https://eclypsium.com/blog/badcam-now-weaponizing-linux-webcams/

That's crazy

🚨 URGENT: Google's New Android Requirement Violates EU Laws
Starting September 2026, Google will FORCE all Android developers to verify their identity - even for sideloaded apps. This affects EVERY EU citizen's digital rights.
📱 What's Happening:

ALL apps must be registered by verified developers
Includes sideloaded apps & alternative stores
Mandatory registration through Google's system
Starts in 4 countries Sept 2026, then globally

⚖️ EU Laws Violated:
1️⃣ Digital Markets Act (DMA)
→ Art. 6(4): Blocks free sideloading
→ Art. 5(7): Forces Google's ID system
→ Fine: €25-50 BILLION (10-20% turnover)
2️⃣ GDPR
→ No legal basis for forced data collection
→ Violates data minimization
→ Fine: €10 BILLION (4% turnover)
3️⃣ Antitrust (TFEU Art. 102)
→ Abuse of 70%+ market dominance
→ Same violation EU fined €4.34B in 2018
→ Fine: €25 BILLION
4️⃣ Digital Services Act
→ No transparency or risk assessment
→ Fine: €15 BILLION (6% turnover)
5️⃣ Charter of Fundamental Rights
→ Violates data protection (Art. 8)
→ Kills anonymous publishing (Art. 11)
→ Blocks entrepreneurship (Art. 16)

That is insane - this is what happens when corporations think they are the government

Write the bugs that annoy you most below. Screenshots or videos are welcome👇

Google has finally changed its mind about this. Now you'll just see a thousand warnings before installation, and that's it. (Like on mi devices). Victory.

Many people post New Year's greetings as the holiday approaches. Well, I'm no different, so I congratulate those for whom the new year has already arrived — or those for whom 2026 is just around the corner
Although this year has been quite challenging, I've personally improved my skills in the field of AI, security research, reverse engineering — significantly. While I don't see the need to release updates for the app just yet, I'm nevertheless working on other tools and features that you'll be able to try and test in the future.
Thank you for your understanding, and thank you for being here with me. I'll try to post more news about new vulnerabilities next year — maybe, I'll experiment with other formats, like writeups
So, stay tuned — and once again, congratulations!

https://whisperpair.eu/

oh damn

Oh daaaamn...

Beta will be here: https://t.iss.one/+ibnYi-WHfVBiNmMy

https://github.com/zalexdev/whisper-pair-app

Give a star & Enjoy!

App was updated to 1.1!

https://github.com/zalexdev/whisper-pair-app/releases/tag/1.1

Note on Find Hub Network (FMDN) tracking

This tool deliberately does not include FMDN provisioning functionality. While the vulnerability chain technically allows enrolling compromised devices into Google's Find Hub Network for persistent location tracking, I've chosen not to implement this capability. Converting someone's headphones into a covert tracking beacon crosses a clear ethical line from security research into stalkerware territory. The Account Key write and audio access demonstrations are sufficient to prove the vulnerability's severity

And i wish everyone understand that some things must never be done (or in our world reality - win as much time as possible, for people, and moreover VENDORS that must do patches!)

More then 150 days from cve reserved and there is like almost zero patches? What in the world, insane

Also dear vendors, that claims that patch is very difficult. I am not talking even for proper keys and encryption verification. It is literally:

if (!is_pairing_mode_active()) {
    return REJECT;
}