The best streaming services have added plenty of new movies in April, and I was excited to see lots of horror titles among them.

April is a strong month for horror with some of the biggest franchises and originals available to watch from the comfort of your living room. The month is typically associated with pranks and comedies, but if you want something more macabre, I’ve got you covered.

You know what they say — you can’t keep a good website down. OldVersion.com, the repository of outdated software that has been serving up old versions of tools you need for the last twenty-five years, is not going away as we reported last year. Not only is it sticking around, it’s gotten a retro facelift inspired by Windows 3.1 or OS/2. Mostly Windows, given the screensaver, but we’ll let you find that for yourself.

We’re thrilled to see that OldVersion has gotten the support they need to keep going after running into financial troubles. According to founder Alex Levine, some of that support came as a result of the Hackaday article reporting on the then-upcoming closure, so kudos to you guys for stepping up.

While we absolutely love the retro redesign of the new website, that’s one thing notably lacking — an obvious donation button. Well, that and old-school HTTP support so you can get on with your retromachines, but that, at least, is in the works according to the site roadmap. It’s a little weird that in this year of the common era 2026 you have to do extra work to give up on HTTPS functionality, but it is the way it is.

In the meantime, the site is fully usable as long as you have HTTPS capability, or go through a proxy. Perhaps you could use this ESP8266 code to get started making one, if you don’t want to embarrass your old computer by using something more powerful than it as a pass-through.

Speaking of proxies, if old versions of software aren’t enough for you, how about an old version of the internet? We heard you like old versions, so you can visit an old version of OldVersion!

Note that if you’re reading this after 01/04/2026, the look-and-feel of OldVersion.com may not match what’s depicted here.

SpaceX is looking to the heavens for its upcoming initial public offering based on a $1.75 trillion valuation, according to confidential paperwork filed with the US Securities and Exchange Commission.

As reported by Bloomberg, the draft IPO registration is the first step toward a possible June offering that could raise approximately $75 billion. The filing allows the company to get feedback from the SEC before the information is released publicly.

The IPO may be open to more people than just the wealthiest investors. According to a report by The Motley Fool, SpaceX plans to allocate around 30% of the initial shares to “retail investors,” meaning individual investors. Normal retail allocation tends to be around 10% of shares.

A SpaceX representative didn’t immediately respond to a request for comment.

Why a SpaceX IPO is a big deal

Spaceflight is an incredibly expensive endeavor; SpaceX gets billions of dollars from the US government to launch satellites and help keep NASA’s programs running. Almost a year ago, the company set a target of launching every other day through the end of 2025 and ended up launching a record 165 orbital flights.

But SpaceX is no longer just a high-flying rocket company. Its Starlink division provides data access to homes, remote locations, airlines and direct to many mobile phones in areas where there’s no cellular coverage. It also recently acquired xAI, another of Elon Musk’s companies, and owns the social media site X (formerly Twitter).

It’s the AI angle that seems to be driving up the company’s valuation ahead of the IPO. The xAI all-stock acquisition valued the company and SpaceX at $1.25 trillion. This year, OpenAI and Anthropic PBC are also expected to go public.

Although those numbers are eye-popping, the company has plenty of challenges before it can get off the launchpad.

Starlink has announced a plan to send up new V3 third-generation satellites that should bring gigabit internet speeds to its network, but those won’t be ready until 2027. Getting them up requires SpaceX’s heavy-duty Spacecraft vehicle, which has had limited success in testing so far. In the meantime, its current Starlink satellites have been exploding in orbit as recently as this week.

And for xAI, the skies aren’t exactly clear despite the current fervor for all things AI. Musk announced in mid-March that “xAI was not built right first time around, so is being rebuilt from the foundations up.” And the company is being sued by three teen girls and their guardians for “devastating” harm caused by its Grok AI generating child sexual abuse images.

WhatsApp has notified approximately 200 users, primarily in Italy, that they were tricked into installing a counterfeit version of the messaging app that was actually government spyware. The fake application was built by SIO, an Italian surveillance technology company that develops spyware for law enforcement and intelligence agencies through its subsidiary ASIGINT. WhatsApp said it had proactively identified the affected users, logged them out of their accounts, warned them about the privacy risks, and urged them to delete the fake client and install the official app from a trusted source. The company told TechCrunch it also plans to send a formal legal demand to SIO to halt any malicious activity linked to the campaign.

