Mastodawn

GitHub's 2023 account hijack of a maintainer pushed malicious npm packages. The incident relied on stolen session cookies, bypassing MFA entirely. Forgejo offers a self-hosted alternative with hard multi-factor enforcement and no single point of credential failure. Migrating critical CI/CD pipelines to independent instances reduces supply chain surface area. #selfhosted

byteguard 10h ago

Microsoft's May 2026 Patch Tuesday addresses 118 vulnerabilities, including 16 critical flaws. CVE-2026-41089 stands out as a stack-based buffer overflow in Windows Netlogon allowing unauthenticated SYSTEM access on domain controllers with low attack complexity. Other critical fixes cover RCE in the DNS client and Entra ID impersonation via forged credentials. Unlike recent months, no zero-days are actively exploited, but the Netlogon path requires immediate attention for any exposed Servers.

byteguard 1d ago

CW: Local privilege escalation

copy.fail is a Linux kernel LPE disclosed by Theori on 29 April 2026 that writes directly into the page cache of files the attacker does not own. The exploit chains AF_ALG sockets with splice() to bypass filesystem checks, leaving disk-based monitors like AIDE blind to the modification. It affects all major distributions including Ubuntu, RHEL, and Debian because the mainline fix only landed on 1 April.

#cve

byteguard 1d ago

CW: Data breach
Instructure confirmed two intrusions into Canvas via a vulnerability in its Free-for-Teacher system, compromising usernames, emails, and messages for up to 275 million users across 8,800 schools. While core course content remained intact, the company disclosed an agreement with ShinyHunters that includes verified data destruction logs and a halt to extortion demands. This resolution follows a temporary shutdown of Free-for-Teacher accounts and a full credential rotation.
#infosec

byteguard 2d ago

South Staffordshire Water's parent company was fined £963,900 for security failures that led to a 2022 Cl0p ransomware attack. The attack, detected in July 2022, initially occurred in September 2020, exposing 633,887 people's personal data. Key failures included limited controls, inadequate monitoring, running unsupported software like Windows Server 2003, and poor vulnerability management. #CyberSecurity #InfoSec

byteguard 2d ago

Obsidian plugin abuse led to Phantom Pulse RAT deployment. The campaign exploited a vulnerability in the plugin to install a remote access trojan. Users should review installed plugins and update Obsidian to the latest version. #infosec

byteguard 2d ago

Hardware attestation is being repurposed from a supply-chain safeguard into a gatekeeper for app distribution. When a platform can remotely refuse to run code on verified hardware, it controls the software market by design, not by merit. This shifts power from developers to the entity holding the attestation keys. #CyberSecurity #Android

byteguard 3d ago

FreeBSD-SA-26:13.exec documents a local privilege escalation via execve() on FreeBSD 14.2 and 13.4. The flaw allows unprivileged users to bypass security restrictions by manipulating environment variables during binary execution, granting root access on affected systems. Patches are available in FreeBSD 14.2-RELEASE-p2 and 13.4-RELEASE-p3. Upgrade immediately to close this vector.

#cve

byteguard 3d ago

Idempotency keys fail when the second request carries different data than the first. A retry with an updated payload but the same key forces a choice between stale data and inconsistent state. The fix requires validating that request parameters match the original submission before returning the cached response. Without this check, network retries corrupt transaction integrity in payment and inventory systems. #selfhosted

byteguard 3d ago

CW: Data breach

ShinyHunters claimed responsibility for the Canvas outage that disrupted finals week across US schools. The ransomware group asserts access to 275 million records from 8,800 institutions, including names, emails, student IDs, and platform messages. Instructure confirmed unauthorized activity matching a breach disclosed a week prior but states passwords and financial data remain untouched. The platform returned to service Friday morning after a temporary shutdown.

#infosec