lingo.lol is one of the many independent Mastodon servers you can use to participate in the fediverse.
A place for linguists, philologists, and other lovers of languages.

Server stats:

64
active users

#vulnerability

4 posts4 participants2 posts today
George E. 🇺🇸♥🇺🇦🇵🇸🏳️‍🌈🏳️‍⚧️<p>Huge <a href="https://bofh.social/tags/security" rel="nofollow noopener noreferrer" target="_blank">#security</a> <a href="https://bofh.social/tags/vulnerability" rel="nofollow noopener noreferrer" target="_blank">#vulnerability</a> in <a href="https://bofh.social/tags/Linux" rel="nofollow noopener noreferrer" target="_blank">#Linux</a> systems allows an <a href="https://bofh.social/tags/attacker" rel="nofollow noopener noreferrer" target="_blank">#attacker</a> with <a href="https://bofh.social/tags/PhysicalAccess" rel="nofollow noopener noreferrer" target="_blank">#PhysicalAccess</a> to <a href="https://bofh.social/tags/bypass" rel="nofollow noopener noreferrer" target="_blank">#bypass</a> <a href="https://bofh.social/tags/SecureBoot" rel="nofollow noopener noreferrer" target="_blank">#SecureBoot</a> and inject <a href="https://bofh.social/tags/malware" rel="nofollow noopener noreferrer" target="_blank">#malware</a> onto a system even with <a href="https://bofh.social/tags/LUKS" rel="nofollow noopener noreferrer" target="_blank">#LUKS</a> <a href="https://bofh.social/tags/FDE" rel="nofollow noopener noreferrer" target="_blank">#FDE</a><span>.<br><br>The mitigation is pretty straight-forward.<br><br>For </span><a href="https://bofh.social/tags/Ubuntu" rel="nofollow noopener noreferrer" target="_blank">#Ubuntu</a><span> at-least (I don't run RedHat/ Fedora):<br><br>Edit </span><code>/etc/default/grub</code> as <code>root</code><span>.<br><br>In the line that says </span><code>GRUB_CMDLINE_LINUX="..."</code>, add (or append) <code>panic=0</code><span>.<br><br>Followed by: </span><code>sudo update-grub</code><span>. (Takes effect on reboot).<br><br>This will prevent your Linux system from launching a </span><a href="https://bofh.social/tags/DebugShell" rel="nofollow noopener noreferrer" target="_blank">#DebugShell</a> if an attacker repeatedly enters a wrong passphrase for decrypting your Luks <a href="https://bofh.social/tags/boot" rel="nofollow noopener noreferrer" target="_blank">#boot</a> <a href="https://bofh.social/tags/volume" rel="nofollow noopener noreferrer" target="_blank">#volume</a><span>.<br><br>The linked article has more information.<br><br></span><a href="https://cybernews.com/security/hackers-can-bypass-linux-secure-boot/" rel="nofollow noopener noreferrer" target="_blank">https://cybernews.com/security/hackers-can-bypass-linux-secure-boot/</a></p>
Alexandre Dulaunoy<p>VLAI: A RoBERTa-Based Model for Automated Vulnerability Severity Classification.</p><p>This paper presents VLAI, a transformer-based model that predicts software vulnerability severity levels directly from text descriptions. Built on RoBERTa, VLAI is fine-tuned on over 600,000 real-world vulnerabilities and achieves over 82% accuracy in predicting severity categories, enabling faster and more consistent triage ahead of manual CVSS scoring. The model and dataset are open-source and integrated into the Vulnerability-Lookup service.</p><p>We ( <span class="h-card" translate="no"><a href="https://fosstodon.org/@cedric" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@<span>cedric</span></a></span> and I) decided to make a paper to better document how VLAI is implemented. We hope it will give other ideas and improvements in such model.</p><p><a href="https://infosec.exchange/tags/vulnerability" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>vulnerability</span></a> <a href="https://infosec.exchange/tags/cybersecurity" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>cybersecurity</span></a> <a href="https://infosec.exchange/tags/vulnerabilitymanagement" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>vulnerabilitymanagement</span></a> <a href="https://infosec.exchange/tags/ai" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>ai</span></a> <a href="https://infosec.exchange/tags/nlp" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>nlp</span></a> <a href="https://infosec.exchange/tags/opensource" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>opensource</span></a> </p><p><span class="h-card" translate="no"><a href="https://social.circl.lu/@circl" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@<span>circl</span></a></span> </p><p>🔗 <a href="https://arxiv.org/abs/2507.03607" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://</span><span class="">arxiv.org/abs/2507.03607</span><span class="invisible"></span></a></p>
