home.social

#cyber-security — Public Fediverse posts

Live and recent posts from across the Fediverse tagged #cyber-security, aggregated by home.social.

fetched live
  1. 🟠 CVE-2026-56690 - High (8.5)

    Dell PowerFlex Manager, Version prior to 5.1.0.1, contain(s) an Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability. A low privileged attacker with remote access could potentially exploit this vulnera...

    🔗 thehackerwire.com/vulnerabilit

    #CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

  2. 🟠 CVE-2026-56689 - High (7.7)

    Dell PowerFlex Manager, Version prior to 5.1.0.1, contain(s) an Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability. A low privileged attacker with remote access could potentially exploit this vulnera...

    🔗 thehackerwire.com/vulnerabilit

    #CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

  3. 🔴 CVE-2026-56688 - Critical (9.1)

    Dell PowerFlex Manager, Version prior to 5.1.0.1, contain(s) an Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability. A high privileged attacker with remote access could potentially exploit this ...

    🔗 thehackerwire.com/vulnerabilit

    #CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

  4. [BLOG] I have to admit: A product manager told me they were "excited for the security review". Yes, excited.

    First, I thought I misheard something. But then I realized: This wasn’t about the review itself, it was about the way that we do this in our team.

    Read what we did: stephanwiefling.de/2026/07/12/

    #CyberSecurity #Security #InfoSec #UX #HCI #Research #Technology #Usability

  5. I plan to share more insights on research that influences my daily work as a Usable Security Consultant at a large company (>45M customers).

    Is this the kind of content you find valuable? Let me know (over here or on my other channels). Your feedback will be much appreciated.

    #CyberSecurity #InfoSec #UX #HCI #Technology #Research

  6. ISO 9001 is the internationally recognized standard for Quality Management Systems (QMS). It provides a framework for organizations to ensure they consistently deliver products and services that meet customer and regulatory requirements while driving continual improvement.

    #cybersecurity #governance #risk #technology #gaming #programming #ai #business #engineering

    Link: blackcatwhitehatsecurity.com

  7. ISO 9001 is the internationally recognized standard for Quality Management Systems (QMS). It provides a framework for organizations to ensure they consistently deliver products and services that meet customer and regulatory requirements while driving continual improvement.

    #cybersecurity #governance #risk #technology #gaming #programming #ai #business #engineering

    Link: blackcatwhitehatsecurity.com

  8. #chrome extension StreamTube Proxy seems malicious. Its #cybersecurity badness score is 86/100!

    ```json
    {"id": "epkcfhiniijndongcpclcfogmbpphfga", "score": 86, "platform": "chrome", "name": "StreamTube Proxy"}
    ```

  9. #chrome extension StreamTube Proxy seems malicious. Its #cybersecurity badness score is 86/100!

    ```json
    {"id": "epkcfhiniijndongcpclcfogmbpphfga", "score": 86, "platform": "chrome", "name": "StreamTube Proxy"}
    ```

  10. #chrome extension Wasabi Green seems malicious. Its #cybersecurity badness score is 86/100!

    ```json
    {"id": "cmmmdabkpngbahdopboaojncapjkifhp", "score": 86, "platform": "chrome", "name": "Wasabi Green"}
    ```

  11. #chrome extension Wasabi Green seems malicious. Its #cybersecurity badness score is 86/100!

    ```json
    {"id": "cmmmdabkpngbahdopboaojncapjkifhp", "score": 86, "platform": "chrome", "name": "Wasabi Green"}
    ```

  12. 🚨 New article: A Crypto Extortion Scam Analysis: How Fear Is Used to Trick Victims

    A fake Bitcoin extortion email can look scary, especially when scammers include old leaked passwords or personal details. I analyzed the methods they use, the psychology behind these attacks, and how to stay protected.

    Don’t let fear make decisions for you. Learn how these scams work:

    peakd.com/crypto/@rubenstorm/a

    #CyberSecurity #Privacy #Bitcoin #CryptoScams #Phishing #infosec

  13. 🚨 New article: A Crypto Extortion Scam Analysis: How Fear Is Used to Trick Victims

    I received a Bitcoin extortion email and decided to analyze the tactics behind it. These scams often rely on fear, leaked passwords from old data breaches, fake claims, and social engineering tricks to pressure victims into paying.

    In this article, I break down how these attacks work, what scammers are trying to achieve, how to recognize the warning signs, and what steps you can take to protect your accounts and personal data.

