Rachel Rawlings<p>Over thirty years ago i discovered a <a href="https://mastodon.social/tags/curl" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>curl</span></a> <a href="https://mastodon.social/tags/vulnerability" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>vulnerability</span></a> but never disclosed it outside academia (Temple University, where I was a double major in computer science and journalism). I suspect that the problem has never been fixed and never can be.</p><p>But now I'm telling the world: I looked terrible with a perm.</p>
Recent searches
No recent searches
Search options
Only available when logged in.
pawb.fun is one of the many independent Mastodon servers you can use to participate in the fediverse.
This instance aimed at any and all within the furry fandom, though anyone is welcome! We're friendly towards members of the LGBTQ+ community and aiming to offer a safe space for our users.
Administered by:
Server stats:
291active users
pawb.fun: About · Status · Profiles directory · Privacy policy
Mastodon: About · Get the app · Keyboard shortcuts · View source code · v4.3.7+glitch
#vulnerability
12 posts · 6 participants · 0 posts today
Xavier «X» Santolaria :verified_paw: :donor:<p>Updates from the <a href="https://infosec.exchange/tags/CVEFoundation" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>CVEFoundation</span></a></p><blockquote><p>Representatives from the CVE Foundation met with representatives from CISA on 4/24/2025. The talks were positive and encouraging. All parties wish to keep the conversation and progress moving forward.</p></blockquote><p><a href="https://www.thecvefoundation.org/news" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://www.</span><span class="">thecvefoundation.org/news</span><span class="invisible"></span></a></p><p><a href="https://infosec.exchange/tags/cve" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>cve</span></a> <a href="https://infosec.exchange/tags/mitre" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>mitre</span></a> <a href="https://infosec.exchange/tags/infosec" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>infosec</span></a> <a href="https://infosec.exchange/tags/cybersecurity" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>cybersecurity</span></a> <a href="https://infosec.exchange/tags/vulnerability" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>vulnerability</span></a></p>
BeyondMachines :verified:<p>Remote Code Execution flaw reported in Viasat Satellite Modems</p><p>A stack buffer overflow vulnerability (CVE-2024-6198) in Viasat satellite modems' "SNORE" web interface allows attackers to send specially crafted HTTP requests that can lead to arbitrary code execution through return-oriented programming techniques, affecting multiple modem models. Bug is patched by firmware updates 3.8.0.4+ or 4.3.0.2+ depending on the device model.</p><p>**If you are using Viasat sattelite modems, check if they are auto-updated. If not, update them ASAP. Should be fairly easy fix.**<br><a href="https://infosec.exchange/tags/cybersecurity" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>cybersecurity</span></a> <a href="https://infosec.exchange/tags/infosec" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>infosec</span></a> <a href="https://infosec.exchange/tags/advisory" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>advisory</span></a> <a href="https://infosec.exchange/tags/vulnerability" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>vulnerability</span></a><br><a href="https://beyondmachines.net/event_details/critical-remote-code-execution-flaw-reported-in-viasat-satellite-modems-9-c-l-d-p/gD2P6Ple2L" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">beyondmachines.net/event_detai</span><span class="invisible">ls/critical-remote-code-execution-flaw-reported-in-viasat-satellite-modems-9-c-l-d-p/gD2P6Ple2L</span></a></p>
Bill<p>This is a real concern. Older android versions don't support current tls. Do you support old phones, or check that box? It's tough. Been there, no good answer.</p><p><a href="https://www.infosecurity-magazine.com/news/50-mobile-devices-run-outdated/" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://www.</span><span class="ellipsis">infosecurity-magazine.com/news</span><span class="invisible">/50-mobile-devices-run-outdated/</span></a></p><p><a href="https://infosec.exchange/tags/ios" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>ios</span></a> <a href="https://infosec.exchange/tags/android" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>android</span></a> <a href="https://infosec.exchange/tags/vulnerability" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>vulnerability</span></a></p>
BeyondMachines :verified:<p>Azure SQL server vulnerability allowed creation of malicious destructive Firewall rules</p><p>Varonis Threat Labs discovered a critical "Destructive Stored URL Parameter Injection" vulnerability in Azure SQL Server where attackers with privileged access or scammed victim users could create malicious firewall rules containing directory traversal sequences (like "../"). When such a rule is deleted by administrators through the Azure Portal, it would append the traversal path sequence, causing deletion of arbitrary Azure resources.</p><p>**You can't do much about this flaw, it's fixed by Microsoft. But take into account for your evaluation of the vendor.**<br><a href="https://infosec.exchange/tags/cybersecurity" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>cybersecurity</span></a> <a href="https://infosec.exchange/tags/infosec" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>infosec</span></a> <a href="https://infosec.exchange/tags/advisory" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>advisory</span></a> <a href="https://infosec.exchange/tags/vulnerability" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>vulnerability</span></a><br><a href="https://beyondmachines.net/event_details/azure-sql-server-vulnerability-allowed-creation-of-malicious-destructive-firewall-rules-q-1-p-b-h/gD2P6Ple2L" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">beyondmachines.net/event_detai</span><span class="invisible">ls/azure-sql-server-vulnerability-allowed-creation-of-malicious-destructive-firewall-rules-q-1-p-b-h/gD2P6Ple2L</span></a></p>
