Mastodawn

Meta confirms 20,000+ Instagram accounts compromised April-June 2026 via AI chatbot account recovery bug email verification

#cybersecurity #meta #instagram #aivulnerability #securityengineering

https://radarkilat.com/en/article/meta-ai-chatbot-vulnerability-20-000-instagram-accounts-compromised-via-account-recovery-bug

ell1e coding things 6d ago

Is it only me who wishes Librewolf & by extension Firefox had a better sync UI?

I don't think any sync system that involves training the user to enter the E2EE password on a website (whether it may not actually be transmitted or not) is a great idea...

https://bugzilla.mozilla.org/show_bug.cgi?id=2037239

#Linux #Firefox #Security #SecurityEngineering #UX #UserExperience

2037239 - Firefox Sync design seems needlessly insecure in terms of UX regarding use of password

UNCONFIRMED (nobody) in Cloud Services - General. Last updated 2026-05-05.

halil deniz May 14

Linux Security Auditing with Lynis

In this article, I cover how to use Lynis for Linux security auditing, system hardening, and practical vulnerability assessment.

🔗 https://denizhalil.com/2025/03/17/linux-security-auditing-with-lynis/

#CyberSecurity #LinuxSecurity #Lynis #SecurityAuditing #SystemHardening #BlueTeam #DevSecOps #InfoSec #Linux #ITSecurity #SecurityEngineering #DenizHalil

github.com/ghostwriter May 12

https://www.wiz.io/blog/mini-shai-hulud-strikes-again-tanstack-more-npm-packages-compromised
#CyberSecurity #InfoSec #SupplyChainSecurity #SoftwareSupplyChain #NPM #OpenSourceSecurity #AppSec #DevSecOps #ThreatIntel #Malware #JavaScript #NodeJS #CICD #GitHubActions #CloudSecurity #TypeScript #ReactJS #WebDev #OpenSource #DevTools #SoftwareEngineering #DeveloperSecurity #SecureCoding #GitHub #SupplyChainAttack #Programming #TechNews #DevOps #ApplicationSecurity #ThreatResearch #SecurityEngineering #CyberAttack #Hackers #MalwareAlert #SecurityResearch #DevCommunity

Mini Shai-Hulud Strikes Again: TanStack + more npm Packages Compromised | Wiz Blog

Detect and mitigate malicious npm packages linked to the latest Mini Shai-Hulud supply chain campaign targeting high-value developer tooling.

wiz.io

halil deniz May 11

Linux Security Auditing with Lynis

In this article, I cover how to use Lynis for Linux security auditing, system hardening, and practical vulnerability assessment.

https://denizhalil.com/2025/03/17/linux-security-auditing-with-lynis/

#CyberSecurity #LinuxSecurity #Lynis #SecurityAuditing #SystemHardening #BlueTeam #DevSecOps #InfoSec #Linux #ITSecurity #SecurityEngineering #DenizHalil

Andrii Sudak May 11

Are you on the safe side yet? 🛡️

In an era of sophisticated phishing and data breaches, relying on passwords or SMS codes is like locking your front door but leaving the key under the mat. For a robust level of private security, I’ve integrated Yubico Yubikey into my daily routine as the ultimate hardware root of trust.

The true value of "Cold" Security

Hardware authenticators offer unparalleled security. Their physical nature means cryptographic keys are embedded directly, making them impossible to copy, extract, or steal remotely. No physical device, no access. Period.

My "Strict Security" Setup

I’ve minimized my attack surface by removing the weakest links:

1. Phone-Free: I have disabled phone number linkage and SMS authentication wherever possible to eliminate SIM-swapping risks.

2. Passwordless: Where supported, I use FIDO2/WebAuthn. No password means no password can be phished.

3. The Backup Rule: I use a minimum of two keys. My primary key is always with me, and a backup key is hidden in a secure, off-site location.

Hardware-Signed Workflow

I leverage the full multi-protocol potential of the key:

- GPG & Git: I use GPG primarily for signing git commits. When I push code, I am physically "touching" the hardware to sign that digital information.

- PIV/SSH: Secure access to servers without resident private keys on the machine.

- OTP & Static Passwords: Bridges for legacy services.

The Vault Strategy

For passwords and sensitive metadata, I rely on Bitwarden. Access to my vault is strictly locked behind my hardware keys.

> No, I'm not "that paranoid" ... yet. But I do keep an eye on the compromise of central servers. That’s why I’m planning to implement a fully self-hosted, self-controlled vault solution soon.

I’d love to hear your thoughts – what are your favorite self-hosted security stacks?

#CyberSecurity #YubiKey #Bitwarden #Infosec #Privacy #MFA #PGP #SSH #SecurityEngineering #SelfHosted

𝕯𝖎𝖓𝖊𝖘𝖍 🇮🇳May 9

A kernel bug sat in plain sight for 8 years. AI found it in an hour.

Wrong takeaway: AI is making attackers faster.

Better takeaway: our security model assumes too much about patching.

Assume latent flaws exist.
Design around containment, isolation, and resilience.

AI isn’t changing vulnerability physics.
It’s exposing reality faster.

More thoughts here:
LinkedIn: 🔗 https://www.linkedin.com/posts/dinesh-mr_73-sounds-impressive-until-you-ask-what-activity-7458128840872349696-kpVc

#CyberSecurity #Linux #AISecurity #SecurityEngineering

halil deniz May 1

Linux Privilege Escalation Cheat Sheet: Techniques and Prevention.

In this cheat sheet, I break down essential enumeration commands, common escalation paths, and practical techniques every security professional should know.
https://denizhalil.com/2025/06/30/linux-privilege-escalation-cheat-sheet/

#CyberSecurity #LinuxSecurity #PrivilegeEscalation #Pentesting #RedTeam #BlueTeam #InfoSec #ethicalhacking #SecurityEngineering #itsecurity

halil deniz Apr 29

UDP Network Monitoring with C++: A Comprehensive Guide

In this guide, I demonstrate how to build a UDP packet sniffer in C++ using raw sockets, parse packet headers, and extract key data like source/destination IPs and ports.
https://denizhalil.com/2025/07/14/udp-network-monitoring-cpp-packet-sniffer/

#CyberSecurity #NetworkMonitoring #PacketSniffer #UDP #Cpp #NetworkSecurity #InfoSec #BlueTeam #RedTeam #InfoSec #securityengineering #denizhalil