packet storm<p>Ubuntu Security Notice USN-7682-1 <a href="https://packetstorm.news/files/207676" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="">packetstorm.news/files/207676</span><span class="invisible"></span></a> <a href="https://infosec.exchange/tags/advisory" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>advisory</span></a></p>
fosstodon.org is one of the many independent Mastodon servers you can use to participate in the fediverse.
Fosstodon is an invite only Mastodon instance that is open to those who are interested in technology; particularly free & open source software.
If you wish to join, contact us for an invite.
Administered by:
Server stats:
8.7Kactive users
fosstodon.org: About · Status · Profiles directory · Privacy policy
Mastodon: About · Get the app · Keyboard shortcuts · View source code · v4.4.2
#advisory
41 posts · 11 participants · 10 posts today
packet storm<p>Apple Security Advisory 07-29-2025-6 <a href="https://packetstorm.news/files/207670" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="">packetstorm.news/files/207670</span><span class="invisible"></span></a> <a href="https://infosec.exchange/tags/advisory" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>advisory</span></a></p>
packet storm<p>SUSE Security Advisory - SUSE-SU-2025:02544-1 <a href="https://packetstorm.news/files/207659" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="">packetstorm.news/files/207659</span><span class="invisible"></span></a> <a href="https://infosec.exchange/tags/advisory" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>advisory</span></a></p>
packet storm<p>Red Hat Security Advisory 2025-12293-03 <a href="https://packetstorm.news/files/207657" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="">packetstorm.news/files/207657</span><span class="invisible"></span></a> <a href="https://infosec.exchange/tags/advisory" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>advisory</span></a></p>
BeyondMachines :verified:<p>Google releases one more urgent Chrome update</p><p>Google released an emergency Chrome security update to patch CVE-2025-8292, a use-after-free vulnerability in the Media Stream component that could allow attackers to execute arbitrary code on systems using video conferencing and screen sharing applications.</p><p>**This one is not urgent, but it is important. Nobody releases an update for just one flaw until there is something very important about that flaw. Update your Chrome and Chromium based browsers (Opera, Brave, Vivaldi, Edge...). It's very probable that this flaw will soon be reported as exploited. Patching is super easy, all your tabs reopen.**<br><a href="https://infosec.exchange/tags/cybersecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>cybersecurity</span></a> <a href="https://infosec.exchange/tags/infosec" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>infosec</span></a> <a href="https://infosec.exchange/tags/advisory" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>advisory</span></a> <a href="https://infosec.exchange/tags/vulnerability" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>vulnerability</span></a><br><a href="https://beyondmachines.net/event_details/google-releases-one-more-urgent-chrome-update-s-2-o-e-w/gD2P6Ple2L" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">beyondmachines.net/event_detai</span><span class="invisible">ls/google-releases-one-more-urgent-chrome-update-s-2-o-e-w/gD2P6Ple2L</span></a></p>
BeyondMachines :verified:<p>Gemini CLI vulnerability enables silent code execution via prompt injection</p><p>Cybersecurity firm Tracebit discovered a critical vulnerability in Google's Gemini CLI tool that allows attackers to silently execute arbitrary malicious commands on developers' systems through prompt injection and inadequate command validation.</p><p>**If you're using Google's Gemini CLI tool, immediately upgrade to version 0.1.14 or later. When using any AI development tools, always run them in sandboxed environments and avoid using them on untrusted code repositories. Ideally, don't rush into using AI development tools which have access to live systems (even your own laptop). The AI tooling is not mature, and is very prone to being exploited.**<br><a href="https://infosec.exchange/tags/cybersecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>cybersecurity</span></a> <a href="https://infosec.exchange/tags/infosec" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>infosec</span></a> <a href="https://infosec.exchange/tags/advisory" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>advisory</span></a> <a href="https://infosec.exchange/tags/vulnerability" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>vulnerability</span></a><br><a href="https://beyondmachines.net/event_details/gemini-cli-vulnerability-enables-silent-code-execution-via-prompt-injection-c-5-5-i-k/gD2P6Ple2L" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">beyondmachines.net/event_detai</span><span class="invisible">ls/gemini-cli-vulnerability-enables-silent-code-execution-via-prompt-injection-c-5-5-i-k/gD2P6Ple2L</span></a></p>
