Yikes. Top Trump officials used Signal for classified Yemen strike plans & accidentally added The Atlantic's editor to the chat. Major security questions arise, especially around Defense Sec Hegseth's handling of sensitive info.
#Signal #SecurityFail #GovTech

🔨🎉 BREAKING: BAE Systems achieves monumental success in #munitions production—unfortunately, they forgot to secure their website! 🚫📉 The only explosive development here is their web server crashing harder than their test dummies. 💥🙃
https://www.baesystems.com/en/article/major-breakthroughs-in-uk-munitions-production #BAESystems #SecurityFail #WebServerCrash #ExplosiveDevelopment #HackerNews #HackerNews #ngated

Äiti äiti katso miten tärkeä olen!
T. Pikku-Pete

#Hegseth
#hegsethisunfit
#HegsethGate
#securityfail

NY Times: Ministeri Hegseth jakoi tietoja iskuista toisessakin viestiryhmässä – mukana vaimo ja veli
https://www.hs.fi/maailma/art-2000011181879.html

🚨 While Marco #Rubio oversees the rendition of innocent men to indefinite detention in foreign prisons, one of his top security personnel is arrested in Brussels for allegedly assaulting cops and hotel staff after demanding a drink after hours. 🍹🚫👮‍♂️

The best people? 🤔 https://www.washingtonexaminer.com/news/3368419/
#MarcoRubio #PoliticalScandal #SecurityArrest #Brussels #PoliceAssault #PoliticalCorruption #Accountability #InnocentMen #ForeignPrisons #PoliticalHypocrisy #SecurityFail #PoliticalNews #BreakingNews #uspol

Why is it that Home Depot has passkey support and my bank still wants me to answer those three questions?

#security #SecurityFail #FacePalm

This dumpster fire Phantasma Market leaked its clearnet IP on DAY ONE. Zero OpSec. Just handing themselves to feds on a silver platter. https://youtu.be/t3ebaBn4MVU #SecurityFail #DarknetFail #Honeypot

📱 When your "super secure" group chat accidentally becomes a press conference...

Signal's president defends app security after US officials mistakenly added a journalist to their military planning chat. Proof that even the most sophisticated security can't prevent the classic "wrong person added" scenario.

#signal #SecurityFail

https://yro.slashdot.org/story/25/03/25/1728243/signal-head-defends-messaging-apps-security-after-us-war-plan-leak

📬🚫 Oh, the irony! A tech wizard pens a magnum opus on automating mail alerts, only to have their masterpiece blocked by ModSecurity—because apparently, the server had higher standards than their script. 😆🔒
https://taslim.xyz/blog/2025/sharing-my-usps-mail-alerts-apps-script/ #techhumor #automation #irony #securityfail #serverissues #HackerNews #ngated

Critical Next.js Middleware Vulnerability (CVE-2025-29927)

A major auth bypass vulnerability in Next.js middleware (prior to v14.2.25 / v15.2.3) allows attackers to inject the x-middleware-subrequest header and bypass authorization entirely. Exploitable via simple HTTP requests—no user interaction, no special permissions.

Patch. Now. Or block the header manually.

GitHub scored this 9.1 CRITICAL, but the real issue? This flaw exposes a systemic weakness in middleware validation, and some vendors weren’t exactly upfront about the risks.

Details + POC: https://zeropath.com/blog/nextjs-middleware-cve-2025-29927-auth-bypass
NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-29927

Security theater is easy. Secure defaults and transparency are harder—but essential.

#infosec #AppSec #NextJS #CVE202529927 #middleware #securityfail

Ah, yes, because nothing screams "security" like a government agency casually asking ex-employees to email their sensitive data. 🦊🔒 Trust us, we promise to keep your info as safe as a toddler with a Sharpie! 🤣📝
https://krebsonsecurity.com/2025/03/doge-to-fired-cisa-staff-email-us-your-personal-data/ #securityfail #dataprivacy #governmenttrust #exemployees #humor #HackerNews #ngated

This isn't Apple's fault, as it still has to follow local laws to sell its products. However, this is a huge #securityfail.