Bill<p>If this checks out, Rails never fixed the CSRF bug and I have a few messages to send in the morning. "Remember Finding 3? Yeaaaah bout dat."</p><p><a href="https://seclists.org/fulldisclosure/2025/Apr/29" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">seclists.org/fulldisclosure/20</span><span class="invisible">25/Apr/29</span></a></p><p><a href="https://infosec.exchange/tags/rails" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>rails</span></a> <a href="https://infosec.exchange/tags/vulnerability" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>vulnerability</span></a></p>
BeyondMachines :verified:<p>AMD releases patches for critical Zen 5 microcode flaw</p><p>AMD has released patches for the EntrySign vulnerability (CVE-2024-36347, CVSS 6.4-9.8) affecting Zen 5 processors, which allows attackers with kernel-level privileges to execute unsigned microcode by exploiting weaknesses in AMD's signature verification process.</p><p>**If you are running Zen 5-based microprocessors in your systems, check for firmware update from your vendor, and apply it. It's not a panic mode patch since exploit requires physical access to the system, but it's still smart to patch it. Because everyone leaves their equipment somewhere.**<br><a href="https://infosec.exchange/tags/cybersecurity" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>cybersecurity</span></a> <a href="https://infosec.exchange/tags/infosec" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>infosec</span></a> <a href="https://infosec.exchange/tags/advisory" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>advisory</span></a> <a href="https://infosec.exchange/tags/vulnerability" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>vulnerability</span></a><br><a href="https://beyondmachines.net/event_details/amd-releases-patches-for-critical-zen-5-microcode-flaw-j-r-n-g-f/gD2P6Ple2L" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">beyondmachines.net/event_detai</span><span class="invisible">ls/amd-releases-patches-for-critical-zen-5-microcode-flaw-j-r-n-g-f/gD2P6Ple2L</span></a></p>
Bill<p>Huh, a prompts-as-policy attack on GenAI. So boring I bet it works well. The best exploits are always boring.</p><p><a href="https://www.securityweek.com/all-major-gen-ai-models-vulnerable-to-policy-puppetry-prompt-injection-attack/" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://www.</span><span class="ellipsis">securityweek.com/all-major-gen</span><span class="invisible">-ai-models-vulnerable-to-policy-puppetry-prompt-injection-attack/</span></a></p><p><a href="https://infosec.exchange/tags/genai" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>genai</span></a> <a href="https://infosec.exchange/tags/vulnerability" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>vulnerability</span></a></p>
BeyondMachines :verified:<p>Multiple critical security vulnerabilities in Schneider Electric Modicon Controllers</p><p>Multiple critical security vulnerabilities have been identified in Schneider Electric's Modicon PLC series allowing remote code execution, denial-of-service, or complete system compromise through various attack vectors including uncaught exceptions and improper access controls. While Schneider has released patches for some product lines, many vulnerabilities affecting end-of-life Modicon Quantum and Premium controllers have no fixes available.</p><p>**This advisory impacts a lot of products. If you are using Schneider Electric Modicon controllers, review the advisory in detail. As usual, your first action is to make sure the devices are isolated from the internet and accessible only from trusted networks. Then, if patches are available, plan a patch cycle. Otherwise if no patches are available, do a proper risk assessment whether you'll keep the devices with incurred risk or will you phase them out and replace them.**<br><a href="https://infosec.exchange/tags/cybersecurity" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>cybersecurity</span></a> <a href="https://infosec.exchange/tags/infosec" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>infosec</span></a> <a href="https://infosec.exchange/tags/advisory" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>advisory</span></a> <a href="https://infosec.exchange/tags/vulnerability" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>vulnerability</span></a><br><a href="https://beyondmachines.net/event_details/multiple-critical-security-vulnerabilities-in-schneider-electric-modicon-controllers-l-m-i-u-q/gD2P6Ple2L" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">beyondmachines.net/event_detai</span><span class="invisible">ls/multiple-critical-security-vulnerabilities-in-schneider-electric-modicon-controllers-l-m-i-u-q/gD2P6Ple2L</span></a></p>