The disclosure, first reported by Italian newspaper La Repubblica and news agency ANSA, marks the second time in little more than a year that WhatsApp has publicly named a spyware vendor operating against its users in Italy. In early 2025, WhatsApp alerted around 90 users, including journalists and pro-immigration activists, that they had been targeted by Paragon Solutions, a U.S.-Israeli surveillance firm whose flagship product, Graphite, was deployed by Italy’s domestic and foreign intelligence services. That revelation triggered a political crisis in Rome. Italy’s parliamentary intelligence oversight committee, COPASIR, confirmed the use of Graphite and found that seven Italians had been targeted. Paragon subsequently cut ties with Italy’s spy agencies after the government declined to verify whether the spyware had been used against a specific journalist, Francesco Cancellato of the news site Fanpage.

SIO’s spyware operates through a different model. The malware, identified in its own code as Spyrtacus, is embedded in fake applications designed to look like legitimate software. Researchers have found 13 different samples of Spyrtacus dating back to 2019, with the most recent from late 2024. Previous versions impersonated Android apps from Italian mobile providers TIM, Vodafone, and WINDTRE, as well as earlier fake versions of WhatsApp itself. TechCrunch first exposed SIO’s Android distribution campaign in February 2025. The latest operation, targeting iPhones, represents an expansion of the tactic to Apple’s ecosystem. Once installed, Spyrtacus can steal text messages, chat histories, and call logs, as well as record audio and video directly from the device’s microphone and camera.

The delivery mechanism is as revealing as the malware itself. In Italy, authorities routinely obtain cooperation from mobile carriers, who send phishing links to their own customers on behalf of law enforcement. The target receives what appears to be a routine update notification from their provider, directing them to install what looks like a standard WhatsApp update. The Italian justice ministry has maintained a price list and catalogue showing how authorities can compel telecom companies to send such messages, a system that effectively turns the mobile network itself into a distribution channel for state surveillance tools. The cost of renting spyware in Italy is remarkably low: as of late 2022, law enforcement could access these tools for as little as €150 per day, without the large upfront acquisition costs that typically limit deployment in other countries.

Italy’s position as a spyware hub is unusual among Western democracies. Companies including Hacking Team, Cy4Gate, RCS Lab, and Raxir have all been based in the country, drawn by a legal framework that provides a formal statutory basis for the “captatore informatico,” or computer interceptor, effectively state-sanctioned trojan software. Fabio Pietrosanti, president of the Hermes Center for Transparency and Digital Human Rights, has said that spyware is deployed more frequently in Italy than anywhere else in Europe because the low cost and permissive regulation make it accessible to a far wider range of law enforcement agencies than in neighbouring countries. The result is an ecosystem in which municipal police forces, not just national intelligence agencies, can commission surveillance operations against individuals.

WhatsApp spokesperson Margarita Franklin told TechCrunch the company could not yet confirm whether the 200 affected users included journalists or members of civil society. “Our priority has been protecting the users who may have been tricked into downloading this fake iOS app,” she said. The company did not specify whether it had referred the matter to Italian prosecutors or to any regulatory authority. Apple and SIO did not respond to requests for comment.

The legal landscape around commercial spyware has shifted substantially in the past year. In May 2025, a California jury ordered NSO Group, the Israeli maker of Pegasus, to pay WhatsApp $167 million in punitive damages after finding it had enabled hacks of approximately 1,400 users through zero-click attacks. A federal judge later reduced the award to $4 million but imposed a permanent injunction barring NSO from targeting WhatsApp’s infrastructure. NSO has appealed. WhatsApp’s parent company Meta described the verdict as a landmark, and it has since expanded its legal strategy against the broader surveillance industry. The formal legal demand WhatsApp intends to send SIO follows the same pattern: use litigation and public disclosure as deterrents against companies that profit from compromising encrypted messaging platforms.

The proliferation of spyware vendors presents a challenge that extends well beyond any single platform. Apple has sent mercenary-spyware threat notifications to users in more than 150 countries since 2021, alerting individuals it believes have been individually targeted by state-sponsored attacks. In April 2025, Apple notified the Italian journalist Ciro Pellegrino, one of the Paragon victims, that he had been targeted. The notification systems run by Apple and WhatsApp now represent the primary mechanism by which victims of government surveillance learn they have been compromised, a function that was once the exclusive domain of the cybersecurity industry’s specialist researchers.

