security breach Archives

AppWizard

December 5, 2025

Android TV users hit with SmartTube security disaster after rogue update

SmartTube, a YouTube client for Android TV, experienced a security breach where an attacker infiltrated the developer's signing keys, allowing the distribution of a compromised update that included a malicious library, libalphasdk.so. Google Play Protect issued warnings about the suspicious build, leading users to discover a hidden file that maintained remote communication channels. Users are advised to change Google Account passwords, conduct antivirus checks, and implement stricter firewall rules. The developer, Yuliskov, plans to address the vulnerabilities and release a new version through the F-Droid store.

AppWizard

December 1, 2025

SmartTube YouTube app for Android TV breached to push malicious update

An attacker gained access to the developer's signing keys for SmartTube, an open-source YouTube client for Android TV, leading to a malicious update being distributed. The developer, Yuriy Yuliskov, confirmed the compromise and plans to release a new version with a different app ID. Users reported that Play Protect flagged SmartTube as a potential threat. A reverse-engineered version, identified as 30.51, contained a hidden library named libalphasdk.so, which was not part of the public source code and collected device fingerprints without user knowledge. There is currently no evidence linking the malware to account theft or DDoS attacks, but concerns remain. Yuliskov has announced safe beta and stable test builds on Telegram, but they are not yet on GitHub. Users are advised to stay on older verified builds, avoid logging in with premium accounts, and disable auto-updates. Version 30.19 does not trigger Play Protect warnings, suggesting it may be safer.

AppWizard

December 1, 2025

Popular YouTube app for Android TV ‘SmartTube’ compromised with malware

The developer of SmartTube, an ad-free YouTube client for Android TV, confirmed a security breach involving the app's signing key, which allowed malicious actors to inject harmful code into app updates. The breach was disclosed by Yuriy Yuliskov, the maintainer, who advised users to avoid reinstalling the old app and instead wait for a newly signed version. A reverse-engineering analysis of the infected APKs revealed that they were gathering sensitive information and transmitting it to a remote server. Versions 28.56 to 30.52 were particularly affected, and Google Play Protect began disabling installations of SmartTube. In response, Yuliskov wiped his hard drive and released a new version, 30.56, with a different signing key and app ID. Transparency concerns remain, and the developer plans to disclose details about the breach and measures to prevent future incidents. Users have requested additional security assurances, including hashes of clean builds.

AppWizard

December 1, 2025

That popular YouTube alternative on Android TV was secretly distributing infected builds

SmartTube, a popular YouTube application for Android TV and Fire TV, was removed from these platforms due to malware that compromised the developer's build machine. Some versions released earlier this month contained this malware. Users are advised to reset their devices and review their YouTube and Google account information. Initially, it was thought that a digital signature leak was the reason for the app's removal, but it was later confirmed that the build environment was compromised. The developers are investigating which specific versions were affected, with versions 30.43 and 30.47 flagged as malicious. A new version, build number 30.56, has been released from a secure environment, but previous versions have been removed from GitHub. Users are recommended to perform a factory reset, review account permissions, and check YouTube activity for unusual activity.

AppWizard

December 1, 2025

SmartTube app was infected by malware, here’s what happened

Google Play Protect disabled the SmartTube app on Android TV, labeling it as potentially harmful due to a compromised digital signature. The developer, Yuliskov, confirmed that the signature breach allowed for the creation of counterfeit app versions that could carry malware. A user discovered that SmartTube version 30.51 contained a hidden library that collected device-specific information and transmitted it to external servers, raising concerns about botnet activity. Certain versions of SmartTube, specifically 30.43 and 30.47, were confirmed to have been compromised due to malware on the developer's computer. Users were advised to uninstall infected versions, including 28.56, 28.58, 28.66, 28.75, 28.78, 29.13, 29.37, 29.62, 29.63, 29.85, 30.27, 30.32, 30.38, 30.40, 30.43, 30.44, 30.45, and 30.51, and to download the newly released safe version from trusted sources. Yuliskov assured users that the compromised computer has been cleaned and that new releases are secure.

AppWizard

November 28, 2025

Vitalik Buterin Donates $765K in Ethereum to Privacy Messaging Apps

Vitalik Buterin donated approximately 5,000 ETH to the privacy messaging applications Session and SimpleX. He emphasized the importance of encrypted messaging for digital privacy and mentioned two key areas for improvement: permissionless account creation and metadata privacy. Session aims to minimize metadata leakage and saw its token, SESH, rise by 371% in a day. SimpleX focuses on user identity ownership and plans to introduce community support vouchers. Buterin acknowledged both applications have room for improvement in user experience and security. The increasing interest in privacy applications is driven by concerns over global surveillance, with recent government regulations highlighting the need for privacy solutions. The Ethereum Foundation has formed a new privacy team to enhance its initiatives. Privacy-focused cryptocurrencies like Zcash have also seen significant growth, with Zcash rising by 793% over the past year.

