Ars Technica News<p>Open source project curl is sick of users submitting “AI slop” vulnerabilities <a href="https://arstechni.ca/LAhpm" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="">arstechni.ca/LAhpm</span><span class="invisible"></span></a> <a href="https://c.im/tags/vulnerabilities" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>vulnerabilities</span></a> <a href="https://c.im/tags/bugreports" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>bugreports</span></a> <a href="https://c.im/tags/hackerone" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>hackerone</span></a> <a href="https://c.im/tags/security" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>security</span></a> <a href="https://c.im/tags/Tech" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Tech</span></a> <a href="https://c.im/tags/curl" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>curl</span></a> <a href="https://c.im/tags/AI" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>AI</span></a></p>
mastodon.zunda.ninja is one of the many independent Mastodon servers you can use to participate in the fediverse.
Zundon is a single user instance as home of @zundan as well as a test bed for changes of the code.
Administered by:
Server stats:
1active users
mastodon.zunda.ninja: About · Privacy policy
Mastodon: About · Get the app · Keyboard shortcuts · View source code · v4.5.0-alpha.1+4045c11b-ruby-3.4.5
#vulnerabilities
0 posts · 0 participants · 0 posts today
Xavier «X» Santolaria :verified_paw: :donor:<p>📨 Latest issue of my curated <a href="https://infosec.exchange/tags/cybersecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>cybersecurity</span></a> and <a href="https://infosec.exchange/tags/infosec" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>infosec</span></a> list of resources for week #17/2025 is out!</p><p>It includes the following and much more:</p><p>🇺🇸 👋🏻 Two top officials from <a href="https://infosec.exchange/tags/CISA" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>CISA</span></a> resigned;</p><p>🇺🇸 💬 U.S. Defense Secretary Pete Hegseth caught in another information leak;</p><p>📊 Yearly Threat Intelligence Reports Released;</p><p>🇺🇸 💸 U.S. lost record $16.6 billion to <a href="https://infosec.exchange/tags/cybercrime" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>cybercrime</span></a> in 2024;</p><p>🇺🇸 5.5 Million Patients Affected by <a href="https://infosec.exchange/tags/DataBreach" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>DataBreach</span></a> at Yale New Haven Health;</p><p>🐛 💥 VulnCheck spotted 159 actively exploited <a href="https://infosec.exchange/tags/vulnerabilities" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>vulnerabilities</span></a> in first few months of 2025;</p><p>🇺🇸 🇨🇳 FBI is seeking public help to identify Chinese hackers known as <a href="https://infosec.exchange/tags/SaltTyphoon" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>SaltTyphoon</span></a> and offers $10 million reward;</p><p>Subscribe to the <a href="https://infosec.exchange/tags/infosecMASHUP" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>infosecMASHUP</span></a> newsletter to have it piping hot in your inbox every week-end ⬇️</p><p><a href="https://infosec-mashup.santolaria.net/p/infosec-mashup-17-2025" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">infosec-mashup.santolaria.net/</span><span class="invisible">p/infosec-mashup-17-2025</span></a></p>
thereisnoanderson<p>NEW - 💾🖥️🔩⚙️ </p><p>DCG real-ucode 🦜</p><p>Actually provides the latest CPU microcode for AMD and Intel </p><p>Version: 2025-04-14<br>Release: 1</p><p>updated ucode for amd and intel with that one !</p><p><a href="https://github.com/divestedcg/real-ucode/" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">github.com/divestedcg/real-uco</span><span class="invisible">de/</span></a></p><p>🐻 <a href="https://infosec.exchange/tags/divested" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>divested</span></a><br><a href="https://infosec.exchange/tags/DivestedComputingGroup" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>DivestedComputingGroup</span></a> 🦜</p><p><a href="https://infosec.exchange/tags/fsf" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>fsf</span></a> <a href="https://infosec.exchange/tags/FUTO" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>FUTO</span></a> <a href="https://infosec.exchange/tags/Fedora" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Fedora</span></a> <a href="https://infosec.exchange/tags/alpinelinux" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>alpinelinux</span></a> <a href="https://infosec.exchange/tags/hardening" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>hardening</span></a> <a href="https://infosec.exchange/tags/linuxtech" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>linuxtech</span></a> <a href="https://infosec.exchange/tags/cybersec" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>cybersec</span></a> <a href="https://infosec.exchange/tags/cybersecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>cybersecurity</span></a> <a href="https://infosec.exchange/tags/infosec" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>infosec</span></a> <a href="https://infosec.exchange/tags/foss" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>foss</span></a><br><a href="https://infosec.exchange/tags/hackernews" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>hackernews</span></a> <a href="https://infosec.exchange/tags/opensource" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>opensource</span></a> <a