Fossery Tech :debian: :gnome:<p>This week's Linux and FOSS news:</p><p>LINUX NEWS</p><p>Fedora made proposal to drop UEFI boot support of x86-64 systems running on MBR-partitioned disks:<br><a href="https://news.itsfoss.com/fedora-uefi-mbr-support-drop/" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">news.itsfoss.com/fedora-uefi-m</span><span class="invisible">br-support-drop/</span></a></p><p>SUSE's Agama installer switches from X.Org to Wayland for installation GUI:<br><a href="https://www.phoronix.com/news/SUSE-Agama-16-Installer" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://www.</span><span class="ellipsis">phoronix.com/news/SUSE-Agama-1</span><span class="invisible">6-Installer</span></a></p><p>OpenSUSE Tumbleweed monthly update brings KDE Plasma 6.4, other package updates, security patches:<br><a href="https://alternativeto.net/news/2025/7/opensuse-tumbleweed-s-latest-update-brings-kde-plasma-6-4-and-critical-security-patches/" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">alternativeto.net/news/2025/7/</span><span class="invisible">opensuse-tumbleweed-s-latest-update-brings-kde-plasma-6-4-and-critical-security-patches/</span></a></p><p>Arch ISO with Linux kernel 6.15 and Archinstall 3.0.8 is available:<br><a href="https://9to5linux.com/first-arch-linux-iso-release-powered-by-linux-6-15-is-now-available-for-download" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">9to5linux.com/first-arch-linux</span><span class="invisible">-iso-release-powered-by-linux-6-15-is-now-available-for-download</span></a></p><p>Ubuntu 25.10 will raise RISC-V profile requirements:<br><a href="https://www.omgubuntu.co.uk/2025/06/ubuntu-riscv-rva23-support" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://www.</span><span class="ellipsis">omgubuntu.co.uk/2025/06/ubuntu</span><span class="invisible">-riscv-rva23-support</span></a></p><p>Critical Sudo vulnerabilities found, exploited using --chroot (-R) and --host (-h) options:<br><a href="https://ostechnix.com/sudo-vulnerabilities-expose-linux-systems-to-privilege-escalation/" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">ostechnix.com/sudo-vulnerabili</span><span class="invisible">ties-expose-linux-systems-to-privilege-escalation/</span></a></p><p>GNOME 49 will default to the Papers document viewer:<br><a href="https://www.phoronix.com/news/GNOME-Papers-Approved-49" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://www.</span><span class="ellipsis">phoronix.com/news/GNOME-Papers</span><span class="invisible">-Approved-49</span></a></p><p>GNOME 49 Alpha 1 released with showing the workspace switcher on-screen display across all monitors, do-not-disturb quick setting, dedicated accessibility menu on the login screen, etc.:<br><a href="https://www.phoronix.com/news/GNOME-Shell-Mutter-49-Alpha-1" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://www.</span><span class="ellipsis">phoronix.com/news/GNOME-Shell-</span><span class="invisible">Mutter-49-Alpha-1</span></a></p><p>KDE improves KClock by adding picture-in-picture support on Wayland:<br><a href="https://www.phoronix.com/news/KDE-Clock-Wayland-PIP" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://www.</span><span class="ellipsis">phoronix.com/news/KDE-Clock-Wa</span><span class="invisible">yland-PIP</span></a></p><p>KDE Plasma 6.4.2 released with various bug fixes and improvements:<br><a href="https://9to5linux.com/kde-plasma-6-4-2-improves-the-kicker-app-menu-widget-spectacle-and-more" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">9to5linux.com/kde-plasma-6-4-2</span><span class="invisible">-improves-the-kicker-app-menu-widget-spectacle-and-more</span></a></p><p>KDE Gear 25.04.3 released as the last update in the KDE Gear 25.04 series, with fixes for Dolphin, KClock, Gwenview, Itinerary etc.:<br><a href="https://9to5linux.com/kde-gear-25-04-3-released-as-the-last-update-in-the-kde-gear-25-04-series" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">9to5linux.com/kde-gear-25-04-3</span><span class="invisible">-released-as-the-last-update-in-the-kde-gear-25-04-series</span></a></p><p>Debian installer Trixie RC2 released with improved installation media handling, better Secure Boot support, Btrfs system rescue, improved bootloader reliability, etc.:<br><a href="https://ostechnix.com/debian-installer-trixie-rc-2-released/" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">ostechnix.com/debian-installer</span><span class="invisible">-trixie-rc-2-released/</span></a></p><p>Debian aiming to attract more contributors, looks for OpenAI fund for the AI usage of contributors:<br><a href="https://www.phoronix.com/news/Debian-More-Newcomers-LLMs" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://www.</span><span class="ellipsis">phoronix.com/news/Debian-More-</span><span class="invisible">Newcomers-LLMs</span></a></p><p>New Gentoo images available with Linux kernel 6.12 LTS and KDE Plasma 6.3:<br><a href="https://www.phoronix.com/news/Gentoo-Linux-July-2025" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://www.