The global lawful-interception market was valued at $4 billion in 2023 and is projected to reach $15 billion by 2032, growing at roughly 16 per cent annually. That growth is being driven not by the Pegasus-style zero-click exploits that attract headlines, but by the kind of low-cost, phishing-based tools that SIO sells. The barrier to entry for government surveillance has dropped to the point where a local police department in a midsize Italian city can commission the same class of spyware deployment that was once the preserve of national intelligence agencies. The gap between regulatory ambition and enforcement capacity in Europe means that the legal frameworks governing these tools have not kept pace with the speed at which they are being adopted.

What makes the SIO case distinct from the Paragon scandal is the method. Paragon’s Graphite used zero-click exploits that required no action from the target. SIO’s Spyrtacus requires the target to install a fake application, a social-engineering approach that relies on trust in the carrier and familiarity with routine app updates. The fact that Italian telecoms participate in the delivery chain, sending phishing messages to their own subscribers at the state’s request, turns the mobile infrastructure itself into an instrument of surveillance. It is one thing for a government to hack a phone. It is another for the phone company to help.

WhatsApp’s decision to publicly name SIO and notify the affected users follows the broader pattern of tech platforms asserting themselves as counterweights to state surveillance in ways that would have been unthinkable a decade ago. The company is not merely patching a vulnerability. It is identifying the vendor, alerting the victims, and threatening legal action, a posture that positions a messaging app owned by Meta as a more effective check on government spyware abuse than any European regulatory body has managed to date. Whether that dynamic is reassuring or alarming depends on your view of where the responsibility for protecting citizens from their own governments should ultimately rest.

For the 200 users in Italy who received WhatsApp’s notification, the immediate question is narrower: who authorised the surveillance, and on what legal basis? The answer may never become public. Italy’s lawful-intercept framework permits the use of these tools under judicial oversight, but the oversight mechanisms have repeatedly proven inadequate to prevent abuse. The Paragon scandal demonstrated that intelligence agencies could target journalists and activists under the cover of lawful authority. The SIO case suggests the problem runs deeper, extending to less prominent vendors, cheaper tools, and a distribution model that exploits the trust citizens place in their mobile carriers. The spyware industry does not need zero-click exploits to be dangerous. It just needs a convincing notification from your phone company.

Under a new state regulation, venture capital firms operating in California were supposed to submit demographic data about their portfolio companies, including the gender and race of startup founders they backed. But amid public criticism from some tech leaders, the California agency administering the new requirement suspended it just before the Wednesday deadline for firms to make their first disclosures.

“The California Department of Financial Protection and Innovation (DFPI) has announced that it plans to initiate rulemaking in response to comments by various stakeholders relating to the Fair Investment Practices by Venture Capital Companies Law,” the state agency posted on its website in mid-March. “Implementation and enforcement of the [law] will be suspended pending completion of the rulemaking and until final regulations are in place.”

California lawmakers first passed the measure in 2023, and it was signed into law shortly thereafter by Governor Gavin Newsom. For decades, women and people of color have received only a small share of overall startup funding relative to their representation in the US population. Lawmakers hoped putting more public scrutiny on investment decisions would help foster greater equity in the market, including for people who are disabled, retired military, or LGBTQ+.

The law called for venture capital and some other investment firms to file annual reports starting March 1 of last year about the overall makeup of the founding teams they had invested in and the amount of money they provided to diverse founders. Firms were meant to collect the demographic data through a voluntary survey that was then anonymized. California authorities planned to publish the filings online. Lawmakers amended the law in 2024 to delay reporting until April 1, 2026 and enable the state to levy daily fines for noncompliance.

The California Department of Financial Protection and Innovation did not immediately respond to a request for comment on the authority it used to sidestep the deadline set by lawmakers. Newsom’s office also didn’t immediately respond to a request for comment.

