Recent searches

No recent searches

Search options

Only available when logged in.
shakedown.social is one of the many independent Mastodon servers you can use to participate in the fediverse.
A community for live music fans with roots in the jam scene. Shakedown Social is run by a team of volunteers (led by @clifff and @sethadam1) and funded by donations.

Administered by:

Server stats:

269
active users

shakedown.social: AboutStatusProfiles directoryPrivacy policy

Mastodon: AboutGet the appKeyboard shortcutsView source codev4.4.0

#vulnerabilities

3 posts3 participants0 posts today
Syft<p>Just picked up my holiday photos!<br>50% landscapes, 50% Grype being <span class="h-card" translate="no"><a href="https://fosstodon.org/@grype" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>grype</span></a></span> 👽📷<br><a href="https://fosstodon.org/tags/vulnerabilities" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>vulnerabilities</span></a> <a href="https://fosstodon.org/tags/security" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>security</span></a> <a href="https://fosstodon.org/tags/family" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>family</span></a></p>
IT News<p>Critical CitrixBleed 2 vulnerability has been under active exploit for weeks - A critical vulnerability allowing hackers to bypass multifac... - <a href="https://arstechnica.com/security/2025/07/critical-citrixbleed-2-vulnerability-has-been-under-active-exploit-for-weeks/" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">arstechnica.com/security/2025/</span><span class="invisible">07/critical-citrixbleed-2-vulnerability-has-been-under-active-exploit-for-weeks/</span></a> <a href="https://schleuss.online/tags/vulnerabilities" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>vulnerabilities</span></a> <a href="https://schleuss.online/tags/citrixbleed" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>citrixbleed</span></a> <a href="https://schleuss.online/tags/security" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>security</span></a> <a href="https://schleuss.online/tags/hacking" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>hacking</span></a> <a href="https://schleuss.online/tags/biz" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>biz</span></a>⁢ <a href="https://schleuss.online/tags/citrix" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>citrix</span></a></p>
ADMIN magazine<p>From the ADMIN Update newsletter: Learn how the tools used in attack surface management help identify attack surfaces more precisely and respond to changes in risk situations<br><a href="https://www.admin-magazine.com/Archive/2025/85/ASM-tools-and-strategies-for-threat-management?utm_source=mam" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://www.</span><span class="ellipsis">admin-magazine.com/Archive/202</span><span class="invisible">5/85/ASM-tools-and-strategies-for-threat-management?utm_source=mam</span></a><br><a href="https://hachyderm.io/tags/ASM" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>ASM</span></a> <a href="https://hachyderm.io/tags/tools" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>tools</span></a> <a href="https://hachyderm.io/tags/vulnerabilities" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>vulnerabilities</span></a> <a href="https://hachyderm.io/tags/security" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>security</span></a> <a href="https://hachyderm.io/tags/AttackSurface" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>AttackSurface</span></a> <a href="https://hachyderm.io/tags/SaaS" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>SaaS</span></a></p>
Bob Carver<p>This AI Is Outranking Humans as a Top Software Bug Hunter<br><a href="https://www.pcmag.com/news/this-ai-is-outranking-humans-as-a-top-software-bug-hunter" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://www.</span><span class="ellipsis">pcmag.com/news/this-ai-is-outr</span><span class="invisible">anking-humans-as-a-top-software-bug-hunter</span></a><br><a href="https://infosec.exchange/tags/cybersecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>cybersecurity</span></a> <a href="https://infosec.exchange/tags/AI" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>AI</span></a> <a href="https://infosec.exchange/tags/software" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>software</span></a> <a href="https://infosec.exchange/tags/bughunter" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>bughunter</span></a> <a href="https://infosec.exchange/tags/vulnerabilities" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>vulnerabilities</span></a></p>
Europe Says<p><a href="https://www.europesays.com/2183857/" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://www.</span><span class="">europesays.com/2183857/</span><span class="invisible"></span></a> Banks in S. Korea, Taiwan, Thailand <a href="https://pubeurope.com/tags/Economy" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Economy</span></a> <a href="https://pubeurope.com/tags/outlook" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>outlook</span></a> <a href="https://pubeurope.com/tags/RetailNews" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>RetailNews</span></a> <a href="https://pubeurope.com/tags/RetailProblems" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>RetailProblems</span></a> <a href="https://pubeurope.com/tags/retailers" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>retailers</span></a> <a href="https://pubeurope.com/tags/sector" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>sector</span></a> <a href="https://pubeurope.com/tags/SouthKorea" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>SouthKorea</span></a> <a href="https://pubeurope.com/tags/vulnerabilities" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>vulnerabilities</span></a></p>
