No Azure for Apartheid campaign. If you are worried about being public with your affiliation, rest assured that as a worker-led grassroots movement, we have members with all levels of anonymity and risk level. Some of our members are publicly visible and will even publicly confront our war-criminal executives, such as Satya Nadella, Mustafa Suleyman, and Jay Parikh at major Microsoft events like the 50th Anniversary celebration and Microsoft Build. Other members choose to stay completely anonymous and still contribute to the critical work of the campaign. There is room for everyone: https://noaa.cc/joinWhile I do understand that as Microsoft employees, we cannot fully boycott Microsoft, most of us can focus on the priority targets set by the Boycott, Divest, and Sanction (BDS) movement, which recently set Microsoft as a priority target. The main target of the boycott is Microsoft Gaming, especially X-Box. We can also encourage our friends and family to boycott Microsoft where possible.To Microsoft Senior Leadership team specifically:You cannot silence Palestine.You cannot silence Gaza.You cannot hide your involvement in genocide and apartheid.Fre e PalestineNisreen JaradatSee More:

A new review by researchers from the Beijing University of Posts and Telecommunications, CETC 54 (54th Research Institute of Electronics Technology Group Corporation), Sun Yat-sen University, Shenzhen University, and the University of Electronic Science and Technology of China surveys the latest developments in 3D printing for microelectronic and microfluidic applications. The paper released on Springer Nature Link highlights how additive manufacturing methods have reached sub-micron precision, allowing the production of devices previously limited to traditional cleanroom fabrication. High-resolution techniques like two-photon polymerization (2PP), electrohydrodynamic jet printing, and computed axial lithography (CAL) are now being used to create structures with feature sizes down to 100 nanometers. These capabilities have broad implications for biomedical sensors, flexible electronics, and microfluidic systems used in diagnostics and environmental monitoring. Overview of 3D printing applications for microelectronic and microfluidic device fabrication. Image via Springer Nature. Classification of High-Precision Additive Processes Seven categories of additive manufacturing, as defined by the American Society for Testing and Materials (ASTM) serve as the foundation for modern 3D printing workflows: binder jetting, directed energy deposition (DED), material extrusion (MEX), material jetting, powder bed fusion (PBF), sheet lamination (SHL), and vat photopolymerization (VP). Among these, 2PP provides the finest resolution, enabling the fabrication of nanoscale features for optical communication components and MEMS support structures. Inkjet-based material jetting and direct ink writing (DIW) allow patterned deposition of conductive or biological materials, including stretchable gels and ionic polymers. Binder jetting, which operates by spraying adhesives onto powdered substrates, is particularly suited for large-volume structures using metals or ceramics with minimal thermal stress. Fused deposition modeling, a form of material extrusion, continues to be widely used for its low cost and compatibility with thermoplastics. Although limited in resolution, it remains practical for building mechanical supports or sacrificial molds in soft lithography. Various micro-scale 3D printing strategies. Image via Springer Nature. 3D Printing in Microelectronics, MEMS, and Sensing Additive manufacturing is now routinely used to fabricate microsensors, microelectromechanical system (MEMS) actuators, and flexible electronics. Compared to traditional lithographic processes, 3D printing reduces material waste and bypasses the need for masks or etching steps. In one example cited by the review, flexible multi-directional sensors were printed directly onto skin-like substrates using a customized FDM platform. Another case involved a cantilever support for a micro-accelerometer produced via 2PP and coated with conductive materials through evaporation. These examples show how additive techniques can fabricate both support and functional layers with high geometric complexity. MEMS actuators fabricated with additive methods often combine printed scaffolds with conventional micromachining. A 2PP-printed spiral structure was used to house liquid metal in an electrothermal actuator. Separately, FDM was used to print a MEMS switch, combining conductive PLA and polyvinyl alcohol as the sacrificial layer. However, achieving the mechanical precision needed for switching elements remains a barrier for fully integrated use. 3D printing material and preparation methods. Image via Springer Nature. Development of Functional Inks and Composite Materials Microelectronic applications depend on the availability of printable materials with specific electrical, mechanical, or chemical properties. MXene-based conductive inks, metal particle suspensions, and piezoelectric composites are