Search This Blog
Powered by Blogger.

Blog Archive

Labels

Footer About

Footer About

Labels

Load More
Trendy Right Now

Popular Posts

Showing posts with label Vulnerability and Exploits. Show all posts
Vulnerability and Exploits
Android Security Bug Cybersecurity Threats 2025 OnePlus Vulnerability OxygenOS Security Flaw Rapid7 Research Smartphone Security Risks SMS Hijacking Risk Vulnerability and Exploits

OnePlus Users Face Security Risks from OxygenOS Vulnerability

 


With smartphones continuously expanding, OnePlus has long been recognised as one of the leading brands in the market, delivering premium performance at an affordable price point and building a loyal user base within the competitive Android market for years. 

The influx of cyber threats, however, does not make even the most admired devices immune to being compromised. There has now been a critical security flaw discovered in OxygenOS, the proprietary OS that powers OnePlus smartphones, that is critical to security. This vulnerability, identified as CVE-2025-10184, is not specific to OnePlus but has been found in other Android devices as well. 

It is believed that millions of users could be compromised by spying and data theft. A key concern in this case is that this bug remains unpatched on OnePlus devices, according to Rapid7 researcher Calum Hutton. As a result of this, a large portion of users are vulnerable to exploitation by malicious actors. Researchers have warned that OxygenOS can be exploited in a particularly damaging manner. 

Attackers would be able to send SMS messages to a victim's device without knowing they were being sent and, more importantly, intercept and read incoming messages. It is possible that SMS can pose a security threat to sensitive data, such as one-time passcodes and multi-factor authentication tokens, if SMS is used as the second layer of verification. 

Security firm Rapid7 says that the flaw is located in the OxygenOS Telephony content provider, affecting OxygenOS versions 12-15. It has been suggested that the vulnerability has been quietly present in OnePlus devices for the past four years, leaving users unknowingly exposed to an invasive and sophisticated attack vector.

A number of recent models are already believed to be affected by the vulnerability, including the OnePlus 8T running OxygenOS 12 as well as the OnePlus 10 Pro running OxygenOS 14 and 15, with researchers warning that other recent models are also likely to suffer from it. OxygenOS 11 appears to be unaffected by the flaw, but it appears to have been discovered in subsequent versions, causing concerns for a large number of smartphones that are relatively new. 

In addition, the issue has an important impact on how SMS messages are handled, putting the majority of modern OnePlus smartphones at risk, despite the fact that OnePlus has not been able to resolve the issue as quickly as possible. The problem was first reported by Rapid7 in May 2025 and followed up repeatedly, but the company did not acknowledge it for months before acknowledging it after the research was published and a proof-of-concept had been demonstrated. 

The company has confirmed that OnePlus has developed a patch, which will start rolling out in mid-October, to eliminate the SMS permission bypass problem. While the situation continues, experts advise that users should exercise caution by installing apps only from trusted sources, removing unused or suspicious applications, and avoiding SMS-based authentication whenever possible, as these methods are less secure than those with hardware security keys or authenticator apps. 

It was discovered that OxygenOS has a flaw that was attributed to security researcher Calum Hutton and disclosed under Rapid7's coordinated vulnerability disclosure policy. OxygenOS deals with Android's content providers, which are fundamental components of how applications access and share data with each other. 

Basically, content providers serve as a structured gateway that lets apps query, insert, update, and delete information residing in databases and files through a standardised API, thus acting as a structured gateway. AndroidManifest.xml files are used by developers to regulate this process, typically separating read from write permissions, so external applications are only able to perform the operations they have explicitly been granted permission to perform. 

A permission is tied to a content URI, which is a URI that follows the content:// scheme and that maps to a specific authority or a specific database path, such as a user dictionary or a message table, and that maps to those authorities. A framework like this is a great example of a balance between flexibility and security, allowing developers to expose data with a controlled level of privacy and security. 

There are instances, however, where permissions are misconfigured or left undefined, allowing malicious applications to gain unauthorised access, as was the case with this OxygenOS vulnerability. As a result of this oversight, attackers are effectively bypassing the intended safeguards, giving attackers access to manipulate or intercept the user's sensitive SMS data without the user's knowledge, which exposes millions of devices to hacking attempts. 

