home.social

#cyber-security β€” Public Fediverse posts

Live and recent posts from across the Fediverse tagged #cyber-security, aggregated by home.social.

fetched live
  1. Frappe: 71 CVEs, 84% unpatched. Avg CVSS 6.67, max 9.9. Top flaw: SQL injection (CWE-89). Trust Score: C. Open source needs vigilance. #Frappe #infosec #cybersecurity

    valtersit.com/vendors/frappe/

  2. United HealthCare Services Reports Data Breach Affecting Over 34,000 Individuals

    United HealthCare Services Inc. disclosed a data breach involving a network server that exposed the protected health information of 34,574 individuals. The breach was reported to federal authorities in June 2026.

    ****
    #cybersecurity #infosec #incident #databreach
    beyondmachines.net/event_detai

  3. United HealthCare Services Reports Data Breach Affecting Over 34,000 Individuals

    United HealthCare Services Inc. disclosed a data breach involving a network server that exposed the protected health information of 34,574 individuals. The breach was reported to federal authorities in June 2026.

    ****
    #cybersecurity #infosec #incident #databreach
    beyondmachines.net/event_detai

  4. One week from today will be the 3rd Thursday of the month, and that means time to meet up for @BurbSecWest, this month sponsored by DTEX! I look forward to seeing everyone out there. Details for where and when are available here: burbsec.com/west/, but the TLDR version is 6:00pm at Granite City, Naperville.

    I look forward to seeing you there.

    #BurbSecWest
    #Naperville
    #Cybersecurity
    #Socializing

  5. One week from today will be the 3rd Thursday of the month, and that means time to meet up for @BurbSecWest, this month sponsored by DTEX! I look forward to seeing everyone out there. Details for where and when are available here: burbsec.com/west/, but the TLDR version is 6:00pm at Granite City, Naperville.

    I look forward to seeing you there.

    #BurbSecWest
    #Naperville
    #Cybersecurity
    #Socializing

  6. 🚨 EUVD-2026-42591

    πŸ“Š Score: 9.2/10 (CVSS v3.1)
    πŸ“¦ Product: acymailing.com AcyMailing extension for Joomla
    🏒 Vendor: acymailing.com
    πŸ“… Updated: 2026-07-09

    πŸ“ A SQLi vulnerability in AcyMailing component < 10.11.1 for Joomla was discovered. Exploiting this flaw can lead to unauthorized database access and data leakage.

    πŸ”— euvd.enisa.europa.eu/vulnerabi

    #cybersecurity #infosec #euvd #cve #vulnerability

  7. 🚨 EUVD-2026-42591

    πŸ“Š Score: 9.2/10 (CVSS v3.1)
    πŸ“¦ Product: acymailing.com AcyMailing extension for Joomla
    🏒 Vendor: acymailing.com
    πŸ“… Updated: 2026-07-09

    πŸ“ A SQLi vulnerability in AcyMailing component < 10.11.1 for Joomla was discovered. Exploiting this flaw can lead to unauthorized database access and data leakage.

    πŸ”— euvd.enisa.europa.eu/vulnerabi

    #cybersecurity #infosec #euvd #cve #vulnerability

  8. 🚨 EUVD-2026-42592

    πŸ“Š Score: 5.4/10 (CVSS v3.1)
    πŸ“¦ Product: OKRs & Goals
    🏒 Vendor: Twiser Informatics Technology Consulting, Trade and Education Inc.
    πŸ“… Updated: 2026-07-09

    πŸ“ Improper neutralization of input during web page generation ('cross-site scripting') vulnerability in Twiser Informatics Technology Consulting, Trade and Education Inc. OKRs & Goals allows Store...

    πŸ”— euvd.enisa.europa.eu/vulnerabi

    #cybersecurity #infosec #euvd #cve #vulnerability

  9. 🚨 EUVD-2026-42592

    πŸ“Š Score: 5.4/10 (CVSS v3.1)
    πŸ“¦ Product: OKRs & Goals
    🏒 Vendor: Twiser Informatics Technology Consulting, Trade and Education Inc.
    πŸ“… Updated: 2026-07-09

    πŸ“ Improper neutralization of input during web page generation ('cross-site scripting') vulnerability in Twiser Informatics Technology Consulting, Trade and Education Inc. OKRs & Goals allows Store...

