Create accountLogin

Recent searches

No recent searches

Search options

Only available when logged in.
en.osm.town is one of the many independent Mastodon servers you can use to participate in the fediverse.
An independent, community of OpenStreetMap people on the Fediverse/Mastodon. Funding graciously provided by the OpenStreetMap Foundation.

Administered by:

Server stats:

250
active users

en.osm.town: AboutProfiles directoryPrivacy policy

Mastodon: AboutGet the appKeyboard shortcutsView source codev4.3.7

#vulnerabilities

4 posts4 participants0 posts today
Public
knoppix

Researchers have revealed that defenses against "juice jacking" on #iOS and #Android can be easily bypassed.

Malicious chargers exploit #USB #vulnerabilities to steal #data.

The new "ChoiceJacking" technique allows attackers to #spoof user consent and access sensitive files.

Avoid using public charging USB ports to #protect your data.

arstechnica.com/security/2025/

Ars Technica · iOS and Android juice jacking defenses have been trivial to bypass for yearsBy Dan Goodin
#Technology#Tech#TechNews
Public
Xavier «X» Santolaria :verified_paw: :donor:

📨 Latest issue of my curated #cybersecurity and #infosec list of resources for week #17/2025 is out!

It includes the following and much more:

🇺🇸 👋🏻 Two top officials from #CISA resigned;

🇺🇸 💬 U.S. Defense Secretary Pete Hegseth caught in another information leak;

📊 Yearly Threat Intelligence Reports Released;

🇺🇸 💸 U.S. lost record $16.6 billion to #cybercrime in 2024;

🇺🇸 5.5 Million Patients Affected by #DataBreach at Yale New Haven Health;

🐛 💥 VulnCheck spotted 159 actively exploited #vulnerabilities in first few months of 2025;

🇺🇸 🇨🇳 FBI is seeking public help to identify Chinese hackers known as #SaltTyphoon and offers $10 million reward;

Subscribe to the #infosecMASHUP newsletter to have it piping hot in your inbox every week-end ⬇️

infosec-mashup.santolaria.net/

Two top officials from CISA resigned; U.S. Defense Secretary Pete Hegseth caught in another information leak; Yearly Threat Intelligence Reports Released; U.S. lost record $16.6 billion to cybercrime in 2024; 5.5 Million Patients Affected by Data Breach at Yale New Haven Health; VulnCheck spotted 159 actively exploited vulnerabilities in first few months of 2025; FBI is seeking public help to identify Chinese hackers known as Salt Typhoon and offers $10 million reward;
X’s InfoSec Newsletter🕵🏻‍♂️ [InfoSec MASHUP] 16/2025Two top officials from CISA resigned; U.S. Defense Secretary Pete Hegseth caught in another information leak; Yearly Threat Intelligence Reports Released; U.S. lost record $16.6 billion to cybercrime in 2024; 5.5 Million Patients Affected by Data Breach at Yale New Haven Health; VulnCheck spotted 159 actively exploited vulnerabilities in first few months of 2025; FBI is seeking public help to identify Chinese hackers known as Salt Typhoon and offers $10 million reward;
Public
gcve.eu

The digital signature of the directory file was added in response to requests from various open-source developers and GNAs.

#cve #gcve #vulnerabilities #opensource

🔗 FAQ gcve.eu/faq/#q13-is-the-json-f
🔗 Directory file gcve.eu/dist/

gcve.euFAQGCVE Frequently Asked Questions (FAQ)Q1: What is GCVE? A: GCVE (Global CVE Allocation System) is a new, decentralized system for identifying and numbering security vulnerabilities. It aims to increase flexibility, scalability, and autonomy for organizations involved in vulnerability management, while remaining compatible with the traditional CVE® system. Q2: How is GCVE different from the traditional CVE system? A: The main difference is decentralization. GCVE introduces GCVE Numbering Authorities (GNAs), which are independent entities that can allocate GCVE identifiers without needing blocks pre-allocated from a central authority or adhering strictly to centrally enforced policies. The traditional CVE system typically relies on a more centralized structure for ID allocation and policy.
Public
PrivacyDigest

'Stupid and Dangerous': #CISA Funding Chaos Threatens Essential #Cybersecurity Program

The #CVE Program is the primary way software #vulnerabilities are tracked. Its long-term future remains in limbo even after a last-minute renewal of the US government contract that funds it.

wired.com/story/cve-program-ci

WIRED · ‘Stupid and Dangerous’: CISA Funding Chaos Threatens Essential Cybersecurity ProgramBy Lily Hay Newman
Public
thereisnoanderson

NEW - ⛸️🧱🖥️

DCG Domain Blocklist available - last updated 2025/04/14

1692406 - Domains blocked with that build !

🦜
🐻
Supercharging your content blocker to increase privacy and security.

All available lists:
- uBlockOrigin
- Hosts format & Hosts format with wildcards
- dnsmasq with wildcards

🌳
Ready to use lists combined from many permissively licensed sources.

divested.dev/pages/dnsbl

#divested #DivestedComputingGroup

#DCG

#fsf #FUTO #Fedora #codeberg #hardening #linuxtech #cybersec #cybersecurity #infosec #antivirus #hackernews
#opensource #linuxsecurity #vulnerabilities #vulnerability #alpinelinux #router #skynet #foss #freeyourmind

divested.devDnsbl - Divested Computing
Public
thereisnoanderson

NEW - ⛸️🧱🖥️

DCG Domain Blocklist available - last updated 2025/04/08

1689244 - Domains blocked with that build !

