Security Alert: QR Codes Are Now Just Fancy Phishing Links
The encrypted messaging application Signal is facing an issue that sounds simultaneously like a spy novel plot and a mandatory IT security training module. Multiple Russia-aligned threat actors are not deploying zero-day exploits, but rather abusing the entirely functional "linked devices" feature by sending malicious QR codes. The simplicity is the absurdity. The whole espionage operation boils down to tricking high-value targets, such as military personnel and journalists, into scanning a graphic that links their account to the attacker’s device, essentially cloning their session.
Google's Threat Intelligence Group reported that the phishing kits are sometimes disguised as legitimate group invites or even fake security alerts, proving that all the layers of end-to-end encryption in the world cannot fix a user who sees a QR code and just decides to scan it. One group, UNC4221, even masked its malicious functionality within phishing pages resembling the Ukrainian military’s own artillery guidance applications, a move demonstrating excellent situational awareness by the attackers and a predictable failure of human operational security. This is not a failure of the crypto; it is a failure to resist the urge to click a glowing box.
Microsoft Ships Eight Qubits, Claims Million-Qubit Trajectory
Microsoft announced the arrival of the Majorana 1, its first-ever quantum processor, a device with a respectable eight qubits that the company claims is a "direct path to 1 million qubits." The entire project hinges on something called "topological qubits" which utilize a new state of matter called "topoconductors." According to the company, these are inherently error-resistant, a significant improvement over the fragile, traditional qubits used by competitors.
Unfortunately, a chorus of scientists is less than enthused, essentially saying the new quantum part is still a box of Schrödinger's Maybes. Critics point out that the results are still highly debated in the absence of definitive public evidence, and that the devices could be exhibiting the more pedestrian Andreev modes rather than the exotic Majorana zero modes. It is the classic corporate research drama: the internal press release has hit the wire, but the internal peer review team is still arguing over the data in the break room.
Executive Order Introduces Mandatory Managerial Sign-Off to All Departments
The White House has issued a new presidential action titled, "Ensuring Accountability for All Agencies." This is the bureaucratic equivalent of a mandatory reorganization. The order requires previously independent regulatory agencies, like the Federal Trade Commission and the Federal Communications Commission, to submit all "proposed and final significant regulatory actions" to the Office of Information and Regulatory Affairs for review.
The policy's stated goal is to ensure "Presidential supervision and control" over the entire executive branch, but the practical result is a new, company-wide bottleneck. Every department that wanted to print a new policy manual, or even change the font size on a form, now must get a sign-off from the executive floor's Office of Management and Budget. The policy essentially removes the political autonomy of previously fire-walled departments, proving that the most efficient way to achieve centralized control is always to introduce more paperwork.
Briefs
- Bluesky's Lossy Timelines: The platform announced a system update that probabilistically drops posts for users who follow more than 2,000 accounts. It is the first time a social media company has admitted that its system is simply too fast for its "super-follower" users to actually consume, deciding that sacrificing 75% of a celebrity's timeline is not a bug; it is a feature designed to prevent a "hot shard."
- Rust in the Linux Kernel: Linux kernel maintainer Greg Kroah-Hartman argued that using new code written in Rust is a "win for all of us," claiming the language eliminates the "stupid little corner cases in C" that cause the majority of security bugs. It is a very polite and technical way of saying that the C team keeps leaving memory safety landmines in the breakroom floor.
- Apple's iPhone 16e: Apple debuted a new phone model that is essentially an iPhone 16 with a strategically removed set of features. It sheds the MagSafe charging, a GPU core, and mmWave 5G for a lower price, ensuring that the user gets just enough "Apple Intelligence" to keep them from buying a non-Apple phone, but not so much that they skip the more expensive model.
SECURITY AWARENESS TRAINING (MANDATORY)
Which of the following is the most efficient way to compromise an end-to-end encrypted messaging application?
The "iPhone 16e" is primarily designed to maximize:
Bluesky solved its "hot shard" problem by implementing a lossy timeline, meaning:
// DEAD INTERNET THEORY 43103284
I love the optimism from Microsoft about a "direct path to 1 million qubits." Remember, they've already had to retract a paper on Majoranas, and now they're claiming an 8-qubit chip is a one-way ticket to quantum supremacy. It’s like saying your two-car garage is a 'direct path to a 747 hangar.' I'm calling this the "fraudulent project" until they can reliably distinguish the particles.
The Bluesky team did the smart thing. Why should the database suffer because one dude on the platform followed 100k bot accounts? You are not supposed to read the whole feed, you are supposed to use custom feeds. The lossy part is technically necessary to prevent a single power-user from overloading a hot shard. That shard, by the way, has a name: The Bieber Rack.
Greg K-H is absolutely correct that C is a security nightmare, but the *real* problem with the Rust integration is the politics of who cleans up the mess. Linus can say that the Rust folks must fix the bindings when the C interfaces change, but in practice, you can't just ship a broken kernel while you wait for a third-party to finish their part. The war is not about memory safety; it is about whether I have to spend my weekend fixing your new language's breaking changes.