lingo.lol is one of the many independent Mastodon servers you can use to participate in the fediverse.
A place for linguists, philologists, and other lovers of languages.

Server stats:

64
active users

#vulnerability

2 posts2 participants0 posts today
CVE Program<p>The Rust Project is now a CVE Numbering Authority (CNA) assigning CVE IDs for repositories, packages, &amp; websites maintained by the Rust Project<br> <a href="https://cve.org/Media/News/item/news/2025/07/22/The-Rust-Project-Added-as-CNA" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">cve.org/Media/News/item/news/2</span><span class="invisible">025/07/22/The-Rust-Project-Added-as-CNA</span></a> <br> <br><a href="https://mastodon.social/tags/cve" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>cve</span></a> <a href="https://mastodon.social/tags/cna" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>cna</span></a> <a href="https://mastodon.social/tags/vulnerability" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>vulnerability</span></a> <a href="https://mastodon.social/tags/vulnerabilitymanagement" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>vulnerabilitymanagement</span></a> <a href="https://mastodon.social/tags/cybersecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>cybersecurity</span></a> <a href="https://mastodon.social/tags/opensource" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>opensource</span></a></p>
gcve.eu<p>GCVE.eu initiative - introduction and how to become a GNA. Video published.</p><p><a href="https://social.circl.lu/tags/gcve" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>gcve</span></a> <a href="https://social.circl.lu/tags/vulnerabilitymanagement" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>vulnerabilitymanagement</span></a> <a href="https://social.circl.lu/tags/vulnerability" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>vulnerability</span></a> <a href="https://social.circl.lu/tags/cve" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>cve</span></a> <a href="https://social.circl.lu/tags/cybersecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>cybersecurity</span></a> </p><p>📽️ <a href="https://www.youtube.com/watch?v=Va3almPab1M" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://www.</span><span class="ellipsis">youtube.com/watch?v=Va3almPab1</span><span class="invisible">M</span></a></p>
Alexandre Dulaunoy<p>Wrapped up an energising Vulnerability Lookup workshop during <span class="h-card" translate="no"><a href="https://social.circl.lu/@circl" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>circl</span></a></span>’s Virtual Summer School 2025.</p><p>Video and slides are now available. </p><p>Big thanks to everyone who joined the discussions.</p><p>:youtube: Video <a href="https://youtu.be/imkPqA-1mVE" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="">youtu.be/imkPqA-1mVE</span><span class="invisible"></span></a> <br>📜 Slides <a href="https://www.vulnerability-lookup.org/files/events/2025/VSS-2025-VulnerabilityLookup.pdf" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://www.</span><span class="ellipsis">vulnerability-lookup.org/files</span><span class="invisible">/events/2025/VSS-2025-VulnerabilityLookup.pdf</span></a></p><p><a href="https://infosec.exchange/tags/opensource" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>opensource</span></a> <a href="https://infosec.exchange/tags/gcve" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>gcve</span></a> <a href="https://infosec.exchange/tags/vulnerability" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>vulnerability</span></a> <a href="https://infosec.exchange/tags/vulnerabilitymanagement" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>vulnerabilitymanagement</span></a> </p><p><span class="h-card" translate="no"><a href="https://social.circl.lu/@gcve" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>gcve</span></a></span> <br><span class="h-card" translate="no"><a href="https://fosstodon.org/@cedric" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>cedric</span></a></span> <br><span class="h-card" translate="no"><a href="https://social.yoyodyne-it.eu/@rafi0t" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>rafi0t</span></a></span></p>
