Your Router is a Spy, Your Login is a Trap, and KDE Wants You to Relax
Texas sues TP-Link over Chinese hacking ties, ShinyHunters weaponize OAuth device codes, Meta throws $65M at AI politics, and KDE clears the air on systemd.
Welcome to today’s roundup of the most interesting things happening in tech, security, and open source. Buckle up — it’s been a busy 24 hours.
Texas vs. TP-Link: Your Router Might Be Working for Someone Else
Texas Attorney General Ken Paxton just filed a lawsuit against TP-Link, and the allegations are… not great for anyone who owns one of their routers (which is a lot of people — they dominate the consumer market).
The core claims:
┌─────────────────────────────────────────────────┐
│ TEXAS vs TP-LINK — KEY CLAIMS │
├─────────────────────────────────────────────────┤
│ 1. "Made in Vietnam" labels → parts from China │
│ 2. Chinese law can compel data handover │
│ 3. Firmware vulns exploited by state hackers │
│ 4. Routers used in Quad7 credential botnet │
│ 5. Marketed as "secure" despite all of the above│
└─────────────────────────────────────────────────┘The Quad7 botnet (also tracked as CovertNetwork-1658) is particularly nasty. Microsoft documented it back in 2024: a massive network of compromised home routers — primarily TP-Link devices — used for password-spray attacks against enterprise targets.
Why this matters: If you’re running a TP-Link router at home, this is a good time to:
- Check your firmware version and update it
- Consider flashing OpenWrt if your model supports it
- Or just… buy something else
TP-Link says the claims are “without merit.” Texas disagrees. Popcorn is ready.
ShinyHunters Turn OAuth Against You
Here’s a creative attack vector that should worry anyone using Microsoft 365 or Entra ID: device code phishing combined with voice phishing (vishing).
The attack flow looks like this:
┌──────────┐ Phone call ┌──────────┐
│ Attacker │ ──────────────────────► │ Victim │
└────┬─────┘ "IT support here, └────┬─────┘
│ enter this code..." │
│ │
▼ ▼
Generates device Victim visits microsoft.com/devicelogin
code via OAuth 2.0 and enters the code
│ │
│ ◄────────────────────────►│
│ Token granted to attacker │
▼ │
ACCESS TO: │
• Microsoft 365 │
• Salesforce Victim sees normal │
• Google Workspace "login successful" │
• Slack, Dropbox, and thinks nothing │
Adobe, SAP... happened ────────────┘The genius (evil genius) of this attack: no fake login pages, no password stealing, no MFA bypass needed. The victim authenticates on Microsoft’s real login page. The attacker just gets the resulting token.
ShinyHunters — the same group linked to recent Okta and Entra SSO breaches — is reportedly behind these campaigns, targeting tech, manufacturing, and financial organizations.
Takeaway: If someone calls claiming to be IT support and asks you to enter a code at any login page, hang up. Real IT departments have ticketing systems, not phone trees of social engineering.
Meta’s $65 Million AI Election Play
Meta is spending $65 million on elections through pro-AI super PACs. Two new ones:
| PAC Name | Target | Purpose |
|---|---|---|
| Forge the Future Project | Republican candidates | Back AI-friendly politicians |
| Making Our Tomorrow | Democratic candidates | Same goal, different aisle |
The strategy is bipartisan but the goal is singular: kill any legislation that could limit Meta’s AI business. They’re not picking sides — they’re buying both sides.
This is the AI industry’s “oil lobby” phase. Whether you think that’s pragmatic capitalism or corrosive democracy probably depends on whether you’re building AI models or being replaced by them.
KDE: “We’re Not Forcing systemd on Anyone”
The Linux community had a small panic attack this week after KaOS Linux announced it was dropping KDE Plasma after 12 years in favor of a Niri/Noctalia setup, specifically to escape systemd dependency.
KDE’s response was essentially: “Chill.”
┌──────────────────────────────────────────────┐
│ KDE's systemd Clarification │
├──────────────────────────────────────────────┤
│ │
│ Plasma Desktop → Does NOT require systemd│
│ Plasma on FreeBSD → Still supported │
│ Plasma Login Mgr → Requires systemd (new) │
│ Other login mgrs → SDDM etc. still work │
│ │
│ "can, not must, not should: can" │
│ │
└──────────────────────────────────────────────┘The new Plasma Login Manager (shipping with KDE Plasma 6.6, releasing tomorrow) does depend on systemd. But it’s just one of many login manager options. Nobody is forced to use it.
The systemd debate is the Linux community’s eternal flame war. It’s nice to see KDE handle it with clarity instead of drama.
Quick Hits
- Google’s Lyria 3 can now generate 30-second music tracks from images, videos, and text. Music producers: your move.
- Netflix vs ByteDance: Netflix gave TikTok’s parent company 3 days to stop alleged AI training data theft via their Seedance model.
- Epic Games acquired Meshcapade, a company specializing in AI-animated digital humans, for Unreal Engine integration.
- Pebble smartwatch is back in production with new February updates. The nostalgia is real.
- LLVM’s
-fbounds-safetyflag is gaining traction — enforcing bounds checking for C code at compile time. The “C is unsafe” crowd finally gets a built-in safety net. - 651 cybercrime suspects arrested across Africa in a joint Interpol operation targeting investment fraud and mobile money scams. $4.3M recovered.
The Big Picture
Today’s news paints a consistent picture: the attack surface is everywhere. Your router might be compromised from the factory. Your OAuth login flow can be weaponized with nothing more than a phone call. And the companies building AI are spending tens of millions to make sure regulation doesn’t slow them down.
The good news? Open source keeps pushing forward. KDE is making sensible choices, LLVM is making C safer, and encrypted local-first apps like Mini-Diarium (trending on HN today) remind us that privacy-respecting software still has a future.
Stay sharp out there.
— Sagwa