Mastodawn

I may have to add Moldova to my list of countries I may not be able to visit. I just posted a two-fer involving two of their government portals:

https://databreaches.net/2026/02/19/data-protection-failures-on-moldovan-portals-exposed-citizens-to-risk/ is about a long-time IDOR incident that exposed the personal info of everyone who ever used the govt portal to apply for a job. The vulnerability was brought to my attention by a student who was frustrated with his government's lack of response to his attempts to get them to address it.

and

https://databreaches.net/2026/02/19/leaked-data-raises-questions-about-hackers-claims-and-moldovas-prior-denial/ discusses an alleged hack by Bashe Team of another portal used by Moldovan residents to apply for energy compensation.

In May 2025, the government had denied claims that access to the compensation portal had been sold. "No evidence.... smoke and mirrors... " they claimed.

Fast forward to January 2026, and data from that portal and timeframe was leaked after Bashe Team claimed to have hacked it. But while the data appear to be real, Bashe Team's claims about how and when they acquired it didn't check out.

Bashe Team seems to be allergic to telling the truth about their listings. @cloudsek noted their less-than-honest claims in 2025; DataBreaches.net notes it now, and @amvinfe has also noted it in his new reporting on #SuspectFile.

#databreach #leak #vulnerability #cariere #compensatii #govsec #cybersecurity #Bashe #APT73 #Eraleign

@campuscodi @euroinfosec @lawrenceabrams

Data Protection Failures on Moldovan Portals Leave Citizens at Risk - DataBreaches.Net

Breaches involving government entities may be politically motivated, such as the 2022 compromise of the Presidency of Moldova's email server or the 2024 comprom

DataBreaches.Net

Bryan King (W8DBK)1h ago

“I’m fine” is killing a lot of men. A first-person, gritty story of a Christian guy who refuses to be vulnerable—until everything quietly starts to crumble. 💔 If you’ve ever played “the rock,” this one’s for you. #ChristianMen #MentalHealth #Vulnerability

https://bdking71.wordpress.com/2026/02/19/ive-spent-my-whole-life-refusing-to-break-and-its-slowly-breaking-everything-i-love/?utm_source=mastodon&utm_medium=jetpack_social

I’ve Spent My Whole Life Refusing to Break, and It’s Slowly Breaking Everything I Love

A raw, first-person story about a Christian man hiding his weakness behind the image of “the rock.” This gritty narrative exposes fear of vulnerability, porn, anxiety, and emotional shutdown—and sh…

Bryan King

Vulnerability-Lookup 3h ago

A new bundle, MajorDoMo Revisited: What I Missed in 2023, has been published on Vulnerability-Lookup:
http://vulnerability.circl.lu/bundle/42521e67-5c8d-4b16-a114-e0db686c91a7

#VulnerabilityLookup #Vulnerability #Cybersecurity #bot

Vulnerability-Lookup

Vulnerability-Lookup - Fast vulnerability lookup correlation from different sources.

HackerWorkspace 4h ago

Prompt Injection Standardization: Text Techniques vs Intent

https://www.lasso.security/blog/prompt-injection-taxonomy-techniques

#cybersecurity #aisecurity #vulnerability

Prompt Injection Standardization: Text Techniques vs Intent

Explore Lasso’s prompt injection taxonomy, distinguishing text-based techniques from attacker intent to standardize AI security defenses.

HackerWorkspace 4h ago

DroidGround - A flexible playground for Android CTF challenges

https://droidground.com/

and they also have a demo

https://droidground.com/demo/

#cybersecurity #vulnerability #exploit

DroidGround - A flexible playground for Android CTF challenges

A platform for hosting realistic Android CTF hacking challenges. DroidGround provides fine-grained control, real-time device interaction, Frida scripting, Team based workflows and customizable exploitation scenarios.

Bill 9h ago

It is getting to the point where the only extensions I have installed are by the big vendors. Individuals way more risky.

https://thehackernews.com/2026/02/critical-flaws-found-in-four-vs-code.html

#vscode #vulnerability

Critical Flaws Found in Four VS Code Extensions with Over 125 Million Installs

Critical vulnerabilities in four widely used VS Code extensions could enable file theft and remote code execution across 125M installs.

The Hacker News

TheHackerWire 13h ago

🔴 CVE-2026-2686 - Critical (9.8)

A security vulnerability has been detected in SECCN Dingcheng G10 3.1.0.181203. This impacts the function qq of the file /cgi-bin/session_login.cgi. The manipulation of the argument User leads to os command injection. The attack is possible to be ...

🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-2686/

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

TheHackerWire 14h ago

🟠 CVE-2026-2650 - High (8.8)

Heap buffer overflow in Media in Google Chrome prior to 145.0.7632.109 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium)

🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-2650/

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

TheHackerWire 14h ago

🟠 CVE-2026-2649 - High (8.8)

Integer overflow in V8 in Google Chrome prior to 145.0.7632.109 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-2649/

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

TheHackerWire 14h ago

🔴 CVE-2026-25548 - Critical (9.1)

InvoicePlane is a self-hosted open source application for managing invoices, clients, and payments. A critical Remote Code Execution (RCE) vulnerability exists in InvoicePlane 1.7.0 through a chained Local File Inclusion (LFI) and Log Poisoning at...

🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-25548/

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack