Lorenzo ha ricondiviso questo.

mastodon - Collegamento all'originale

Microsoft has open-sourced RAMPART, an agent test framework for encoding adversarial and benign scenarios as repeatable tests that can run in a CI/CD

microsoft.com/en-us/security/b…

Introducing RAMPART and Clarity: Open source tools to bring safety into Agent development workflow | Microsoft Security Blog

The AI systems shipping inside enterprises today are fundamentally different from the ones we were building even two years ago, because they have moved well past answering questions and into accessing your email, retrieving records from your CRM, wri…
Ram Shankar Siva Kumar (Microsoft Security Blog)

reshared this

Lorenzo ha ricondiviso questo.

mastodon - Collegamento all'originale

📺 Srsly Risky Biz: Politicians ditch Signal for homegrown apps

risky.biz/video/srsly-risky-bi…

Srsly Risky Biz: Politicians ditch Signal for homegrown apps - Risky Business Media

Tom Uren and James Wilson talk about moves from several European governments to ditch Signal and set up their own encrypted messaging syst [Read More]
risky.biz

reshared this

friendica (DFRN) - Collegamento all'originale

Fedora segue SUSE e ritira i pacchetti Deepin

@GNU/Linux Italia

linuxeasy.org/fedora-segue-sus…

Fedora rimuove i pacchetti Deepin dopo dubbi sulla sicurezza e problemi di manutenzione già evidenziati anche da SUSE.
L'articolo Fedora segue SUSE e ritira i pacchetti Deepin proviene da Linux Easy.
E' vietato riprodurre questo articolo senza autorizzazione.

@GNU/Linux Italia
Lorenzo ha ricondiviso questo.

mastodon - Collegamento all'originale

A malicious npm package is delivering the Coruna iOS exploit kit

Yes, that Coruna exploit kit! From Operation Triangulation

safedep.io/art-template-npm-su…

art-template npm Hijack Delivers iOS Browser Exploit Kit

art-template versions 4.13.3 through 4.13.6 were compromised via maintainer account takeover. The browser bundle injects scripts that deliver a full iOS exploit kit: WebAssembly type confusion, JIT heap spray, ASLR bypass via dyld cache parsing, and …
SafeDep - Real-time Open Source Software Supply Chain Security
Lorenzo ha ricondiviso questo.

mastodon - Collegamento all'originale

The Drupal security update is out

It's an SQLi that apparently impacts 5% of all Drupal sites out there

Most Drupal sites are also impacted by other security issues from Symfony and Twig, which Drupal also uses

drupal.org/sa-core-2026-004

Drupal core - Highly critical - SQL injection - SA-CORE-2026-004

Drupal core includes a database abstraction API to ensure that queries executed against the database are sanitized to prevent SQL injection attacks.
Drupal.org

reshared this

Lorenzo ha ricondiviso questo.

mastodon - Collegamento all'originale

I love it when there's a perfect 10 CVE, and there's PAGES of shit warning me about it, but ZERO FUCKING DETAILS for detection engineering.

Cisco is a master class example of this shit.

sec.cloudapps.cisco.com/securi…

Cisco Secure Workload Unauthorized API Access Vulnerability

A vulnerability in the access validation of internal REST APIs of Cisco Secure Workload could allow an unauthenticated, remote attacker to access site resources with the privileges of the Site Admin role.
sec.cloudapps.cisco.com
Questa voce è stata modificata (3 giorni fa)

reshared this

Lorenzo ha ricondiviso questo.

mastodon - Collegamento all'originale

PowerDNS Security Advisory 2026-06 for PowerDNS Authoritative Server
(aka PowerDNS Authoritative Server 4.9.15 & 5.0.5 released)

blog.powerdns.com/2026/05/20/p…

#dns #dnssec

PowerDNS Security Advisory 2026-06 for PowerDNS Authoritative Server

This is the release of Authoritative Server 5.0.5 and 4.9.15 (security release).
Peter van Dijk (Open-Xchange GmbH)
#DNS #dnssec

reshared this

Lorenzo ha ricondiviso questo.

mastodon - Collegamento all'originale

Our May 2026 maintenance releases of BIND 9 are available at isc.org/download : 9.18.49 and 9.20.23 (stable) and 9.21.22 (development). Packages and container images provided by ISC will be updated later today.

