Sergiu Gatlan

@serghei
2.5K Followers
563 Following
606 Posts
Cybersecurity/tech reporter
Tips: sergiu at bleepingcomputer.com.
Signal: serghei.33
WORKhttps://www.bleepingcomputer.com/author/sergiu-gatlan/
Websitehttps://serghei.ro/
Sergiu GatlanApr 16, 2025

A coalition of CVE Board members launched a new CVE Foundation "to ensure the long-term viability, stability, and independence of the Common Vulnerabilities and Exposures (CVE) Program."

https://www.thecvefoundation.org/

CVE Foundation

FOR IMMEDIATE RELEASE April 16, 2025 CVE Foundation Launched to Secure the Future of the CVE Program [Bremerton, Washington] – The CVE Foundation has been formally established to ensure the long-term viability, stability, and independence of the Common Vulnerabilities and Exposures (CVE) Program, a

Sergiu GatlanSep 17, 2024
Sergiu GatlanMar 25, 2024
Fours days? Not soon enough for Apple :)
Sergiu GatlanFeb 29, 2024

frogs are growing their own mushrooms now πŸ‘€

https://edition.cnn.com/2024/02/29/world/mushroom-frog-growth-chytrid-disease-scn/index.html

Sergiu GatlanFeb 9, 2024

Looks like Microsoft's new 'Sudo for Windows' is riddled with logical bugs and security issues πŸ€·β€β™‚οΈ

https://www.tiraniddo.dev/2024/02/sudo-on-windows-quick-rundown.html

Sudo On Windows a Quick Rundown

Background The Windows Insider Preview build 26052 just shipped with a sudo command, I thought I'd just take a quick peek to see what it doe...

Sergiu GatlanOct 20, 2023

Okta's stock took an 11.57% hit after the company disclosed a support system breach.

BeyondTrust, one of the customers who had session cookies stolen in the incident, discovered the breach on October 2nd.

More info here: https://www.bleepingcomputer.com/news/security/okta-says-its-support-system-was-breached-using-stolen-credentials/

Okta says its support system was breached using stolen credentials

​Okta says attackers accessed files containing cookies and session tokens uploaded by customers to its support management system after breaching it using stolen credentials.

BleepingComputer
Sergiu GatlanSep 27, 2023
How it started How it's going
Sergiu GatlanSep 21, 2023

Looks like the Google WebP zero-day (CVE-2023-4863) and the Apple ImageIO zero-day (CVE-2023-41064) are likely the same thing πŸ€·β€β™‚οΈ

https://blog.isosceles.com/the-webp-0day/

The WebP 0day

Early last week, Google released a new stable update for Chrome. The update included a single security fix that was reported by Apple's Security Engineering and Architecture (SEAR) team. The issue, CVE-2023-4863, was a heap buffer overflow in the WebP image library, and it had a familiar warning attached: "Google

Isosceles Blog
Sergiu GatlanSep 15, 2023

Heads-up for those who switched to Brave after the Google Chrome Privacy Sandbox bs went live:

If you want web push notifications to work, you'll have to enable "Use Google services for push messaging" in Settings > Privacy and security.

Sergiu GatlanAug 3, 2023

Zuck's Twitter rival Threads is dying πŸ€·β€β™‚οΈ

https://edition.cnn.com/2023/08/03/tech/threads-user-count-falls/