The researchers initially attempted to resolve the issue through OnePlus's public bug bounty program, but their attempts to do so failed due to restrictive nondisclosure terms. The vulnerability was first acknowledged by OnePlus on September 24, and the company has confirmed that an internal investigation is ongoing, but the company has not yet announced a definitive timeframe for the release of a security patch. 

As the patch hasn't been released, users remain at risk of becoming a victim, so precautionary measures should be taken. In order to minimise the risk of exploitation, experts recommend installing apps from trusted sources only, uninstalling useless applications, and closely monitoring permission requests. Moreover, SMS-based multi-factor authentication should be replaced by more secure alternatives such as authenticator apps or hardware keys, and sensitive communications should be transferred to end-to-end encrypted platforms like WhatsApp or Telegram in order to ensure maximum security. 

It is also advised that organisations entrusted with managing mobile fleets perform audits on devices that may allow unusual SMS access and enforce strict permission policies on those devices. In light of the latest vulnerability, now categorised as CVE-2025-10184 and having a severity score of 8.2 out of 10, users of modern OnePlus devices are put at an increased risk. Although the OnePlus smartphone has established itself as a flagship smartphone from Oppo, it has been regarded by many users as offering quality smartphones at competitive prices. 

However, this incident demonstrates how even well-reputed brands can leave their customers exposed if they fail to fix critical security vulnerabilities. The episode serves as a timely reminder of the challenges that smartphone users continue to face in a rapidly evolving digital landscape as the investigation continues and OnePlus works towards delivering a permanent solution. 

In light of vulnerabilities of this size, it is necessary not only for manufacturers but also for consumers to be vigilant when handling personal, financial and professional information through these devices. Even though software patches remain the ultimate protection, users can significantly reduce their exposure by practising disciplined digital hygiene—updating apps regularly, checking permissions before granting access to sensitive data, and minimising the use of SMS for sensitive transactions. 

Especially businesses and IT administrators stand to benefit from effective mobile device management strategies, ensuring that company-issued devices are regularly audited for unusual activity and guided by clear security policies that ensure the devices remain safe and secure. 

In addition to reducing immediate risks, these practices also contribute to cultivating a culture of resilience, in which users are empowered to take an active role in protecting their data instead of passively relying on vendors to safeguard it. It is evident, however, that proactive caution is not just a temporary workaround, but a long-term investment in cybersecurity and peace of mind that OnePlus owners need to take note of.
Read more »
Vulnerability and Exploits
Airport Security SQL Injection TSA Bug User Security Vulnerability and Exploits

Security Experts Detect SQL Injection to Bypass Airport TSA Security Checks

 

Security experts discovered a flaw in a critical air transport security system, allowing unauthorised personnel to possibly bypass airport security screenings and get access to aircraft cockpits.

Researchers Ian Carroll and Sam Curry uncovered the security vulnerability in FlyCASS, a third-party web-based service used by some airlines to manage the Known Crewmember (KCM) program and the Cockpit Access Security System (CASS). KCM is a Transportation Security Administration (TSA) project that lets pilots and flight attendants bypass security screening, whereas CASS allows authorised pilots to use jump seats in cockpits while flying. 

ARINC, a Collins Aerospace subsidiary, runs the KCM system, which uses an online platform to authenticate airline personnel' credentials. Access is granted without a security screening by scanning a KCM barcode or inputting an employee number, which is subsequently cross-checked with the airline's database. Likewise, when pilots need to commute or travel, the CASS system authenticates them for access to the cockpit jumpseat. 

The researchers observed that FlyCASS's login mechanism was vulnerable to SQL injection, which allows hackers to enter SQL commands into malicious database queries. By leveraging this flaw, they could log in as an administrator for a partnering airline, Air Transport International, and change personnel data in the system. 

The attackers also created a fictional employee named "Test TestOnly," and gave this account access to KCM and CASS, allowing them to "skip security screening and then access the cockpits of commercial airliners.” 

"Anyone with basic knowledge of SQL injection could login to this site and add anyone they wanted to KCM and CASS, allowing themselves to both skip security screening and then access the cockpits of commercial airliners," Carroll stated. 

The researchers promptly contacted the Department of Homeland Security (DHS) on April 23, 2024, after recognising the gravity of the situation. The researchers chose not to contact the FlyCASS site directly since it appeared to be managed by a single individual, and they were concerned that the disclosure would alarm them. 