Hacker News<p>Exploiting Vulnerabilities in Cellebrite UFED</p><p><a href="https://signal.org/blog/cellebrite-vulnerabilities/" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">signal.org/blog/cellebrite-vul</span><span class="invisible">nerabilities/</span></a></p><p><a href="https://mastodon.social/tags/HackerNews" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>HackerNews</span></a> <a href="https://mastodon.social/tags/Exploiting" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Exploiting</span></a> <a href="https://mastodon.social/tags/Vulnerabilities" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Vulnerabilities</span></a> <a href="https://mastodon.social/tags/in" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>in</span></a> <a href="https://mastodon.social/tags/Cellebrite" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Cellebrite</span></a> <a href="https://mastodon.social/tags/UFED" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>UFED</span></a> <a href="https://mastodon.social/tags/hacking" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>hacking</span></a> <a href="https://mastodon.social/tags/cybersecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>cybersecurity</span></a> <a href="https://mastodon.social/tags/Cellebrite" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Cellebrite</span></a> <a href="https://mastodon.social/tags/vulnerabilities" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>vulnerabilities</span></a> <a href="https://mastodon.social/tags/digital" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>digital</span></a> <a href="https://mastodon.social/tags/forensics" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>forensics</span></a></p>
K. Reid Wightman :verified: 🌻 :donor:<p>(Maybe intentional, maybe unintentional) deceptive advisories 101: <a href="https://certvde.com/en/advisories/VDE-2025-052/" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">certvde.com/en/advisories/VDE-</span><span class="invisible">2025-052/</span></a> .</p><p>The actual vulns here are OS command injection issues (CWE-78). The webapp just so happens to be vulnerable to CSRF too, so they use CWE-352, but honestly nobody in their right mind gives a crap about CSRF as a top priority item.</p><p>There are multiple ways to exploit the bugs. The score/vector in the advisory is technically correct, but you could also exploit the bug (or series of bugs) as 9.1 (AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H) or 9.9 (AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H) depending on the privilege required to do the OS command injection. But honestly the 'what privilege required' becomes moot when you search the user manual for default credentials....</p><p>Whether the deception is intentional or not, who knows, it is what it is. Attackers are never* gonna use CSRF, but they are absolutely positively going to abuse command injection (even authenticated command injection), especially against devices which has 1) a cellular modem and 2) published default credentials that are incredibly easy to learn.</p><p>This is all an example of the fact that CVSS does not score a vulnerability, but rather scores one exploitation method of a vulnerability. There are often multiple ways to interpret 'a vuln'. In this case the advisory probably should have reserved more CVEs anyway: some to cover the CSRF, and others to cover the command injection bugs (the fixes for each are most likely distinct code changes, so worthy of independent CVEs, but I digress).</p><p>And sorry for the sales pitch: this is the kind of thing that we manually review all week, every week, and publish details about in our Worldview reports: <a href="https://www.dragos.com/dragos-worldview/" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://www.</span><span class="">dragos.com/dragos-worldview/</span><span class="invisible"></span></a> </p><p><a href="https://infosec.exchange/tags/vulnerabilities" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>vulnerabilities</span></a> <a href="https://infosec.exchange/tags/industrial" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>industrial</span></a> <a href="https://infosec.exchange/tags/infosec" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>infosec</span></a></p>