JayeLTee<p>I received an email earlier this week from EA asking if I wanted to be added to a public acknowledgement page they were creating for individuals who responsibly disclosed vulnerabilities to them.</p><p>For all the shit people give EA, of the 100+ companies I contacted in the last two years, they were the only company I would say had a decent incident response.</p><p>They fixed the issue within 12 hours after validating it as critical, and proactively provided me multiple updates over time.</p><p>When the IR was done on their side, they reached out again with some more information about the potential impact if the issue hadn't been solved quickly, and also offered me a reward.</p><p>I did not have to keep chasing anyone for updates, I wasn't asked for non-disclosure, or offered money in exchange for it, and people replied instead of ignoring me.</p><p>I wasn't blamed for their mistake, either, or reported to the authorities.</p><p>Unfortunately, at least one or multiple of the things mentioned above are present in most of my other incidents reported; it's a real shit show out there.</p><p><a href="https://infosec.exchange/tags/cybersecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>cybersecurity</span></a> <a href="https://infosec.exchange/tags/infosec" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>infosec</span></a> <a href="https://infosec.exchange/tags/responsibledisclosure" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>responsibledisclosure</span></a> <a href="https://infosec.exchange/tags/vulnerability" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>vulnerability</span></a> <a href="https://infosec.exchange/tags/ea" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>ea</span></a> <a href="https://infosec.exchange/tags/electronicarts" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>electronicarts</span></a></p>
RAZ13L<p>For almost all <a href="https://ciberlandia.pt/tags/android" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>android</span></a> users except for <a href="https://ciberlandia.pt/tags/GrapheneOS" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>GrapheneOS</span></a> , you need to disable animations on the hidden developer option menu, and wait until <a href="https://ciberlandia.pt/tags/google" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>google</span></a> decides to patch this <a href="https://ciberlandia.pt/tags/vulnerability" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>vulnerability</span></a>, that allows an app to silently access your location/mic/camera, etc and do a lot of nasty things on your device without your consent.</p><p>Paper : <a href="https://taptrap.click/usenix25_taptrap_paper.pdf" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">taptrap.click/usenix25_taptrap</span><span class="invisible">_paper.pdf</span></a><br>Website: <br><a href="https://taptrap.click/" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="">taptrap.click/</span><span class="invisible"></span></a></p>
erAck<p>Belgium is unsafe for CVD (coordinated vulnerability disclosure)<br><a href="https://floort.net/posts/belgium-unsafe-for-cvd/" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">floort.net/posts/belgium-unsaf</span><span class="invisible">e-for-cvd/</span></a></p><p><a href="https://social.tchncs.de/tags/CVD" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>CVD</span></a> <a href="https://social.tchncs.de/tags/security" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>security</span></a> <a href="https://social.tchncs.de/tags/coordinated" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>coordinated</span></a> <a href="https://social.tchncs.de/tags/vulnerability" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>vulnerability</span></a> <a href="https://social.tchncs.de/tags/disclosure" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>disclosure</span></a> <a href="https://social.tchncs.de/tags/Belgium" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Belgium</span></a></p>
George E. 🇺🇸♥🇺🇦🇵🇸🏳️‍🌈🏳️‍⚧️<p>Huge <a href="https://bofh.social/tags/security" rel="nofollow noopener" target="_blank">#security</a> <a href="https://bofh.social/tags/vulnerability" rel="nofollow noopener" target="_blank">#vulnerability</a> in <a href="https://bofh.social/tags/Linux" rel="nofollow noopener" target="_blank">#Linux</a> systems allows an <a href="https://bofh.social/tags/attacker" rel="nofollow noopener" target="_blank">#attacker</a> with <a href="https://bofh.social/tags/PhysicalAccess" rel="nofollow noopener" target="_blank">#PhysicalAccess</a> to <a href="https://bofh.social/tags/bypass" rel="nofollow noopener" target="_blank">#bypass</a> <a href="https://bofh.social/tags/SecureBoot" rel="nofollow noopener" target="_blank">#SecureBoot</a> and inject <a href="https://bofh.social/tags/malware" rel="nofollow noopener" target="_blank">#malware</a> onto a system even with <a href="https://bofh.social/tags/LUKS" rel="nofollow noopener" target="_blank">#LUKS</a> <a href="https://bofh.social/tags/FDE" rel="nofollow noopener" target="_blank">#FDE</a><span>.