The DHS responded by acknowledging the severity of the vulnerability and confirming that FlyCASS was unplugged from the KCM/CASS system on May 7, 2024, as a preventative step. Soon after, FyCASS's vulnerability was addressed. However, efforts to organise a safe disclosure of the vulnerability were thwarted when the DHS stopped answering to their emails. 

The researchers also received a response from the TSA press office denying the gravity of the vulnerability and claiming that the system's vetting procedure would stop unauthorised access. The TSA also discreetly removed information that contradicted its claims from its website after being notified by the researchers.

"After we informed the TSA of this, they deleted the section of their website that mentions manually entering an employee ID, and did not respond to our correction. We have confirmed that the interface used by TSOs still allows manual input of employee IDs," Carroll added.
Read more »
Zero-day Flaw
Browser Chrome User Security Vulnerability and Exploits Zero-day Flaw

'0.0.0.0 Day' Vulnerability Puts Chrome, Firefox, Mozilla Browsers at Risk

 

A critical security bug known as "0.0.0.0 Day" has shook the cybersecurity world, leaving millions of users of popular browsers such as Chrome, Firefox, and Safari vulnerable to future assaults. This vulnerability allows malicious actors to possibly gain access to files, messages, credentials, and other sensitive data saved on a device within a private network, specifically "localhost.” 

What is 0.0.0.0 day flaw?

The term "0.0.0.0 Day" refers to a new vulnerability identified by Israeli cybersecurity startup Oligo that hackers can exploit before a fix is released. The zeroes indicate a lack of prior information or awareness of flaws. This makes it especially risky because users and developers are taken completely off guard. 

According to the research, the exploit consists of fraudulent websites luring browsers into allowing them to interface with APIs (Application Programming Interfaces) running on a user's local PC. These APIs are primarily intended for internal communication within applications and should not be available from other sources, such as websites. Attackers that exploit the 0.0.0.0 Day vulnerability could possibly get unauthorised access to sensitive information saved on a user's device, steal data, or even launch malware. 

Impact on key browsers 

The security ramifications of this issue are extensive. Here's a closer look at the possible impact on major browsers. 

Chrome zero-Day vulnerability: Google Chrome, the world's most popular browser, is an obvious target for attackers. A successful exploit of the 0.0.0.0 Day bug could allow criminals to get beyond Chrome's security measures and get access to a user's local network. This could expose sensitive information kept on a user's PC, compromise corporate networks if a user works remotely, or even aid in the installation of malware. 

Firefox zero-day vulnerability: Although Firefox is not as extensively used as Chrome, it is a popular choice for many consumers. A successful exploit of the 0.0.0.0 Day vulnerability may have similar repercussions for Firefox users. Attackers could potentially obtain access to local networks, steal data, or carry out malware attacks. 

Safari Zero-Day vulnerability: The 0.0.0.0 Day vulnerability could also affect Apple's Safari browser, which is the default browser on all Apple devices. While Apple has a reputation for strong security, this vulnerability underlines the ongoing need for vigilance. A successful exploit can allow attackers access to a user's local network on a Mac or iOS device, possibly compromising private information or aiding new assaults. 

The disclosure of the 0.0.0.0 Day vulnerability underlines the ongoing challenge of ensuring browser security in an increasingly complicated threat ecosystem. Browser developers must continue to invest in R&D to remain ahead of thieves. Users must also be cautious and follow best practices to safeguard themselves from emerging risks.
Read more »
Zero Day
Browser Data Google Chrome Vulnerability and Exploits Zero Day

Google Issues Emergency Update for New Chrome Vulnerability

 



Google has announced an urgent security update for its Chrome browser to fix a newly discovered vulnerability that is actively being exploited. This recent flaw, identified as CVE-2024-5274, is the eighth zero-day vulnerability that Google has patched in Chrome this year.

Details of the Vulnerability

The CVE-2024-5274 vulnerability, classified as high severity, involves a 'type confusion' error in Chrome's V8 JavaScript engine. This type of error occurs when the software mistakenly treats a piece of data as a different type than it is, potentially leading to crashes, data corruption, or allowing attackers to execute arbitrary code. The vulnerability was discovered by Google security researcher Clément Lecigne.

Google has acknowledged that the flaw is being exploited in the wild, which means that malicious actors are already using it to target users. To protect against further attacks, Google has not yet disclosed detailed technical information about the flaw.