    πŸ”— euvd.enisa.europa.eu/vulnerabi

    #cybersecurity #infosec #euvd #cve #vulnerability

  10. 🚨 EUVD-2026-42594

    πŸ“Š Score: 8.4/10 (CVSS v3.1)
    πŸ“¦ Product: SICORE Base system, CPCI85 Central Processing/Communication
    🏒 Vendor: Siemens
    πŸ“… Updated: 2026-07-09

    πŸ“ A vulnerability has been identified in CPCI85 Central Processing/Communication (All versions < V26.20), SICORE Base system (All versions < V26.20.0). The affected application contains a vulnerability in its...

    πŸ”— euvd.enisa.europa.eu/vulnerabi

    #cybersecurity #infosec #euvd #cve #vulnerability

  11. 🚨 EUVD-2026-42593

    πŸ“Š Score: 7.1/10 (CVSS v3.1)
    πŸ“¦ Product: SICORE Base system, CPCI85 Central Processing/Communication
    🏒 Vendor: Siemens
    πŸ“… Updated: 2026-07-09

    πŸ“ A vulnerability has been identified in CPCI85 Central Processing/Communication (All versions < V26.20), SICORE Base system (All versions < V26.20.0). The affected application includes a debugging interface ...

    πŸ”— euvd.enisa.europa.eu/vulnerabi

    #cybersecurity #infosec #euvd #cve #vulnerability

  12. 🚨 EUVD-2026-42593

    πŸ“Š Score: 7.1/10 (CVSS v3.1)
    πŸ“¦ Product: SICORE Base system, CPCI85 Central Processing/Communication
    🏒 Vendor: Siemens
    πŸ“… Updated: 2026-07-09

    πŸ“ A vulnerability has been identified in CPCI85 Central Processing/Communication (All versions < V26.20), SICORE Base system (All versions < V26.20.0). The affected application includes a debugging interface ...

    πŸ”— euvd.enisa.europa.eu/vulnerabi

    #cybersecurity #infosec #euvd #cve #vulnerability

  13. 🚨 EUVD-2026-42594

    πŸ“Š Score: 8.4/10 (CVSS v3.1)
    πŸ“¦ Product: SICORE Base system, CPCI85 Central Processing/Communication
    🏒 Vendor: Siemens
    πŸ“… Updated: 2026-07-09

    πŸ“ A vulnerability has been identified in CPCI85 Central Processing/Communication (All versions < V26.20), SICORE Base system (All versions < V26.20.0). The affected application contains a vulnerability in its...

    πŸ”— euvd.enisa.europa.eu/vulnerabi

    #cybersecurity #infosec #euvd #cve #vulnerability

  14. 🚨 EUVD-2026-42595

    πŸ“Š Score: 6.3/10 (CVSS v3.1)
    πŸ“¦ Product: SICORE Base system, CPCI85 Central Processing/Communication
    🏒 Vendor: Siemens
    πŸ“… Updated: 2026-07-09

    πŸ“ A vulnerability has been identified in CPCI85 Central Processing/Communication (All versions < V26.20), SICORE Base system (All versions < V26.20.0). The affected application ships with a default configurat...

    πŸ”— euvd.enisa.europa.eu/vulnerabi

    #cybersecurity #infosec #euvd #cve #vulnerability

  15. 🚨 EUVD-2026-42596

    πŸ“Š Score: 8.6/10 (CVSS v3.1)
    πŸ“¦ Product: SICORE Base system, CPCI85 Central Processing/Communication
    🏒 Vendor: Siemens
    πŸ“… Updated: 2026-07-09

    πŸ“ A vulnerability has been identified in CPCI85 Central Processing/Communication (All versions < V26.20), SICORE Base system (All versions < V26.20.0). The affected application contains insufficient validatio...

    πŸ”— euvd.enisa.europa.eu/vulnerabi

    #cybersecurity #infosec #euvd #cve #vulnerability

  16. 🚨 EUVD-2026-42595

    πŸ“Š Score: 6.3/10 (CVSS v3.1)
    πŸ“¦ Product: SICORE Base system, CPCI85 Central Processing/Communication
    🏒 Vendor: Siemens
    πŸ“… Updated: 2026-07-09

    πŸ“ A vulnerability has been identified in CPCI85 Central Processing/Communication (All versions < V26.20), SICORE Base system (All versions < V26.20.0). The affected application ships with a default configurat...