In addition to bug fixes and feature improvements, these releases also contain fixes for security vulnerabilities:

- kb.isc.org/docs/cve-2026-3039
- kb.isc.org/docs/cve-2026-3592
- kb.isc.org/docs/cve-2026-3593
- kb.isc.org/docs/cve-2026-5946
- kb.isc.org/docs/cve-2026-5947
- kb.isc.org/docs/cve-2026-5950

Downloads

ISC's software is open source and available for free
isc.org

reshared this

Lorenzo ha ricondiviso questo.

mastodon - Collegamento all'originale

The Drupal patches for that security bug will soon be out: x.com/drupalsecurity/status/20…

They are apparently related to Symfony issues: github.com/symfony/symfony/rel…

Releases · symfony/symfony

The Symfony PHP framework. Contribute to symfony/symfony development by creating an account on GitHub.
GitHub

reshared this

Lorenzo ha ricondiviso questo.

mastodon - Collegamento all'originale
GitHub was compromised via a VSCode extension on an employee's machine. Yikes on bikes. x.com/github/status/2056949168…

2056949168208552080

1/ We are sharing additional details regarding our investigation into unauthorized access to GitHub's internal repositories.Yesterday we detected and contained a compromise of an employee device involving a poisoned VS Code extension.
GitHub (X (formerly Twitter))

reshared this

Lorenzo ha ricondiviso questo.

mastodon - Collegamento all'originale

So I’ve just had a quick play with this and yes, it works. Essentially BitLocker has a backdoor. github.com/Nightmare-Eclipse/Y…

Mitigation = BitLocker PIN and BIOS password lock.

GitHub - Nightmare-Eclipse/YellowKey: YellowKey Bitlocker Bypass Vulnerability

YellowKey Bitlocker Bypass Vulnerability. Contribute to Nightmare-Eclipse/YellowKey development by creating an account on GitHub.
GitHub
in reply to Kevin Beaumont

mastodon - Collegamento all'originale

Torx

How long do users need to observe this whack-a-mole before switching the default OS to #BSD or #Linux?

If some really needs an MS-OS it can be installed to a VM. This mitigates the issues arising from using Windows on the bare metal. The main OS must provide the basic security and #Windows does not deserve more than a Guest-VM to exist in. Such a setup allows to fence it un, to firewall it off the rest.

#Windows #linux #bsd

friendica (DFRN) - Collegamento all'originale

Thunderbird 151 migliora autenticazione OAuth e gestione avanzata delle email

@GNU/Linux Italia

linuxeasy.org/thunderbird-151-…

Thunderbird 151 migliora OAuth, calendario, gestione email e stabilità con nuove funzioni per Linux, Windows e macOS.
L'articolo Thunderbird 151 migliora autenticazione OAuth e gestione avanzata delle email proviene da Linux Easy.
E' vietato

@GNU/Linux Italia

friendica (DFRN) - Collegamento all'originale

Firefox cresce in Europa grazie al DMA

@GNU/Linux Italia

linuxeasy.org/firefox-cresce-i…

Firefox cresce in Europa grazie al DMA: milioni di utenti scelgono alternative a Chrome e Safari sui dispositivi mobili.
L'articolo Firefox cresce in Europa grazie al DMA proviene da Linux Easy.
E' vietato riprodurre questo articolo senza autorizzazione.
Questo feed RSS è destinato

@GNU/Linux Italia
Lorenzo ha ricondiviso questo.

mastodon - Collegamento all'originale
The media in this post is not displayed to visitors. To view it, please go to the original post.

-Microsoft takes down MSaaS used by ransomware gangs
-CISA contractor leaks GovCloud keys
-Vulnerability exploitation is now the dominant entry vector
-Drupal readies security updates for "highly critical" bug
-Huawei zero-day behind Post Luxembourg hack
-ChimeraZ targets France
-RXNT breach impacts Congress
-7-Eleven confirms breach
-Musk loses OpenAI lawsuit
-Twitter limits visibility for non-paying users

Podcast: risky.biz/RBNEWS566/
Newsletter: news.risky.biz/risky-bulletin-…

Risky Bulletin: Microsoft takes down MSaaS used by ransomware gangs

In other news: CISA contractor leaks GovCloud keys; vulnerability exploitation is now the dominant entry vector; Drupal readies security updates for "highly critical" bug.
Catalin Cimpanu (Risky.Biz)

reshared this

in reply to Catalin Cimpanu

mastodon - Collegamento all'originale

Catalin Cimpanu

The media in this post is not displayed to visitors. To view it, please go to the original post.
-Discord rolls out E2EE
-Red Hat releases Hardened Images
-Firefox 151 is out
-Telcos form new ISAC
-Bitcoin Depot shuts down
-FBI looking to buy ALPR data
-Romanian military coup plotters used ChatGPT
-Operation Ramz arrests
-South Korea arrests SMS spammers
-Trapdoor ad fraud operation
-Storm-2949 profile
-MSHTA abuse on the rise
-Supply chain attack at AntV
-Another Steam game deployed malware
-Microsoft's DurableTask compromised on PyPI

Catalin Cimpanu reshared this.