To address the issue, Google has released a fix that is being rolled out via the Chrome Stable channel. Users on Windows and Mac will receive the update in versions 125.0.6422.112/.113, while Linux users will get the update in version 125.0.6422.112. Chrome typically updates automatically, but users need to relaunch the browser for the updates to take effect. To ensure the update is installed, users can check their Chrome version in the About section of the Settings menu.

Ongoing Security Efforts

This marks the third actively exploited zero-day vulnerability in Chrome that Google has fixed in May alone. Earlier this year, Google adjusted its security update schedule, reducing it from twice weekly to once weekly. This change aims to close the patch gap and reduce the time attackers have to exploit known vulnerabilities before a fix is released.

Previous Zero-Day Vulnerabilities Fixed This Year

Google has been actively addressing several critical vulnerabilities in Chrome throughout 2024. Notable fixes include:

1. CVE-2024-0519: An out-of-bounds memory access issue in the V8 engine, which could lead to heap corruption and unauthorised data access.

2. CVE-2024-2887: A type confusion vulnerability in the WebAssembly standard, which could be exploited for remote code execution.

3. CVE-2024-2886: A use-after-free bug in the WebCodecs API, allowing arbitrary reads and writes, leading to remote code execution.

4. CVE-2024-3159: An out-of-bounds read in the V8 engine, enabling attackers to access sensitive information.

5. CVE-2024-4671: A use-after-free flaw in the Visuals component, affecting how content is rendered in the browser.

6. CVE-2024-4761: An out-of-bounds write issue in the V8 engine.

7. CVE-2024-4947: Another type confusion vulnerability in the V8 engine, risking arbitrary code execution.

Importance of Keeping Chrome Updated

The continuous discovery and exploitation of vulnerabilities surfaces that it's imperative to keep our softwares up to date. Chrome’s automatic update feature helps ensure users receive the latest security patches without delay. Users should regularly check for updates and restart their browsers to apply them promptly.

Overall, Google’s quick response to these vulnerabilities highlights the critical need for robust security measures and careful practices in maintaining up-to-date software to protect against potential cyber threats.


Read more »
Vulnerability and Exploits
Chinese Hackers Cyber Hackers CyberCrime Cybersecurity Exploitation VMware Vulnerability and Exploits

Undetected Threat: Chinese Hackers' Long-Term VMware Exploitation

 


CVE-2023-34048 is a pathogen that can be exploited remotely by an attacker who has network access to execute arbitrary code remotely due to an out-of-bounds write flaw found in VMware’s DCERPC implementation, which can be tracked as CVE-2023-34048 (CVSS 9.8). 

As a result of the severity of the problem and the lack of workaround, VMware released patches for this vulnerability in October, noting that the patch was also available for versions of its products that had reached the end-of-life period (EOL). 

There has been some reported exploitation of CVE-2023-34048 in the wild since last week, according to the virtualization technology company's advisory, but it does not provide any specific details on the attacks observed. 

A zero-day vulnerability in VMware and Fortinet devices has been exploited by Chinese state-sponsored hackers named UNC3886 for years, experts have revealed, indicating that they have long exploited this vulnerability. 

Earlier this week, Mandiant issued a report alleging that a group was exploiting the vulnerability to deploy malware, steal credentials, and ultimately exfiltrate sensitive information. The security patch was released in late October of 2023, and it carries a severity rating of 9.8/10 (critical). 

The flaw is described as an out-of-bounds write flaw that can allow attackers who have access to the VirtualCenter Server to execute code remotely. Cyberspies took advantage of this to gain access to their targets' vCenter servers and to use the compromised credentials to install maliciously crafted vSphere Installation Bundles (VIBs) on ESXi hosts with VirtualPita and VirtualPie backdoors via maliciously crafted backdoors. 

Next, the attackers exploited a VMware Tools authentication bypass flaw in CVE-2023-20867 to gain access to guest virtual machines, harvest files, and exfiltrate them. Although Mandiant was not yet certain how the attackers acquired privileged access to victims' VMware servers, a VMware service crash minutes before the backdoors were deployed made it evident that the link was established by a VMware service crash, which closely coincided with the exploit of CVE-2023-34048 in late 2023.

