Equinox Features

New posts will mostly be at #Bluesky. Our Equinox Features #news page is bsky.app/profile/newspi… Our newsgathering page, more news industry & #journalism focused is at bsky.app/profile/equino… Both of handles are domains you can use to visit our website. newspics.com

For customers with #accessibility issues @specsavers also doesn’t list a phone number for customer service, only an online form or social media. That also isn’t accessible to people who need to communicate by phone. Their press office phone number also doesn’t work.

We explained to @Specsavers store manager obligations under #Equality Act, she said not her decision, and despite being aware of the Act the “director” of that franchise which has 3 stores, including another with only standing podiums and no seats, “he’s fine with it” #disability

New #accessibilty #fail is @Specsavers Tottenham Ct Rd London store advised nowhere for customers to sit other than for eye test. Must stand at a podium. Explained #disability, #equality act & many ppl can’t stand for long. Was told their director thought no cust seating OK… 😠

By way of contrast @VisionExpress Oxford Street has plenty of seating, accommodated #accessibility and #neurodiversity and multiple staff spent time in an unhurried way dealing with enquiry. #equality #diversity #success

This is the world we're living in: 'Trump’s executive order sanctioning Albanese prohibited any American person or entity from providing her with “funds, goods or services” – a description so broad it has been compared to a “civil death”. Her apartment in Washington, bought when she and her family were living in the US capital, has been seized. She can no longer use a credit card anywhere in the world, as almost all such transactions are processed by US-based services. “I go around with cash or I have to borrow from friends or from family members,” she says. 'She accuses pro-Israel activists based in Geneva of hounding her husband, Massimiliano Calì, a senior economist at the World Bank, in a campaign that led to him being removed from his lead position running its Syria file. “The World Bank was completely craven,” Albanese says. “He has stellar records of performance in all his positions.”' theguardian.com/law/2026/apr/1…

As journalists we have switched from viewing BBC News to watching @SkyNews A significant factor was the quality of the sensitive and heartfelt coverage by @AlexCrawfordSky and her team. When posting online she also credits her team by name, which is a great mark of respect.

🧵 The axios @npmjs compromise dropped a @macOS backdoor that closely mirrors North Korea's (@DPRK) recent WAVESHAPER backdoor. Let's take a quick look the full intrusion:

A tiny piece of code called axios runs inside almost every app on your phone and every website you visit. Developers download it 100 million times a week. A few hours ago, someone poisoned it with malware that hands an attacker full control of your computer. If you’ve never heard of axios, that’s normal. It does one boring but important job: it lets apps talk to the internet. When a website pulls up your feed or an online checkout processes your card, axios is probably doing the work underneath. Over 173,000 other code packages plug into it. It’s everywhere. The attacker stole a lead developer’s login for npm (think of it as an app store, but for code that programmers use to build software). Once inside, they swapped the developer’s email to an anonymous ProtonMail account and uploaded the poisoned version by hand. That jumped past every security check the project normally runs before new code goes live. And this was not some rushed job. The attacker staged the malware at least 18 hours before pulling the trigger. They built separate versions for Windows, Mac, and Linux. They poisoned both the current version and an older one within 39 minutes of each other, casting the widest net possible. Once the malware ran on a machine, it deleted itself to cover its tracks. The trick was smart. They never touched a single line of code inside axios itself. Instead, they tucked in a fake add-on called plain-crypto-js, built to pass as a well-known, trusted library. It copied the real library’s description and author info, so nothing looked off at a glance. When a developer installed axios, this fake package quietly ran the malware on its own. When a smaller package called ua-parser-js got hijacked back in 2021 with about 8 million weekly downloads, the security world treated it like a four-alarm fire. Axios has 100 million. Over 12x the exposure, with 173,000+ packages depending on it. Socket, the security firm that flagged this, caught it in about 6 minutes. That’s fast. But 6 minutes is still plenty of time for automated systems at companies everywhere to pull and install the bad version before anyone can react. If you or your team runs axios: lock your version to 1.14.0 (or 0.30.3 for the older branch). Change every password, API key, and access token on any machine that installed the compromised update. And check your network logs for connections to sfrclak dot com or the IP address 142.11.206.73.

🚨 CRITICAL: Active supply chain attack on axios -- one of npm's most depended-on packages. The latest axios@1.14.1 now pulls in plain-crypto-js@4.2.1, a package that did not exist before today. This is a live compromise. This is textbook supply chain installer malware. axios has 100M+ weekly downloads. Every npm install pulling the latest version is potentially compromised right now. Socket AI analysis confirms this is malware. plain-crypto-js is an obfuscated dropper/loader that: • Deobfuscates embedded payloads and operational strings at runtime • Dynamically loads fs, os, and execSync to evade static analysis • Executes decoded shell commands • Stages and copies payload files into OS temp and Windows ProgramData directories • Deletes and renames artifacts post-execution to destroy forensic evidence If you use axios, pin your version immediately and audit your lockfiles. Do not upgrade.

The documentary commissioned and then shelved by the BBC over impartiality concerns and later aired by Channel 4 has received a Bafta TV nomination

Is it not news-worthy… That an 18-month-old Palestinian toddler was allegedly held in detention for 10 hours Tortured by Israeli soldiers using burning cigarettes and nails All to force a confession from his father? Look at him Because our press will rather you didn’t.

Hundreds of millions of actively-used iPhones and iPads are now at risk of being hacked through exploit tools that have been made available on Github. For anyone not using the latest iOS 26 software, it's time to update ASAP. “This is bad. They are way too easy to repurpose. I don’t think that can be contained anymore. So we need to expect criminals and others to start deploying this," one security expert at @IsMyPhoneHacked told us. spr.ly/6019B6wNcx

5 exploit chains, 23 exploits, nation-state grade malware has leaked with the capability to mass exploit iPhones. IOCs and technical overview on our blog: iverify.io/blog/coruna-in… #iOS #malware #mobilesecurity #cybersecurity #cyberattack

The Proliferation of DarkSword: iOS Exploit Chain Adopted by Multiple Threat Actors DarkSword supports iOS versions 18.4 through 18.7 and utilizes six different vulnerabilities to deploy final-stage payloads. cloud.google.com/blog/topics/th…

My analysis of CVE-2025-43520, the kernel vulnerability exploited by DarkSword (patched in 26.1): gist.github.com/Muirey03/8c837…

More (truncated) DarkSword findings I scraped together — C2 hardcoded in plaintext, anti-forensics routine that unlinks 22 temp files after stealing keychains/WiFi passwords, and a real GPU crash log from in-the-wild exploitation

Use @IsMyPhoneHacked to detect and remediate DarkSword infection vimeo.com/1176404490 We recorded small demonstration of live DarkSword infection and detection. iVerify basic app is still free on appstore.

Israel targets a British journalist in Lebanon. The BBC: “Missile lands next to presenter” Pathetic even by its own incredibly low standards.

⚡️Japan weighs new deal with Kyiv for Ukrainian-made drones, Japanese media reports. Tokyo is considering signing an arms transfer agreement to acquire Ukrainian-made drones from Kyiv, as Japan seeks to strengthen its drone defense capabilities, Kyodo News reported on March 14. kyivindependent.com/japan-consider…