Joe

A security researcher just documented a large-scale counterfeit Ledger Nano S Plus operation selling compromised devices across multiple online marketplaces. The fake units look identical to the real thing but contain completely different hardware. Instead of Ledger's secure element chip, the counterfeits run an ESP32 microcontroller with modified firmware labeled "Nano S+ V2.1." Seeds and PINs are stored in plain text and transmitted to attacker-controlled servers. Any wallet initialized on the device is drained. The operation goes beyond the hardware. The sellers also distribute a fake version of Ledger Live built with React Native and signed with a debug certificate. It intercepts transactions and exfiltrates sensitive data to multiple command-and-control servers. The campaign spans five attack vectors: compromised hardware, Android APKs, Windows executables, macOS installers, and iOS apps distributed through TestFlight to bypass App Store review. This comes days after ZachXBT documented a separate fake Ledger Live app that made it through Apple's Mac App Store review process. That operation drained over $9.5 million from more than 50 victims, including musician G. Love, who lost 5.92 BTC after entering his recovery phrase into what he believed was the legitimate app. The pattern is clear: the attack surface for hardware wallet users has shifted from firmware exploits to supply chain and distribution fraud. The devices themselves remain secure. The problem is that users are being intercepted before they ever touch a real one. Ledger's own "genuine check" feature can be bypassed when the hardware itself is compromised at the source, which makes where you buy the device as important as how you use it. The rules haven't changed, but they've never been more important: buy hardware wallets only from the manufacturer. Never enter your recovery phrase into any software. If a companion app asks for your 24 words on a screen, it's a scam. Every time.

🛑 Adobe released emergency fixes for a 9.6 CVSS flaw (CVE-2026-34621) in Acrobat/Reader, confirmed under active exploitation. A prototype pollution bug lets malicious PDFs run arbitrary code via JavaScript. Evidence shows attacks may date back to Dec 2025. 🔗 Read → https://t.co/y0BJMEd2ly

💯 Any argument for more federal funding = arguing for either more inflation or more aggression by your govt against yourself, your family, your friends, and your fellow citizens. That is the only 2 ways the federal govt. can provide funding: inflation or extortion (i.e., threatening violence/imprisonment if you don't pay them more).

It is 2026, your personal data is the oil of the 21st century & Big Tech wants to own it all! But will you let them?! Here are 10 privacy-first self-hosted tools that give you full control: no accounts, no tracking, no nonsense. All open-source. All runnable on your own hardware: 1. Nextcloud: Google Drive alternative + office suite. Files, calendars, contacts,.. all encrypted and under your roof: https://t.co/SkqwzCehTy 2. Vaultwarden (Bitwarden self-hosted): Password manager, running on your server. End-to-end encrypted, zero trust in third parties: https://t.co/odsCW8FSIX 3. SearXNG: Meta-search engine that doesn’t profile you. Host it yourself and ditch Google’s surveillance completely: https://t.co/BVTO5PNeuy 4. Syncthing: Private file sync that beats Dropbox. Peer-to-peer, encrypted, works offline. Your files never leave your device(s): https://t.co/iv8qsVxGeE 5. Umami: Lightweight, privacy-first Google Analytics alternative. Beautiful dashboards, no cookies, self-hosted in minutes: https://t.co/trunm87ouz 6. Jellyfin: Your personal Netflix. Stream your movies & TV with full metadata, no subscriptions, no tracking of what you watch: https://t.co/e2aqMQEEsH 7. CrowdSec: Collaborative firewall that learns from millions of users. Bans bad actors automatically; smarter than Fail2Ban: https://t.co/JeDrmkhnsB 8. Immich: Self-hosted Google Photos replacement. AI photo search, facial recognition, backups; all on your hardware: https://t.co/kKxmazaCs7 9. Portmaster: The ultimate app firewall. See exactly where every program on your computer is trying to connect and block it if you want to: https://t.co/9NiacPK6ZD All of these are free, open-source, and can be run on a cheap mini-PC, old laptop, or even a Raspberry Pi!