</span><span class="ellipsis">phoronix.com/news/Gentoo-Linux</span><span class="invisible">-July-2025</span></a></p><p>AerynOS tooling is rewritten in Rust instead of D (not C lol):<br><a href="https://www.phoronix.com/news/AerynOS-Mid-2025" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://www.</span><span class="ellipsis">phoronix.com/news/AerynOS-Mid-</span><span class="invisible">2025</span></a></p><p>(more Linux and FOSS news in comments)</p><p><a href="https://social.linux.pizza/tags/WeeklyNews" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>WeeklyNews</span></a> <a href="https://social.linux.pizza/tags/News" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>News</span></a> <a href="https://social.linux.pizza/tags/Linux" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Linux</span></a> <a href="https://social.linux.pizza/tags/LinuxNews" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>LinuxNews</span></a> <a href="https://social.linux.pizza/tags/Fedora" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Fedora</span></a> <a href="https://social.linux.pizza/tags/openSUSE" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>openSUSE</span></a> <a href="https://social.linux.pizza/tags/Arch" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Arch</span></a> <a href="https://social.linux.pizza/tags/Ubuntu" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Ubuntu</span></a> <a href="https://social.linux.pizza/tags/Sudo" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Sudo</span></a> <a href="https://social.linux.pizza/tags/GNOME" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>GNOME</span></a> <a href="https://social.linux.pizza/tags/KDE" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>KDE</span></a> <a href="https://social.linux.pizza/tags/Debian" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Debian</span></a> <a href="https://social.linux.pizza/tags/Gentoo" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Gentoo</span></a> <a href="https://social.linux.pizza/tags/AerynOS" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>AerynOS</span></a> <a href="https://social.linux.pizza/tags/KDEPlasma" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>KDEPlasma</span></a> <a href="https://social.linux.pizza/tags/LinuxDesktop" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>LinuxDesktop</span></a> <a href="https://social.linux.pizza/tags/Security" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Security</span></a> <a href="https://social.linux.pizza/tags/Vulnerability" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Vulnerability</span></a> <a href="https://social.linux.pizza/tags/GNOME49" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>GNOME49</span></a> <a href="https://social.linux.pizza/tags/FosseryTech" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>FosseryTech</span></a></p>
Pyrzout :vm:<p>12-Year-Old Sudo Vulnerability Exposes Linux Systems to Root Privilege Escalation <a href="https://gbhackers.com/12-year-old-sudo-vulnerability/" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">gbhackers.com/12-year-old-sudo</span><span class="invisible">-vulnerability/</span></a> <a href="https://social.skynetcloud.site/tags/CVE" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>CVE</span></a>/vulnerability <a href="https://social.skynetcloud.site/tags/CyberSecurityNews" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>CyberSecurityNews</span></a> <a href="https://social.skynetcloud.site/tags/Vulnerability" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Vulnerability</span></a> <a href="https://social.skynetcloud.site/tags/cybersecurity" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>cybersecurity</span></a> <a href="https://social.skynetcloud.site/tags/Linux" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Linux</span></a></p>
BeyondMachines :verified:<p>Researchers report Bluetooth flaws that enable remote eavesdropping, device hijacking</p><p>German cybersecurity researchers report critical vulnerabilities in Airoha Bluetooth system-on-chip technology affecting millions of headphones, earbuds, and speakers from major brands like Sony, Marshall, JBL, and Bose, allowing attackers within 10-meter range to remotely eavesdrop on conversations, hijack device connections, and access sensitive data without authentication.</p><p>**Be aware that your Bluetooth headphones and speakers from Sony, Marshall, JBL, Bose or other vendors, may be critically vulnerable to remote eavesdropping attacks. There is no immediate patch, so check regularly for firmware updates become available and in the meantime avoid using them (or even bringing them into) in sensitive environments. If you are journalist, diplomat, or work in sensitive businesses, consider not using at all or regularly unpairing bluetooth devices from your phone when not needed.