Even though Apple no longer fights for mindshare in the enterprise computing market as it once did, this will force companies that require secure data to either avoid iCloud-enabled apps altogether—which can be hard to do on a Mac—or stop using Macs altogether for anything that processes #PII, #PHI, or even proprietary #sourcecode.

In particular, many #softwaredevelopers prefer #MacBooks since they offer a mainstream user experience but run #Unix under the hood. If they can't use MacBooks anymore for security reasons, companies will have to rethink some of their long-standing laptop and desktop #cybersecurity practices.

https://www.bbc.com/news/articles/cgj54eq4vejo

When "open source" wasn't in the roadmap: DeepSeek accidentally shares sensitive data with... everyone! 🙈

Over 1M lines of exposed data including API keys and chat logs. Fixed within an hour, but as researchers note - they probably weren't the first to find it.

#SecurityFail #AI

https://it.slashdot.org/story/25/02/01/0659255/sensitive-deepseek-data-was-exposed-to-the-web-cybersecurity-firm-says

Ach. Bei #VW sind sie zu blöd, eine S3 Instanz anständig zu konfigurieren. 800k Datensätze zu Autos, frei abrufbar. 420k identifizierbar und mit Positionsdaten. Läuft bei uns. 🙄
Zur Strafe 800k mal Artikel 32 der DSGVO abschreiben.
#infosec #securityfail #datenschutz

Imagine choosing an encrypted chat app to avoid the FBI and accidentally picking... the FBI's own app 😹

The "Anom" sting operation caught hundreds of criminal syndicates in 100+ countries. Talk about failing the "Don't Get Caught" test with the answers written on the wall!

#privacy #SecurityFail

https://yro.slashdot.org/story/24/12/23/1736221/government-to-name-key-witness-who-provided-fbi-with-backdoored-encrypted-chat-app-anom

Looks like things aren't "Hapn-ing" too well for this GPS tracking company! 😸

The firm that helps you track "valuable possessions" can't even keep track of its own customer data. 8,600+ user records exposed through a basic website bug.

Oh, the irony of a surveillance company failing at... surveillance. 🎯

#Privacy #SecurityFail

https://it.slashdot.org/story/24/12/18/2220247/tracker-firm-hapn-spilling-names-of-thousands-of-gps-tracking-customers

Was slightly amused earlier today when looking at Task Manager on a Windows server and found a properly ancient version of TeamViewer running on it.

Did I mention this server has direct internet access?

And is part of the security system for this site?

#it #itsecurity #securityfail

Recently, I found this pair of doors. Two elegant glass doors with a failed strip of insulation between the pair. The internal push bars are held with a bike cable and padlock.

Yes, if this is an emergency exit the cable is a violation. I suspect it is an exit but I did not look to check. On the other hand, this design allows for a trivial bypass to open and this patches the vulnerability.

#SecurityFail

Today in terrible password policies: Poundland.

Poundland’s Password Policy Pains:
- maximum length
- restricts symbols
- LIMITS CHARACTER TYPES!?!?

That last one is new to me!

#PasswordPolicies #Password #Passwords #Security #SecurityFail #Poundland

In a surprising twist, the very backdoors designed to keep out the badGuys™ were used by the badGuys™.

Who could've seen this coming? It's shocking that no one ever warned the clueless legislators behind these backdoors. If only there were some sort of experts they could listen to. 🤦🔓

#SecurityFail #BackdoorBlunder
https://www.reuters.com/technology/cybersecurity/chinese-hackers-breached-us-court-wiretap-systems-wsj-reports-2024-10-06/

Sitze gerade im Zug zum #JoomlaDay nach Hamburg. Neben mir im Zug werden am Telefon alle möglichen Geschäfte und wichtige Informationen ausgetauscht, als wäre niemand da. Das Highlight bisher: Mein Sitznachbar ist aufgestanden und gegangen. Sein Laptop ließ er unbebaufsichtigt und ungesichert, also nicht gesperrt stehen. Jeder hätte den Laptop nehmen und irgendwas installieren können oder einfach mal Nachrichten seines Messengers lesen oder die NDA versenden, die er gelesen hat. 🤷‍♂️ #Securityfail