    Knowledge and preparation are some of the best defenses against online manipulation.

    Read the full analysis:

    peakd.com/crypto/@rubenstorm/a

    #CyberSecurity #Privacy #Bitcoin #CryptoScams #Phishing #DataBreaches #OpenSource #Decentralization #InfoSec #CyberAwareness

  14. Der CCC hat schwerwiegende Sicherheitslücken in Hoymiles-Wechselrichtern (Balkonkraftwerke, kleine PV-Anlagen) veröffentlicht. Die Geräte kommunizieren unverschlüsselt per Funk. Fernsteuerung, Firmware-Manipulation und physische Zerstörung sind ohne Authentifizierung möglich. Hoymiles hat keinen Patch geliefert. #CCC #IoT #Cybersecurity #Solarenergie #Hoymiles #ITSecurity #Energiewende #PVAnlagen

  15. Datenpanne beim Lidl-Shop: Kundendaten wurden nicht über Lidl selbst gestohlen, sondern über einen externen IT-Dienstleister. Betroffen: Namen, E-Mails, Telefonnummern, Geburtsdaten. Lidl hat die Datenschutzbehörde informiert und betroffene Kunden angeschrieben. Drittanbieter-Risiken sind einer der größten blinden Flecken in der Unternehmenssicherheit. Die eigene DSGVO-Compliance nützt wenig, wenn Dienstleister nicht dieselben Standards einhalten. #Datenschutz #Cybersecurity #Lidl #ITSicherheit

  16. #LLRX #CyberSecurity @bespacific

    Pete Recommends – Weekly highlights on cyber security issues, July 11, 2026

    Six highlights from this week: Every Way #Meta Tracks You, and How to Fight Back; #AI Agents Can Be Tricked Into Stealing Your Files, Researchers; All Cars Sold in the #EU Now Require a Camera Aimed at Your Face. It’s Still Not Clear Where That Data Goes; Unpatched Flaws Disclosed in Filesystem Bundled Into Millions of #Embedded_systems Devices; and #Wikipedia Is Battling for the Soul of the Internet.

    Posted in: AI, #Courts & Technology, #Cryptocurrency, Cyberlaw, Cybersecurity, Privacy

    llrx.com/2026/07/pete-recommen

  17. 📰 Novel 'Ghostcommit' Attack Hides Malicious Prompts in PNG Files to Fool AI Agents

    👻 New 'Ghostcommit' attack hides malicious prompts inside PNG files to bypass AI code reviewers. The technique tricks AI agents into reading .env files and leaking secrets. #SupplyChain #AIsafety #PromptInjection #CyberSecurity

    🌐 cyber[.]netsecops[.]io

    🔗 cyber.netsecops.io/articles/gh

  18. 🟠 CVE-2026-56241 - High (8.3)

    Capgo before 12.128.2 contains a privilege escalation vulnerability where demoted super_admin users retain access to delete_non_compliant_bundles and count_non_compliant_bundles RPCs due to stale org_users.user_right column not being cleared durin...

    🔗 thehackerwire.com/vulnerabilit

    #CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

  19. 🟠 CVE-2026-56238 - High (7.5)

    Capgo before 12.128.2 contains an information disclosure vulnerability in the Supabase PostgREST global_stats endpoint that allows unauthenticated attackers to read sensitive financial and operational metrics using only the public apikey. Remote a...

    🔗 thehackerwire.com/vulnerabilit

    #CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

  20. 🟠 CVE-2026-59260 - High (8.8)

    OpenWrt luci-app-samba4 read ACL grants file.exec permission on /usr/sbin/smbd, allowing authenticated delegated users to execute the Samba daemon with caller-controlled command-line arguments. Attackers can pass arbitrary Samba global options suc...

    🔗 thehackerwire.com/vulnerabilit

    #CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

  21. 🟠 CVE-2026-56313 - High (8.1)

    Capgo before 12.128.2 contains a cross-organization account disruption vulnerability in the SSO prelink endpoint that allows enterprise administrators to delete password identities of users in foreign organizations. Attackers with org.update_setti...

