#cyber-security β Public Fediverse posts
Live and recent posts from across the Fediverse tagged #cyber-security, aggregated by home.social.
-
Frappe: 71 CVEs, 84% unpatched. Avg CVSS 6.67, max 9.9. Top flaw: SQL injection (CWE-89). Trust Score: C. Open source needs vigilance. #Frappe #infosec #cybersecurity
-
United HealthCare Services Reports Data Breach Affecting Over 34,000 Individuals
United HealthCare Services Inc. disclosed a data breach involving a network server that exposed the protected health information of 34,574 individuals. The breach was reported to federal authorities in June 2026.
****
#cybersecurity #infosec #incident #databreach
https://beyondmachines.net/event_details/united-healthcare-services-reports-data-breach-affecting-over-34000-individuals-n-1-4-z-g/gD2P6Ple2L -
United HealthCare Services Reports Data Breach Affecting Over 34,000 Individuals
United HealthCare Services Inc. disclosed a data breach involving a network server that exposed the protected health information of 34,574 individuals. The breach was reported to federal authorities in June 2026.
****
#cybersecurity #infosec #incident #databreach
https://beyondmachines.net/event_details/united-healthcare-services-reports-data-breach-affecting-over-34000-individuals-n-1-4-z-g/gD2P6Ple2L -
One week from today will be the 3rd Thursday of the month, and that means time to meet up for @BurbSecWest, this month sponsored by DTEX! I look forward to seeing everyone out there. Details for where and when are available here: https://burbsec.com/west/, but the TLDR version is 6:00pm at Granite City, Naperville.
I look forward to seeing you there.
-
One week from today will be the 3rd Thursday of the month, and that means time to meet up for @BurbSecWest, this month sponsored by DTEX! I look forward to seeing everyone out there. Details for where and when are available here: https://burbsec.com/west/, but the TLDR version is 6:00pm at Granite City, Naperville.
I look forward to seeing you there.
-
π¨ EUVD-2026-42591
π Score: 9.2/10 (CVSS v3.1)
π¦ Product: acymailing.com AcyMailing extension for Joomla
π’ Vendor: acymailing.com
π Updated: 2026-07-09π A SQLi vulnerability in AcyMailing component < 10.11.1 for Joomla was discovered. Exploiting this flaw can lead to unauthorized database access and data leakage.
π https://euvd.enisa.europa.eu/vulnerability/EUVD-2026-42591
-
π¨ EUVD-2026-42591
π Score: 9.2/10 (CVSS v3.1)
π¦ Product: acymailing.com AcyMailing extension for Joomla
π’ Vendor: acymailing.com
π Updated: 2026-07-09π A SQLi vulnerability in AcyMailing component < 10.11.1 for Joomla was discovered. Exploiting this flaw can lead to unauthorized database access and data leakage.
π https://euvd.enisa.europa.eu/vulnerability/EUVD-2026-42591
-
π¨ EUVD-2026-42592
π Score: 5.4/10 (CVSS v3.1)
π¦ Product: OKRs & Goals
π’ Vendor: Twiser Informatics Technology Consulting, Trade and Education Inc.
π Updated: 2026-07-09π Improper neutralization of input during web page generation ('cross-site scripting') vulnerability in Twiser Informatics Technology Consulting, Trade and Education Inc. OKRs & Goals allows Store...
π https://euvd.enisa.europa.eu/vulnerability/EUVD-2026-42592
-
π¨ EUVD-2026-42592
π Score: 5.4/10 (CVSS v3.1)
π¦ Product: OKRs & Goals
π’ Vendor: Twiser Informatics Technology Consulting, Trade and Education Inc.
π Updated: 2026-07-09π Improper neutralization of input during web page generation ('cross-site scripting') vulnerability in Twiser Informatics Technology Consulting, Trade and Education Inc. OKRs & Goals allows Store...
π https://euvd.enisa.europa.eu/vulnerability/EUVD-2026-42592
-
π¨ EUVD-2026-42594
π Score: 8.4/10 (CVSS v3.1)
π¦ Product: SICORE Base system, CPCI85 Central Processing/Communication
π’ Vendor: Siemens
π Updated: 2026-07-09π A vulnerability has been identified in CPCI85 Central Processing/Communication (All versions < V26.20), SICORE Base system (All versions < V26.20.0). The affected application contains a vulnerability in its...