It has been revealed by Mandiant that the zero-day attacker targeting VMware has been exploiting CVE-2023-34048 as a zero-day weaponized by them, allowing them to gain privileged access to the vCenter system, enumerate all VMware ESXi hosts and their virtual machines which they are connected to, and gain access to the vCenter server. 

Next, the adversary will be able to connect directly to the hosts by retrieving the cleartext "vpxuser" credentials for the hosts and connecting to them directly to install the malware VIRTUALPITA and VIRTUALPIE, allowing them to interact with them directly. 

As Mandiant revealed in June 2023, this paves the way for exploiting another VMware flaw, (CVE-2023-20867, CVSS score: 3.9). As a consequence, arbitrary commands can be executed on guest VMs and files can be transferred between the guest virtual machines from a compromised ESXi host using this flaw. 

As Mandiant pointed out in their analysis, the same crashes were observed in several UNC3886 intrusions that began in late 2021, suggesting the attacker had access to the vulnerability for approximately one and a half years. As well as removing the 'vmdird' core dumps from the compromised environments, the cybersecurity firm observed that they had also preserved the log entries to cover their tracks. 

With the release of the 8.0U2 update from VMware, the vulnerability found in vCenter version 8.0U2 has been patched. The patches are available for vCenter Server versions 8.0U1, 7.0U3, 6.7U3, 6.5U3, VCF 3.x, as well as Async vCenter Server Versions 5.x and 4.x.
Read more »
Vulnerability and Exploits
Cyber Threats Cyberattacks Vulnerabilities and Exploits Vulnerability and Exploits

Ransomware Group DEV-0569 Exhibits Remarkable Innovation, Microsoft Issues a Warning

 


There are many types of ransomware and they generally start with spam and then move to infect the system with ransomware. 

As per a report published by the computing giant this week, the DEV-0569 cyberattack group, tracked by Microsoft Security Threat Intelligence, has been spotted enhancing its detection, detection evasion, and post-compromise payloads as it continues to advance its detection capabilities. 

A specific characteristic of DEV-0569 is that it uses malvertising and phishing links in spam emails and fake forum pages to convince the recipient to download a malware downloader masquerading as a software installer or update, the Microsoft researchers added. 

As a result of the group's innovations in just a few months, the Microsoft team was able to observe the group's actions. These included hiding malicious links in contact forms and burying fake installers on legitimate download sites. They also used Google ads to mask the group's malicious activity through their advertising campaigns. 

The Microsoft team explained that the malware payloads for DEV-0569 are encrypted and delivered as signed binaries, according to their report. In recent campaigns, the group has also been seen to use the open-source tool NSUDO in an attempt to disable antivirus solutions, as the group is well-known for relying heavily on defense evasion techniques to get around defenses. 

DEV-0569 has proven successful, and Microsoft Security described the group as a platform where other ransomware operations can use DEV-0569 as an access broker. 

Cyberattacks: How Ingenuity Can Counter Them 

Apart from the new tricks, Mike Parkin, senior technical engineer at Vulcan Cyber, notes that the threat group effectively adjusts its campaign tactics along the edges. Despite this, they depend on users making mistakes during the process. The key to ensuring a successful defense program is to educate the user, according to Mike Parkin. 

Dark Reading reports that the phishing and malvertising attacks reported here entirely depend on the user interacting with the lure to make the attacks successful. As a consequence, when the user does not interact with the system, there is no security threat. 

According to Mike, Security teams need to keep an eye on the latest exploits and malware being deployed in the wild to stay ahead of the game, alongside a certain level of user awareness and education is necessary for the user community to become a solid line of defense instead of being the main attack surface. 

Controls in IAM are important 

IAM controls are an important part of RSA's identity and access management (IAM) team recommendations, according to Robert Hughes, RSA CISO. 

Despite the inability to prevent malware at the human and endpoint level, strong identity and access governance can assist in controlling the spread of malware. This can limit its impact. For instance, Hughes says that it is possible to stop authorized individuals from clicking a link or installing software that they are authorized to install. This is done by preventing them from clicking on a link. Having your data and identities protected from ransomware attacks will help to mitigate the damage that could be caused by such attacks in the future - and it will also make it easier to re-image your endpoints when it comes to resolving the issue. 