BeyondMachines :verified:<p>Apple relesases security updates patching 95 vulnerabilities across all products</p><p>Apple released security updates addressing 95 vulnerabilities across all major operating systems (iOS, iPadOS, macOS, watchOS, tvOS, and visionOS), including critical remote code execution flaws, privilege escalation issues, sandbox escapes, and memory corruption vulnerabilities that could allow attackers to gain root privileges or cause system termination.</p><p>**If you have any Apple devices (iPhone, iPad, Mac, Apple Watch, Apple TV, or Vision Pro), time to update them. There's a huge pack of patches and critical flaws that will be exploited. Don't delay.**<br><a href="https://infosec.exchange/tags/cybersecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>cybersecurity</span></a> <a href="https://infosec.exchange/tags/infosec" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>infosec</span></a> <a href="https://infosec.exchange/tags/advisory" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>advisory</span></a> <a href="https://infosec.exchange/tags/vulnerability" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>vulnerability</span></a><br><a href="https://beyondmachines.net/event_details/apple-relesases-security-updates-patching-95-vulnerabilities-across-all-products-p-2-9-s-9/gD2P6Ple2L" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">beyondmachines.net/event_detai</span><span class="invisible">ls/apple-relesases-security-updates-patching-95-vulnerabilities-across-all-products-p-2-9-s-9/gD2P6Ple2L</span></a></p>
BeyondMachines :verified:<p>Email disclosure and account takeover flaws reported in Lovense connected sex toy platform</p><p>Security researchers discovered two critical vulnerabilities in Lovense's connected platform that allow attackers to extract users' private email addresses from usernames and completely take over accounts without passwords by exploiting hardcoded application credentials and flawed XMPP chat system architecture.</p><p>**We don't have a good advice on this flaw. It's a cloud based service and it the flaw exposed users. It seems that it hasn't been exploited. Best we can advise is not to trust too much in connected devices and platforms. Anything can and eventually will be hacked.**<br><a href="https://infosec.exchange/tags/cybersecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>cybersecurity</span></a> <a href="https://infosec.exchange/tags/infosec" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>infosec</span></a> <a href="https://infosec.exchange/tags/advisory" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>advisory</span></a> <a href="https://infosec.exchange/tags/vulnerability" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>vulnerability</span></a><br><a href="https://beyondmachines.net/event_details/email-disclosure-and-account-takeover-flaws-reported-in-lovense-connected-sex-toy-platform-x-y-w-a-j/gD2P6Ple2L" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">beyondmachines.net/event_detai</span><span class="invisible">ls/email-disclosure-and-account-takeover-flaws-reported-in-lovense-connected-sex-toy-platform-x-y-w-a-j/gD2P6Ple2L</span></a></p>
BeyondMachines :verified:<p>Critical authentication bypass flaw reported in AI coding platform Base44</p><p>Wiz Research disclosed a critical authentication bypass vulnerability in Base44, an AI-powered coding platform with over 20,000 users, that allowed attackers to access private enterprise applications by exploiting misconfigured API endpoints with easily discoverable app IDs visible in URLs and manifest files.</p><p>**You can't do much about the flaw, it's already patched. If your organization uses Base44 for applications, review them for any suspicious user registrations or unusual access patterns. If you are developing applications, NEVER code undocumented endpoints and API interfaces, especially without a proper authentication. Security by obscurity doesn't work.**<br><a href="https://infosec.exchange/tags/cybersecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>cybersecurity</span></a> <a href="https://infosec.exchange/tags/infosec" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>infosec</span></a> <a href="https://infosec.exchange/tags/advisory" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>advisory</span></a> <a href="https://infosec.exchange/tags/vulnerability" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>vulnerability</span></a><br><a href="https://beyondmachines.net/event_details/critical-authentication-bypass-flaw-reported-in-ai-coding-platform-base44-2-9-7-s-n/gD2P6Ple2L" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">beyondmachines.net/event_detai</span><span class="invisible">ls/critical-authentication-bypass-flaw-reported-in-ai-coding-platform-base44-2-9-7-s-n/gD2P6Ple2L</span></a></p>
BeyondMachines :verified:<p>Critical command injection flaw reported in CodeIgniter4 ImageMagick handler</p><p>CodeIgniter4 patched a critical command injection vulnerability (CVE-2025-54418) in its ImageMagick image processing handler that allows unauthenticated attackers to execute arbitrary system commands through malicious file uploads with crafted filenames or text processing operations.</p><p>**If you're running CodeIgniter4 applications that process images, update to version 4.6.2. If you can't update right away, switch from ImageMagick to the GD image handler, use CodeIgniter's getRandomName() method for file uploads and sanitization of input with regular expressions to eliminate dangerous characters.**<br><a href="https://infosec.exchange/tags/cybersecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>cybersecurity</span></a> <a href="https://infosec.exchange/tags/infosec" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>infosec</span></a> <a href="https://infosec.exchange/tags/advisory" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>advisory</span></a> <a href="https://infosec.exchange/tags/vulnerability" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>vulnerability</span></a><br><a href="https://beyondmachines.net/event_details/critical-command-injection-flaw-reported-in-codeigniter4-imagemagick-handler-z-q-u-m-7/gD2P6Ple2L" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">beyondmachines.net/event_detai</span><span class="invisible">ls/critical-command-injection-flaw-reported-in-codeigniter4-imagemagick-handler-z-q-u-m-7/gD2P6Ple2L</span></a></p>
packet storm<p>Ubuntu Security Notice USN-7675-1 <a href="https://packetstorm.news/files/207554" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="">packetstorm.news/files/207554</span><span class="invisible"></span></a> <a href="https://infosec.exchange/tags/advisory" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>advisory</span></a></p>
