mastodon.zunda.ninja is one of the many independent Mastodon servers you can use to participate in the fediverse.
Zundon is a single user instance as home of @zundan as well as a test bed for changes of the code.

Administered by:

Server stats:

1
active users

#vulnerabilities

0 posts0 participants0 posts today
Ars Technica News<p>Open source project curl is sick of users submitting “AI slop” vulnerabilities <a href="https://arstechni.ca/LAhpm" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="">arstechni.ca/LAhpm</span><span class="invisible"></span></a> <a href="https://c.im/tags/vulnerabilities" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>vulnerabilities</span></a> <a href="https://c.im/tags/bugreports" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>bugreports</span></a> <a href="https://c.im/tags/hackerone" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>hackerone</span></a> <a href="https://c.im/tags/security" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>security</span></a> <a href="https://c.im/tags/Tech" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Tech</span></a> <a href="https://c.im/tags/curl" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>curl</span></a> <a href="https://c.im/tags/AI" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>AI</span></a></p>
Xavier «X» Santolaria :verified_paw: :donor:<p>📨 Latest issue of my curated <a href="https://infosec.exchange/tags/cybersecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>cybersecurity</span></a> and <a href="https://infosec.exchange/tags/infosec" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>infosec</span></a> list of resources for week #17/2025 is out!</p><p>It includes the following and much more:</p><p>🇺🇸 👋🏻 Two top officials from <a href="https://infosec.exchange/tags/CISA" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>CISA</span></a> resigned;</p><p>🇺🇸 💬 U.S. Defense Secretary Pete Hegseth caught in another information leak;</p><p>📊 Yearly Threat Intelligence Reports Released;</p><p>🇺🇸 💸 U.S. lost record $16.6 billion to <a href="https://infosec.exchange/tags/cybercrime" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>cybercrime</span></a> in 2024;</p><p>🇺🇸 5.5 Million Patients Affected by <a href="https://infosec.exchange/tags/DataBreach" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>DataBreach</span></a> at Yale New Haven Health;</p><p>🐛 💥 VulnCheck spotted 159 actively exploited <a href="https://infosec.exchange/tags/vulnerabilities" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>vulnerabilities</span></a> in first few months of 2025;</p><p>🇺🇸 🇨🇳 FBI is seeking public help to identify Chinese hackers known as <a href="https://infosec.exchange/tags/SaltTyphoon" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>SaltTyphoon</span></a> and offers $10 million reward;</p><p>Subscribe to the <a href="https://infosec.exchange/tags/infosecMASHUP" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>infosecMASHUP</span></a> newsletter to have it piping hot in your inbox every week-end ⬇️</p><p><a href="https://infosec-mashup.santolaria.net/p/infosec-mashup-17-2025" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">infosec-mashup.santolaria.net/</span><span class="invisible">p/infosec-mashup-17-2025</span></a></p>
thereisnoanderson<p>NEW - 💾🖥️🔩⚙️ </p><p>DCG real-ucode 🦜</p><p>Actually provides the latest CPU microcode for AMD and Intel </p><p>Version: 2025-04-14<br>Release: 1</p><p>updated ucode for amd and intel with that one !</p><p><a href="https://github.com/divestedcg/real-ucode/" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">github.com/divestedcg/real-uco</span><span class="invisible">de/</span></a></p><p>🐻 <a href="https://infosec.exchange/tags/divested" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>divested</span></a><br><a href="https://infosec.exchange/tags/DivestedComputingGroup" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>DivestedComputingGroup</span></a> 🦜</p><p><a href="https://infosec.exchange/tags/fsf" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>fsf</span></a> <a href="https://infosec.exchange/tags/FUTO" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>FUTO</span></a> <a href="https://infosec.exchange/tags/Fedora" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Fedora</span></a> <a href="https://infosec.exchange/tags/alpinelinux" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>alpinelinux</span></a> <a href="https://infosec.exchange/tags/hardening" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>hardening</span></a> <a href="https://infosec.exchange/tags/linuxtech" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>linuxtech</span></a> <a href="https://infosec.exchange/tags/cybersec" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>cybersec</span></a> <a href="https://infosec.exchange/tags/cybersecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>cybersecurity</span></a> <a href="https://infosec.exchange/tags/infosec" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>infosec</span></a> <a href="https://infosec.exchange/tags/foss" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>foss</span></a><br><a href="https://infosec.exchange/tags/hackernews" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>hackernews</span></a> <a href="https://infosec.exchange/tags/opensource" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>opensource</span></a> <a href="https://infosec.exchange/tags/android" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>android</span></a> <a href="https://infosec.exchange/tags/skynet" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>skynet</span></a> <a href="https://infosec.exchange/tags/linuxsecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>linuxsecurity</span></a> <a href="https://infosec.exchange/tags/ucode" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>ucode</span></a> <a href="https://infosec.exchange/tags/vulnerabilities" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>vulnerabilities</span></a> <a href="https://infosec.exchange/tags/vulnerability" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>vulnerability</span></a> <a href="https://infosec.exchange/tags/freeyourmind" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>freeyourmind</span></a></p>
