Android devices are vulnerable to a new attack that can covertly steal two-factor authentication codes, location timelines, and other private data in less than 30 seconds.

The new attack, named Pixnapping by the team of academic researchers who devised it, requires a victim to first install a malicious app on an Android phone or tablet. The app, which requires no system permissions, can then effectively read data that any other installed app displays on the screen. Pixnapping has been demonstrated on Google Pixel phones and the Samsung Galaxy S25 phone and likely could be modified to work on other models with additional work. Google released mitigations last month, but the researchers said a modified version of the attack works even when the update is installed.

Like Taking a Screenshot

Pixnapping attacks begin with the malicious app invoking Android programming interfaces that cause the authenticator or other targeted apps to send sensitive information to the device screen. The malicious app then runs graphical operations on individual pixels of interest to the attacker. Pixnapping then exploits a side channel that allows the malicious app to map the pixels at those coordinates to letters, numbers, or shapes.

“Anything that is visible when the target app is opened can be stolen by the malicious app using Pixnapping,” the researchers wrote on an informational website. “Chat messages, 2FA codes, email messages, etc. are all vulnerable since they are visible. If an app has secret information that is not visible (e.g., it has a secret key that is stored but never shown on the screen), that information cannot be stolen by Pixnapping.”

The new attack class is reminiscent of GPU.zip, a 2023 attack that allowed malicious websites to read the usernames, passwords, and other sensitive visual data displayed by other websites. It worked by exploiting side channels found in GPUs from all major suppliers. The vulnerabilities that GPU.zip exploited have never been fixed. Instead, the attack was blocked in browsers by limiting their ability to open iframes, an HTML element that allows one website (in the case of GPU.zip, a malicious one) to embed the contents of a site from a different domain.

Pixnapping targets the same side channel as GPU.zip, specifically the precise amount of time it takes for a given frame to be rendered on the screen.

The GHF was created in early 2025, having emerged from conversations between individuals such as Eisenberg, Tancman, and consultant Yotam HaCohen—who, like Tancman, is a part of COGAT. They were reportedly concerned that Hamas was stealing aid meant for civilians, however, an analysis by a USAID agency found no evidence of this.

Through conversations with Israeli officials, GHF began to receive on-ground support from two American companies: Safe Reach Solutions, run by former CIA officer Philip Reilly, and UG Solutions, run by former Green Beret Jameson Govoni. Neither responded to requests for comment.

GHF is currently run by Johnnie Moore Jr., a former Trump official, and evangelical Christian. It was originally headed by Jake Wood, a former Marine who founded Team Rubicon, an organization that deploys veterans to disaster zones. Wood resigned after about three months, claiming that he couldn’t oversee aid distribution at GHF while “adhering to the humanitarian principles of humanity, neutrality, impartiality, and independence.”

Alternative Paths

The GREAT Trust presentation is not the only business-minded plan for redeveloping Gaza.

Former UK prime minister Tony Blair has been linked to the development of an alternative plan that was leaked to the Guardian and Haaretz. Among other things, the plan proposes creating a Gaza Investment Promotion and Economic Development Authority, which would be a “commercially driven authority, led by business professionals and tasked with generating investable projects,” according to various reports of the plan, but it does not mention any specific companies.

Another group called “Palestine Emerging”—made up of an international collective of business executives and consultants—also created a post-war Gaza blueprint. It does not get into detail about investments from businesses abroad, but argues that there will have to be a “phased development strategy” in the short, medium, and long-term in order to rebuild Gaza’s housing and economy. The blueprint also mentions that there were “about 56,000 businesses in Gaza” before October 7, 2023, which were subject to “historical constraints” that limited their success.

Comet 3I/Atlas continues to be full of surprises. As well as being only the third interstellar object ever detected, new analysis shows it is producing hydroxyl (OH) emissions, with these compounds betraying the presence of water on its surface. This discovery was made by a team of researchers at Auburn University in Alabama using NASA’s Neil Gehrels Swift Observatory, and was described in a study published in The Astrophysical Journal Letters.

Hydroxyl compounds are detectable via the ultraviolet signature they produce. But on Earth, a lot of UV wavelengths are blocked by the atmosphere, which is why the researchers had to use the Neil Gehrels Swift Observatory—a space telescope free from interference experienced by observatories on Earth.

Water is present in virtually every comet seen in the solar system, so much so that the chemical and physical reactions of water are used to measure, catalog, and track these celestial objects and how they react to the heat of the sun. Finding it on 3I/ATLAS means being able to study its characteristics using the same scale used for regular comets, and this information could in future be useful data for studying the processes of comets that originate in other star systems as well.

“When we detect water—or even its faint ultraviolet echo, OH—from an interstellar comet, we’re reading a note from another planetary system,” said Dennis Bodewits, an Auburn University physicist who collaborated on the research, in a press statement. “It tells us that the ingredients for life’s chemistry are not unique to our own.”

Comets are frozen hunks of rock, gases, and dust that usually orbit stars (the exceptions being the three interstellar objects found so far). When they’re far away from a star, they’re completely frozen, but as they get closer, solar radiation causes their frozen elements to heat up and sublimate—turn from solid into gas—with some of this material emitted from the comet’s nucleus thanks to the star’s energy, forming a “tail.”

But with 3I/ATLAS, data collected revealed an unexpected detail: OH production by the comet was already happening far away from the sun—when the comet was more than three times farther from the sun than the Earth—in a region of the solar system where temperatures normally aren’t sufficient to easily produce the sublimation of ice. Already at that distance, however, 3I/ATLAS was leaking water at the rate of about 40 kilograms per second, a flow comparable—the study authors explain—to that of a “hydrant at maximum power.”

This detail would seem to indicate a more complex structure than what is usually observed in comets in the solar system. It could, for example, be explained by the presence of small fragments of ice detaching from the comet’s nucleus, and which are then vaporized by the heat of sunlight, going on to feed a gaseous cloud that surrounds the celestial body. This is something that has so far been observed only in a small number of extremely distant comets, and which could provide valuable information about the processes from which 3I/ATLAS originated.

“Every interstellar comet so far has been a surprise,” said Zexi Xing, an Auburn University researcher and coauthor of the discovery, in a press statement. “‘Oumuamua was dry, Borisov was rich in carbon monoxide, and now ATLAS is giving up water at a distance where we didn’t expect it. Each one is rewriting what we thought we knew about how planets and comets form around stars.”

This story originally appeared on WIRED Italia and has been translated from Italian.