The DefendOps Diaries<p>Secure Boot just got a wake-up call—hackers are now exploiting a new flaw to slip bootkit malware past our digital bouncer. Ever wonder how secure your system really is?</p><p><a href="https://thedefendopsdiaries.com/navigating-the-challenges-of-secure-boot-vulnerabilities/" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">thedefendopsdiaries.com/naviga</span><span class="invisible">ting-the-challenges-of-secure-boot-vulnerabilities/</span></a></p><p><a href="https://infosec.exchange/tags/secureboot" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>secureboot</span></a><br><a href="https://infosec.exchange/tags/cybersecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>cybersecurity</span></a><br><a href="https://infosec.exchange/tags/vulnerabilities" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>vulnerabilities</span></a><br><a href="https://infosec.exchange/tags/bootkit" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>bootkit</span></a><br><a href="https://infosec.exchange/tags/infosec" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>infosec</span></a></p>
Xavier «X» Santolaria :verified_paw: :donor:<p>🔥 Latest issue of my curated <a href="https://infosec.exchange/tags/cybersecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>cybersecurity</span></a> and <a href="https://infosec.exchange/tags/infosec" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>infosec</span></a> list of resources for week #23/2025 is out!</p><p>It includes the following and much more:</p><p>🇫🇷 Cartier announced a <a href="https://infosec.exchange/tags/databreach" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>databreach</span></a>;</p><p>🫱🏻‍🫲🏼 Microsoft and CrowdStrike are working together to connect the different names used for hacking groups;</p><p>🇩🇪 German authorities have identified Vitaly Nikolaevich Kovalev as the leader of the <a href="https://infosec.exchange/tags/TrickBot" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>TrickBot</span></a> cybercrime gang;</p><p>🩹 🐛 Over 30 <a href="https://infosec.exchange/tags/Vulnerabilities" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Vulnerabilities</span></a> Patched in <a href="https://infosec.exchange/tags/Android" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Android</span></a>;</p><p>🇪🇺 Microsoft has launched a free European Security Program to enhance cybersecurity for <a href="https://infosec.exchange/tags/EU" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>EU</span></a> governments;</p><p>🇮🇳 <a href="https://infosec.exchange/tags/Microsoft" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Microsoft</span></a> Helps India CBI Dismantle Indian Call Centers;</p><p>📨 Subscribe to the <a href="https://infosec.exchange/tags/infosecMASHUP" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>infosecMASHUP</span></a> newsletter to have it piping hot in your inbox every week-end ⬇️</p><p><a href="https://infosec-mashup.santolaria.net/p/infosec-mashup-23-2025" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">infosec-mashup.santolaria.net/</span><span class="invisible">p/infosec-mashup-23-2025</span></a></p>
Alexandre Dulaunoy<p>The VLAI Severity model is accessible via API. Here is a simple example from a recent Ivanti vulnerability description from their vulnerability webpage.</p><p>The VLAI Security model for vulnerabilities is accessible via vulnerability-lookup and the public instance operated by CIRCL. </p><p>So, if you have a vulnerability description, you can quickly assess it to get a general idea of its severity.</p><pre><code>curl -X 'POST' \<br> 'https://vulnerability.circl.lu/api/vlai/severity-classification' \<br> -H 'accept: application/json' \<br> -H 'Content-Type: application/json' \<br> -d '{ "description": "Ivanti has released updates for Ivanti Neurons for ITSM (on-prem only) which addresses one critical severity vulnerability. Depending on system configuration, successful exploitation could allow an unauthenticated remote attacker to gain administrative access to the system. We are not aware of any customers being exploited by these vulnerabilities at the time of disclosure. We have included an environmental score to provide customers with additional context on the adjusted risk of this vulnerability with typical use cases. Customers who have followed Ivanti guidance on securing the IIS website and restricted access to a limited number of IP addresses and domain names have a reduced risk to their environment. Customers who have users log into the solution from outside their company network also have a reduced risk to their environment if they ensure that the solution is configured with a DMZ." }'<br></code></pre><p>and the result</p><pre><code>{<br> "severity": "Critical",<br> "confidence": 0.9256<br>}<br></code></pre><p><a href="https://infosec.exchange/tags/cve" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>cve</span></a> <a href="https://infosec.exchange/tags/ivanti" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>ivanti</span></a> <a href="https://infosec.exchange/tags/vulnerability" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>vulnerability</span></a> <a href="https://infosec.exchange/tags/vulnerabilitymanagement" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>vulnerabilitymanagement</span></a> <a href="https://infosec.exchange/tags/vulnerabilities" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>vulnerabilities</span></a> </p><p>For more details: <a href="https://www.vulnerability-lookup.org/2025/05/22/vulnerability-lookup-2-10-0/#ai-powered-enrichment-using-our-in-house-ai-models" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://www.</span><span class="ellipsis">vulnerability-lookup.org/2025/</span><span class="invisible">05/22/vulnerability-lookup-2-10-0/#ai-powered-enrichment-using-our-in-house-ai-models</span></a></p><p><span class="h-card" translate="no"><a href="https://social.circl.lu/@circl" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>circl</span></a></span> <span class="h-card" translate="no"><a href="https://social.circl.lu/@gcve" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>gcve</span></a></span></p>