<br><br>The mitigation is pretty straight-forward.<br><br>For </span><a href="https://bofh.social/tags/Ubuntu" rel="nofollow noopener" target="_blank">#Ubuntu</a><span> at-least (I don't run RedHat/ Fedora):<br><br>Edit </span><code>/etc/default/grub</code> as <code>root</code><span>.<br><br>In the line that says </span><code>GRUB_CMDLINE_LINUX="..."</code>, add (or append) <code>panic=0</code><span>.<br><br>Followed by: </span><code>sudo update-grub</code><span>. (Takes effect on reboot).<br><br>This will prevent your Linux system from launching a </span><a href="https://bofh.social/tags/DebugShell" rel="nofollow noopener" target="_blank">#DebugShell</a> if an attacker repeatedly enters a wrong passphrase for decrypting your Luks <a href="https://bofh.social/tags/boot" rel="nofollow noopener" target="_blank">#boot</a> <a href="https://bofh.social/tags/volume" rel="nofollow noopener" target="_blank">#volume</a><span>.<br><br>The linked article has more information.<br><br></span><a href="https://cybernews.com/security/hackers-can-bypass-linux-secure-boot/" rel="nofollow noopener" target="_blank">https://cybernews.com/security/hackers-can-bypass-linux-secure-boot/</a></p>
Alexandre Dulaunoy<p>VLAI: A RoBERTa-Based Model for Automated Vulnerability Severity Classification.</p><p>This paper presents VLAI, a transformer-based model that predicts software vulnerability severity levels directly from text descriptions. Built on RoBERTa, VLAI is fine-tuned on over 600,000 real-world vulnerabilities and achieves over 82% accuracy in predicting severity categories, enabling faster and more consistent triage ahead of manual CVSS scoring. The model and dataset are open-source and integrated into the Vulnerability-Lookup service.</p><p>We ( <span class="h-card" translate="no"><a href="https://fosstodon.org/@cedric" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>cedric</span></a></span> and I) decided to make a paper to better document how VLAI is implemented. We hope it will give other ideas and improvements in such model.</p><p><a href="https://infosec.exchange/tags/vulnerability" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>vulnerability</span></a> <a href="https://infosec.exchange/tags/cybersecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>cybersecurity</span></a> <a href="https://infosec.exchange/tags/vulnerabilitymanagement" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>vulnerabilitymanagement</span></a> <a href="https://infosec.exchange/tags/ai" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>ai</span></a> <a href="https://infosec.exchange/tags/nlp" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>nlp</span></a> <a href="https://infosec.exchange/tags/opensource" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>opensource</span></a> </p><p><span class="h-card" translate="no"><a href="https://social.circl.lu/@circl" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>circl</span></a></span> </p><p>🔗 <a href="https://arxiv.org/abs/2507.03607" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="">arxiv.org/abs/2507.03607</span><span class="invisible"></span></a></p>
Fossery Tech :debian: :gnome:<p>This week's Linux and FOSS news:</p><p>LINUX NEWS</p><p>Fedora made proposal to drop UEFI boot support of x86-64 systems running on MBR-partitioned disks:<br><a href="https://news.itsfoss.com/fedora-uefi-mbr-support-drop/" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">news.itsfoss.com/fedora-uefi-m</span><span class="invisible">br-support-drop/</span></a></p><p>SUSE's Agama installer switches from X.Org to Wayland for installation GUI:<br><a href="https://www.phoronix.com/news/SUSE-Agama-16-Installer" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://www.</span><span class="ellipsis">phoronix.com/news/SUSE-Agama-1</span><span class="invisible">6-Installer</span></a></p><p>OpenSUSE Tumbleweed monthly update brings KDE Plasma 6.4, other package updates, security patches:<br><a href="https://alternativeto.net/news/2025/7/opensuse-tumbleweed-s-latest-update-brings-kde-plasma-6-4-and-critical-security-patches/" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">alternativeto.net/news/2025/7/</span><span class="invisible">opensuse-tumbleweed-s-latest-update-brings-kde-plasma-6-4-and-critical-security-patches/</span></a></p><p>Arch ISO with Linux kernel 6.15 and Archinstall 3.0.8 is available:<br><a href="https://9to5linux.com/first-arch-linux-iso-release-powered-by-linux-6-15-is-now-available-for-download" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">9to5linux.com/first-arch-linux</span><span class="invisible">-iso-release-powered-by-linux-6-15-is-now-available-for-download</span></a></p><p>Ubuntu 25.10 will raise RISC-V profile requirements:<br><a href="https://www.omgubuntu.co.uk/2025/06/ubuntu-riscv-rva23-support" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://www.