BeyondMachines :verified:<p>GitLab releases security patches for multiple Vulnerabilities</p><p>GitLab has released security updates addressing five vulnerabilities in its Community and Enterprise Editions, including three high-severity cross-site scripting and header injection flaws in the Maven Dependency Proxy (CVE-2025-1763, CVE-2025-2443, CVE-2025-1908), a denial of service vulnerability in issue preview functionality (CVE-2025-0639), and an information disclosure issue allowing unauthorized access to branch names (CVE-2024-12244). Patched versions are 17.11.1, 17.10.5, and 17.9.7.</p><p>**If you are running self-hosted GitLab Community Edition (CE) or Enterprise Edition (EE) plan a quick patch cycle. While none of the flaws are scored as critical, the nature of GitLab server is to be visible to many users, probably on the internet. So someone will probably find an exploit scenario given enough time and an unpatched server.**<br><a href="https://infosec.exchange/tags/cybersecurity" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>cybersecurity</span></a> <a href="https://infosec.exchange/tags/infosec" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>infosec</span></a> <a href="https://infosec.exchange/tags/advisory" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>advisory</span></a> <a href="https://infosec.exchange/tags/vulnerability" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>vulnerability</span></a><br><a href="https://beyondmachines.net/event_details/gitlab-releases-security-patches-for-multiple-vulnerabilities-9-a-u-d-v/gD2P6Ple2L" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">beyondmachines.net/event_detai</span><span class="invisible">ls/gitlab-releases-security-patches-for-multiple-vulnerabilities-9-a-u-d-v/gD2P6Ple2L</span></a></p>
AI6YR Ben<p>Interesting, Debian detected two required firmware patches for my (prior) Win10 machine, with critical CVEs... Windows 10 never prompted or attempted an upgrade 🤨 <a href="https://m.ai6yr.org/tags/firmware" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>firmware</span></a> <a href="https://m.ai6yr.org/tags/vulnerability" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>vulnerability</span></a> <a href="https://m.ai6yr.org/tags/cve" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>cve</span></a></p>
Marcus "MajorLinux" Summers<p>Linux folks, update yo shit!</p><p>NVIDIA disclose new security flaw in their Linux GPU drivers </p><p><a href="https://www.gamingonlinux.com/2025/04/nvidia-disclose-new-security-flaw-in-their-linux-gpu-drivers/" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://www.</span><span class="ellipsis">gamingonlinux.com/2025/04/nvid</span><span class="invisible">ia-disclose-new-security-flaw-in-their-linux-gpu-drivers/</span></a></p><p><a href="https://toot.majorshouse.com/tags/Nvidia" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Nvidia</span></a> <a href="https://toot.majorshouse.com/tags/Security" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Security</span></a> <a href="https://toot.majorshouse.com/tags/Vulnerability" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Vulnerability</span></a> <a href="https://toot.majorshouse.com/tags/InfoSec" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>InfoSec</span></a> <a href="https://toot.majorshouse.com/tags/Linux" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Linux</span></a> <a href="https://toot.majorshouse.com/tags/GPU" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>GPU</span></a> <a href="https://toot.majorshouse.com/tags/Drivers" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Drivers</span></a> <a href="https://toot.majorshouse.com/tags/Tech" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Tech</span></a> <a href="https://toot.majorshouse.com/tags/Hardware" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Hardware</span></a> <a href="https://toot.majorshouse.com/tags/Gaming" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Gaming</span></a></p>
BeyondMachines :verified:<p>Massive number of SQL Injection Vulnerabilities reported Siemens TeleControl Server Basic</p><p>Siemens has disclosed 67 SQL injection vulnerabilities in their TeleControl Server Basic product affecting critical infrastructure sectors including Energy, Water, and Transportation Systems. Three of the flaws are critical and allowi unauthenticated attackers to bypass authorization controls and 64 high-severity issues that could enable database manipulation, denial-of-service conditions, and code execution with system permissions.</p><p>**If you are using TeleControl Server Basic, make sure it's isolated from the internet and accessible only from trusted networks. Restrict access to port 8000 only to trusted IP addresses, and plan a quick patch cycle. The list of vulnerabilities is huge, and any isolation will eventually be compromised through phishing, malware or a disgruntled employee. So patch your TeleControl.**<br><a href="https://infosec.exchange/tags/cybersecurity" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>cybersecurity</span></a> <a href="https://infosec.exchange/tags/infosec" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>infosec</span></a> <a href="https://infosec.exchange/tags/advisory" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>advisory</span></a> <a href="https://infosec.exchange/tags/vulnerability" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>vulnerability</span></a><br><a href="https://beyondmachines.net/event_details/massive-number-of-sql-injection-vulnerabilities-reported-siemens-telecontrol-server-basic-h-1-y-e-y/gD2P6Ple2L" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">beyondmachines.net/event_detai</span><span class="invisible">ls/massive-number-of-sql-injection-vulnerabilities-reported-siemens-telecontrol-server-basic-h-1-y-e-y/gD2P6Ple2L</span></a></p>