**<br><a href="https://infosec.exchange/tags/cybersecurity" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>cybersecurity</span></a> <a href="https://infosec.exchange/tags/infosec" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>infosec</span></a> <a href="https://infosec.exchange/tags/advisory" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>advisory</span></a> <a href="https://infosec.exchange/tags/vulnerability" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>vulnerability</span></a><br><a href="https://beyondmachines.net/event_details/researchers-report-bluetooth-flaws-that-enable-remote-eavesdropping-device-hijacking-l-3-2-3-8/gD2P6Ple2L" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">beyondmachines.net/event_detai</span><span class="invisible">ls/researchers-report-bluetooth-flaws-that-enable-remote-eavesdropping-device-hijacking-l-3-2-3-8/gD2P6Ple2L</span></a></p>
mle✨<p>It’s not often my worlds collide like this, but this is pretty wild. </p><p>Coros Pace 3 doesn’t enforce Bluetooth pairing to a device, which leads to a cascading series of things that one could do when rogue connecting to the watch. </p><p>All of these are pretty terrible, but I can’t shake the image of someone spectating near the end of a race and disrupting someone’s hard-earned GPS file for their race. Obviously access to health and training data is way more severe, and there are devices and systems way more critical than someone’s GPS watch, but the fact that any of this is even possible is jarring. </p><p>On top of this, Coros’s initial response of “we’ll get to it by the end of 2025” is wildly unacceptable. They’ve since clarified their timeline (which is more aggressive) but they didn’t handle this well at all from what I’m reading. </p><p><a href="https://blog.syss.com/posts/bluetooth-analysis-coros-pace-3/" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">blog.syss.com/posts/bluetooth-</span><span class="invisible">analysis-coros-pace-3/</span></a></p><p><a href="https://www.dcrainmaker.com/2025/06/coros-confirms-substantial-watch-security-vulnerablity-says-fixes-are-coming.html" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://www.</span><span class="ellipsis">dcrainmaker.com/2025/06/coros-</span><span class="invisible">confirms-substantial-watch-security-vulnerablity-says-fixes-are-coming.html</span></a></p><p><a href="https://infosec.exchange/tags/running" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>running</span></a> <a href="https://infosec.exchange/tags/security" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>security</span></a> <a href="https://infosec.exchange/tags/vulnerability" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>vulnerability</span></a></p>
Pyrzout :vm:<p>Norwegian Dam Valve Forced Open for Hours in Cyberattack – Source:hackread.com <a href="https://ciso2ciso.com/norwegian-dam-valve-forced-open-for-hours-in-cyberattack-sourcehackread-com/" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">ciso2ciso.com/norwegian-dam-va</span><span class="invisible">lve-forced-open-for-hours-in-cyberattack-sourcehackread-com/</span></a> <a href="https://social.skynetcloud.site/tags/1CyberSecurityNewsPost" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>1CyberSecurityNewsPost</span></a> <a href="https://social.skynetcloud.site/tags/CyberSecurityNews" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>CyberSecurityNews</span></a> <a href="https://social.skynetcloud.site/tags/cybersecurity" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>cybersecurity</span></a> <a href="https://social.skynetcloud.site/tags/Vulnerability" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Vulnerability</span></a> <a href="https://social.skynetcloud.site/tags/CyberAttacks" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>CyberAttacks</span></a> <a href="https://social.skynetcloud.site/tags/CyberAttack" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>CyberAttack</span></a> <a href="https://social.skynetcloud.site/tags/CyberCrime" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>CyberCrime</span></a> <a href="https://social.skynetcloud.site/tags/Hackread" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Hackread</span></a> <a href="https://social.skynetcloud.site/tags/security" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>security</span></a> <a href="https://social.skynetcloud.site/tags/Norway" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Norway</span></a> <a href="https://social.skynetcloud.site/tags/IoT" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>IoT</span></a></p>