</span><span class="ellipsis">omgubuntu.co.uk/2025/06/ubuntu</span><span class="invisible">-riscv-rva23-support</span></a></p><p>Critical Sudo vulnerabilities found, exploited using --chroot (-R) and --host (-h) options:<br><a href="https://ostechnix.com/sudo-vulnerabilities-expose-linux-systems-to-privilege-escalation/" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">ostechnix.com/sudo-vulnerabili</span><span class="invisible">ties-expose-linux-systems-to-privilege-escalation/</span></a></p><p>GNOME 49 will default to the Papers document viewer:<br><a href="https://www.phoronix.com/news/GNOME-Papers-Approved-49" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://www.</span><span class="ellipsis">phoronix.com/news/GNOME-Papers</span><span class="invisible">-Approved-49</span></a></p><p>GNOME 49 Alpha 1 released with showing the workspace switcher on-screen display across all monitors, do-not-disturb quick setting, dedicated accessibility menu on the login screen, etc.:<br><a href="https://www.phoronix.com/news/GNOME-Shell-Mutter-49-Alpha-1" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://www.</span><span class="ellipsis">phoronix.com/news/GNOME-Shell-</span><span class="invisible">Mutter-49-Alpha-1</span></a></p><p>KDE improves KClock by adding picture-in-picture support on Wayland:<br><a href="https://www.phoronix.com/news/KDE-Clock-Wayland-PIP" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://www.</span><span class="ellipsis">phoronix.com/news/KDE-Clock-Wa</span><span class="invisible">yland-PIP</span></a></p><p>KDE Plasma 6.4.2 released with various bug fixes and improvements:<br><a href="https://9to5linux.com/kde-plasma-6-4-2-improves-the-kicker-app-menu-widget-spectacle-and-more" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">9to5linux.com/kde-plasma-6-4-2</span><span class="invisible">-improves-the-kicker-app-menu-widget-spectacle-and-more</span></a></p><p>KDE Gear 25.04.3 released as the last update in the KDE Gear 25.04 series, with fixes for Dolphin, KClock, Gwenview, Itinerary etc.:<br><a href="https://9to5linux.com/kde-gear-25-04-3-released-as-the-last-update-in-the-kde-gear-25-04-series" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">9to5linux.com/kde-gear-25-04-3</span><span class="invisible">-released-as-the-last-update-in-the-kde-gear-25-04-series</span></a></p><p>Debian installer Trixie RC2 released with improved installation media handling, better Secure Boot support, Btrfs system rescue, improved bootloader reliability, etc.:<br><a href="https://ostechnix.com/debian-installer-trixie-rc-2-released/" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">ostechnix.com/debian-installer</span><span class="invisible">-trixie-rc-2-released/</span></a></p><p>Debian aiming to attract more contributors, looks for OpenAI fund for the AI usage of contributors:<br><a href="https://www.phoronix.com/news/Debian-More-Newcomers-LLMs" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://www.</span><span class="ellipsis">phoronix.com/news/Debian-More-</span><span class="invisible">Newcomers-LLMs</span></a></p><p>New Gentoo images available with Linux kernel 6.12 LTS and KDE Plasma 6.3:<br><a href="https://www.phoronix.com/news/Gentoo-Linux-July-2025" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://www.</span><span class="ellipsis">phoronix.com/news/Gentoo-Linux</span><span class="invisible">-July-2025</span></a></p><p>AerynOS tooling is rewritten in Rust instead of D (not C lol):<br><a href="https://www.phoronix.com/news/AerynOS-Mid-2025" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://www.