href="https://infosec.exchange/tags/android" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>android</span></a> <a href="https://infosec.exchange/tags/skynet" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>skynet</span></a> <a href="https://infosec.exchange/tags/linuxsecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>linuxsecurity</span></a> <a href="https://infosec.exchange/tags/ucode" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>ucode</span></a> <a href="https://infosec.exchange/tags/vulnerabilities" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>vulnerabilities</span></a> <a href="https://infosec.exchange/tags/vulnerability" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>vulnerability</span></a> <a href="https://infosec.exchange/tags/freeyourmind" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>freeyourmind</span></a></p>
thereisnoanderson<p>NEW - ⛸️🧱🖥️</p><p>DCG Domain Blocklist available - last updated 2025/04/14</p><p>1692406 - Domains blocked with that build ! </p><p>🦜<br>🐻 <br>Supercharging your content blocker to increase privacy and security. </p><p>All available lists:<br>- uBlockOrigin <br>- Hosts format & Hosts format with wildcards<br>- dnsmasq with wildcards</p><p>🌳<br>Ready to use lists combined from many permissively licensed sources.</p><p><a href="https://divested.dev/pages/dnsbl" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="">divested.dev/pages/dnsbl</span><span class="invisible"></span></a></p><p><a href="https://infosec.exchange/tags/divested" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>divested</span></a> <a href="https://infosec.exchange/tags/DivestedComputingGroup" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>DivestedComputingGroup</span></a></p><p><a href="https://infosec.exchange/tags/DCG" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>DCG</span></a></p><p><a href="https://infosec.exchange/tags/fsf" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>fsf</span></a> <a href="https://infosec.exchange/tags/FUTO" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>FUTO</span></a> <a href="https://infosec.exchange/tags/Fedora" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Fedora</span></a> <a href="https://infosec.exchange/tags/codeberg" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>codeberg</span></a> <a href="https://infosec.exchange/tags/hardening" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>hardening</span></a> <a href="https://infosec.exchange/tags/linuxtech" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>linuxtech</span></a> <a href="https://infosec.exchange/tags/cybersec" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>cybersec</span></a> <a href="https://infosec.exchange/tags/cybersecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>cybersecurity</span></a> <a href="https://infosec.exchange/tags/infosec" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>infosec</span></a> <a href="https://infosec.exchange/tags/antivirus" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>antivirus</span></a> <a href="https://infosec.exchange/tags/hackernews" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>hackernews</span></a> <br><a href="https://infosec.exchange/tags/opensource" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>opensource</span></a> <a href="https://infosec.exchange/tags/linuxsecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>linuxsecurity</span></a> <a href="https://infosec.exchange/tags/vulnerabilities" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>vulnerabilities</span></a> <a href="https://infosec.exchange/tags/vulnerability" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>vulnerability</span></a> <a href="https://infosec.exchange/tags/alpinelinux" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>alpinelinux</span></a> <a href="https://infosec.exchange/tags/router" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>router</span></a> <a href="https://infosec.exchange/tags/skynet" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>skynet</span></a> <a href="https://infosec.exchange/tags/foss" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>foss</span></a> <a href="https://infosec.exchange/tags/freeyourmind" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>freeyourmind</span></a></p>
thereisnoanderson<p>NEW - 📶🔀🖥️ </p><p>DCG rpm-hardened_malloc available</p><p>pkgver = 2025/04/04<br>pkgrel = 1</p><p>Release Note = more coverage</p><p>🦜<br>🐻 <br>Compatibility:<br>- Fedora 39/40/etc.<br>- Arch Linux</p><p>Hardened allocator designed for modern systems</p><p><a href="https://codeberg.org/divested/rpm-hardened_malloc" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">codeberg.org/divested/rpm-hard</span><span class="invisible">ened_malloc</span></a></p><p>🌳</p><p><a href="https://infosec.exchange/tags/divested" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>divested</span></a> <a href="https://infosec.exchange/tags/DivestedComputingGroup" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>DivestedComputingGroup</span></a></p><p><a href="https://infosec.exchange/tags/DCG" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>DCG</span></a></p><p><a href="https://infosec.exchange/tags/fsf" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>fsf</span></a> <a href="https://infosec.exchange/tags/FUTO" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>FUTO</span></a> <a href="https://infosec.exchange/tags/Fedora" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Fedora</span></a> <a