Recent searches

No recent searches

Search options

Only available when logged in.
digitalcourage.social is one of the many independent Mastodon servers you can use to participate in the fediverse.
Diese Instanz wird betrieben von Digitalcourage e.V. für die Allgemeinheit. Damit wir das nachhaltig tun können, erheben wir einen jährlichen Vorausbeitrag von 1€/Monat per SEPA-Lastschrifteinzug.

Administered by:

Server stats:

832
active users

digitalcourage.social: AboutStatusProfiles directoryPrivacy policy

Mastodon: AboutGet the appKeyboard shortcutsView source codev4.4.3

#vulnerability

104 posts26 participants14 posts today
BeyondMachines :verified:

Google releases Chrome emergency update; patches four vulnerabilities, one actively exploited

Google released an emergency Chrome update on September 17, 2025, patching four high-severity vulnerabilities including an actively exploited zero-day (CVE-2025-10585) in the V8 JavaScript engine that enables arbitrary code execution through malicious websites.

**Once again - an urgent patch for Chrome - Google is patching an actively exploited flaw in Chrome, and exploitation is just a visit to a malicious site. DONT WAIT! Update all your Chrome and Chromium browsers (Edge, Opera, Brave, Vivaldi...). Updating the browser is easy, all your tabs reopen after the patch.**
#cybersecurity #infosec #advisory #vulnerability
beyondmachines.net/event_detai

BeyondMachinesGoogle releases Chrome emergency update; patches four vulnerabilities, one actively exploitedGoogle released an emergency Chrome update on September 17, 2025, patching four high-severity vulnerabilities including an actively exploited zero-day (CVE-2025-10585) in the V8 JavaScript engine that enables arbitrary code execution through malicious websites.
GAI NetConsult

🔎 𝗩𝘂𝗹𝗻𝗲𝗿𝗮𝗯𝗶𝗹𝗶𝘁𝘆 𝗶𝗻 𝗦𝗶𝗲𝗺𝗲𝗻𝘀 𝗦𝗜𝗣𝗥𝗢𝗧𝗘𝗖 𝟱 𝗜𝗱𝗲𝗻𝘁𝗶𝗳𝗶𝗲𝗱

Our Technical Security Audit team has identified a vulnerability in 𝗦𝗶𝗲𝗺𝗲𝗻𝘀 𝗦𝗜𝗣𝗥𝗢𝗧𝗘𝗖 𝟱 𝗱𝗲𝘃𝗶𝗰𝗲𝘀:
⚠️ The USB port may allow attacks due to improper bandwidth limitation.

📌 Description:
Affected SIPROTEC 5 devices do not properly limit the bandwidth for incoming network packets over their local USB port. This could allow an attacker with physical access to send specially crafted packets with high bandwidth to the affected devices thus forcing them to exhaust their memory and stop responding to any network traffic via the local USB port. Affected devices reset themselves automatically after a successful attack. During this restart the protection function is not available.

📄 The full advisory is available here: gai-netconsult.de/wp-content/u

⚠️ Please follow the manufacturer’s guidance and updates.

🌐 An overview of further advisories can be found on our website: www.gai-netconsult.de/advisories

👏 Congratulations to our colleagues 𝗠𝗮𝗿𝗰 𝗖𝘂𝗻𝘆 and 𝗧𝗼𝗿𝗮𝗹𝗳 𝗚𝗶𝗺𝗽𝗲𝗹 for this discovery.

#CyberSecurity#SecurityAdvisory#Vulnerability
BeyondMachines :verified:

WatchGuard Firebox vulnerability allows remote code execution

WatchGuard Technologies patched a critical unauthenticated remote code execution vulnerability (CVE-2025-9242) in its Firebox firewall appliances that allows attackers to compromise systems by sending crafted data to the IKE protocol handler used for VPN connections. The flaw affects multiple Firebox models running various Fireware OS versions.