in reply to Catalin Cimpanu

mastodon - Collegamento all'originale

Catalin Cimpanu

The media in this post is not displayed to visitors. To view it, please go to the original post.
-B1ack's Stash carding forum drops 4.6m cards
-New SHub Stealer variant
-New Banana RAT
-New WantToCry ransomware
-Malware reports on BadIIS, CrystalX RAT, PureLogs, DevilNFC and NFCMultiPay
-Linus is not a fan of AI-found bug reports
-New SonicWall exploitation
-New DirtyDecrypt vulnerability
-Unpatched ChromaDB and SGLang bugs
-GhostBranch and GhostTree techniques
-New AudioHijack technique

friendica (DFRN) - Collegamento all'originale

Ubuntu Core 26 porta più velocità e sicurezza su IoT ed edge

@GNU/Linux Italia

linuxeasy.org/ubuntu-core-26-v…

Ubuntu Core 26 arriva con update OTA più piccoli, Livepatch, OP-TEE e nuove ottimizzazioni per dispositivi IoT ed edge.
L'articolo Ubuntu Core 26 porta più velocità e sicurezza su IoT ed edge proviene da Linux Easy.
E' vietato riprodurre questo articolo

@GNU/Linux Italia
in reply to Catalin Cimpanu

mastodon - Collegamento all'originale

deliverator

flashbacks to "net C2 ISAC" from a previous life which seems to still be alive in some way maybe? canada.ca/en/public-services-p…

Network Command and Control Integrated Situational Awareness Capability - Canada.ca

P1 Consulting Inc. (P1 Consulting or fairness monitor) was engaged on September 1, 2017, as a fairness monitor (FM) to observe the procurement process for the Network Command and Control Integrated Situational Awareness Capability (Net C2 ISAC), issu…
www.canada.ca
Lorenzo ha ricondiviso questo.

mastodon - Collegamento all'originale

Drupal's security team has announced a critical patch for tomorrow

It expects exploitation

drupal.org/psa-2026-05-18

Upcoming highly critical release on May 20, 2026 - PSA-2026-05-18

There will be a Drupal core security release for all supported branches on May 20, 2026, between 17:00 and 21:00 UTC. (To see this in your local timezone, refer to the Drupal Core Calendar.
Drupal.org

reshared this

Lorenzo ha ricondiviso questo.

mastodon - Collegamento all'originale
The media in this post is not displayed to visitors. To view it, please go to the original post.

Microsoft takes down SignSpace Cloud, a service that sold digital signing certificates obtained through fake accounts on Microsoft's Artifact Signing service

This was broadly used by Rhysida and other ransomware groups

blogs.microsoft.com/on-the-iss…

Disrupting Fox Tempest: A cybercrime service that turned “verified” software into a pathway for ransomware 

Microsoft files legal case against Fox Tempest, a malware-signing service enabling cyberattacks by disguising malicious code as trusted software.
Steven Masada (Microsoft On the Issues)
Questa voce è stata modificata (4 giorni fa)

reshared this

friendica (DFRN) - Collegamento all'originale

GNOME 51 prepara il passaggio da System Monitor a Resources

@GNU/Linux Italia

linuxeasy.org/gnome-51-passagg…

GNOME 51 potrebbe sostituire System Monitor con Resources, una nuova app più moderna per il monitoraggio hardware e prestazioni.
L'articolo GNOME 51 prepara il passaggio da System Monitor a Resources proviene da Linux Easy.
E' vietato riprodurre questo

@GNU/Linux Italia
Lorenzo ha ricondiviso questo.

mastodon - Collegamento all'originale

LLMs that work with audio data are apparently vulnerable to attacks using human inaudible commands because nobody who put together that LLM thought to impose a limit to the human audible audio frequency spectrum

spectrum.ieee.org/voice-ai-aud…

Hidden Voice Glitches Could Hijack Audio AI Tools

Research shows sounds unheard by human ears can hijack models’ behavior
Edd Gent (IEEE Spectrum)
Lorenzo ha ricondiviso questo.

mastodon - Collegamento all'originale

Today is L0pht Day. In 1998 7 hackers in suits told the US Senate the internet was a house of cards. We said we could take it down in 30 minutes. They looked at us like we'd landed from another planet.

28 yrs later, the gap between what the security community knows and what decision-makers act on remains a fundamental problem.

Miss you, Peter Neumann. He testified that day too, with decades of hard-earned wisdom. We owe him.

The work isn't done. It never was.

