A defence contractor has figured out how to track you without ever needing your name, face, or numberplate.
The product, SignalTrace, instead listens to the devices you're carrying, and their sensor clips onto existing cameras your city has likely already got mounted.
1/12
🚨Alpha Camps Redemption Tour🚨
A lot has transpired over the past year. AC was riding a wave of euphoria - filled with a ton profits, a busy server and a lot of hope for things to come.
Web3 burned us in so many ways all at once. One thing that didn't change was our community. @0xSweDan said it so beautifully today at the lake. We have stuck together and now it's time to redeem ourselves. The DAO is back in full swing and we say goodbye to the past and all of the naysayers.
🏕️Camp is guarded with this Lion
🎨by @soupisgudfood@Konnor_NFT@James_Adams32
The largest and scariest attack in crypto just happened.
Hackers hijacked core NPM packages like chalk, strip-ansi, and debug.
It was so scary the entire $4T industry had a meltdown...but only $475 was stolen so far.
Here’s everything you need to know and how to stay safe 🧵👇
We have early access to Android Security Bulletin patches and will be able to set up a workflow where we can have releases already built and tested prior to the embargo ending. For now, we've still been doing the builds after the embargo ends. It will mainly help when they screw up pushing to AOSP.
We're in the process of obtaining early access to the major quarterly and yearly releases. This is a much bigger deal and will substantially help us. There's an immense workload with a lot of time pressure for porting to new major releases without early access which gets worse the more we change.
We did not have early access to Android 16 QPR1 and have not been able to start porting yet. We should have early access prior to Android 16 QPR2.
We're going to need to make private repositories for working on this stuff internally. We can potentially make special preview releases based on these.
Google recently made incredibly misguided changes to Android security updates. Android security patches are almost entirely quarterly instead of monthly to make it easier for OEMs. They're giving OEMs 3-4 months of early access which we know for a fact is being widely leaked including to attackers.
We can't break the embargo ourselves but if someone posted the patches publicly we would be able to ship them months early, as would others. The patches are broadly distributed to OEMs where most of their engineers have access. Companies like NSO can easily obtain access. It's not a safe system.
Google's existing system for distributing security patches to OEMs was already incredibly problematic. Extending 1 month of early access to 4 months is atrocious. This applies to all of the patches in the bulletins. This is harming Android security to make OEMs look better by lowering the bar.
The existing system should have been moving towards shorter broad disclosure of patches instead of 30 days. Moving in the opposite direction with 4 months of early access is extraordinarily irresponsible. Google has also abandoned pretending it's private by allowing binary-only embargo breaches.
Android's management has clearly overruled the concerns of their security team and chosen to significantly harm Android security for marketing reasons. Lowering the bar for OEMs to pretend things are fine while reducing security for everyone is a ridiculous approach and should be quickly reversed.
Android is very understaffed due to layoffs/buyouts and insufficient hiring. This is impacting Linux kernel and Android security. Google hasn't fixed https://t.co/3Sc04coJOu which is a serious issue privately disclosed to them in October 2024. We were informed in June 2025 and it took us a few hours to fix...
Google does a massive portion of the security work on the Linux kernel, LLVM and other projects including implementing exploit protections, bug finding tools and doing fuzzing. They're providing the resources and infrastructure for Linux kernel LTS releases. Others aren't stepping up to the plate.
We don't expect there to be much pushback against this via tech media despite how obscene it is to provide 4 months of patch access to sophisticated attackers. They can easily get it from OEMs or even make an OEM. Whistleblowers should publicly post the signed zips since attackers have it already.
Security patch backports were pushed to the Android Open Source Project on September 2nd but it wasn't done properly. Android 16 QPR1 was also supposed to be pushed to the AOSP on September 3rd and it was even confirmed they'd still be doing that but it hasn't happened. Perhaps too many layoffs...
Even if no whistleblowers leak the signed zips we can still bring this system down ourselves without breaking any embargo. Our plan is to make special releases with the patches which are otherwise identical to our regular releases. External developers can reverse it from that for regular GrapheneOS.
Wallet drainers just got deadly efficient.
Smart accounts made draining faster and easier to miss.
Here's the first real example I've seen and how to protect yourself. 🧵
🚨 The Fake Ledger That Stole Everything
(1/8)
James* thought he was safe. He used a Ledger hardware wallet, kept his 24 words private, and followed every crypto security tip out there.
Then one day… a package arrived.
🧵👇