href="https://infosec.exchange/tags/codeberg" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>codeberg</span></a> <a href="https://infosec.exchange/tags/hardening" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>hardening</span></a> <a href="https://infosec.exchange/tags/hardened_malloc" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>hardened_malloc</span></a> <a href="https://infosec.exchange/tags/hardenedmalloc" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>hardenedmalloc</span></a> <a href="https://infosec.exchange/tags/linuxtech" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>linuxtech</span></a> <a href="https://infosec.exchange/tags/cybersec" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>cybersec</span></a> <a href="https://infosec.exchange/tags/cybersecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>cybersecurity</span></a> <a href="https://infosec.exchange/tags/antivirus" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>antivirus</span></a> <a href="https://infosec.exchange/tags/hackernews" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>hackernews</span></a> <br><a href="https://infosec.exchange/tags/opensource" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>opensource</span></a> <a href="https://infosec.exchange/tags/android" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>android</span></a> <a href="https://infosec.exchange/tags/linuxsecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>linuxsecurity</span></a> <a href="https://infosec.exchange/tags/vulnerabilities" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>vulnerabilities</span></a> <a href="https://infosec.exchange/tags/vulnerability" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>vulnerability</span></a> <a href="https://infosec.exchange/tags/alpinelinux" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>alpinelinux</span></a> <a href="https://infosec.exchange/tags/router" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>router</span></a> <a href="https://infosec.exchange/tags/skynet" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>skynet</span></a> <a href="https://infosec.exchange/tags/hardening" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>hardening</span></a> <a href="https://infosec.exchange/tags/foss" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>foss</span></a> <a href="https://infosec.exchange/tags/infosec" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>infosec</span></a> <a href="https://infosec.exchange/tags/freeyourmind" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>freeyourmind</span></a></p>
thereisnoanderson<p>NEW - 🛡️ 🖥️ 🛡️ </p><p>DCG Brace Build 2025/04/04 - 1</p><p>Release Note: Fix bluetooth on F42</p><p>🦜<br>🐻<br>Toolkit compatible with multiple Linux distros that allows for installation of handpicked applications, along with corresponding configs that have been tuned for reasonable privacy and security.</p><p>🌳<br>Compatibility:<br>Arch Linux<br>CentOS 9/Stream<br>Debian 12<br>Fedora 39/40/41 (preferred)<br>openSUSE Tumbleweed<br>🌳<br><a href="https://codeberg.org/divested/brace" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="">codeberg.org/divested/brace</span><span class="invisible"></span></a></p><p><a href="https://infosec.exchange/tags/divested" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>divested</span></a><br><a href="https://infosec.exchange/tags/DivestedComputingGroup" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>DivestedComputingGroup</span></a> <br>🌳<br><a href="https://infosec.exchange/tags/fsf" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>fsf</span></a> <a href="https://infosec.exchange/tags/FUTO" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>FUTO</span></a> <a href="https://infosec.exchange/tags/Fedora" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Fedora</span></a> <a href="https://infosec.exchange/tags/codeberg" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>codeberg</span></a> <a href="https://infosec.exchange/tags/hardening" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>hardening</span></a> <a href="https://infosec.exchange/tags/linuxtech" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>linuxtech</span></a> <a href="https://infosec.exchange/tags/cybersec" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>cybersec</span></a> <a href="https://infosec.exchange/tags/cybersecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>cybersecurity</span></a> <a href="https://infosec.exchange/tags/infosec" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>infosec</span></a> <a href="https://infosec.exchange/tags/antivirus" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>antivirus</span></a> <br><a href="https://infosec.exchange/tags/opensource" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>opensource</span></a> <a href="https://infosec.exchange/tags/linuxsecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>linuxsecurity</span></a> <a href="https://infosec.exchange/tags/vulnerabilities" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>vulnerabilities</span></a> <a href="https://infosec.exchange/tags/vulnerability" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>vulnerability</span></a> <a href="https://infosec.exchange/tags/alpinelinux" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>alpinelinux</span></a> <a href="https://infosec.exchange/tags/skynet" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>skynet</span></a> <a href="https://infosec.exchange/tags/foss" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>foss</span></a> <a href="https://infosec.exchange/tags/freeyourmind" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>freeyourmind</span></a></p>