thereisnoanderson<p>NEW - ⛸️🧱🖥️</p><p>DCG Domain Blocklist available - last updated 2025/04/14</p><p>1692406 - Domains blocked with that build ! </p><p>🦜<br>🐻 <br>Supercharging your content blocker to increase privacy and security. </p><p>All available lists:<br>- uBlockOrigin <br>- Hosts format &amp; Hosts format with wildcards<br>- dnsmasq with wildcards</p><p>🌳<br>Ready to use lists combined from many permissively licensed sources.</p><p><a href="https://divested.dev/pages/dnsbl" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="">divested.dev/pages/dnsbl</span><span class="invisible"></span></a></p><p><a href="https://infosec.exchange/tags/divested" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>divested</span></a> <a href="https://infosec.exchange/tags/DivestedComputingGroup" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>DivestedComputingGroup</span></a></p><p><a href="https://infosec.exchange/tags/DCG" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>DCG</span></a></p><p><a href="https://infosec.exchange/tags/fsf" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>fsf</span></a> <a href="https://infosec.exchange/tags/FUTO" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>FUTO</span></a> <a href="https://infosec.exchange/tags/Fedora" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Fedora</span></a> <a href="https://infosec.exchange/tags/codeberg" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>codeberg</span></a> <a href="https://infosec.exchange/tags/hardening" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>hardening</span></a> <a href="https://infosec.exchange/tags/linuxtech" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>linuxtech</span></a> <a href="https://infosec.exchange/tags/cybersec" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>cybersec</span></a> <a href="https://infosec.exchange/tags/cybersecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>cybersecurity</span></a> <a href="https://infosec.exchange/tags/infosec" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>infosec</span></a> <a href="https://infosec.exchange/tags/antivirus" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>antivirus</span></a> <a href="https://infosec.exchange/tags/hackernews" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>hackernews</span></a> <br><a href="https://infosec.exchange/tags/opensource" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>opensource</span></a> <a href="https://infosec.exchange/tags/linuxsecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>linuxsecurity</span></a> <a href="https://infosec.exchange/tags/vulnerabilities" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>vulnerabilities</span></a> <a href="https://infosec.exchange/tags/vulnerability" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>vulnerability</span></a> <a href="https://infosec.exchange/tags/alpinelinux" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>alpinelinux</span></a> <a href="https://infosec.exchange/tags/router" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>router</span></a> <a href="https://infosec.exchange/tags/skynet" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>skynet</span></a> <a href="https://infosec.exchange/tags/foss" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>foss</span></a> <a href="https://infosec.exchange/tags/freeyourmind" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>freeyourmind</span></a></p>
thereisnoanderson<p>NEW - 📶🔀🖥️ </p><p>DCG rpm-hardened_malloc available</p><p>pkgver = 2025/04/04<br>pkgrel = 1</p><p>Release Note = more coverage</p><p>🦜<br>🐻 <br>Compatibility:<br>- Fedora 39/40/etc.<br>- Arch Linux</p><p>Hardened allocator designed for modern systems</p><p><a href="https://codeberg.org/divested/rpm-hardened_malloc" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">codeberg.org/divested/rpm-hard</span><span class="invisible">ened_malloc</span></a></p><p>🌳</p><p><a href="https://infosec.exchange/tags/divested" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>divested</span></a> <a href="https://infosec.exchange/tags/DivestedComputingGroup" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>DivestedComputingGroup</span></a></p><p><a href="https://infosec.exchange/tags/DCG" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>DCG</span></a></p><p><a href="https://infosec.exchange/tags/fsf" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>fsf</span></a> <a href="https://infosec.exchange/tags/FUTO" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>FUTO</span></a> <a href="https://infosec.exchange/tags/Fedora" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Fedora</span></a> <a href="https://infosec.exchange/tags/codeberg" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>codeberg</span></a> <a href="https://infosec.exchange/tags/hardening" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>hardening</span></a> <a href="https://infosec.exchange/tags/hardened_malloc" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>hardened_malloc</span></a> <a href="https://infosec.exchange/tags/hardenedmalloc" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>hardenedmalloc</span></a> <a href="https://infosec.exchange/tags/linuxtech" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>linuxtech</span></a> <a href="https://infosec.exchange/tags/cybersec" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>cybersec</span></a> <a href="https://infosec.exchange/tags/cybersecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>cybersecurity</span></a> <a href="https://infosec.exchange/tags/antivirus" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>antivirus</span></a> <a href="https://infosec.exchange/tags/hackernews" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>hackernews</span></a> <br><a href="https://infosec.exchange/tags/opensource" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>opensource</span></a> <a href="https://infosec.exchange/tags/android" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>android</span></a> <a href="https://infosec.exchange/tags/linuxsecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>linuxsecurity</span></a> <a href="https://infosec.exchange/tags/vulnerabilities" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>vulnerabilities</span></a> <a href="https://infosec.exchange/tags/vulnerability" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>vulnerability</span></a> <a href="https://infosec.exchange/tags/alpinelinux" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>alpinelinux</span></a> <a href="https://infosec.exchange/tags/router" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>router</span></a> <a href="https://infosec.exchange/tags/skynet" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>skynet</span></a> <a href="https://infosec.exchange/tags/hardening" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>hardening</span></a> <a href="https://infosec.exchange/tags/foss" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>foss</span></a> <a href="https://infosec.exchange/tags/infosec" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>infosec</span></a> <a href="https://infosec.exchange/tags/freeyourmind" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>freeyourmind</span></a></p>

