Hackers can steal 2FA codes and private messages from Android phones. The "Pixnapping" attack is a really clever piece of research. It shows that the theoretical wall between apps on your phone isn't as solid as we'd like to believe. By exploiting a GPU side channel, a malicious app with zero permissions can effectively screenshot other apps, one pixel at a time. It's a reminder that security is a stack, and a vulnerability at the hardware level can undermine everything built on top of it.

TL;DR
A new attack called "Pixnapping" can read visual data from other apps on Android devices.
It exploits a GPU side-channel leak to steal sensitive info like 2FA codes and messages, pixel by pixel.
The scary part: the malicious app required for the attack needs zero special permissions to be granted.
While complex to pull off, this is a serious proof of concept that challenges the core idea of OS app sandboxing.

https://arstechnica.com/security/2025/10/no-fix-yet-for-attack-that-lets-hackers-pluck-2fa-codes-from-android-phones/
#Android #Cybersecurity #SideChannelAttack #2FA #security #privacy #cloud #infosec

Fotos verwalten und teilen mit Nextcloud-Memories – Nextcloud Teil 7

https://www.kuketz-blog.de/fotos-verwalten-und-teilen-mit-nextcloud-memories-nextcloud-teil-7/

SonicWall: Firewall configs stolen for all cloud backup customers - SonicWall has confirmed that all customers that used the company's cloud backup service a... https://www.bleepingcomputer.com/news/security/sonicwall-firewall-configs-stolen-for-all-cloud-backup-customers/ #security #cloud

Crimson Collective hackers target AWS cloud instances for data theft - The 'Crimson Collective' threat group has been targeting AWS (Amazon Web Services) cloud ... https://www.bleepingcomputer.com/news/security/crimson-collective-hackers-target-aws-cloud-instances-for-data-theft/ #security #cloud

Zeroday Cloud hacking contest offers $4.5 million in bounties - A new hacking competition called Zeroday Cloud, focused on open-source cloud and AI tools... https://www.bleepingcomputer.com/news/security/zeroday-cloud-hacking-contest-offers-45-million-in-bounties/ #artificialintelligence #security #cloud

Push-Benachrichtigungen für Android via UnifiedPush (NextPush) – Nextcloud Teil 6

https://www.kuketz-blog.de/push-benachrichtigungen-fuer-android-via-unifiedpush-nextpush-nextcloud-teil-6/

Google Cuts More Than 100 Design-Related Roles In Cloud Unit - Google has laid off over 100 employees in design-related roles, including user exp... - https://tech.slashdot.org/story/25/10/02/036238/google-cuts-more-than-100-design-related-roles-in-cloud-unit?utm_source=rss1.0mainlinkanon&utm_medium=feed #cloud

Critical WD My Cloud bug allows remote command injection - Western Digital has released firmware updates for multiple My Cloud NAS models to patch a... https://www.bleepingcomputer.com/news/security/critical-wd-my-cloud-bug-allows-remote-command-injection/ #security #hardware #cloud

MP3-Streaming unterwegs mit der Nextcloud-Music-App – Nextcloud Teil 5

https://www.kuketz-blog.de/mp3-streaming-unterwegs-mit-der-nextcloud-music-app-nextcloud-teil-5/

if you meet someone who does not understand the implications of vendor lock in, just tell them they will when they get blackmailed:

»However, two days ago, Slack reached out to us and said that if we don’t agree to pay an extra $50k this week and $200k a year, they’ll deactivate our Slack workspace and delete all of our message history.«

https://skyfall.dev/posts/slack

New instance, same content.

He/him.

Tag soup of work and interests: #SystemsEngineering, #softwareengineering, #devops #programming, #cloud, #motorcycles, #bicycles, #karate, #retrocomputing, #VintageComputing, #calculators, #homelab, #electronics, #history, #economics, #blacksmithing, #polyamory, #HudsonValley, #NYS

I don’t trust Big Tech with my data.
That’s why I built Nuvon — a cloud that flips the model — or actually do it the way we’d expect it to do.

EU-hosted under GDPR
No surveillance, no AI training, no data mining
Simple pricing: €10 for 500GB / €20 for 1TB (2 users included)

Your data. Your rules.
#Privacy #Cloud #FOSS #DigitalSovereignty #GDPR

OpenAI and Oracle Ink Historic $300 Billion Cloud Computing Deal - Amid yesterday's news of Oracle's soaring stock, which propelled founder Larry Ell... - https://developers.slashdot.org/story/25/09/11/2111239/openai-and-oracle-ink-historic-300-billion-cloud-computing-deal?utm_source=rss1.0mainlinkanon&utm_medium=feed #cloud

New VMScape attack breaks guest-host isolation on AMD, Intel CPUs - A new Spectre-like attack dubbed VMScape allows a malicious virtual machine (VM) to leak ... https://www.bleepingcomputer.com/news/security/new-vmscape-attack-breaks-guest-host-isolation-on-amd-intel-cpus/ #security #hardware #cloud