Financiers focused on funding entrepreneurs from underrepresented backgrounds had supported the law. But the National Venture Capital Association, the tech investment industry’s leading trade group, opposed it. The group argued that voluntary data collection would inflate diversity statistics and that publishing inaccurate data could lead to unfair attacks on investors genuinely trying to tackle diversity issues. Over the past year, the Trump administration has defunded and attacked diversity, equity, and inclusion, or DEI, initiatives in both the public and private sectors, leading many businesses and organizations to pull back from them.

In February, the venture capital association wrote to Newsom asking for the reporting deadline to be pushed back again because, in its view, the state had bungled the process. California authorities didn’t publish the standardized survey founders were supposed to fill out until early this year and, at the time, they still hadn’t introduced a way for firms to register with regulators as required by the law, according to the association. “This administrative timeline creates an environment ripe for error and threatens to produce the misleading and counterproductive data we previously warned against,” association president and CEO Bobby Franklin wrote.

Last month, as the deadline for the first reports loomed, some entrepreneurs and investors began complaining on social media about the survey effort. “The latest California malarky is a requirement for venture investors to collect/report racial and gender statistics,” wrote Blake Scholl, the founder and CEO of venture-backed aviation startup Boom Supersonic. “I want to live in a world where merit matters—not skin color or what you have between your legs.”

A new malware-as-a-service called CrystalRAT is being promoted on Telegram, offering remote access, data theft, keylogging, and clipboard hijacking capabilities.

The malware emerged in January with a tiered subscription model. Apart from the Telegram channel, the MaaS was also promoted on YouTube, via a dedicated marketing channel that showcased its capabilities.

Kaspersky researchers say in a report today that the malware features strong similarities to WebRAT (Salat Stealer), including the same panel design, Go-based code, and a similar bot-based sales system.

CrystalX also includes an extensive list of prankware features designed to annoy the user or disrupt their work. Despite its “fun” side, CrystalX offers a large set of data theft capabilities.

CrystalX RAT details

Kaspersky says that the malware provides a user-friendly control panel and an automated builder tool that supports customization options, including geoblocking, executable customization, and anti-analysis features (anti-debugging, VM detection, proxy detection, etc.).

The generated payloads are zlib-compressed and encrypted with the ChaCha20 symmetric stream cipher for protection.

The malware connects to the command-and-control (C2) via WebSocket and sends info about the host for profiling and infection tracking.

CrystalX’s infostealer component, which Kaspersky found to be temporarily disabled as it is being prepared for an upgrade, targets Chromium-based browsers via the ChromeElevator tool, Yandex, and Opera. Additionally, the tool collects data from desktop apps such as Steam, Discord, and Telegram.

The remote access module can be used to execute commands via CMD, upload/download files, browse the file system, and control the machine in real time via built-in VNC.

The malware also exhibits spyware-like behavior, as it can capture video and audio from the microphone.

Finally, CrystalX features a keylogger that streams keystrokes in real time to the C2, and a clipper tool that uses regular expressions to detect wallet addresses in the clipboard and replace them with ones the attacker provides.

Putting some “fun” in the package

What sets CrystalX apart in the crowded MaaS space is its rich set of prankware features.

According to Kaspersky, the malware can do the following on infected devices:

• change desktop wallpaper
• alter display orientation to various angles
• force system shutdown
• remap mouse buttons
• disable input devices (keyboard/mouse/monitor)
• show fake notifications
• change cursor position on the screen
• hide various components (desktop icons, taskbar, the Task Manager, and the Command Prompt executable)
• Provide attacker-victim chat window

While the above features do not improve the attack’s monetization potential for cybercriminals, they certainly make the product distinctive, and could bait script kiddies and low-skilled/entry-level threat actors into getting a subscription.

Another reason for the prank features could be potential for victim manipulation, or even distraction, while the data theft modules run in the background.

To reduce the risk of malware infections, users are advised to exercise caution when interacting with online content and avoid downloading software or media from untrusted or unofficial sources.

Automated pentesting proves the path exists. BAS proves whether your controls stop it. Most teams run one without the other.

This whitepaper maps six validation surfaces, shows where coverage ends, and provides practitioners with three diagnostic questions for any tool evaluation.

Get Your Copy Now

from the getting-the-fix-in dept

Because South Dakota governor Larry Rhoden is forever obligated to serve Kristi Noem and Kristi Noem is forever obligated to serve Donald Trump, he and his GOP buddies are making America MAGA again, starting with his home turf.