packet storm<p>Ubuntu Security Notice USN-7676-1 <a href="https://packetstorm.news/files/207551" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="">packetstorm.news/files/207551</span><span class="invisible"></span></a> <a href="https://infosec.exchange/tags/advisory" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>advisory</span></a></p>
packet storm<p>SUSE Security Advisory - SUSE-SU-2025:02542-1 <a href="https://packetstorm.news/files/207549" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="">packetstorm.news/files/207549</span><span class="invisible"></span></a> <a href="https://infosec.exchange/tags/advisory" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>advisory</span></a></p>
packet storm<p>Debian Security Advisory 5967-1 <a href="https://packetstorm.news/files/207533" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="">packetstorm.news/files/207533</span><span class="invisible"></span></a> <a href="https://infosec.exchange/tags/advisory" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>advisory</span></a></p>
packet storm<p>Red Hat Security Advisory 2025-12112-03 <a href="https://packetstorm.news/files/207532" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="">packetstorm.news/files/207532</span><span class="invisible"></span></a> <a href="https://infosec.exchange/tags/advisory" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>advisory</span></a></p>
BeyondMachines :verified:<p>Critical vulnerabilities reported in HT Contact Form Widget</p><p>Three critical vulnerabilities in the HT Contact Form Widget WordPress plugin expose to unauthenticated site takeover through arbitrary file upload, deletion, and movement capabilities that can lead to remote code execution. The vulnerabilities were patched in version 2.2.2 released July 13, 2025, just five days after being reported to the developer.</p><p>**If you use the HT Contact Form Widget on your WordPress site, immediately update to version 2.2.2 or later. Updating these plugins is trivial, don't delay because hackers will find the unpatched versions.**<br><a href="https://infosec.exchange/tags/cybersecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>cybersecurity</span></a> <a href="https://infosec.exchange/tags/infosec" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>infosec</span></a> <a href="https://infosec.exchange/tags/advisory" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>advisory</span></a> <a href="https://infosec.exchange/tags/vulnerability" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>vulnerability</span></a><br><a href="https://beyondmachines.net/event_details/critical-vulnerabilities-reported-in-ht-contact-form-widget-for-elementor-gutenberg-blocks-form-builder-6-0-i-3-2/gD2P6Ple2L" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">beyondmachines.net/event_detai</span><span class="invisible">ls/critical-vulnerabilities-reported-in-ht-contact-form-widget-for-elementor-gutenberg-blocks-form-builder-6-0-i-3-2/gD2P6Ple2L</span></a></p>
BeyondMachines :verified:<p>Account takeover flaw reported in widely used Post SMTP Plugin</p><p>A high severity vulnerability (CVE-2025-24000) in the Post SMTP WordPress plugin exposes websites to takeover via broken access control that allows any logged-in user to view email logs and hijack administrator accounts via password reset emails.</p><p>**If you use the Post SMTP WordPress plugin, immediately update to version 3.3.0 or newer. Any logged-in user can hijack admin accounts. There is no workaround to this and updating the plugin is easy, so don't delay.**<br><a href="https://infosec.exchange/tags/cybersecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>cybersecurity</span></a> <a href="https://infosec.exchange/tags/infosec" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>infosec</span></a> <a href="https://infosec.exchange/tags/advisory" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>advisory</span></a> <a href="https://infosec.exchange/tags/vulnerability" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>vulnerability</span></a><br><a href="https://beyondmachines.net/event_details/account-takeover-flaw-reported-in-widely-used-post-smtp-plugin-4-x-7-a-o/gD2P6Ple2L" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">beyondmachines.net/event_detai</span><span class="invisible">ls/account-takeover-flaw-reported-in-widely-used-post-smtp-plugin-4-x-7-a-o/gD2P6Ple2L</span></a></p>
packet storm<p>Ubuntu Security Notice USN-7673-1 <a href="https://packetstorm.news/files/207507" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="">packetstorm.news/files/207507</span><span class="invisible"></span></a> <a href="https://infosec.exchange/tags/advisory" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>advisory</span></a></p>
packet storm<p>Ubuntu Security Notice USN-7672-1 <a href="https://packetstorm.news/files/207506" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="">packetstorm.news/files/207506</span><span class="invisible"></span></a> <a href="https://infosec.exchange/tags/advisory" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>advisory</span></a></p>
packet storm<p>Ubuntu Security Notice USN-7671-1 <a href="https://packetstorm.news/files/207505" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="">packetstorm.news/files/207505</span><span class="invisible"></span></a> <a href="https://infosec.exchange/tags/advisory" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>advisory</span></a></p>
TrendingLive feeds
Mastodon is the best way to keep up with what's happening.
Follow anyone across the fediverse and see it all in chronological order. No algorithms, ads, or clickbait in sight.
LoginDrag & drop to upload