💧🌏 Greg Cocks<p>Population Vulnerability Of Residents, Employees, And Cruise-Ship Passengers To Tsunami Hazards Of Islands In Complex Seismic Regions - A Case Study Of The U.S. Virgin Islands<br>--<br><a href="https://doi.org/10.1016/j.ijdrr.2025.105289" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">doi.org/10.1016/j.ijdrr.2025.1</span><span class="invisible">05289</span></a> <-- shared paper<br>--<br><a href="https://techhub.social/tags/GIS" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>GIS</span></a> <a href="https://techhub.social/tags/spatial" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>spatial</span></a> <a href="https://techhub.social/tags/mapping" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>mapping</span></a> <a href="https://techhub.social/tags/Tsunami" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Tsunami</span></a> <a href="https://techhub.social/tags/Evacuation" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Evacuation</span></a> <a href="https://techhub.social/tags/Mitigation" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Mitigation</span></a> <a href="https://techhub.social/tags/Risk" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Risk</span></a> <a href="https://techhub.social/tags/Hazard" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Hazard</span></a> <a href="https://techhub.social/tags/Modeling" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Modeling</span></a> <a href="https://techhub.social/tags/Island" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Island</span></a> <a href="https://techhub.social/tags/publicsafety" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>publicsafety</span></a> <a href="https://techhub.social/tags/USVI" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>USVI</span></a> <a href="https://techhub.social/tags/VirginIslands" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>VirginIslands</span></a> <a href="https://techhub.social/tags/damage" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>damage</span></a> <a href="https://techhub.social/tags/loss" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>loss</span></a> <a href="https://techhub.social/tags/infrastructure" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>infrastructure</span></a> <a href="https://techhub.social/tags/cost" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>cost</span></a> <a href="https://techhub.social/tags/economics" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>economics</span></a> <a href="https://techhub.social/tags/humanimpacts" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>humanimpacts</span></a> <a href="https://techhub.social/tags/publicsafety" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>publicsafety</span></a> <a href="https://techhub.social/tags/lossoflife" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>lossoflife</span></a> <a href="https://techhub.social/tags/death" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>death</span></a> <a href="https://techhub.social/tags/earthquake" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>earthquake</span></a> <a href="https://techhub.social/tags/fault" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>fault</span></a> <a href="https://techhub.social/tags/mitigation" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>mitigation</span></a> <a href="https://techhub.social/tags/monitoring" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>monitoring</span></a> <a href="https://techhub.social/tags/warning" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>warning</span></a> <a href="https://techhub.social/tags/response" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>response</span></a> <a href="https://techhub.social/tags/tourists" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>tourists</span></a> <a href="https://techhub.social/tags/locals" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>locals</span></a> <a href="https://techhub.social/tags/employees" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>employees</span></a> <a href="https://techhub.social/tags/cruiseships" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>cruiseships</span></a> <a href="https://techhub.social/tags/population" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>population</span></a> <a href="https://techhub.social/tags/community" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>community</span></a> <a href="https://techhub.social/tags/vulnerability" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>vulnerability</span></a> <a href="https://techhub.social/tags/USVirginIslands" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>USVirginIslands</span></a> <a href="https://techhub.social/tags/ships" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>ships</span></a> <a href="https://techhub.social/tags/vessels" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>vessels</span></a> <a href="https://techhub.social/tags/docks" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>docks</span></a> <a href="https://techhub.social/tags/inundation" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>inundation</span></a> <a href="https://techhub.social/tags/flood" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>flood</span></a> <a href="https://techhub.social/tags/flooding" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>flooding</span></a> <a href="https://techhub.social/tags/waves" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>waves</span></a> <a href="https://techhub.social/tags/maritime" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>maritime</span></a> <a href="https://techhub.social/tags/port" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>port</span></a> <a href="https://techhub.social/tags/scenario" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>scenario</span></a> <a href="https://techhub.social/tags/riskassessment" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>riskassessment</span></a> <a href="https://techhub.social/tags/model" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>model</span></a> <a href="https://techhub.social/tags/modeling" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>modeling</span></a> <a href="https://techhub.social/tags/spatialanalysis" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>spatialanalysis</span></a> <a href="https://techhub.social/tags/spatiotemporal" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>spatiotemporal</span></a></p>