Non-citizens have never really disrupted voting. But they’re the convenient scapegoat for a party that’s justifiably worried it’s going to lose its majority during the mid-terms. Multiple efforts are being made all over the nation to disenfranchise anyone that’s not part of Trump’s most rabid voting base. Pretending people not allowed to legally vote are somehow flipping elections for the Democratic Party is more than merely obnoxious. It’s actually harming the democratic process.

Here in South Dakota, two laws have been passed in recent weeks with the express purpose of keeping non-white people from showing up to vote. The first, passed at the beginning of this month, allows any rando to claim a person they saw voting shouldn’t be allowed to vote.

Voters in South Dakota will soon be able to challenge other voters’ citizenship.

Republican Gov. Larry Rhoden signed legislation into law last week that authorizes challenges by individuals and election officials.

Advertisement

[…]

State law already allows challenges to a voter’s registration up to the 90th day before an election, if a person is suspected of lacking South Dakota residency, voting in another state or being registered to vote in another state. The new law adds citizenship as a justification for a challenge.

Challenges may be filed by the South Dakota Secretary of State’s Office, the auditor in the county where the voter is registered, or a voter in the same county. The challenge must be in the form of a signed, sworn statement and must include what the law describes as “documented evidence.”

Now, we can all see what the law is. But we all know how it will be applied. State employees with access to voter rolls will raise challenges against anyone with a foreign-sounding last name. While it’s unlikely few citizens will actually file challenges, they’ll certainly feel comfortable accosting anyone standing in line to vote whose skin is darker than their own. Given the inevitability of these responses, it’s easy to see the law accomplishing exactly what it’s supposed to: limit the number of non-white voters at the polls during the mid-terms and beyond.

But that’s not the only suppression effort signed into law this month. There’s also this one, which raises the bar for participating in the democratic process with the obvious intention of limiting participation to the sort of voters the GOP thinks with vote for it:

New voters in South Dakota will have to prove that they are United States citizens in order to cast a ballot in state and local races under a bill signed on Thursday by Gov. Larry Rhoden.

The new law, which does not apply to South Dakotans already on the voter rolls, comes amid a national push by Republicans to tighten voting rules and root out voting by noncitizens, which is already illegal and believed to be rare.

“This bill ensures only citizens vote in state elections, keeping our elections safe and secure,” said Mr. Rhoden, who is seeking election to a full term this year and is facing a crowded Republican primary field. 

It’s already illegal in South Dakota to vote if you’re not a citizen. This bill addresses a completely imaginary “problem.” And it forces voters to provide a passport, birth certificate, and other documents proving citizenship before they’re allowed to vote. While it may be easy for many people to present these documents, the simple fact is that they’ve never been asked to do this before, and anyone who’s not aware this law has been passed will be denied the opportunity to vote because the GOP decided to move the goalposts during an election year.

Non-citizens voting in South Dakota has never been an issue. The fact that 273 non-citizens were recently removed from the state’s voting rolls may seem a bit sketchy but there’s a good reason there might be a few hundred non-citizens with voter registrations:

Noncitizens can obtain a driver’s license or state ID if they are lawful permanent residents or have temporary legal status. There’s a part of the driver’s license form that allows an applicant to register to vote. That part says voters must be citizens. 

The problem is that this is all on the same form. The voter registration part of the form has a signature line, which many applicants will fill out and sign even if their intention is only to get a drivers license or ID card, especially since it appears before the final signature block for the entire application.

If applicants are not asked to affirmatively state their intention to register to vote (as the Department of Public Safety employees ask now, along with asking applicants to write “vote” on the form to signal their affirmation), their applications might be processed, along with the voter registration applicants didn’t realize they enabling.

The Secretary of State’s office (the office that’s supposed to be reviewing voter registrations for eligibility) threw the Department of Public Safety under the bus:

Rachel Soulek, director of the Division of Elections in the Secretary of State’s Office, placed blame on the department in her response to South Dakota Searchlight questions about the situation.

“These non U.S. citizens had marked ‘no’ to the citizenship question on their driver’s license application but were incorrectly processed as U.S. citizens due to human error by the Department of Public Safety,” Soulek wrote.