being optimized for use in DIW, inkjet, and light-curing platforms. Researchers have fabricated planar asymmetric micro-supercapacitors using ink composed of nickel sulfide on nitrogen-doped MXene. These devices demonstrate increased voltage windows (up to 1.5 V) and volumetric capacitance, meeting the demands of compact power systems. Other work involves composite hydrogels with ionic conductivity and high tensile stretch, used in flexible biosensing applications. PEDOT:PSS, a common conductive polymer, has been formulated into a high-resolution ink using lyophilization and re-dispersion in photocurable matrices. These formulations are used to create electrode arrays for neural probes and flexible circuits. Multiphoton lithography has also been applied to print complex 3D structures from organic semiconductor resins. Bioelectronic applications are driving the need for biocompatible inks that can perform reliably in wet and dynamic environments. One group incorporated graphene nanoplatelets and carbon nanotubes into ink for multi-jet fusion, producing pressure sensors with high mechanical durability and signal sensitivity. 3D printed electronics achieved through the integration of active initiators into printing materials. Image via Springer Nature. Microfluidic Devices Fabricated via Direct and Indirect Methods Microfluidic systems have traditionally relied on soft lithography techniques using polydimethylsiloxane (PDMS). Additive manufacturing now offers alternatives through both direct printing of fluidic chips and indirect fabrication using 3D printed molds. Direct fabrication using SLA, DLP, or inkjet-based systems allows the rapid prototyping of chips with integrated reservoirs and channels. However, achieving sub-100 µm channels requires careful calibration. One group demonstrated channels as small as 18 µm × 20 µm using a customized DLP printer. Indirect fabrication relies on printing sacrificial or reusable molds, followed by casting and demolding. PLA, ABS, and resin-based molds are commonly used, depending on whether water-soluble or solvent-dissolvable materials are preferred. These techniques are compatible with PDMS and reduce reliance on photolithography equipment. Surface roughness and optical transparency remain concerns. FDM-printed molds often introduce layer artifacts, while uncured resin in SLA methods can leach toxins or inhibit PDMS curing. Some teams address these issues by polishing surfaces post-print or chemically treating molds to improve release characteristics. Integration and Future Directions for Microdevices 3D printed microfluidic devices in biology and chemistry.Image via Springer Nature. 3D printing is increasingly enabling the integration of structural, electrical, and sensing components into single build processes. Multi-material printers are beginning to produce substrates, conductive paths, and dielectric layers in tandem, although component embedding still requires manual intervention. Applications in wearable electronics, flexible sensors, and soft robotics continue to expand. Stretchable conductors printed onto elastomeric backings are being used to simulate mechanoreceptors and thermoreceptors for electronic skin systems. Piezoelectric materials such as BaTiO₃-PVDF composites are under investigation for printed actuators and energy harvesters. MEMS fabrication remains constrained by the mechanical limitations of printable materials. Silicon continues to dominate high-performance actuators due to its stiffness and precision. Additive methods are currently better suited for producing packaging, connectors, and sacrificial scaffolds within MEMS systems. Multi-photon and light-assisted processes are being explored for producing active devices like microcapacitors and accelerometers. Recent work demonstrated the use of 2PP to fabricate nitrogen-vacancy center–based quantum sensors, capable of detecting thermal and magnetic fluctuations in microscopic environments. As materials, resolution, and system integration improve, 3D printing is poised to shift from peripheral use to a central role in microsystem design and production.  3D printing micro-nano devices. Image via Springer Nature. Ready to discover who won the 20243D Printing Industry Awards? Subscribe to the 3D Printing Industry newsletter to stay updated with the latest news and insights. Take the 3DPI Reader Survey — shape the future of AM reporting in under 5 minutes. Featured image shows an Overview of 3D printing applications for microelectronic and microfluidic device fabrication. Image via Springer Nature. Anyer Tenorio Lara Anyer Tenorio Lara is an emerging tech journalist passionate about uncovering the latest advances in technology and innovation. With a sharp eye for detail and a talent for storytelling, Anyer has quickly made a name for himself in the tech community. Anyer's articles aim to make complex subjects accessible and engaging for a broad audience. In addition to his writing, Anyer enjoys participating in industry events and discussions, eager to learn and share knowledge in the dynamic world of technology.