Tod Beardsley<p><a href="https://infosec.exchange/tags/CVE" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>CVE</span></a> Foundation just dropped a FAQ.</p><p><a href="https://www.thecvefoundation.org/frequently-asked-questions" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://www.</span><span class="ellipsis">thecvefoundation.org/frequentl</span><span class="invisible">y-asked-questions</span></a></p><p>Also, just FYI, I’ve been helping with the Foundation setup and goals articulation and logistics for the last few weeks. I didn’t expect we’d pull the trigger on being public this week, precisely, but here we are!</p><p>I’m not employed there or anything (I work at <span class="h-card" translate="no"><a href="https://infosec.exchange/@runZeroInc" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@<span>runZeroInc</span></a></span>) but since I care about CVE, I want to do what I can to make sure it thrives and we don’t wind up back again with 15 competing standards for <a href="https://infosec.exchange/tags/vulnerability" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>vulnerability</span></a> tracking if USG funding goes 💨 poof! 💨 one day (or other single-source-funding style disasters).</p><p>Anyway, back to my ill-timed family vacation. I’ll be more online next week. :)</p>
OTX Bot<p>CVE-2025-24054, NTLM Exploit in the Wild</p><p>A critical vulnerability, CVE-2025-24054, related to NTLM hash disclosure via spoofing, has been actively exploited since March 19, 2025. The flaw allows attackers to leak NTLM hashes or user passwords using a maliciously crafted .library-ms file, potentially compromising systems. A campaign targeting government and private institutions in Poland and Romania used malspam to distribute Dropbox links containing archives exploiting this vulnerability. The exploit can be triggered with minimal user interaction, such as right-clicking or navigating to the folder containing the malicious file. This vulnerability appears to be a variant of the previously patched CVE-2024-43451, sharing several similarities.</p><p>Pulse ID: 680034fc84efc0751b3bc07d<br>Pulse Link: <a href="https://otx.alienvault.com/pulse/680034fc84efc0751b3bc07d" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">otx.alienvault.com/pulse/68003</span><span class="invisible">4fc84efc0751b3bc07d</span></a> <br>Pulse Author: AlienVault<br>Created: 2025-04-16 22:53:48</p><p>Be advised, this data is unverified and should be considered preliminary. Always do further verification.</p><p><a href="https://social.raytec.co/tags/CyberSecurity" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>CyberSecurity</span></a> <a href="https://social.raytec.co/tags/Dropbox" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Dropbox</span></a> <a href="https://social.raytec.co/tags/Government" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Government</span></a> <a href="https://social.raytec.co/tags/InfoSec" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>InfoSec</span></a> <a href="https://social.raytec.co/tags/MalSpam" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>MalSpam</span></a> <a href="https://social.raytec.co/tags/Nim" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Nim</span></a> <a href="https://social.raytec.co/tags/OTX" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>OTX</span></a> <a href="https://social.raytec.co/tags/OpenThreatExchange" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>OpenThreatExchange</span></a> <a href="https://social.raytec.co/tags/Password" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Password</span></a> <a href="https://social.raytec.co/tags/Passwords" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Passwords</span></a> <a href="https://social.raytec.co/tags/Poland" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Poland</span></a> <a href="https://social.raytec.co/tags/Spam" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Spam</span></a> <a href="https://social.raytec.co/tags/Vulnerability" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Vulnerability</span></a> <a href="https://social.raytec.co/tags/Word" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Word</span></a> <a href="https://social.raytec.co/tags/bot" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>bot</span></a> <a href="https://social.raytec.co/tags/AlienVault" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>AlienVault</span></a></p>
