Lmst

📨 Latest issue of my curated #cybersecurity and #infosec list of resources for week #18/2025 is out!

It includes the following and much more:

🇫🇷 🇷🇺 France has linked Russian APT to 12 #cyberattacks on French Orgs.;

🇺🇸 Cybersecurity experts demand the reinstatement of Chris Krebs' security clearances and the withdrawal of the investigation;

🐛 🍎 #Vulnerabilities in Apple's #AirPlay Protocol;

🚉 New York's Metropolitan Transportation Authority plans to use #AI and cameras to detect potential subway crimes before they happen;

🇨🇳 @SentinelOne Targeted by Chinese #PurpleHaze Group;

🔐 #Microsoft sets all new accounts #passwordless by default;

🇺🇸 💸 The #Trump administration plans to cut $491 million from #CISA's budget;

Subscribe to the #infosecMASHUP newsletter to have it piping hot in your inbox every week-end ⬇️

https://infosec-mashup.santolaria.net/p/infosec-mashup-18-2025

A couple of days ago, I unearthed my first #computer, an #MSX straight from the ‘80s. It was lost in some box in the basement for who knows how long. Just feeling its power switch gave me the goosebumps…

This discovery came after sharing my hacker’s origin story with Nic Fillingham and Wendy Zenone in a new episode of Microsoft’s #BlueHat #Podcast.

https://thecyberwire.com/podcasts/the-bluehat-podcast/52/notes

Join us while we chat about my first-ever #CVE, overlooked #vulnerabilities that continue to pose significant risks today, #ActiveDirectory and #password security, my unexpected journey into #bugbounty hunting and my involvement in the #ZeroDayQuest, how to learn new things, mentorship and positive leadership, and of course pineapple pizza 🍍🍕

Pwning the Ladybird Browser

https://jessie.cafe/posts/pwning-ladybirds-libjs/

#HackerNews #Pwning #the #Ladybird #Browser #hacking #cybersecurity #browser #vulnerabilities #libjs

GitHub's latest #AI feature, DeepSeek-Prover-V2, promises to write better code with AI, find #vulnerabilities, and even automate workflows—all while you navigate a labyrinthine menu system likely designed by an M.C. Escher imitator 🎨🔍. Meanwhile, coders everywhere are left wondering if the AI can also automate crying into their keyboards at 3 AM 😭⌨️.
https://github.com/deepseek-ai/DeepSeek-Prover-V2 #GitHub #DeepSeek #Prover #automation #coding #3AM #HackerNews #ngated

Топ самых интересных CVE за апрель 2025 года

Публикуем нашу традиционную подборку ключевых CVE ушедшего месяца. В апреле главным событием стала RCE в SSH-библиотеке Erlang/OTP: десяточка по CVSS, простейший эксплойт, проверки концепции в сети на следующий день. Критической RCE-уязвимостью с нулевой интеракцией также отметился фреймворк PyTorch. Нулевой день на обход MotW исправили в WinRAR; аналогичная уязвимость остаётся без патча в WinZip. В ПО для передачи файлов CrushFTP закрыли критическую CVE на обход аутентификации. Уязвимость под RCE также пропатчили в Gladinet CentreStack. И наконец, нулевым днём под произвольный код отметились и ОС от Apple — причём через обработку аудипотока. Об этом и других интересных CVE апреля читайте под катом!

https://habr.com/ru/companies/tomhunter/articles/903134/

#cve #vulnerability #vulnerability_assessment #vulnerabilities #vulnerability_scanning #уязвимости

Researchers have revealed that defenses against "juice jacking" on #iOS and #Android can be easily bypassed.

Malicious chargers exploit #USB #vulnerabilities to steal #data.

The new "ChoiceJacking" technique allows attackers to #spoof user consent and access sensitive files.

Avoid using public charging USB ports to #protect your data.

https://arstechnica.com/security/2025/04/ios-and-android-juice-jacking-defenses-have-been-trivial-to-bypass-for-years/

#Technology #Tech #TechNews #JuiceJacking #ChoiceJacking #CyberSecurity #Security #DataProtection

🔐 The Evolution of CVEs: From Humble Beginnings to Record-Breaking Growth 🔐

Since 1999, the Common Vulnerabilities and Exposures (CVE) system has transformed how the cybersecurity community identifies, tracks, and responds to software vulnerabilities. What started as a small, standardized list of just over 300 vulnerabilities has exploded into a global, indispensable resource with nearly 40,000 CVEs logged in 2024 alone - a staggering 38% increase from the previous year!

In my latest article, I explore the fascinating journey of CVEs through three pivotal eras:

1️⃣ The Formative Years (1999–mid-2000s): Establishing a common language for vulnerability identification.

2️⃣ The Expansion and Integration Years (2005–2016): Building robust infrastructure, standardizing severity scoring, and integrating CVEs into enterprise security workflows.

3️⃣ The Acceleration Era (2016–Present): A surge driven by automation, open-source growth, and expanded reporting authorities, leading to unprecedented annual CVE volumes.

Looking ahead, 2025 is forecasted to break new records with an estimated 49,000 CVEs-a 22.5% jump over 2024. This relentless growth underscores the increasing complexity of software ecosystems and the critical need for proactive vulnerability management.