thereisnoanderson<p>NEW - 🌬️📦</p><p>D-WRT builds available: 2025-03-26<br>🔥 🪇 update to kernel 6.6.84 🪇 🔥</p><p><a href="https://divested.dev/unofficial-openwrt-builds/mvebu-linksys" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">divested.dev/unofficial-openwr</span><span class="invisible">t-builds/mvebu-linksys</span></a></p><p><a href="https://codeberg.org/divested/Divested-WRT" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">codeberg.org/divested/Divested</span><span class="invisible">-WRT</span></a></p><p>🐻 <a href="https://infosec.exchange/tags/divested" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>divested</span></a><br><a href="https://infosec.exchange/tags/DivestedComputingGroup" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>DivestedComputingGroup</span></a> 🦜</p><p><a href="https://infosec.exchange/tags/fsf" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>fsf</span></a> <a href="https://infosec.exchange/tags/FUTO" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>FUTO</span></a> <a href="https://infosec.exchange/tags/Fedora" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Fedora</span></a> <a href="https://infosec.exchange/tags/codeberg" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>codeberg</span></a> <a href="https://infosec.exchange/tags/hardening" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>hardening</span></a> <a href="https://infosec.exchange/tags/linuxtech" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>linuxtech</span></a> <a href="https://infosec.exchange/tags/cybersec" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>cybersec</span></a> <a href="https://infosec.exchange/tags/cybersecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>cybersecurity</span></a> <a href="https://infosec.exchange/tags/infosec" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>infosec</span></a> <a href="https://infosec.exchange/tags/antivirus" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>antivirus</span></a> <a href="https://infosec.exchange/tags/hackernews" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>hackernews</span></a> <br><a href="https://infosec.exchange/tags/opensource" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>opensource</span></a> <a href="https://infosec.exchange/tags/android" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>android</span></a> <a href="https://infosec.exchange/tags/linuxsecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>linuxsecurity</span></a> <a href="https://infosec.exchange/tags/vulnerabilities" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>vulnerabilities</span></a> <a href="https://infosec.exchange/tags/vulnerability" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>vulnerability</span></a> <a href="https://infosec.exchange/tags/alpinelinux" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>alpinelinux</span></a> <a href="https://infosec.exchange/tags/router" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>router</span></a> <a href="https://infosec.exchange/tags/skynet" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>skynet</span></a> <a href="https://infosec.exchange/tags/foss" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>foss</span></a> <a href="https://infosec.exchange/tags/freeyourmind" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>freeyourmind</span></a></p>
thereisnoanderson<p>NEW - ⛸️🧱🖥️ DCG /etc/hosts available - last updated 2024/12/20</p><p>1544291 - Domains blocked with that build ! 🦜</p><p>🐻 <br>Supercharging your content blocker to increase privacy and security.</p><p>Ready to use lists combined from many permissively licensed sources.</p><p><a href="https://divested.dev/pages/dnsbl" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="">divested.dev/pages/dnsbl</span><span class="invisible"></span></a></p><p><span class="h-card" translate="no"><a href="https://infosec.exchange/@divested" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>divested</span></a></span> @DivestedComputingGroup</p><p><a href="https://infosec.exchange/tags/DCG" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>DCG</span></a></p><p><a href="https://infosec.exchange/tags/fsf" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>fsf</span></a> <a href="https://infosec.exchange/tags/FUTO" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>FUTO</span></a> <a href="https://infosec.exchange/tags/Fedora" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Fedora</span></a> <a href="https://infosec.exchange/tags/codeberg" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>codeberg</span></a> <a href="https://infosec.exchange/tags/hardening" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>hardening</span></a> <a href="https://infosec.exchange/tags/linuxtech" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>linuxtech</span></a> <a href="https://infosec.exchange/tags/cybersec" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>cybersec</span></a> <a href="https://infosec.exchange/tags/antivirus" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>antivirus</span></a> <a href="https://infosec.exchange/tags/foss" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>foss</span></a> <br><a href="https://infosec.exchange/tags/opensource" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>opensource</span></a> <a href="https://infosec.exchange/tags/android" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>android</span></a> <a