Pyrzout :vm:<p>Malicious AI Models Are Behind a New Wave of Cybercrime, Cisco Talos <a href="https://hackread.com/malicious-ai-models-wave-of-cybercrime-cisco-talos/" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">hackread.com/malicious-ai-mode</span><span class="invisible">ls-wave-of-cybercrime-cisco-talos/</span></a> <a href="https://social.skynetcloud.site/tags/ArtificialIntelligence" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>ArtificialIntelligence</span></a> <a href="https://social.skynetcloud.site/tags/Cybersecurity" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Cybersecurity</span></a> <a href="https://social.skynetcloud.site/tags/Vulnerability" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Vulnerability</span></a> <a href="https://social.skynetcloud.site/tags/CyberAttack" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>CyberAttack</span></a> <a href="https://social.skynetcloud.site/tags/HuggingFace" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>HuggingFace</span></a> <a href="https://social.skynetcloud.site/tags/CyberCrime" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>CyberCrime</span></a> <a href="https://social.skynetcloud.site/tags/CiscoTalos" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>CiscoTalos</span></a> <a href="https://social.skynetcloud.site/tags/Security" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Security</span></a> <a href="https://social.skynetcloud.site/tags/ChatGPT" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>ChatGPT</span></a> <a href="https://social.skynetcloud.site/tags/LLM" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>LLM</span></a> <a href="https://social.skynetcloud.site/tags/AI" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>AI</span></a></p>
Bill<p>El Reg has a typically well written piece reminding us that supply chain attacks are getting more common and damaging, which is not the direction we'd like to see.</p><p><a href="https://www.theregister.com/2025/06/25/supply_chain_attacks_hammer_organizations/" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://www.</span><span class="ellipsis">theregister.com/2025/06/25/sup</span><span class="invisible">ply_chain_attacks_hammer_organizations/</span></a></p><p><a href="https://infosec.exchange/tags/supplychain" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>supplychain</span></a> <a href="https://infosec.exchange/tags/vulnerability" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>vulnerability</span></a></p>
Alexandre Dulaunoy<p>Curious about the Chinese vulnerability database? It's now included on <a href="https://vulnerability-lookup.org" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://</span><span class="">vulnerability-lookup.org</span><span class="invisible"></span></a>!<br>Big thanks to <span class="h-card" translate="no"><a href="https://social.yoyodyne-it.eu/@rafi0t" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@<span>rafi0t</span></a></span> for the awesome work and the clever LookyLoo import!</p><p>🔗 <a href="https://vulnerability.circl.lu/recent#cnvd" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">vulnerability.circl.lu/recent#</span><span class="invisible">cnvd</span></a></p><p><a href="https://infosec.exchange/tags/vulnerability" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>vulnerability</span></a> <a href="https://infosec.exchange/tags/vulnerabilitymanagement" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>vulnerabilitymanagement</span></a> <a href="https://infosec.exchange/tags/threatintel" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>threatintel</span></a> <a href="https://infosec.exchange/tags/cybersecurity" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>cybersecurity</span></a> <a href="https://infosec.exchange/tags/china" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>china</span></a></p>
Robert Hensing<p>📢 Update your Nix installation, and refrain from building untrustworthy derivations until done.<br><a href="https://discourse.nixos.org/t/security-advisory-privilege-escalations-in-nix-lix-and-guix/66017" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">discourse.nixos.org/t/security</span><span class="invisible">-advisory-privilege-escalations-in-nix-lix-and-guix/66017</span></a></p><p>Hercules CI Agent uses the running nix daemon, so updating your system Nix is sufficient.</p><p><a href="https://functional.cafe/tags/Nix" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Nix</span></a> <a href="https://functional.cafe/tags/NixOS" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>NixOS</span></a> <a href="https://functional.cafe/tags/CI" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>CI</span></a> <a href="https://functional.cafe/tags/Security" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Security</span></a> <a href="https://functional.cafe/tags/Vulnerability" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Vulnerability</span></a></p>