    🔗 thehackerwire.com/vulnerabilit

    #CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

  22. SMBv1 is still running in your network. That 2005 scanner is a ransomware door. Disable it today before WannaCry comes back for round two. Here's how to find and kill it. #CyberSecurity #Windows #SysAdmin

    valtersit.com/guides/security/

  23. 🚨 EUVD-2026-43237

    📊 Score: 5.3/10 (CVSS v3.1)
    📦 Product: AstrBot, AstrBot, AstrBot
    🏢 Vendor: AstrBotDevs
    📅 Updated: 2026-07-12

    📝 A security vulnerability has been detected in AstrBotDevs AstrBot up to 4.25.2. Affected by this issue is the function ToolsRoute.test_mcp_connection of the file astrbot/dashboard/routes/tools.py of the component MCP Test Endpoint. The ...

    🔗 euvd.enisa.europa.eu/vulnerabi

    #cybersecurity #infosec #euvd #cve #vulnerability

  24. 🚨 EUVD-2026-43237

    📊 Score: 5.3/10 (CVSS v3.1)
    📦 Product: AstrBot, AstrBot, AstrBot
    🏢 Vendor: AstrBotDevs
    📅 Updated: 2026-07-12

    📝 A security vulnerability has been detected in AstrBotDevs AstrBot up to 4.25.2. Affected by this issue is the function ToolsRoute.test_mcp_connection of the file astrbot/dashboard/routes/tools.py of the component MCP Test Endpoint. The ...

    🔗 euvd.enisa.europa.eu/vulnerabi

    #cybersecurity #infosec #euvd #cve #vulnerability

  25. 🔴 CVE-2026-56271 - Critical (9.8)

    Flowise before 3.1.0 (affected versions 3.0.13 and earlier) uses weak hardcoded default JWT secrets ('auth_token', 'refresh_token') and default audience and issuer values ('AUDIENCE', 'ISSUER') in the enterprise passport authentication middleware ...

    🔗 thehackerwire.com/vulnerabilit

    #CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

  26. 🚨 EUVD-2026-43238

    📊 Score: 5.3/10 (CVSS v3.1)
    📦 Product: Antaris
    🏢 Vendor: AojiaoZero
    📅 Updated: 2026-07-12

    📝 A vulnerability was detected in AojiaoZero Antaris 1.0. This affects the function _rewardPurchase of the file /ipn.php of the component PayPal IPN Payment Handler. The manipulation of the argument item_number results in sql injection. The attack may be pe...

    🔗 euvd.enisa.europa.eu/vulnerabi

    #cybersecurity #infosec #euvd #cve #vulnerability

  27. 🚨 EUVD-2026-43238

    📊 Score: 5.3/10 (CVSS v3.1)
    📦 Product: Antaris
    🏢 Vendor: AojiaoZero
    📅 Updated: 2026-07-12

    📝 A vulnerability was detected in AojiaoZero Antaris 1.0. This affects the function _rewardPurchase of the file /ipn.php of the component PayPal IPN Payment Handler. The manipulation of the argument item_number results in sql injection. The attack may be pe...

    🔗 euvd.enisa.europa.eu/vulnerabi

    #cybersecurity #infosec #euvd #cve #vulnerability

  28. 🔴 CVE-2026-56260 - Critical (9.1)

    Crawl4AI before 0.8.7 contains an arbitrary file write vulnerability in the Docker API server's /screenshot and /pdf endpoints. The output_path parameter accepts arbitrary filesystem paths without validation, allowing an attacker to supply absolut...

    🔗 thehackerwire.com/vulnerabilit

    #CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

  29. #chrome extension Notepod seems malicious. Its #cybersecurity badness score is 87/100!

    ```json
    {"id": "kknogmdgneomcbjjjnobfaonolnbkjah", "score": 87, "platform": "chrome", "name": "Notepod"}
    ```

  30. #chrome extension Notepod seems malicious. Its #cybersecurity badness score is 87/100!

    ```json
    {"id": "kknogmdgneomcbjjjnobfaonolnbkjah", "score": 87, "platform": "chrome", "name": "Notepod"}
    ```

  31. Oh, the epic tale of stumbling upon a prehistoric router's firmware as if it were the Holy Grail 🏺. MrBruh embarks on a noble quest to prove that even Motorola's fossils can be hacked like a 90s hacker movie 🎬. Spoiler alert: turns out, security isn't Motorola's strong suit. Shocking! 🚨
    mrbruh.com/motorola/ #prehistoricrouter #MotorolaFirmware #hacking #90shackermovie #cybersecurity #epicquest #HackerNews #ngated