</span><span class="ellipsis">phoronix.com/news/AerynOS-Mid-</span><span class="invisible">2025</span></a></p><p>(more Linux and FOSS news in comments)</p><p><a href="https://social.linux.pizza/tags/WeeklyNews" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>WeeklyNews</span></a> <a href="https://social.linux.pizza/tags/News" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>News</span></a> <a href="https://social.linux.pizza/tags/Linux" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Linux</span></a> <a href="https://social.linux.pizza/tags/LinuxNews" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>LinuxNews</span></a> <a href="https://social.linux.pizza/tags/Fedora" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Fedora</span></a> <a href="https://social.linux.pizza/tags/openSUSE" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>openSUSE</span></a> <a href="https://social.linux.pizza/tags/Arch" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Arch</span></a> <a href="https://social.linux.pizza/tags/Ubuntu" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Ubuntu</span></a> <a href="https://social.linux.pizza/tags/Sudo" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Sudo</span></a> <a href="https://social.linux.pizza/tags/GNOME" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>GNOME</span></a> <a href="https://social.linux.pizza/tags/KDE" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>KDE</span></a> <a href="https://social.linux.pizza/tags/Debian" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Debian</span></a> <a href="https://social.linux.pizza/tags/Gentoo" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Gentoo</span></a> <a href="https://social.linux.pizza/tags/AerynOS" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>AerynOS</span></a> <a href="https://social.linux.pizza/tags/KDEPlasma" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>KDEPlasma</span></a> <a href="https://social.linux.pizza/tags/LinuxDesktop" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>LinuxDesktop</span></a> <a href="https://social.linux.pizza/tags/Security" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Security</span></a> <a href="https://social.linux.pizza/tags/Vulnerability" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Vulnerability</span></a> <a href="https://social.linux.pizza/tags/GNOME49" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>GNOME49</span></a> <a href="https://social.linux.pizza/tags/FosseryTech" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>FosseryTech</span></a></p>
Pyrzout :vm:<p>12-Year-Old Sudo Vulnerability Exposes Linux Systems to Root Privilege Escalation <a href="https://gbhackers.com/12-year-old-sudo-vulnerability/" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">gbhackers.com/12-year-old-sudo</span><span class="invisible">-vulnerability/</span></a> <a href="https://social.skynetcloud.site/tags/CVE" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>CVE</span></a>/vulnerability <a href="https://social.skynetcloud.site/tags/CyberSecurityNews" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>CyberSecurityNews</span></a> <a href="https://social.skynetcloud.site/tags/Vulnerability" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Vulnerability</span></a> <a href="https://social.skynetcloud.site/tags/cybersecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>cybersecurity</span></a> <a href="https://social.skynetcloud.site/tags/Linux" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Linux</span></a></p>
BeyondMachines :verified:<p>Researchers report Bluetooth flaws that enable remote eavesdropping, device hijacking</p><p>German cybersecurity researchers report critical vulnerabilities in Airoha Bluetooth system-on-chip technology affecting millions of headphones, earbuds, and speakers from major brands like Sony, Marshall, JBL, and Bose, allowing attackers within 10-meter range to remotely eavesdrop on conversations, hijack device connections, and access sensitive data without authentication.</p><p>**Be aware that your Bluetooth headphones and speakers from Sony, Marshall, JBL, Bose or other vendors, may be critically vulnerable to remote eavesdropping attacks. There is no immediate patch, so check regularly for firmware updates become available and in the meantime avoid using them (or even bringing them into) in sensitive environments. If you are journalist, diplomat, or work in sensitive businesses, consider not using at all or regularly unpairing bluetooth devices from your phone when not needed.**<br><a href="https://infosec.exchange/tags/cybersecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>cybersecurity</span></a> <a href="https://infosec.exchange/tags/infosec" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>infosec</span></a> <a href="https://infosec.exchange/tags/advisory" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>advisory</span></a> <a href="https://infosec.exchange/tags/vulnerability" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>vulnerability</span></a><br><a href="https://beyondmachines.net/event_details/researchers-report-bluetooth-flaws-that-enable-remote-eavesdropping-device-hijacking-l-3-2-3-8/gD2P6Ple2L" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">beyondmachines.net/event_detai</span><span class="invisible">ls/researchers-report-bluetooth-flaws-that-enable-remote-eavesdropping-device-hijacking-l-3-2-3-8/gD2P6Ple2L</span></a></p>