href="https://infosec.exchange/tags/linuxsecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>linuxsecurity</span></a> <a href="https://infosec.exchange/tags/vulnerabilities" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>vulnerabilities</span></a> <a href="https://infosec.exchange/tags/vulnerability" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>vulnerability</span></a> <a href="https://infosec.exchange/tags/alpinelinux" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>alpinelinux</span></a> <a href="https://infosec.exchange/tags/router" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>router</span></a> <a href="https://infosec.exchange/tags/skynet" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>skynet</span></a> <a href="https://infosec.exchange/tags/hardening" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>hardening</span></a> <a href="https://infosec.exchange/tags/foss" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>foss</span></a> <a href="https://infosec.exchange/tags/opensource" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>opensource</span></a></p>
thereisnoanderson<p>NEW - 💾🖥️🔩⚙️ DCG real-ucode - 2024-12-14 - 1</p><p>🐻</p><p>New intel-ucode with that one ! Lets goo 🧑🦽🏃♂️👨🦯👩🦯👩🦽🏃♀️</p><p><a href="https://github.com/divestedcg/real-ucode/" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">github.com/divestedcg/real-uco</span><span class="invisible">de/</span></a></p><p><span class="h-card" translate="no"><a href="https://infosec.exchange/@divested" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>divested</span></a></span></p><p><a href="https://infosec.exchange/tags/DCG" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>DCG</span></a></p><p><a href="https://infosec.exchange/tags/fsf" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>fsf</span></a> <a href="https://infosec.exchange/tags/FUTO" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>FUTO</span></a> <a href="https://infosec.exchange/tags/Fedora" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Fedora</span></a> <a href="https://infosec.exchange/tags/alpinelinux" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>alpinelinux</span></a> <a href="https://infosec.exchange/tags/hardening" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>hardening</span></a> <a href="https://infosec.exchange/tags/linuxtech" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>linuxtech</span></a> <a href="https://infosec.exchange/tags/cybersec" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>cybersec</span></a> <a href="https://infosec.exchange/tags/foss" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>foss</span></a> <br><a href="https://infosec.exchange/tags/opensource" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>opensource</span></a> <a href="https://infosec.exchange/tags/android" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>android</span></a> <a href="https://infosec.exchange/tags/skynet" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>skynet</span></a> <a href="https://infosec.exchange/tags/linuxsecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>linuxsecurity</span></a> <a href="https://infosec.exchange/tags/ucode" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>ucode</span></a> <a href="https://infosec.exchange/tags/vulnerabilities" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>vulnerabilities</span></a> <a href="https://infosec.exchange/tags/vulnerability" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>vulnerability</span></a></p>
Andrew Pollock<p>I finally bit the bullet and scratched an itch that has been irritating me for months...</p><p>Ever since I found the <span class="h-card" translate="no"><a href="https://mastodon.social/@CVE_Program" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>CVE_Program</span></a></span> had JSON meta-data for all of the CNAs, I was interested in whether I could utilize their structured type as a signal for CVEs of interest for converting to OSV (spoiler alert: not really, there's interesting CVEs from CNAs that don't make any mention of open source, and most annoyingly, the GitHub Advisory Database doesn't state it has anything to do with open source 🤦♂️ )</p><p>So that just left me curious to understand how many of these so-called open source CNAs were using Red Hat as an intermediate root CNA, versus MITRE as root of last resort, since it didn't seem like many were rolling up through Red Hat (for reasons unbeknown to me).</p><p>I really wanted to create a visual representation of the hierarchy, and being able to generate a CSV had me half way there and I just hadn't taken the time to figure out a way to visualize it, until today, when something else led me to look at the data for the last time...</p><p><a href="https://gist.github.com/andrewpollock/065c421e1e93d73782fbc729ef4e18bc?permalink_comment_id=5125144#gistcomment-5125144" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">gist.github.com/andrewpollock/</span><span class="invisible">065c421e1e93d73782fbc729ef4e18bc?permalink_comment_id=5125144#gistcomment-5125144</span></a></p><p><a href="https://mastodon.au/tags/dataviz" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>dataviz</span></a> <a href="https://mastodon.au/tags/imadeit" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>imadeit</span></a> <a href="https://mastodon.au/tags/vulnerabilities" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>vulnerabilities</span></a></p>
Cool bug 
Incorrect Type Conversion in interpreting IPv4-mapped IPv6 addresses in #curl results in indeterminate SSRF #vulnerabilities.