Advertisement

That’s not what happened. Their ID applications were processed and the Soulek’s department failed to catch the inadvertent errors. And it doesn’t really even matter who’s at fault because despite the errors, this is still a non-issue.

Soulek said only one of the 273 noncitizens had ever cast a ballot. That was during the 2016 general election.

A handful of clerical errors that resulted in a single illegal vote in the past decade cannot be a rational basis for a new law. And there’s a good chance the sole vote was made in error, rather than maliciously. After all, if the state told this person they could vote, who were they to question that determination?

This is nothing more than state governments stepping up to do what Trump can’t. His SAVE Act is stalled and lots of last-minute gerrymandering at the behest of the president is tied up in court. His loyalists are doing what they can to make his perverted dreams a reality in states that are most likely to lean Republican in the first place, which makes all of this as pointless as it is stupid. But the underlying threat to democracy remains, ever propelled forward by the people who claim to love America the most.

Filed Under: immigration, larry rhoden, racism, south dakota, trump administration, voter fraud, voter suppression

Apple has now made it possible for more iPhones still running iOS 18 to receive security updates that protect against the actively exploited DarkSword exploit kit.

“We enabled the availability of iOS 18.7.7 for more devices on April 1, 2026, so users with Automatic Updates turned on can automatically receive important security protections from web attacks called DarkSword,” reads a note in today’s iOS 18.7.7 security update changelog.

“The fixes associated with the DarkSword exploit first shipped in 2025.”

In March, researchers at Lookout, iVerify, and Google Threat Intelligence revealed a new “DarkSword” exploit kit that targeted iPhones running iOS 18.4 through 18.7.

The six vulnerabilities used by the DarkSword exploit kit are tracked as CVE-2025-31277, CVE-2025-43529, CVE-2026-20700, CVE-2025-14174, CVE-2025-43510, and CVE-2025-43520.

While iOS exploits have typically been used in highly targeted spyware campaigns, this iOS exploit kit was used much more widely, including by Turkish commercial surveillance vendor PARS Defense, a threat actor tracked as UNC6748, and a suspected Russian espionage group tracked as UNC6353.

In these attacks, GTIG observed three separate information-stealing malware families deployed on victims’ devices: a highly aggressive JavaScript infostealer named GhostBlade, the GhostKnife backdoor, and the GhostSaber JavaScript malware, which can execute code and steal data.

Since July 2025, with the release of iOS 18.6, Apple has been steadily fixing the flaws as they are disclosed in security updates pushed out to compatible devices.

However, by late 2025, Apple stopped offering iOS 18 updates to newer devices capable of running the newer iOS 26. 

For those who decided not to upgrade and stay on iOS 18, availability to the security updates became limited, with newer devices no longer receiving patches for DarkSword vulnerabilities released in 2026.

Since then, only a small number of devices remained able to receive iOS 18 updates, and the last 18.7.6 update was offered only to iPhone XS, iPhone XS Max, and iPhone XR devices.

To make matters worse, a researcher released the DarkSword exploit kit on GitHub last month, making it accessible to other threat actors who wanted to target older iPhones.

Today, Apple has released iOS 18.7.7 to make it available to more devices that want to stay on the older operating system while remaining protected from the latest threats.

Devices eligible to receive the new update now include iPhone XR, iPhone XS, iPhone XS Max, iPhone 11 (all models), iPhone SE (2nd generation), iPhone 12 (all models), iPhone 13 (all models), iPhone SE (3rd generation), iPhone 14 (all models), iPhone 15 (all models), iPhone 16 (all models), iPhone 16e, iPad mini (5th generation – A17 Pro), iPad (7th generation – A16), iPad Air (3rd – 5th generation), iPad Air 11-inch (M2 – M3), iPad Air 13-inch (M2 – M3), iPad Pro 11-inch (1st generation – M4), iPad Pro 12.9-inch (3rd – 6th generation), and iPad Pro 13-inch (M4).

iPhone users still running iOS 18 with Automatic Updates enabled will now receive the latest version and protections against the DarkSword exploit kit.

Automated pentesting proves the path exists. BAS proves whether your controls stop it. Most teams run one without the other.

This whitepaper maps six validation surfaces, shows where coverage ends, and provides practitioners with three diagnostic questions for any tool evaluation.

Get Your Copy Now