NEW - 🛡️ 🖥️ 🛡️

DCG Brace Build 2025/04/04 - 1

Release Note: Fix bluetooth on F42

🦜
🐻
Toolkit compatible with multiple Linux distros that allows for installation of handpicked applications, along with corresponding configs that have been tuned for reasonable privacy and security.

🌳
Compatibility:
Arch Linux
CentOS 9/Stream
Debian 12
Fedora 39/40/41 (preferred)
openSUSE Tumbleweed
🌳
codeberg.org/divested/brace

#divested
#DivestedComputingGroup
🌳
#fsf #FUTO #Fedora #codeberg #hardening #linuxtech #cybersec #cybersecurity #infosec #antivirus
#opensource #linuxsecurity #vulnerabilities #vulnerability #alpinelinux #skynet #foss #freeyourmind

Codeberg.orgbraceToolkit compatible with multiple Linux distros that allows for installation of handpicked applications, along with corresponding configs that have been tuned for reasonable privacy and security.

NEW - ⛸️🧱🖥️ DCG /etc/hosts available - last updated 2024/12/20

1544291 - Domains blocked with that build ! 🦜

🐻
Supercharging your content blocker to increase privacy and security.

Ready to use lists combined from many permissively licensed sources.

divested.dev/pages/dnsbl

@divested @DivestedComputingGroup

#DCG

#fsf #FUTO #Fedora #codeberg #hardening #linuxtech #cybersec #antivirus #foss
#opensource #android #linuxsecurity #vulnerabilities #vulnerability #alpinelinux #router #skynet #hardening #foss #opensource

divested.devDnsbl - Divested Computing

I finally bit the bullet and scratched an itch that has been irritating me for months...

Ever since I found the @CVE_Program had JSON meta-data for all of the CNAs, I was interested in whether I could utilize their structured type as a signal for CVEs of interest for converting to OSV (spoiler alert: not really, there's interesting CVEs from CNAs that don't make any mention of open source, and most annoyingly, the GitHub Advisory Database doesn't state it has anything to do with open source 🤦‍♂️ )

So that just left me curious to understand how many of these so-called open source CNAs were using Red Hat as an intermediate root CNA, versus MITRE as root of last resort, since it didn't seem like many were rolling up through Red Hat (for reasons unbeknown to me).

I really wanted to create a visual representation of the hierarchy, and being able to generate a CSV had me half way there and I just hadn't taken the time to figure out a way to visualize it, until today, when something else led me to look at the data for the last time...

gist.github.com/andrewpollock/

I doubt that many of my followers are familiar with Xunlei Accelerator, this application being mostly used in China. I came across it due to its popular Chrome extension with 28 million users. I looked into the security of this applications and… security? What security?

palant.info/2024/03/06/numerou

An overview:
· Program installation directory writable by any user.
· The built-in browser is based on a three years old Chromium.
· That browser exposed a powerful internal API to arbitrary websites (⇨ code execution among others).
· This browser could also be opened by any website loaded in the user’s regular browser, without any user interaction.
· XSS vulnerabilities in the display of messages in the main application, despite using React (⇨ code execution).
· Electron’s renderer sandboxing effectively rendered ineffective.
· Local webserver using “authentication” based on a “secret” hardcoded string.
· Plugin installation can be triggered by any website (⇨ code execution).
· Plugin list downloads via insecure HTTP connection (⇨ code execution).
· Rudimentary HTTP client used in some places, with memory safety issues and recognizing exactly two server responses.
· Tons of outdated third-party code, including (but not limited to) two years old FFmpeg, twelve years old libpng and eight years old zlib.

The vendor fixed the most obvious ways to exploit these issues. With the communication being spotty to say the least, I don’t know whether they plan to do more.

Almost Secure · Numerous vulnerabilities in Xunlei Accelerator applicationLooking into Xunlei Accelerator, I discovered a number of flaws allowing remote code execution from websites or local network. It doesn’t look like security was considered when designing this application.

“It’s #axiomatic that any system preying upon the #vulnerabilities of the many, to profit the few, is both a #moral and #ethical #atrocity. #Capitalism embodies such a #system.”

My new #post is up over at Ian Welsh’s incredible #blog. I’m #grateful he lets me post my ramblings there. Let me know what you think!

ianwelsh.net/capitalism-as-men

www.ianwelsh.netCapitalism as Mental Illness, by Eric Anderson – Ian Welsh