mle✨<p>It’s not often my worlds collide like this, but this is pretty wild. </p><p>Coros Pace 3 doesn’t enforce Bluetooth pairing to a device, which leads to a cascading series of things that one could do when rogue connecting to the watch. </p><p>All of these are pretty terrible, but I can’t shake the image of someone spectating near the end of a race and disrupting someone’s hard-earned GPS file for their race. Obviously access to health and training data is way more severe, and there are devices and systems way more critical than someone’s GPS watch, but the fact that any of this is even possible is jarring. </p><p>On top of this, Coros’s initial response of “we’ll get to it by the end of 2025” is wildly unacceptable. They’ve since clarified their timeline (which is more aggressive) but they didn’t handle this well at all from what I’m reading. </p><p><a href="https://blog.syss.com/posts/bluetooth-analysis-coros-pace-3/" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">blog.syss.com/posts/bluetooth-</span><span class="invisible">analysis-coros-pace-3/</span></a></p><p><a href="https://www.dcrainmaker.com/2025/06/coros-confirms-substantial-watch-security-vulnerablity-says-fixes-are-coming.html" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://www.</span><span class="ellipsis">dcrainmaker.com/2025/06/coros-</span><span class="invisible">confirms-substantial-watch-security-vulnerablity-says-fixes-are-coming.html</span></a></p><p><a href="https://infosec.exchange/tags/running" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>running</span></a> <a href="https://infosec.exchange/tags/security" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>security</span></a> <a href="https://infosec.exchange/tags/vulnerability" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>vulnerability</span></a></p>
Pyrzout :vm:<p>Norwegian Dam Valve Forced Open for Hours in Cyberattack – Source:hackread.com <a href="https://ciso2ciso.com/norwegian-dam-valve-forced-open-for-hours-in-cyberattack-sourcehackread-com/" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">ciso2ciso.com/norwegian-dam-va</span><span class="invisible">lve-forced-open-for-hours-in-cyberattack-sourcehackread-com/</span></a> <a href="https://social.skynetcloud.site/tags/1CyberSecurityNewsPost" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>1CyberSecurityNewsPost</span></a> <a href="https://social.skynetcloud.site/tags/CyberSecurityNews" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>CyberSecurityNews</span></a> <a href="https://social.skynetcloud.site/tags/cybersecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>cybersecurity</span></a> <a href="https://social.skynetcloud.site/tags/Vulnerability" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Vulnerability</span></a> <a href="https://social.skynetcloud.site/tags/CyberAttacks" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>CyberAttacks</span></a> <a href="https://social.skynetcloud.site/tags/CyberAttack" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>CyberAttack</span></a> <a href="https://social.skynetcloud.site/tags/CyberCrime" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>CyberCrime</span></a> <a href="https://social.skynetcloud.site/tags/Hackread" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Hackread</span></a> <a href="https://social.skynetcloud.site/tags/security" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>security</span></a> <a href="https://social.skynetcloud.site/tags/Norway" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Norway</span></a> <a href="https://social.skynetcloud.site/tags/IoT" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>IoT</span></a></p>