#L0phtDay #InfoSec

#infosec #l0phtday
Lorenzo ha ricondiviso questo.

mastodon - Collegamento all'originale

The Verizon 2026 Data Breach Investigations Report, which everyone likes to cite, is out

verizon.com/business/resources…

2026 Data Breach Investigations Report (DBIR)

Read the complete 2026 Data Breach Investigations Report (DBIR) for an in-depth, authoritative analysis of the latest cyber threats, data breaches, and actionable cybersecurity risks.
Verizon Business

reshared this

Lorenzo ha ricondiviso questo.

mastodon - Collegamento all'originale

Security engineer Kabir Acharya has a good op-ed out on how frontier AI models have effectively killed the Capture-the-Flag competition scene, as most competitions don't measure human skill anymore

kabir.au/blog/the-ctf-scene-is…

The CTF scene is dead - kabir.au

Why frontier AI has broken the open CTF format, hollowed out the scoreboard, and made competitive CTF performance a weaker signal than it used to be.
kabir.au

reshared this

friendica (DFRN) - Collegamento all'originale

KDE supera i 55 milioni di linee di codice nella sua storia

@GNU/Linux Italia

linuxeasy.org/kde-supera-55-mi…

KDE supera 55 milioni di linee di codice nella sua storia Git, con oltre 8 milioni ancora presenti nei progetti attivi.
L'articolo KDE supera i 55 milioni di linee di codice nella sua storia proviene da Linux Easy.
E' vietato riprodurre questo articolo senza

@GNU/Linux Italia
Lorenzo ha ricondiviso questo.

mastodon - Collegamento all'originale

Pizza Hut's AI system caused 'cascading' problems and $100M in damages, franchisee alleges in new suit
businessinsider.com/pizza-hut-…

> A top Pizza Hut franchisee says the chain's rollout of an AI-powered delivery system turned once-speedy pizza orders into a cold, late-arriving mess — and cratered a business that had been outperforming nearly every other operator in the system.

:blobcatpopcornnom:

#AI #Hype

Pizza Hut franchisee says delivery drivers gamed its new AI system

Pizza Hut's AI-powered Dragontail system led to $100M in lost business, a franchisee says in a lawsuit over delivery delays.
Katherine Tangalakis-Lippert (Business Insider)
#ai #hype
in reply to Michał "rysiek" Woźniak · 🇺🇦

mastodon - Collegamento all'originale

Pete's Mom 🍉 🇺🇦 ☮️

So a couple of points from a non-techie:
1) thanks for posting this, these posts help me block more assholes
2) a corporation forced an AI system onto its franchisees without presumably ANY testing, which ultimately harmed franchisee owner's business(es) - correlation/causation and all that...
3) the purpose of corporate forcing AI onto its franchisees could only be for the purpose of "optimizing profits" which I hope we all know is Corpse speak for "exploit workers in pursuit of profits"
4) the backfire was the workers were able to exploit the dumbasses at corporate by using the AI for their benefit.
Im 100% with the workers on this and bravo to them 👏👏👏
And yes, the AI is what caused the issue as without it the issue wouldnt exist.

friendica (DFRN) - Collegamento all'originale

Firefox 151 migliora privacy, PDF e supporto hardware avanzato

@GNU/Linux Italia

linuxeasy.org/firefox-151-migl…

Firefox 151 porta backup profili su Linux, unione PDF integrata, nuove funzioni privacy e supporto Web Serial per microcontrollori.
L'articolo Firefox 151 migliora privacy, PDF e supporto hardware avanzato proviene da

@GNU/Linux Italia

reshared this

Lorenzo ha ricondiviso questo.

mastodon - Collegamento all'originale

The group that was planning a military coup in Romania last year to back a pro-Kremlin candidate was using ChatGPT to translate text from Romanian to Russian, and even got a meeting with Russian FSB Director Alexander Bortnikov

libertatea.ro/stiri/proces-tra…

proces-tradare-suveranisti-comandamentul-vlad-tepes-chatgpt-pentru-gasi-om-legatura-rusia-5739117

www.libertatea.ro

reshared this

Lorenzo ha ricondiviso questo.

mastodon - Collegamento all'originale

📺 Between Two Nerds: Russia's hacker university

risky.biz/video/between-two-ne…

Between Two Nerds: Russia's hacker university - Risky Business Media

In this edition of Between Two Nerds Tom Uren and The Grugq look at Department 4 of Bauman Moscow State Technical University where student [Read More]
risky.biz

reshared this

friendica (DFRN) - Collegamento all'originale

Mozilla difende le VPN contro le restrizioni Inglesi

@GNU/Linux Italia

linuxeasy.org/mozilla-difende-…

Mozilla critica le possibili restrizioni VPN nel Regno Unito e avverte sui rischi per privacy, sicurezza e libertà digitale.
L'articolo Mozilla difende le VPN contro le restrizioni Inglesi proviene da Linux Easy.
E' vietato riprodurre questo articolo senza

@GNU/Linux Italia