Winsage

November 17, 2025

Windows 10 update failure, autonomous AI cyberattack, Feds fumble Cisco patches

Microsoft has acknowledged an issue with the Windows 10 KB5068781 extended security update, which is failing to apply after installation for users with corporate licenses, resulting in a rollback. A group of hackers believed to be backed by China executed a large-scale cyberattack using Claude Code AI, targeting 30 organizations across various sectors. The Cybersecurity and Infrastructure Security Agency (CISA) reported that U.S. government agencies are struggling to patch critical vulnerabilities in Cisco devices amid the “Arcane Door” hacking campaign. Five individuals pleaded guilty to charges related to helping North Korean IT workers infiltrate 136 companies in the U.S. from September 2019 to November 2022. Port Alliance, a Russian port operator, reported disruptions due to a DDoS cyberattack targeting its operations related to coal and mineral fertilizer exports. DoorDash experienced a data breach on October 25, potentially affecting personal details of customers, Dashers, and merchants across the U.S. and Canada, traced back to a social engineering scam. North Korean hackers are using JSON storage services to host and deliver malware, approaching victims with job offers on platforms like LinkedIn. Jaguar Land Rover reported a financial impact of £196 million (0 million) from a cyberattack in September that forced production halts and compromised data.

Tech Optimizer

October 29, 2025

Dangerous npm packages are targeting developer credentials on Windows, Linux and Mac – here’s what we know

Security researchers from Socket have discovered ten malicious npm packages that infiltrated the Node Package Manager ecosystem, mimicking legitimate tools and downloaded nearly 10,000 times. These typosquatted packages contain malware that bypasses application-level security to target system keyrings, allowing the harvesting of decrypted credentials and access to critical resources like corporate emails and databases. Users who installed these packages are advised to treat their systems as compromised, disconnect from the internet, revoke exposed credentials, wipe and rebuild the infected system, change passwords, audit npm dependencies, review logs for suspicious activity, and enable multi-factor authentication.

AppWizard

October 21, 2025

Best Arc Raiders builds

In Arc Raiders, player encounters can be critical for survival, and skill mastery is essential for success. The game features a skill tree divided into three categories: Conditioning, Mobility, and Survival, each enhancing different gameplay aspects. Conditioning Skills: - Used To The Weight: Wearing a shield has less impact on speed. - Blast-Born: Hearing is less affected by explosions. - Fight Or Flight: Regain stamina when injured in combat. - Survivor's Stamina: Faster stamina regeneration when critically hurt. - Downed But Determined: Delays collapse when downed. - Turtle Crawl: Reduced damage taken while downed. - Back On Your Feet: Health regeneration kicks in when critically hurt. - Gentle Pressure: Quieter breaching. - Proficient Pryer: Quicker breaching of doors and containers. - Unburdened Roll: First dodge roll after shield break costs no stamina. - A Little Extra: Breaching generates additional resources. - Loaded Arms: Weapon's weight has less impact on encumbrance. - Effortless Swing: Melee abilities consume less stamina. - Sky-Clearing Swing: Increased melee damage to drones. - Flyswatter: One melee attack can destroy wasps and turrets. Mobility Skills: - Nimble Climber: Enhanced climbing and vaulting speed. - Marathon Runner: Reduced stamina cost for movement. - Youthful Lungs: Increases maximum stamina. - Carry The Momentum: Sprinting after a dodge roll costs no stamina briefly. - Effortless Roll: Dodge rolls require less stamina. - Heroic Leap: Further sprint dodge rolls. - Vaults On Vaults On Vaults: Vaulting no longer consumes stamina. - Crawl Before You Walk: Increased crawling speed when downed. - Vigorous Vaulter: Vaulting is unaffected by exhaustion. - Vault Spring: Jump at the end of a vault. - Slip And Slide: Enhanced sliding distance and speed. - Sturdy Ankles: Reduced fall damage from non-lethal heights. - Calming Stroll: Stamina regenerates while walking as if standing still. - Off The Wall: Increased distance for wall leaps. - Ready To Roll: Extended timing window for recovery rolls when falling. Survival Skills: - Agile Croucher: Increased movement speed while crouching. - Revitalizing Squat: Enhanced stamina regeneration while crouched. - In-Round Crafting: Ability to craft items while topside. - Good As New: Increased stamina regeneration while under healing effects. - Stubborn Mule: Stamina regeneration is less impacted by over-encumbrance. - Three Deep Breaths: Faster recovery after stamina-draining abilities. - Minesweeper: Defuse nearby mines and explosive deployables. - Looter's Instincts: Faster loot reveal when searching containers. - Silent Scavenger: Quieter looting. - Suffer In Silence: Reduced noise while moving when critically hurt. - Broad Shoulders: Increased maximum carry weight. - Traveling Tinkerer: Unlocks additional field crafting options. - One Raider's Scraps: Chance to find extra field-crafted items when looting. - Looter's Luck: Potential to reveal double the items while looting. - Security Breach: Ability to breach security lockers. Effective Builds: 1. Perpetual Motion: Focuses on speed and agility with key skills like Used To The Weight and Marathon Runner. 2. Pack Horse: Maximizes inventory capacity with skills such as Broad Shoulders and Looter's Luck. 3. Gunslinger: Emphasizes close-quarters combat with skills like Fight Or Flight and Minesweeper.

AppWizard

August 21, 2025

Android 16 QPR2 Update is Out — These Upgrades Might Surprise You

Google has announced the Pixel 10 range and the Pixel Watch 4, along with the release of the Android 16 QPR2 Beta 1 for Pixel users. The QPR2 beta introduces features such as lock screen widgets (Hub mode), an expanded dark theme for apps, auto-theming for app icons, improved haptic feedback, a new HDR brightness slider, native PDF editing capabilities, a personal audio switcher for Bluetooth LE devices, and enhanced security with a new Secure Lock Device mode. Users enrolled in the QPR1 beta can transition to the QPR2 beta, which is available for Pixel 6 through Pixel 9 series, the Pixel Tablet, and the upcoming Pixel 10. The stable release of Android 16 QPR1 is expected in September, with the public release of QPR2 anticipated in December.