**If you're using WatchGuard Firebox firewalls, immediately upgrade to the latest patched versions (2025.1.1, 12.11.4, or appropriate version for your model) because your firewall has a vulnerability that can be attacked remotely. Isolating doesn't really help since these devices are designed to face the internet. If you're running unsupported 11.x versions, either migrate to supported firmware immediately or shut down these devices since no patches are available.**
#cybersecurity #infosec #advisory #vulnerability
beyondmachines.net/event_detai

BeyondMachinesWatchGuard Firebox vulnerability allows remote code executionWatchGuard Technologies patched a critical unauthenticated remote code execution vulnerability (CVE-2025-9242) in its Firebox firewall appliances that allows attackers to compromise systems by sending crafted data to the IKE protocol handler used for VPN connections. The flaw affects multiple Firebox models running various Fireware OS versions.
Karl Voit :emacs: :orgmode:

"While preparing for my Black Hat and DEF CON talks in July of this year, I found the most impactful #EntraID #vulnerability that I will probably ever find. This vulnerability could have allowed me to compromise every Entra ID tenant in the world (except probably those in national cloud deployments). If you are an Entra ID admin reading this, yes that means complete access to your tenant." 😲

dirkjanm.io/obtaining-global-a

dirkjanm.io · One Token to rule them all - obtaining Global Admin in every Entra ID tenant via Actor tokensWhile preparing for my Black Hat and DEF CON talks in July of this year, I found the most impactful Entra ID vulnerability that I will probably ever find. One that could have allowed me to compromise every Entra ID tenant in the world (except probably those in national cloud deployments). If you are an Entra ID admin reading this, yes that means complete access to your tenant. The vulnerability consisted of two components: undocumented impersonation tokens that Microsoft uses in their backend for service-to-service (S2S) communication, called “Actor tokens”, and a critical vulnerability in the (legacy) Azure AD Graph API that did not properly validate the originating tenant, allowing these tokens to be used for cross-tenant access.
#Microsoft#security#Cloud
Pyrzout :vm:

Shai-Hulud Worm Infects Over 500 NPM Packages in Sophisticated Supply Chain Attack dailydarkweb.net/shai-hulud-wo #Vulnerability

Daily Dark WebShai-Hulud Worm Infects Over 500 NPM Packages in Sophisticated Supply Chain Attack - Daily Dark WebShai-Hulud Worm Infects Over 500 NPM Packages in Sophisticated Supply Chain Attack Discover the latest security threats and database leaks, including unauthorized VPN access and email breaches, in the cyber underground world.Stay informed about emerging cyber threats, such as unauthorized access to databases and sensitive information leaks, affecting global companies and organizations.Learn about the latest cyber incidents, including DDoS attacks and malware threats targeting cryptocurrency wallets and financial institutions.
BeyondMachines :verified:

Apple releases security updates for iOS 18.7, macOS, iPadOS, and releases iOS 26 and macOS 26

Apple released critical security updates for iOS, iPadOS, and macOS addressing CVE-2025-43300, an actively exploited zero-day vulnerability in the ImageIO framework that was chained with a WhatsApp flaw in sophisticated spyware attacks targeting fewer than 200 high-profile individuals globally. The updates patch 13 additional vulnerabilities including privilege escalation flaws.

**Another big OS release from Apple. If you haven't updated your Apple devices with the emergency patch, update now to fix the exploited CVE-2025-43300. Even if you did patch, the regular update is a smart choice. Maybe wait and don't install iOS 26/ macOS Tahoe 26 until immediately, wait a month so you can see if anything bad happens.**
#cybersecurity #infosec #advisory #vulnerability
beyondmachines.net/event_detai

BeyondMachinesApple releases security updates for iOS 18.7, macOS, iPadOS, and releases iOS 26 and macOS 26Apple released critical security updates for iOS, iPadOS, and macOS addressing CVE-2025-43300, an actively exploited zero-day vulnerability in the ImageIO framework that was chained with a WhatsApp flaw in sophisticated spyware attacks targeting fewer than 200 high-profile individuals globally. The updates patch 13 additional vulnerabilities including privilege escalation flaws.
TrendingLive feeds
About