Negative PID Inc.<p>🎮🔍 Do you remember the infamous Sony PlayStation Network hack? As a pivotal case study, this attack highlights the advancements in cybersecurity following one of history's most significant cyberattacks on cloud platforms. </p><p><a href="https://negativepid.blog/the-sony-playstation-network-hack/" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">negativepid.blog/the-sony-play</span><span class="invisible">station-network-hack/</span></a></p><p><a href="https://mastodon.social/tags/cybercrime" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>cybercrime</span></a> <a href="https://mastodon.social/tags/hacking" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>hacking</span></a> <a href="https://mastodon.social/tags/hackingAttacks" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>hackingAttacks</span></a> <a href="https://mastodon.social/tags/Sony" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Sony</span></a> <a href="https://mastodon.social/tags/PlayStation" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>PlayStation</span></a> <a href="https://mastodon.social/tags/PSN" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>PSN</span></a> <a href="https://mastodon.social/tags/cybersecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>cybersecurity</span></a> <a href="https://mastodon.social/tags/hackers" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>hackers</span></a> <a href="https://mastodon.social/tags/gamers" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>gamers</span></a> <a href="https://mastodon.social/tags/caseStudy" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>caseStudy</span></a> <a href="https://mastodon.social/tags/cloud" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>cloud</span></a> <a href="https://mastodon.social/tags/vulnerabilities" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>vulnerabilities</span></a></p>
Brian Sletten<p>European vulnerability database opens in case the dumbass Americans cut funding again.</p><p><a href="https://mastodon.social/tags/security" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>security</span></a> <a href="https://mastodon.social/tags/vulnerabilities" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>vulnerabilities</span></a> </p><p><a href="https://www.infosecurity-magazine.com/news/european-vulnerability-database-us/" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://www.</span><span class="ellipsis">infosecurity-magazine.com/news</span><span class="invisible">/european-vulnerability-database-us/</span></a></p>
Marcus "MajorLinux" Summers<p>This time I'm begging you to update yo shit!</p><p>PSA: iOS 18.5 patches over 30 iPhone security vulnerabilties - 9to5Mac </p><p><a href="https://9to5mac.com/2025/05/12/ios-18-5-security-fixes/" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">9to5mac.com/2025/05/12/ios-18-</span><span class="invisible">5-security-fixes/</span></a></p><p><a href="https://toot.majorshouse.com/tags/iOS" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>iOS</span></a> <a href="https://toot.majorshouse.com/tags/Patching" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Patching</span></a> <a href="https://toot.majorshouse.com/tags/iPhone" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>iPhone</span></a> <a href="https://toot.majorshouse.com/tags/Security" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Security</span></a> <a href="https://toot.majorshouse.com/tags/InfoSec" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>InfoSec</span></a> <a href="https://toot.majorshouse.com/tags/Vulnerabilities" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Vulnerabilities</span></a> <a href="https://toot.majorshouse.com/tags/Apple" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Apple</span></a> <a href="https://toot.majorshouse.com/tags/Tech" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Tech</span></a></p>
PrivacyDigest<p>Open source project <a href="https://mas.to/tags/curl" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>curl</span></a> is sick of users submitting “AI slop” <a href="https://mas.to/tags/vulnerabilities" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>vulnerabilities</span></a> - Ars Technica</p><p>"One way you can tell is it's always such a nice report," founder tells Ars.<br><a href="https://mas.to/tags/aislop" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>aislop</span></a> <a href="https://mas.to/tags/ai" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>ai</span></a> <a href="https://mas.to/tags/security" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>security</span></a></p><p><a href="https://arstechnica.com/gadgets/2025/05/open-source-project-curl-is-sick-of-users-submitting-ai-slop-vulnerabilities/" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">arstechnica.com/gadgets/2025/0</span><span class="invisible">5/open-source-project-curl-is-sick-of-users-submitting-ai-slop-vulnerabilities/</span></a></p>
Marcus "MajorLinux" Summers