🦜
🐻
Supercharging your content blocker to increase privacy and security.

All available lists:
- uBlockOrigin
- Hosts format & Hosts format with wildcards
- dnsmasq with wildcards

🌳
Ready to use lists combined from many permissively licensed sources.

divested.dev/pages/dnsbl

#divested #DivestedComputingGroup

#DCG

#fsf #FUTO #Fedora #codeberg #hardening #linuxtech #cybersec #cybersecurity #infosec #antivirus #hackernews
#opensource #linuxsecurity #vulnerabilities #vulnerability #alpinelinux #router #skynet #foss #freeyourmind

divested.devDnsbl - Divested Computing
Public *
thereisnoanderson

NEW - 🛡️ 🖥️ 🛡️

DCG Brace Build 2025/04/04 - 1

Release Note: Fix bluetooth on F42

🦜
🐻
Toolkit compatible with multiple Linux distros that allows for installation of handpicked applications, along with corresponding configs that have been tuned for reasonable privacy and security.

🌳
Compatibility:
Arch Linux
CentOS 9/Stream
Debian 12
Fedora 39/40/41 (preferred)
openSUSE Tumbleweed
🌳
codeberg.org/divested/brace

#divested
#DivestedComputingGroup
🌳
#fsf #FUTO #Fedora #codeberg #hardening #linuxtech #cybersec #cybersecurity #infosec #antivirus
#opensource #linuxsecurity #vulnerabilities #vulnerability #alpinelinux #skynet #foss #freeyourmind

Summary card of repository divested/brace
Codeberg.orgbraceToolkit compatible with multiple Linux distros that allows for installation of handpicked applications, along with corresponding configs that have been tuned for reasonable privacy and security.
Public
Xavier «X» Santolaria :verified_paw: :donor:

📨 Latest issue of my curated #cybersecurity and #infosec list of resources for week #13/2025 is out!

It includes the following and much more:

➝ DNA of 15 Million People for Sale in #23andMe Bankruptcy,

#Trump administration accidentally texted a journalist its war plans,

➝ Critical Ingress #NGINX controller vulnerability allows RCE without authentication,

#Cyberattack hits Ukraine's state railway,

➝ Troy Hunt's Mailchimp account was successfully phished,

#OpenAI Offering $100K Bounties for Critical #Vulnerabilities,

#Meta AI is now available in #WhatsApp for users in 41 European countries... and cannot be turned off

Subscribe to the #infosecMASHUP newsletter to have it piping hot in your inbox every week-end ⬇️

infosec-mashup.santolaria.net/

DNA of 15 Million People for Sale in 23andMe Bankruptcy, Trump administration accidentally texted a journalist its war plans, Critical Ingress NGINX controller vulnerability allows RCE without authentication, Cyberattack hits Ukraine's state railway, Troy Hunt's Mailchimp account was successfully phished, OpenAI Offering $100K Bounties for Critical Vulnerabilities, Meta AI is now available in WhatsApp for users in 41 European countries... and cannot be turned off
X’s InfoSec Newsletter🕵🏻‍♂️ [InfoSec MASHUP] 13/2025DNA of 15 Million People for Sale in 23andMe Bankruptcy, Trump administration accidentally texted a journalist its war plans, Critical Ingress NGINX controller vulnerability allows RCE without authentication, Cyberattack hits Ukraine's state railway, Troy Hunt's Mailchimp account was successfully phished, OpenAI Offering $100K Bounties for Critical Vulnerabilities, Meta AI is now available in WhatsApp for users in 41 European countries... and cannot be turned off
Public
George Ellenburg (he/him/his)

Can't wait for all the #bugs, #security holes, and #vulnerabilities that will inevitably come out because people are just letting some prediction engine write their code for them and aren't reviewing the code or the logic being inserted into it. #AI #LLM #Vibe #SoftwareDevelopment #CI

https://developers.slashdot.org/story/25/03/18/1428226/vibe-coding-is-letting-10-engineers-do-the-work-of-a-team-of-50-to-100-says-yc-ceo

developers.slashdot.org'Vibe Coding' is Letting 10 Engineers Do the Work of a Team of 50 To 100, Says YC CEO - SlashdotY Combinator CEO Garry Tan said startups are reaching $1-10 million annual revenue with fewer than 10 employees due to "vibe coding," a term coined by OpenAI cofounder Andrej Karpathy in February. "You can just talk to the large language models and they will code entire apps," Tan told CNBC (video...
Public
Benjamin Carr, Ph.D. 👨🏻‍💻🧬

#China Cyber Espionage Group #UNC3886 Backdoored #Juniper Routers
UNC3886 hackers target Juniper routers with custom backdoor malware, exploiting outdated systems for stealthy access and espionage. Learn how to stay protected.
#JuniperMX routers running outdated hardware and software, using EOL configurations, were easier targets due to #vulnerabilities in their security systems. The #malware leveraged Junos OS’s Veriexec, a file integrity monitor, to avoid detection.
hackread.com/chinese-group-unc

Hackread - Latest Cybersecurity, Tech, AI, Crypto & Hacking News · Chinese Cyber Espionage Group UNC3886 Backdoored Juniper RoutersFollow us on Bluesky, Twitter (X) and Facebook at @Hackread
ExploreLive feeds
About