circl<p>An OS command injection vulnerability exists in various models of E-Series Linksys routers via the /tmUnblock.cgi and /hndUnblock.cgi endpoints over HTTP on port 8080. The CGI scripts improperly process user-supplied input passed to the ttcp_ip parameter without sanitization, allowing unauthenticated attackers to inject shell commands. This vulnerability is exploited in the wild by the "TheMoon" worm.</p><p><a href="https://social.circl.lu/tags/vulnerability" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>vulnerability</span></a> <a href="https://social.circl.lu/tags/cybersecurity" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>cybersecurity</span></a> <a href="https://social.circl.lu/tags/cve" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>cve</span></a> <a href="https://social.circl.lu/tags/linksys" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>linksys</span></a> </p><p>🔗 <a href="https://vulnerability.circl.lu/vuln/cve-2025-34037" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">vulnerability.circl.lu/vuln/cv</span><span class="invisible">e-2025-34037</span></a></p>
TechnoTenshi :verified_trans: :Fire_Lesbian:<p>Two new Linux flaws (CVE-2025-6018, CVE-2025-6019) allow local attackers to escalate to root via PAM misconfig and udisks. Exploits confirmed on Ubuntu, Fedora, Debian. Admins urged to patch immediately.</p><p><a href="https://www.bleepingcomputer.com/news/linux/new-linux-udisks-flaw-lets-attackers-get-root-on-major-linux-distros/" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://www.</span><span class="ellipsis">bleepingcomputer.com/news/linu</span><span class="invisible">x/new-linux-udisks-flaw-lets-attackers-get-root-on-major-linux-distros/</span></a></p><p><a href="https://infosec.exchange/tags/Linux" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Linux</span></a> <a href="https://infosec.exchange/tags/LPE" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>LPE</span></a> <a href="https://infosec.exchange/tags/Infosec" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Infosec</span></a> <a href="https://infosec.exchange/tags/Vulnerability" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Vulnerability</span></a></p>
knoppix<p>New Linux flaws let attackers gain root on major distros incl. Ubuntu, Debian, Fedora &amp; openSUSE. 🐧🔐</p><p>Two LPE bugs—PAM config &amp; udisks via libblockdev—can be chained for full system takeover. 🧷⚠️</p><p>udisks runs by default on most systems, making this a critical risk.<br>Admins urged to patch ASAP. 🔧🚫</p><p><span class="h-card" translate="no"><a href="https://infosec.exchange/@BleepingComputer" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@<span>BleepingComputer</span></a></span> <br><span class="h-card" translate="no"><a href="https://mastodon.social/@serghei" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@<span>serghei</span></a></span> </p><p><a href="https://www.bleepingcomputer.com/news/linux/new-linux-udisks-flaw-lets-attackers-get-root-on-major-linux-distros/" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://www.</span><span class="ellipsis">bleepingcomputer.com/news/linu</span><span class="invisible">x/new-linux-udisks-flaw-lets-attackers-get-root-on-major-linux-distros/</span></a></p><p><a href="https://mastodon.social/tags/Linux" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Linux</span></a> <a href="https://mastodon.social/tags/Ubuntu" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Ubuntu</span></a> <a href="https://mastodon.social/tags/DebiaN" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>DebiaN</span></a> <a href="https://mastodon.social/tags/FedorA" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>FedorA</span></a> <a href="https://mastodon.social/tags/openSUSE" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>openSUSE</span></a> <a href="https://mastodon.social/tags/FOSS" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>FOSS</span></a> <a href="https://mastodon.social/tags/CyberSecurity" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>CyberSecurity</span></a> <a href="https://mastodon.social/tags/Vulnerability" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Vulnerability</span></a> <a href="https://mastodon.social/tags/Infosec" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Infosec</span></a> <a href="https://mastodon.social/tags/OpenSource" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>OpenSource</span></a> <a href="https://mastodon.social/tags/PrivilegeEscalation" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>PrivilegeEscalation</span></a> <a href="https://mastodon.social/tags/SysAdmin" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>SysAdmin</span></a> <a href="https://mastodon.social/tags/TechNews" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>TechNews</span></a> <a href="https://mastodon.social/tags/Tech" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Tech</span></a></p>
Kim Crayton ~ Her/She<p>But you know what’s worse than failing?
Not trying at all.</p><p>Because if there’s even one person out there who’s also feeling isolated…who’s also feeling like they’ve lost something vital in all this noise…who’s also ready to build something better—then it’s already worth it.</p><p>This is the risk.
<br>This is the work.