Okay. Every now and then, I may use some AI to help write something.

But if I can't articulate what's wrong or where something is broken to get it fixed, maybe I should leave that up to someone who can.

Open source project curl is sick of users submitting “AI slop” vulnerabilities

arstechnica.com/gadgets/2025/0

#OpenSource#cURL#AI
Xavier «X» Santolaria :verified_paw: :donor:

📨 Latest issue of my curated #cybersecurity and #infosec list of resources for week #18/2025 is out!

It includes the following and much more:

🇫🇷 🇷🇺 France has linked Russian APT to 12 #cyberattacks on French Orgs.;

🇺🇸 Cybersecurity experts demand the reinstatement of Chris Krebs' security clearances and the withdrawal of the investigation;

🐛 🍎 #Vulnerabilities in Apple's #AirPlay Protocol;

🚉 New York's Metropolitan Transportation Authority plans to use #AI and cameras to detect potential subway crimes before they happen;

🇨🇳 @SentinelOne Targeted by Chinese #PurpleHaze Group;

🔐 #Microsoft sets all new accounts #passwordless by default;

🇺🇸 💸 The #Trump administration plans to cut $491 million from #CISA's budget;

Subscribe to the #infosecMASHUP newsletter to have it piping hot in your inbox every week-end ⬇️

infosec-mashup.santolaria.net/

X’s InfoSec Newsletter🕵🏻‍♂️ [InfoSec MASHUP] 18/2025France has linked Russian APT to 12 cyberattacks on French Orgs.; Cybersecurity experts demand the reinstatement of Chris Krebs' security clearances and the withdrawal of the investigation; Vulnerabilities in Apple's AirPlay Protocol; New York's Metropolitan Transportation Authority plans to use AI and cameras to detect potential subway crimes before they happen; SentinelOne Targeted by Chinse PurpleHaze Group; Microsoft sets all new Accounts passwordless by Default; The Trump administration plans to cut $491 million from CISA's budget;
Xavier «X» Santolaria :verified_paw: :donor:

📨 Latest issue of my curated #cybersecurity and #infosec list of resources for week #17/2025 is out!

It includes the following and much more:

🇺🇸 👋🏻 Two top officials from #CISA resigned;

🇺🇸 💬 U.S. Defense Secretary Pete Hegseth caught in another information leak;

📊 Yearly Threat Intelligence Reports Released;

🇺🇸 💸 U.S. lost record $16.6 billion to #cybercrime in 2024;

🇺🇸 5.5 Million Patients Affected by #DataBreach at Yale New Haven Health;

🐛 💥 VulnCheck spotted 159 actively exploited #vulnerabilities in first few months of 2025;

🇺🇸 🇨🇳 FBI is seeking public help to identify Chinese hackers known as #SaltTyphoon and offers $10 million reward;

Subscribe to the #infosecMASHUP newsletter to have it piping hot in your inbox every week-end ⬇️

infosec-mashup.santolaria.net/

X’s InfoSec Newsletter🕵🏻‍♂️ [InfoSec MASHUP] 16/2025Two top officials from CISA resigned; U.S. Defense Secretary Pete Hegseth caught in another information leak; Yearly Threat Intelligence Reports Released; U.S. lost record $16.6 billion to cybercrime in 2024; 5.5 Million Patients Affected by Data Breach at Yale New Haven Health; VulnCheck spotted 159 actively exploited vulnerabilities in first few months of 2025; FBI is seeking public help to identify Chinese hackers known as Salt Typhoon and offers $10 million reward;
TrendingLive feeds
About