    πŸ”— euvd.enisa.europa.eu/vulnerabi

    #cybersecurity #infosec #euvd #cve #vulnerability

  17. 🚨 EUVD-2026-42596

    πŸ“Š Score: 8.6/10 (CVSS v3.1)
    πŸ“¦ Product: SICORE Base system, CPCI85 Central Processing/Communication
    🏒 Vendor: Siemens
    πŸ“… Updated: 2026-07-09

    πŸ“ A vulnerability has been identified in CPCI85 Central Processing/Communication (All versions < V26.20), SICORE Base system (All versions < V26.20.0). The affected application contains insufficient validatio...

    πŸ”— euvd.enisa.europa.eu/vulnerabi

    #cybersecurity #infosec #euvd #cve #vulnerability

  18. 🚨 EUVD-2026-42597

    πŸ“Š Score: 8.7/10 (CVSS v3.1)
    πŸ“¦ Product: zeek
    🏒 Vendor: zeek
    πŸ“… Updated: 2026-07-09

    πŸ“ Zeek before 8.0.9 contains an uncontrolled memory consumption vulnerability in the FTP analyzer that allows unauthenticated remote attackers to cause process termination by sending a crafted FTP control session negotiating AUTH GSSAPI followed by a large ADAT cont...

    πŸ”— euvd.enisa.europa.eu/vulnerabi

    #cybersecurity #infosec #euvd #cve #vulnerability

  19. 🚨 EUVD-2026-42597

    πŸ“Š Score: 8.7/10 (CVSS v3.1)
    πŸ“¦ Product: zeek
    🏒 Vendor: zeek
    πŸ“… Updated: 2026-07-09

    πŸ“ Zeek before 8.0.9 contains an uncontrolled memory consumption vulnerability in the FTP analyzer that allows unauthenticated remote attackers to cause process termination by sending a crafted FTP control session negotiating AUTH GSSAPI followed by a large ADAT cont...

    πŸ”— euvd.enisa.europa.eu/vulnerabi

    #cybersecurity #infosec #euvd #cve #vulnerability

  20. πŸ“Š EUVD Daily CVSS Summary

    🟑 Average Score: 6.62/10 (Medium)
    πŸ“ˆ Vulnerabilities: 314
    ⬇️ Min: 1.3 | ⬆️ Max: 9.9

    πŸ“… Date: 2026-07-08

    #cybersecurity #infosec #euvd #cvss #vulnerability

  21. 🚨 EUVD-2026-42598

    πŸ“Š Score: 8.7/10 (CVSS v3.1)
    πŸ“¦ Product: zeek
    🏒 Vendor: zeek
    πŸ“… Updated: 2026-07-09

    πŸ“ Zeek before 8.0.9 contains a null pointer dereference vulnerability in its Kerberos protocol analyzer that allows unauthenticated remote attackers to crash the sensor by sending a crafted KRB_ERROR message with error-code 25 (KDC_ERR_PREAUTH_REQUIRED) containing a...

    πŸ”— euvd.enisa.europa.eu/vulnerabi

    #cybersecurity #infosec #euvd #cve #vulnerability

  22. πŸ“Š EUVD Daily CVSS Summary

    🟑 Average Score: 6.62/10 (Medium)
    πŸ“ˆ Vulnerabilities: 314
    ⬇️ Min: 1.3 | ⬆️ Max: 9.9

    πŸ“… Date: 2026-07-08

    #cybersecurity #infosec #euvd #cvss #vulnerability

  23. 🚨 EUVD-2026-42598

    πŸ“Š Score: 8.7/10 (CVSS v3.1)
    πŸ“¦ Product: zeek
    🏒 Vendor: zeek
    πŸ“… Updated: 2026-07-09

    πŸ“ Zeek before 8.0.9 contains a null pointer dereference vulnerability in its Kerberos protocol analyzer that allows unauthenticated remote attackers to crash the sensor by sending a crafted KRB_ERROR message with error-code 25 (KDC_ERR_PREAUTH_REQUIRED) containing a...