HackerOnecurl disclosed on HackerOne: Incorrect Type Conversion in...## Summary:
Octal Type Handling of Errors in IPv4 Mapped IPv6 Addresses in curl allows unauthenticated remote attackers to perform indeterminate SSRF, RFI, and LFI attacks on many programs that rely on curl.
[RFC 4291](https://datatracker.ietf.org/doc/html/rfc4291#section-2-5-5) defines ways to embed an IPv4 address into IPv6 addresses. One of the methods defined in the RFC is to use...
Security Vulnerability of HTML Emails
This is a newly discovered email vulnerability:
The email your manager received and forwarded to you was something completely innocent, such as a potential cust... https://www.schneier.com/blog/archives/2024/04/security-vulnerability-of-html-emails.html
www.schneier.comSecurity Vulnerability of HTML Emails - Schneier on Security
I doubt that many of my followers are familiar with Xunlei Accelerator, this application being mostly used in China. I came across it due to its popular Chrome extension with 28 million users. I looked into the security of this applications and… security? What security?
https://palant.info/2024/03/06/numerous-vulnerabilities-in-xunlei-accelerator-application/
An overview:
· Program installation directory writable by any user.
· The built-in browser is based on a three years old Chromium.
· That browser exposed a powerful internal API to arbitrary websites (⇨ code execution among others).
· This browser could also be opened by any website loaded in the user’s regular browser, without any user interaction.
· XSS vulnerabilities in the display of messages in the main application, despite using React (⇨ code execution).
· Electron’s renderer sandboxing effectively rendered ineffective.
· Local webserver using “authentication” based on a “secret” hardcoded string.
· Plugin installation can be triggered by any website (⇨ code execution).
· Plugin list downloads via insecure HTTP connection (⇨ code execution).
· Rudimentary HTTP client used in some places, with memory safety issues and recognizing exactly two server responses.
· Tons of outdated third-party code, including (but not limited to) two years old FFmpeg, twelve years old libpng and eight years old zlib.
The vendor fixed the most obvious ways to exploit these issues. With the communication being spotty to say the least, I don’t know whether they plan to do more.
Almost Secure · Numerous vulnerabilities in Xunlei Accelerator applicationLooking into Xunlei Accelerator, I discovered a number of flaws allowing remote code execution from websites or local network. It doesn’t look like security was considered when designing this application.
#curl 8.0.0 will include 6 security fixes. Out of these 6 #vulnerabilities I found 5 and this brings my total to 24 found from curl. In case you're wondering: I don't consider curl to be exceptionally vulnerable, in fact I consider curl one of the most robust pieces of software I've seen. Offering good #bounties is a great motivation for bug hunting.
“It’s #axiomatic that any system preying upon the #vulnerabilities of the many, to profit the few, is both a #moral and #ethical #atrocity. #Capitalism embodies such a #system.”
My new #post is up over at Ian Welsh’s incredible #blog. I’m #grateful he lets me post my ramblings there. Let me know what you think!
www.ianwelsh.netCapitalism as Mental Illness, by Eric Anderson – Ian Welsh
Today we released updates for a series of #vulnerabilities termed 'There's a hole in the boot' / BootHole in GRUB2 that could allow an attacker to subvert UEFI Secure Boot. Learn more here. #security #CVE
bit.lyMitigating BootHole – ‘There’s a hole in the boot’ – CVE-2020-10713 and related vulnerabilities | UbuntuResponsible disclosure and coordinated response as a benefit to all Today we released updates for a series of vulnerabilities termed ‘There’s a hole in the boot’ / BootHole in GRUB2 (GRand Unified Bootloader version 2) that could allow an attacker to subvert UEFI Secure Boot. The original vulnerability, CVE-2020-10713, which is a high pri […]
TrendingLive feeds
Mastodon is the best way to keep up with what's happening.
Follow anyone across the fediverse and see it all in chronological order. No algorithms, ads, or clickbait in sight.
LoginDrag & drop to upload