When you purchase through links on our site, we may earn an affiliate commission. Here’s how it works. ExplorerPatcher fix bypasses Windows 11 24H2 upgrade block, and squashes two major bugs Sayan Sen Neowin @ssc_combater007 · May 23, 2025 04:06 EDT ExplorerPatcher is a popular third-party customization and tweaking app on Windows. The latest update has three major improvements for Windows 11 24H2. First up, the author has made changes so that the app can bypass the Windows 11 24H2 upgrade block. Microsoft informed earlier that 24H2 compatibility block related to customization apps was slowly being removed. With the latest update, the ExplorerPatcher developer notes that they made changes to improve the app's Desktop Window Manager compatibility with the newest Windows version by renaming the ep_dwm EXE file to ep_dwm_svc. If you remember, Microsoft started blocking third-party apps like this one back in April 2024 during Insider testing and the safeguard hold continued even after general availability. In terms of bug fixes, there are several and two of them are related to Windows 11 24H2. The feature "disable rounded corner" now works on the latest Windows feature update. If you are familiar with Windows 11, one of the many characteristics of its aesthetics is the presence of rounder corners, which Microsoft has also brought over to its other apps, although there is still clearly room for sharper edged tabs too. So many who disliked the rounded corners on Windows 11 would rely on unofficial apps like ExplorerPatcher to deal with them. Thankfully, the feature now works, as previously it would simply automatically uncheck when detecting a 24H2 build. The second improvement is about Simple Window Switcher or SWS as the developer of ExplorerPatcher refers to it. SWS is meant as an alternative to the Alt-Tab functionality on stock Windows. Unlike the "disable rounded corner" option, the SWS feature still worked, although its implementation on Windows 11 24H2 was buggy, as users experienced slowdowns and lag. Underlying code issues can often cause problems like these as recently pointed out by a senior Microsoft engineer. From the user comments, it is apparent that the window switcher feature exhibited various other issues too. One user 03juan documented the several problems they encountered in great detail. These included being stuck in an infinite loop, high CPU usage, among others. The full changelog is given below: Start10: Fixed Pin to Start on 226x1.4541+ and 261xx.2454+. sws: Added support for 24H2. ep_dwm: Added support for 24H2. ep_dwm.exe has been renamed to ep_dwm_svc.exe to get around 24H2 upgrade blocks. ep_dwm: Now always unregistered on uninstallation, regardless of whether it was running during the uninstallation or not. Setup: The failure message now displays the associated code line number that failed, to assist in troubleshooting. Taskbar10: Fixed disabling immersive menus on ARM64. Taskbar10: Fixed Win+X menu still having Windows Terminal entries when Windows Terminal is not installed, that crashes Explorer when selected. For now, if you want to have PowerShell entries, Windows Terminal must be uninstalled. Taskbar10: Fixed Win+X entry clicks doing nothing on 26xxx.5551+ ARM64. GUI: Added dropdown indicators to dropdown entries. GUI: The language names now include the country name. (3f11766) Localization: Added Czech translations. (Thanks @9hb, @andrewz1986, and @Panzimy!) Localization: Added Spanish (Spain) translations. (Thanks @AlejandroMartiGisbert!) ep_taskbar: Added support for "Show desktop button: Hidden" setting. (#4020) (1be6658) ep_taskbar: Fixed a bug that prevented shortcut global hotkeys from working on 24H2. (#3777, #4016) ep_taskbar: Fixed a bug that prevented the taskbar from resizing properly after DPI changes. (#3796) ep_taskbar: Added the following languages: German, French, Hungarian, Indonesian, Italian, Korean, Lithuanian, Dutch, Polish, Portuguese (Brazil), Romanian, Spanish (Spain), Turkish, Ukrainian, Chinese (Simplified). ep_taskbar: Fixed a number of memory leaks and code/behavior inaccuracies. ❗ ep_taskbar: Fixed incompatibility with 26200.5603 (Dev), 26120.4151 (Beta), and 26100.4188 (Release Preview). (#4321) ep_taskbar: Now supports all Windows 10 versions supported by EP (17763/1809+). (aec8c70, 1edb989) To download the latest version, 22631.5335.68, of ExplorerPatcher, head over to Neowin's software stories page or its official GitHub repo here. The ExplorerPatcher author has also cautioned that Microsoft Defender will still flag the newer versions of the app, and has provided the following PowerShell to optionally add to anti-virus exclusions: Add-MpPreference -ExclusionPath "C:\Program Files\ExplorerPatcher" Add-MpPreference -ExclusionPath "$env:APPDATA\ExplorerPatcher" Add-MpPreference -ExclusionPath "C:\Windows\dxgi.dll" Add-MpPreference -ExclusionPath "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy" Add-MpPreference -ExclusionPath "C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy" Bear in mind though, that Defender serves to protect your system from dangerous malware like the recently reported Lumma, which affects nearly 400,000 systems worldwide. So if you do add exceptions manually, make sure to not let a dangerous quarantined threat out. Tags Report a problem with article Follow @NeowinFeed