If you want to understand how the CVE system evolved and why staying ahead of this expanding threat landscape matters more than ever, check out the full article here: https://ciso.pm/the-history-of-cves/

#Cybersecurity #Vulnerabilities #CVE #InfoSec #RiskManagement #SecurityTrends #CyberRisk

A massive amount of CVEs rated 9.8 flying about

#4chan has partially resumed operations after a significant #hack that exposed #vulnerabilities and led to a nearly two-week #shutdown.

The site attributes its struggles to financial constraints and pressure from advertisers, which have limited its ability to maintain #security.

4chan's team remains defiant, emphasizing the site's unique role in online culture.

https://techcrunch.com/2025/04/27/4chan-is-back-online-says-its-been-starved-of-money/

#Technology #TechNews #Tech #Cybersecurity #OnlineCommunity #DigitalCulture #InternetFreedom #Hacking

Seven new GNAs have been registered on GCVE.EU !

We're glad to see the community grow and are open to new GNA applications

🔗 JSON https://gcve.eu/dist/gcve.json
🔗 Why and How to become a GNA https://gcve.eu/about/#eligibility-and-process-to-obtain-a-gna-id

#cve #gcve #vulnerabilities #cybersecurity

📨 Latest issue of my curated #cybersecurity and #infosec list of resources for week #17/2025 is out!

It includes the following and much more:

🇺🇸 👋🏻 Two top officials from #CISA resigned;

🇺🇸 💬 U.S. Defense Secretary Pete Hegseth caught in another information leak;

📊 Yearly Threat Intelligence Reports Released;

🇺🇸 💸 U.S. lost record $16.6 billion to #cybercrime in 2024;

🇺🇸 5.5 Million Patients Affected by #DataBreach at Yale New Haven Health;

🐛 💥 VulnCheck spotted 159 actively exploited #vulnerabilities in first few months of 2025;

🇺🇸 🇨🇳 FBI is seeking public help to identify Chinese hackers known as #SaltTyphoon and offers $10 million reward;

Subscribe to the #infosecMASHUP newsletter to have it piping hot in your inbox every week-end ⬇️

https://infosec-mashup.santolaria.net/p/infosec-mashup-17-2025

A Python client for the Global CVE Allocation System has been released.

by @cedric

#cve #gcve #vulnerabilities #vulnerability

🔗 https://github.com/gcve-eu/gcve

Threat Actors Don’t Care About Your Compliance Score
https://youtu.be/mYsSUR6z6BA . #cybersecurity #GRC #audits #documentation #threatactors #vulnerabilities #threathunting #riskmanagent #compliance #NIST #CMMC

Three of the four most #exploited #vulnerabilities in 2024 were #0day flaws, ..! https://medium.com/p/three-of-the-four-most-exploited-vulnerabilities-in-2024-were-zero-day-flaws-found-in-security-7db63bdf72a5

The first publication of the GCVE-BCP-01 - Signature Verification of the Directory File

🔗 More information about BCP https://gcve.eu/bcp/
🔗 GCVE-BCP-01 https://gcve.eu/bcp/gcve-bcp-01/

#cve #vulnerabilities #cybersecurity #vulnerability #gcve

We talk a lot about technical vulnerabilities in cybersecurity — but what about emotional vulnerabilities? What happens when users don’t feel smart enough, tech-savvy enough, or confident enough to even try? Welcome to the overlooked world of digital impostor syndrome. It’s not just a...

https://medium.com/@mrsno1special/digital-impostor-syndrome-when-users-feel-too-insecure-to-be-secure-fce0dd83cb64

# #technical #vulnerabilities #cybersecurity #emotional #happens

The digital signature of the directory file was added in response to requests from various open-source developers and GNAs.

#cve #gcve #vulnerabilities #opensource

🔗 FAQ https://gcve.eu/faq/#q13-is-the-json-file-distributed-by-gcve-signed-and-how-can-the-signature-be-verified
🔗 Directory file https://gcve.eu/dist/

NEW - 🍇💾📥

Fedora Kernel spottet in the wild 🏞️

Version: 6.14.3
Repo: updates-testing

How To Install:
### sudo dnf update --enablerepo=*updates-testing kernel* ###

because sometimes testing kernels aren't flagged as security updates.

🦜
🐻
Supercharging your fedora experience.

https://codeberg.org/divested/brace

#divested #DivestedComputingGroup

#DCG

#fsf #FUTO #Fedora #codeberg #hardening #linuxtech #cybersec #cybersecurity #infosec #antivirus #hackernews
#opensource #linuxsecurity #vulnerabilities #vulnerability #alpinelinux #router #skynet #foss #freeyourmind #thematrix #linuxkernel
#kernel #update #systemd #windows #ubuntu #efi #dkms #sysadmin #omemo #banana #fyi #asap #adblocker #ublockorigin #haskell #python #golang #javascript #llm

New Research Alert: Attackers are exploiting a dangerous class of cyber flaws—resurgent vulnerabilities. Learn how they work, why they matter, and what defenders can do. Full analysis ⬇️
#Cybersecurity #GreyNoise #Vulnerabilities

https://www.greynoise.io/blog/greynoise-uncovers-unique-risks-from-resurgent-cybersecurity-vulnerabilities

In this year’s DBIR, vulnerabilities in Virtual Private Networks (VPNs) and edge devices were particular areas of concern, accounting for 22% of the CVE-related breaches in this year’s report, almost eight times the amount of 3% found in the 2024 report.

https://www.tenable.com/209928

#dbir #vulnerabilities #vpn #patching #infosec