    πŸ”— euvd.enisa.europa.eu/vulnerabi

    #cybersecurity #infosec #euvd #cve #vulnerability

  24. NEW: A Puerto Rico Government Agency Exposed 1 Million Social Security Numbers

    A cybersecurity loophole in an official government mapping service left private data easily accessible, Centro de Periodismo Investigativo and ProPublica learned.
    propublica.org/article/puerto-

    #News #PuertoRico #Government #Cybersecurity #Data #Privacy #SocialSecurity #Tech #Technology

  25. NEW: A Puerto Rico Government Agency Exposed 1 Million Social Security Numbers

    A cybersecurity loophole in an official government mapping service left private data easily accessible, Centro de Periodismo Investigativo and ProPublica learned.
    propublica.org/article/puerto-

    #News #PuertoRico #Government #Cybersecurity #Data #Privacy #SocialSecurity #Tech #Technology

  26. De voordeur van ons digitale leven zit beter op slot dan ooit. En juist daarom worden er meer accounts gestolen dan een jaar geleden.

    Elke dag een nieuwe vraag die je kunt beantwoorden op ccinfo.nl

    Hoe controleert jouw organisatie of iemand die een account wil herstellen ook echt is wie hij zegt te zijn?

    #Cybersecurity #accountovername #identiteitsverificatie #NIS2 #phishing

  27. #chrome extension Eztoolvn seems malicious. Its #cybersecurity badness score is 86/100!

    ```json
    {"id": "oeifegedbdbjcmooefolmnchojjihaap", "score": 86, "platform": "chrome", "name": "Eztoolvn"}
    ```

  28. #chrome extension Eztoolvn seems malicious. Its #cybersecurity badness score is 86/100!

    ```json
    {"id": "oeifegedbdbjcmooefolmnchojjihaap", "score": 86, "platform": "chrome", "name": "Eztoolvn"}
    ```

  29. Alberta wants AI government, but still expects citizens to trust spoofable calls, callback numbers, exposed voter data, and broken verification systems.

    That is not modernization.

    That is old process wearing new technology.

    Modernization cannot mean scanning old code while leaving old risks untouched.

    open.substack.com/pub/lawrence

    #Alberta #AIPolicy #Privacy #Cybersecurity #ABPoli

  30. Alberta wants AI government, but still expects citizens to trust spoofable calls, callback numbers, exposed voter data, and broken verification systems.

    That is not modernization.

    That is old process wearing new technology.

    Modernization cannot mean scanning old code while leaving old risks untouched.

    open.substack.com/pub/lawrence

    #Alberta #AIPolicy #Privacy #Cybersecurity #ABPoli

  31. 🎩✨ Oh, look! Another thrilling manifesto on TLS certificates, because who doesn't love a bedtime story about internal services? πŸ”πŸ’€ The author, obviously a #clickbait connoisseur, promises the secrets to "doing it right" while leading us through a labyrinth of #VPNs and apex domainsβ€”spoiler alert: it's as riveting as watching paint dry. πŸ•΅οΈβ€β™‚οΈπŸ°
    tuxnet.dev/posts/tls-for-inter #TLSCertificates #Cybersecurity #TechHumor #HackerNews #ngated

  32. 🎩✨ Oh, look! Another thrilling manifesto on TLS certificates, because who doesn't love a bedtime story about internal services? πŸ”πŸ’€ The author, obviously a #clickbait connoisseur, promises the secrets to "doing it right" while leading us through a labyrinth of #VPNs and apex domainsβ€”spoiler alert: it's as riveting as watching paint dry. πŸ•΅οΈβ€β™‚οΈπŸ°
    tuxnet.dev/posts/tls-for-inter #TLSCertificates #Cybersecurity #TechHumor #HackerNews #ngated

  33. Some devs love acting like they’re above IT and cyber.

    Then we spend a week and a half troubleshooting only to find out they didn’t follow the copy-pasted vendor docs with the exact scopes, settings, and instructions.

    Please just read the damn instructions first.

    #Cybersecurity #IT #DevLife

  34. Critical RCE Vulnerabilities Exploited in Joomla Page Builder Extensions

    CISA has warned of active exploitation of two critical RCE vulnerabilities in Joomla's SP Page Builder and Page Builder CK extensions. Attackers are using these flaws to upload web shells and create rogue Super Administrator accounts to maintain persistent access.

    **If you run Joomla with SP Page Builder or Page Builder CK, update SP Page Builder to 6.6.2 and Page Builder CK to 3.6.0 immediately. Both have critical flaws under active attack. Then check your user list for any accounts using the @secure.local email domain, delete any you find, scan the /images/ and /media/ folders for suspicious PHP files, and if anything looks compromised, change all database passwords and secret keys.**
    #cybersecurity #infosec #attack #activeexploit
    beyondmachines.net/event_detai