cybervegan<p>You know when you see news articles about hacks of password databases or critical vulnerabilities in popular software, they usually quote a "CVE" number that officially identified the issue and allowed it to be defined precisely, and tracked? Well that's gone as of today. Looks like the trump regime has cancelled one off the foundational authorities on cybersecurity, the CVE or Common Vulnerabilities and Exposures program, without explanation. Basically the whole of "tech" relies on this, but I guess it's just America supporting the rest of the world, so it has to go. <a href="https://autistics.life/tags/cybersecurity" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>cybersecurity</span></a> <a href="https://autistics.life/tags/cybersec" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>cybersec</span></a> <a href="https://autistics.life/tags/cve" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>cve</span></a> <a href="https://autistics.life/tags/vulnerability" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>vulnerability</span></a> <a href="https://autistics.life/tags/VulnerabilityDatabase" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>VulnerabilityDatabase</span></a></p><p>Edits: typos/autocorrupt</p>
Xavier «X» Santolaria :verified_paw: :donor:<p><span class="h-card" translate="no"><a href="https://infosec.exchange/@adamshostack" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@<span>adamshostack</span></a></span> 's thoughts on the cancellation of CVE funding.</p><p><a href="https://shostack.org/blog/thoughts-on-cve/" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">shostack.org/blog/thoughts-on-</span><span class="invisible">cve/</span></a></p><p><a href="https://infosec.exchange/tags/infosec" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>infosec</span></a> <a href="https://infosec.exchange/tags/cybersecurity" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>cybersecurity</span></a> <a href="https://infosec.exchange/tags/threatintel" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>threatintel</span></a> <a href="https://infosec.exchange/tags/vulnerability" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>vulnerability</span></a> <a href="https://infosec.exchange/tags/cve" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>cve</span></a></p>
thereisnoanderson<p>NEW - 💾🖥️🔩⚙️ </p><p>DCG real-ucode 🦜</p><p>Actually provides the latest CPU microcode for AMD and Intel </p><p>Version: 2025-04-14<br>Release: 1</p><p>updated ucode for amd and intel with that one !</p><p><a href="https://github.com/divestedcg/real-ucode/" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">github.com/divestedcg/real-uco</span><span class="invisible">de/</span></a></p><p>🐻 <a href="https://infosec.exchange/tags/divested" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>divested</span></a><br><a href="https://infosec.exchange/tags/DivestedComputingGroup" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>DivestedComputingGroup</span></a> 🦜</p><p><a href="https://infosec.exchange/tags/fsf" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>fsf</span></a> <a href="https://infosec.exchange/tags/FUTO" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>FUTO</span></a> <a href="https://infosec.exchange/tags/Fedora" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Fedora</span></a> <a href="https://infosec.exchange/tags/alpinelinux" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>alpinelinux</span></a> <a href="https://infosec.exchange/tags/hardening" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>hardening</span></a> <a href="https://infosec.exchange/tags/linuxtech" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>linuxtech</span></a> <a href="https://infosec.exchange/tags/cybersec" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>cybersec</span></a> <a href="https://infosec.exchange/tags/cybersecurity" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>cybersecurity</span></a> <a href="https://infosec.exchange/tags/infosec" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>infosec</span></a> <a href="https://infosec.exchange/tags/foss" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>foss</span></a><br><a href="https://infosec.exchange/tags/hackernews" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>hackernews</span></a> <a href="https://infosec.exchange/tags/opensource" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>opensource</span></a> <a href="https://infosec.exchange/tags/android" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>android</span></a> <a href="https://infosec.exchange/tags/skynet" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>skynet</span></a> <a href="https://infosec.exchange/tags/linuxsecurity" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>linuxsecurity</span></a> <a href="https://infosec.exchange/tags/ucode" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>ucode</span></a> <a href="https://infosec.exchange/tags/vulnerabilities" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>vulnerabilities</span></a> <a href="https://infosec.exchange/tags/vulnerability" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>vulnerability</span></a> <a href="https://infosec.exchange/tags/freeyourmind" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>freeyourmind</span></a></p>
Xavier Ashe :donor:<p>Everyone in <a href="https://infosec.exchange/tags/infosec" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>infosec</span></a> gets to add this bullet to their resume tomorrow:<br> - Matured the Security Program to ensure no new CVEs were introduced into the environment since April 16th, 2025.<br><a href="https://infosec.exchange/tags/CVE" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>CVE</span></a> <a href="https://infosec.exchange/tags/vulnerability" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>vulnerability</span></a></p>
ExploreLive feeds
Mastodon is the best way to keep up with what's happening.
Follow anyone across the fediverse and see it all in chronological order. No algorithms, ads, or clickbait in sight.
Create accountLoginDrag & drop to upload