Dr. Christopher KunzMay 13, 2025

CISA is changing the way they publizice alerts, including the KEV (known exploited vulnerabilities). These will no longer be shown on the "Alerts" overview, but must be subscribed to via GovAlert (or just scrape the JSON...).

The first vulnerability that is *not* being published as an alert is...drumroll... CVE-2025-47729. "The TeleMessage archiving backend through 2025-05-05 holds cleartext copies of messages from TM SGNL app users"

Isn't that a funny coincidence?

Show threadThe Noid You Should Avoid
@christopherkunz What? No. I-I'm sure that's just a... Just a bit of an old fashioned uhhhhhhh... administrative whoopsy-daisy. I'm sure we'll get an "our bad" in a press conference any day, followed by a "are you really sure it happened that way" and a "maybe YOU'RE the 'corrupt crony' "
May 13, 2025 at 5:48pmTusky
Show threadDr. Christopher KunzMay 14, 2025
@d0ct0r0nline You were right about the "our bad" part.