Deep Blue SeaJul 26, 2025

After a few days on Brave Browser, I noticed that I had to log in to Google and Facebook again. But when I went to the device, I saw that Google and Facebook did not log me out of the previous session.

#security #vulnerabilty #brave #browser

Manuel BisseyJan 23, 2025

The RealHome theme and the Easy Real Estate plugins for WordPress are vulnerable to two critical severity flaws that allow unauthenticated users to gain administrative privileges 🤖☠️ #vulnerabilty

https://www.bleepingcomputer.com/news/security/critical-zero-days-impact-premium-wordpress-real-estate-plugins/

Critical zero-days impact premium WordPress real estate plugins

The RealHome theme and the Easy Real Estate plugins for WordPress are vulnerable to two critical severity flaws that allow unauthenticated users to gain administrative privileges.

BleepingComputer
Lowyat.NETJul 11, 2024

Windows Vulnerability Found Exploiting The Retired Internet Explorer #browser #cybersecurity #ie #internetexplorer #microsoft #security #vulnerabilty #windows10 #windows11

https://www.lowyat.net/2024/326424/windows-vulnerability-internet-explorer/

Kuketz-Blog 🛡May 14, 2024

Der Messenger #Telegram ist für eine sichere Kommunikation nicht geeignet - standardmäßig sind die Nachrichten nicht einmal Ende-zu-Ende verschlüsselt. Besser geeignet sind #Signal oder #Threema. Übrigens: Elon Musk ist das Paradebeispiel eines Trolls. Einfach ignorieren. 😉

Wer eine Entscheidungshilfe für einen Messenger sucht: https://www.messenger-matrix.de/messenger-matrix.html

#sicherheit #security #schwachstelle #e2ee #vulnerabilty #musk #durow

Messenger-Matrix • Kuketz IT-Security Blog

Messenger: Vergleich sicherheits- und datenschutzrelevanter Eigenschaften von Messengern

Kuketz-Blog 🛡Apr 8, 2024

Wie man sich die Ursache zur xz-Hintertür (CVE-2024-3094) am besten vorstellen kann. 👇

#security #schwachstelle #vulnerabilty #xz #xkcd

Graham DownsApr 4, 2024

Patch your software if you can, everyone. Upgrade to a newer version if you can't patch. Switch to different software if you can't upgrade.

https://gadget.co.za/ndayzeroday1/?utm_source=MastodonAfrica

#security #vulnerabilty #infosec

Beware the N-Day – Gadget

Most have heard of zero-day vulnerabilities, but N-day exploits of known security holes may be more dangerous.

Gadget
merely rhysMar 30, 2024

Oh man, this xz-utils backdoor looks baaad.

I think my one machine with public-facing SSH likely wasn't vulnerable at any point, given that the Arch SSH package isn't linked against liblzma (and also given how infrequently I update that machine).

As the note says though, if you have a publicly accessible SSH server, update right now now now.

#cyber #security #ssh #vuln #vulnerabilty

https://gist.github.com/thesamesam/223949d5a074ebc3dce9ee78baad9e27

xz-utils backdoor situation (CVE-2024-3094)

xz-utils backdoor situation (CVE-2024-3094). GitHub Gist: instantly share code, notes, and snippets.

Gist
NewkOct 16, 2023

Should a #SOC do #vulnerabilty management?

➕​ SOCs are qualified for the task and already have the data!
➖​ SOCs have better things to do. Analysts should not be bothered with vuln. mgmt.!

#blueteam #ciso #cybersecurity #cyber #infosec

Yes
42.9%
No
57.1%
Poll ended at .
ndubienSep 21, 2023

Prototype pollution is among the most frequent sources of #CVE #Vulnerabilty in the #JavaScript ecosystem.

Here are some tricks to detect them earlier: https://fast-check.dev/blog/2023/09/21/detect-prototype-pollution-automatically/

It references an example of such issue in #lodash. Would be glad to hear from some security experts? So any ping welcomed 🥰

Detect prototype pollution automatically | fast-check

Prototype pollution is among the most frequent sources of Common Vulnerabilities and Exposures - aka CVE - in the JavaScript ecosystem. "As a result, detecting them early has always been a key challenge for fast-check.

vPierreJul 25, 2023
https://lock.cmpxchg8b.com/zenbleed.html #security #vulnerabilty #amd #sidechannelattacks
Zenbleed