Pyrzout :vm:<p>Malicious AI Models Are Behind a New Wave of Cybercrime, Cisco Talos <a href="https://hackread.com/malicious-ai-models-wave-of-cybercrime-cisco-talos/" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">hackread.com/malicious-ai-mode</span><span class="invisible">ls-wave-of-cybercrime-cisco-talos/</span></a> <a href="https://social.skynetcloud.site/tags/ArtificialIntelligence" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>ArtificialIntelligence</span></a> <a href="https://social.skynetcloud.site/tags/Cybersecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Cybersecurity</span></a> <a href="https://social.skynetcloud.site/tags/Vulnerability" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Vulnerability</span></a> <a href="https://social.skynetcloud.site/tags/CyberAttack" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>CyberAttack</span></a> <a href="https://social.skynetcloud.site/tags/HuggingFace" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>HuggingFace</span></a> <a href="https://social.skynetcloud.site/tags/CyberCrime" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>CyberCrime</span></a> <a href="https://social.skynetcloud.site/tags/CiscoTalos" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>CiscoTalos</span></a> <a href="https://social.skynetcloud.site/tags/Security" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Security</span></a> <a href="https://social.skynetcloud.site/tags/ChatGPT" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>ChatGPT</span></a> <a href="https://social.skynetcloud.site/tags/LLM" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>LLM</span></a> <a href="https://social.skynetcloud.site/tags/AI" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>AI</span></a></p>
Bill<p>El Reg has a typically well written piece reminding us that supply chain attacks are getting more common and damaging, which is not the direction we'd like to see.</p><p><a href="https://www.theregister.com/2025/06/25/supply_chain_attacks_hammer_organizations/" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://www.</span><span class="ellipsis">theregister.com/2025/06/25/sup</span><span class="invisible">ply_chain_attacks_hammer_organizations/</span></a></p><p><a href="https://infosec.exchange/tags/supplychain" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>supplychain</span></a> <a href="https://infosec.exchange/tags/vulnerability" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>vulnerability</span></a></p>
Alexandre Dulaunoy<p>Curious about the Chinese vulnerability database? It's now included on <a href="https://vulnerability-lookup.org" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="">vulnerability-lookup.org</span><span class="invisible"></span></a>!<br>Big thanks to <span class="h-card" translate="no"><a href="https://social.yoyodyne-it.eu/@rafi0t" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>rafi0t</span></a></span> for the awesome work and the clever LookyLoo import!</p><p>🔗 <a href="https://vulnerability.circl.lu/recent#cnvd" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">vulnerability.circl.lu/recent#</span><span class="invisible">cnvd</span></a></p><p><a href="https://infosec.exchange/tags/vulnerability" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>vulnerability</span></a> <a href="https://infosec.exchange/tags/vulnerabilitymanagement" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>vulnerabilitymanagement</span></a> <a href="https://infosec.exchange/tags/threatintel" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>threatintel</span></a> <a href="https://infosec.exchange/tags/cybersecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>cybersecurity</span></a> <a href="https://infosec.exchange/tags/china" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>china</span></a></p>
Robert Hensing<p>📢 Update your Nix installation, and refrain from building untrustworthy derivations until done.<br><a href="https://discourse.nixos.org/t/security-advisory-privilege-escalations-in-nix-lix-and-guix/66017" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">discourse.nixos.org/t/security</span><span class="invisible">-advisory-privilege-escalations-in-nix-lix-and-guix/66017</span></a></p><p>Hercules CI Agent uses the running nix daemon, so updating your system Nix is sufficient.</p><p><a href="https://functional.cafe/tags/Nix" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Nix</span></a> <a href="https://functional.cafe/tags/NixOS" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>NixOS</span></a> <a href="https://functional.cafe/tags/CI" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>CI</span></a> <a href="https://functional.cafe/tags/Security" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Security</span></a> <a href="https://functional.cafe/tags/Vulnerability" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Vulnerability</span></a></p>