As Phil Neray of CardinalOps confirms, we are on the right track. According to him, security teams must also focus on minimizing the fallout after a hacker successfully downloads and executes a ransomware attack. This means that techniques like malicious Google Ads are tough to defend against.

"For instance, if this is the case, Neray recommends making sure the SoC is capable of detecting suspicious or unauthorized behavior, such as privilege escalation and the use of remote management and admin tools like PowerShell that live off the land," Neray says.
Read more »
Vulnerability and Exploits
Chinese Actors Confluence servers Crypto Currency mining Honeypot Linux SSH Vulnerability and Exploits

Chinese Group Botnet Illegally Mine Crypto

 

Linux and cloud app vulnerabilities have been used by the 8220 Group crypto mining gang to expand their botnet to over 30,000 affected systems.

Over the course of just the previous month, SentinelOne researchers reported detecting this notable rise in the number of infected hosts. The malicious botnet, according to analysts, was only active on 2,000 servers worldwide by the middle of 2021.

The 8220 group has been operating at least since 2017. The hackers are China-based and the organization's name is derived from the port 8220 that the miner uses to connect to the C2 servers. 

Operation tactics

According to reports, the growth was spurred by the adoption of Linux, widespread vulnerabilities in cloud applications, and inadequately secured setups for services like Docker, Apache WebLogic, and Redis.

This group has used a publically available exploit in the past to breach confluence systems. Once inside, the attackers employ SSH brute force to spread out and commandeer the available computing power to operate crypto miners that point to untraceable pools.

Another improvement is the script's usage of block lists to prevent infections on particular hosts, usually, honeypots set up by security researchers.

Lastly, 8220 Gang has updated PwnRig, their proprietary crypto miner based on XMRig, an open-source Monero miner.

Microsoft researchers claim that the gang has actively upgraded its payloads and tactics over the past year. In a recent campaign, the organization targeted Linux systems running on i686 and x86 64 architectures and gained early access using RCE exploits for CVE-2022-26134 (Atlassian Confluence) CVE-2019-2725 (WebLogic) vulnerabilities.

In addition to underscoring a more intense "fight" to seize control of victim systems from rival cryptojacking-focused groups, the operations' expansion is seen as an effort to counteract the declining value of cryptocurrencies.



Read more »
Vulnerability and Exploits
Node.js patch fixes Security Patch Vulnerabilities and Exploits Vulnerability and Exploits

Node.js Patches Various Flaws that may Lead to Attacks

About vulnerabilities

Node.js maintainers released multiple patches for flaws in the JavaScript runtime environment that can cause HTTP request smuggling and arbitrary code execution, among some other attacks. An advisory mentions the information about the seven patched bugs, it includes three seperate HTTP Request Smuggling vulnerabilities. 

The three flaws- a flawed parsing of transfer-encoding bug, tracked as CVE-2022-32213, an errored delimiting of header fields issue, tracked as CVE-2022-32214, and an improper parsing of multi-line transfer encoding exploit, tracked as CVE-2022-32215, can all in the end lead towards HTTP request smuggling. 

The Daily Swig says "the moderate-severity implementation bug (CVE-2022-2097) could cause encryption to fail in some circumstances. AES OCB mode for 32-bit x86 platforms using the AES-NI assembly optimized implementation will not encrypt the entirety of the data, which could reveal sixteen bytes of data that was pre-existing in the memory that wasn’t written." 

How Severe are these bugs?

The three bugs were rated as "medium" severity, they affect all three variants of the 18.x, 16.x, and 14.x releases lines. llhttp v6.0.7 and llhttp v2.1.5 includes the patches that were updated inside Node.js. 

Other problems 

The advisory also includes information about a DNS rebinding flaw in --inspect through improper IP addresses. Categorised as "high" severity, the bug (CVE-2022-32212) can permit arbitrary code execution, warns the advisory. 

“The IsAllowedHost check can easily be bypassed because IsIPAddress does not properly check if an IP address is invalid or not.When an invalid IPv4 address is provided browsers will make DNS requests to the DNS server, providing a vector for an attacker-controlled DNS server or a MitM who can spoof DNS responses to perform a rebinding attack and hence connect to the WebSocket debugger, allowing for arbitrary code execution. This is a bypass of CVE-2021-22884,” says the advisory. 

The flaw affects all variants of the 18.x, 16.x, and 14.x releases lines.

Read more »
Subscribe to: Comments (Atom)