<br>This is the invitation.</p><p>Let’s start over—together.</p><p><a href="https://dair-community.social/tags/ProfitWithoutOppression" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>ProfitWithoutOppression</span></a> <a href="https://dair-community.social/tags/StartOver" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>StartOver</span></a> <a href="https://dair-community.social/tags/CommunityBuilding" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>CommunityBuilding</span></a> <a href="https://dair-community.social/tags/Leadership" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Leadership</span></a> <a href="https://dair-community.social/tags/EthicalBusiness" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>EthicalBusiness</span></a> <a href="https://dair-community.social/tags/Transparency" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Transparency</span></a> <a href="https://dair-community.social/tags/Trust" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Trust</span></a> <a href="https://dair-community.social/tags/Vulnerability" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Vulnerability</span></a> <a href="https://dair-community.social/tags/FutureOfWork" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>FutureOfWork</span></a></p>
circl<p>«&nbsp;A flaw was found in the temporary user record that authd uses in the pre-auth NSS. As a result, a user login for the first time will be considered to be part of the root group in the context of that SSH session.&nbsp;»</p><p>🔗 <a href="https://vulnerability.circl.lu/cve/CVE-2025-5689#sightings" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">vulnerability.circl.lu/cve/CVE</span><span class="invisible">-2025-5689#sightings</span></a></p><p><a href="https://social.circl.lu/tags/ssh" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>ssh</span></a> <a href="https://social.circl.lu/tags/vulnerabilitymanagement" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>vulnerabilitymanagement</span></a> <a href="https://social.circl.lu/tags/vulnerability" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>vulnerability</span></a></p>
Marcus Hutchins :verified:<p>In response to popular demand, we've added some offensive security channel to the MalwareTech Discord. Interested in pentesting, red teaming, or implant development? Check out channels <a href="https://infosec.exchange/tags/offensive" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>offensive</span></a>-security, <a href="https://infosec.exchange/tags/vulnerability" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>vulnerability</span></a>-research, and <a href="https://infosec.exchange/tags/implant" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>implant</span></a>-development. <br><a href="https://discord.gg/MalwareTech" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://</span><span class="">discord.gg/MalwareTech</span><span class="invisible"></span></a></p>
Hackread.com<p>A zero-click flaw in <a href="https://mstdn.social/tags/Microsoft365Copilot" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Microsoft365Copilot</span></a>, dubbed <a href="https://mstdn.social/tags/EchoLeak" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>EchoLeak</span></a>, lets attackers steal company data through a single email, no user action needed. AI assistants now pose real risks.</p><p>Read: <a href="https://hackread.com/zero-click-ai-flaw-microsoft-365-copilot-expose-data/" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">hackread.com/zero-click-ai-fla</span><span class="invisible">w-microsoft-365-copilot-expose-data/</span></a></p><p><a href="https://mstdn.social/tags/CyberSecurity" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>CyberSecurity</span></a> <a href="https://mstdn.social/tags/AI" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>AI</span></a> <a href="https://mstdn.social/tags/ZeroClick" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>ZeroClick</span></a> <a href="https://mstdn.social/tags/Vulnerability" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Vulnerability</span></a> <a href="https://mstdn.social/tags/CoPilot" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>CoPilot</span></a></p>
circl<p>Heap-based buffer overflow in Microsoft Office Word allows an unauthorized attacker to execute code locally.</p><p>🔗 <a href="https://vulnerability.circl.lu/vuln/cve-2025-32717#sightings" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">vulnerability.circl.lu/vuln/cv</span><span class="invisible">e-2025-32717#sightings</span></a></p><p><a href="https://social.circl.lu/tags/vulnerabilitymanagement" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>vulnerabilitymanagement</span></a> <a href="https://social.circl.lu/tags/vulnerability" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>vulnerability</span></a> <a href="https://social.circl.lu/tags/infosec" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>infosec</span></a> <a href="https://social.circl.lu/tags/cybersecurity" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>cybersecurity</span></a></p><p>CVE-2025-32717</p>
TechnoTenshi :verified_trans: :Fire_Lesbian:<p>Researcher demonstrates a method to brute-force any Google user's phone number via the username recovery endpoint, exploiting a logic flaw in BotGuard and using IPv6 to bypass rate-limits. Google has since deprecated the vulnerable endpoint. </p><p><a href="https://brutecat.com/articles/leaking-google-phones" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">brutecat.com/articles/leaking-</span><span class="invisible">google-phones</span></a></p><p><a href="https://infosec.exchange/tags/infosec" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>infosec</span></a> <a href="https://infosec.exchange/tags/vulnerability" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>vulnerability</span></a> <a href="https://infosec.exchange/tags/privacy" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>privacy</span></a> <a href="https://infosec.exchange/tags/google" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>google</span></a></p>