circl<p>An OS command injection vulnerability exists in various models of E-Series Linksys routers via the /tmUnblock.cgi and /hndUnblock.cgi endpoints over HTTP on port 8080. The CGI scripts improperly process user-supplied input passed to the ttcp_ip parameter without sanitization, allowing unauthenticated attackers to inject shell commands. This vulnerability is exploited in the wild by the "TheMoon" worm.</p><p><a href="https://social.circl.lu/tags/vulnerability" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>vulnerability</span></a> <a href="https://social.circl.lu/tags/cybersecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>cybersecurity</span></a> <a href="https://social.circl.lu/tags/cve" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>cve</span></a> <a href="https://social.circl.lu/tags/linksys" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>linksys</span></a> </p><p>🔗 <a href="https://vulnerability.circl.lu/vuln/cve-2025-34037" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">vulnerability.circl.lu/vuln/cv</span><span class="invisible">e-2025-34037</span></a></p>
TechnoTenshi :verified_trans: :Fire_Lesbian:<p>Two new Linux flaws (CVE-2025-6018, CVE-2025-6019) allow local attackers to escalate to root via PAM misconfig and udisks. Exploits confirmed on Ubuntu, Fedora, Debian. Admins urged to patch immediately.</p><p><a href="https://www.bleepingcomputer.com/news/linux/new-linux-udisks-flaw-lets-attackers-get-root-on-major-linux-distros/" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://www.</span><span class="ellipsis">bleepingcomputer.com/news/linu</span><span class="invisible">x/new-linux-udisks-flaw-lets-attackers-get-root-on-major-linux-distros/</span></a></p><p><a href="https://infosec.exchange/tags/Linux" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Linux</span></a> <a href="https://infosec.exchange/tags/LPE" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>LPE</span></a> <a href="https://infosec.exchange/tags/Infosec" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Infosec</span></a> <a href="https://infosec.exchange/tags/Vulnerability" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Vulnerability</span></a></p>
knoppix<p>New Linux flaws let attackers gain root on major distros incl. Ubuntu, Debian, Fedora &amp; openSUSE. 🐧🔐</p><p>Two LPE bugs—PAM config &amp; udisks via libblockdev—can be chained for full system takeover. 🧷⚠️</p><p>udisks runs by default on most systems, making this a critical risk.<br>Admins urged to patch ASAP. 🔧🚫</p><p><span class="h-card" translate="no"><a href="https://infosec.exchange/@BleepingComputer" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>BleepingComputer</span></a></span> <br><span class="h-card" translate="no"><a href="https://mastodon.social/@serghei" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>serghei</span></a></span> </p><p><a href="https://www.bleepingcomputer.com/news/linux/new-linux-udisks-flaw-lets-attackers-get-root-on-major-linux-distros/" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://www.</span><span class="ellipsis">bleepingcomputer.com/news/linu</span><span class="invisible">x/new-linux-udisks-flaw-lets-attackers-get-root-on-major-linux-distros/</span></a></p><p><a href="https://mastodon.social/tags/Linux" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Linux</span></a> <a href="https://mastodon.social/tags/Ubuntu" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Ubuntu</span></a> <a href="https://mastodon.social/tags/DebiaN" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>DebiaN</span></a> <a href="https://mastodon.social/tags/FedorA" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>FedorA</span></a> <a href="https://mastodon.social/tags/openSUSE" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>openSUSE</span></a> <a href="https://mastodon.social/tags/FOSS" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>FOSS</span></a> <a href="https://mastodon.social/tags/CyberSecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>CyberSecurity</span></a> <a href="https://mastodon.social/tags/Vulnerability" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Vulnerability</span></a> <a href="https://mastodon.social/tags/Infosec" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Infosec</span></a> <a href="https://mastodon.social/tags/OpenSource" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>OpenSource</span></a> <a href="https://mastodon.social/tags/PrivilegeEscalation" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>PrivilegeEscalation</span></a> <a href="https://mastodon.social/tags/SysAdmin" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>SysAdmin</span></a> <a href="https://mastodon.social/tags/TechNews" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>TechNews</span></a> <a href="https://mastodon.social/tags/Tech" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Tech</span></a></p>