π https://euvd.enisa.europa.eu/vulnerability/EUVD-2026-42594
-
π¨ EUVD-2026-42593
π Score: 7.1/10 (CVSS v3.1)
π¦ Product: SICORE Base system, CPCI85 Central Processing/Communication
π’ Vendor: Siemens
π Updated: 2026-07-09π A vulnerability has been identified in CPCI85 Central Processing/Communication (All versions < V26.20), SICORE Base system (All versions < V26.20.0). The affected application includes a debugging interface ...
π https://euvd.enisa.europa.eu/vulnerability/EUVD-2026-42593
-
π¨ EUVD-2026-42593
π Score: 7.1/10 (CVSS v3.1)
π¦ Product: SICORE Base system, CPCI85 Central Processing/Communication
π’ Vendor: Siemens
π Updated: 2026-07-09π A vulnerability has been identified in CPCI85 Central Processing/Communication (All versions < V26.20), SICORE Base system (All versions < V26.20.0). The affected application includes a debugging interface ...
π https://euvd.enisa.europa.eu/vulnerability/EUVD-2026-42593
-
π¨ EUVD-2026-42594
π Score: 8.4/10 (CVSS v3.1)
π¦ Product: SICORE Base system, CPCI85 Central Processing/Communication
π’ Vendor: Siemens
π Updated: 2026-07-09π A vulnerability has been identified in CPCI85 Central Processing/Communication (All versions < V26.20), SICORE Base system (All versions < V26.20.0). The affected application contains a vulnerability in its...
π https://euvd.enisa.europa.eu/vulnerability/EUVD-2026-42594
-
π¨ EUVD-2026-42595
π Score: 6.3/10 (CVSS v3.1)
π¦ Product: SICORE Base system, CPCI85 Central Processing/Communication
π’ Vendor: Siemens
π Updated: 2026-07-09π A vulnerability has been identified in CPCI85 Central Processing/Communication (All versions < V26.20), SICORE Base system (All versions < V26.20.0). The affected application ships with a default configurat...
π https://euvd.enisa.europa.eu/vulnerability/EUVD-2026-42595
-
π¨ EUVD-2026-42596
π Score: 8.6/10 (CVSS v3.1)
π¦ Product: SICORE Base system, CPCI85 Central Processing/Communication
π’ Vendor: Siemens
π Updated: 2026-07-09π A vulnerability has been identified in CPCI85 Central Processing/Communication (All versions < V26.20), SICORE Base system (All versions < V26.20.0). The affected application contains insufficient validatio...
π https://euvd.enisa.europa.eu/vulnerability/EUVD-2026-42596
-
π¨ EUVD-2026-42595
π Score: 6.3/10 (CVSS v3.1)
π¦ Product: SICORE Base system, CPCI85 Central Processing/Communication
π’ Vendor: Siemens
π Updated: 2026-07-09π A vulnerability has been identified in CPCI85 Central Processing/Communication (All versions < V26.20), SICORE Base system (All versions < V26.20.0). The affected application ships with a default configurat...
π https://euvd.enisa.europa.eu/vulnerability/EUVD-2026-42595
-
π¨ EUVD-2026-42596
π Score: 8.6/10 (CVSS v3.1)
π¦ Product: SICORE Base system, CPCI85 Central Processing/Communication
π’ Vendor: Siemens
π Updated: 2026-07-09π A vulnerability has been identified in CPCI85 Central Processing/Communication (All versions < V26.20), SICORE Base system (All versions < V26.20.0). The affected application contains insufficient validatio...
π https://euvd.enisa.europa.eu/vulnerability/EUVD-2026-42596
-
π¨ EUVD-2026-42597
π Score: 8.7/10 (CVSS v3.1)
π¦ Product: zeek
π’ Vendor: zeek
π Updated: 2026-07-09π Zeek before 8.0.9 contains an uncontrolled memory consumption vulnerability in the FTP analyzer that allows unauthenticated remote attackers to cause process termination by sending a crafted FTP control session negotiating AUTH GSSAPI followed by a large ADAT cont...
π https://euvd.enisa.europa.eu/vulnerability/EUVD-2026-42597
-
π¨ EUVD-2026-42597
π Score: 8.7/10 (CVSS v3.1)
π¦ Product: zeek
π’ Vendor: zeek
π Updated: 2026-07-09π Zeek before 8.0.9 contains an uncontrolled memory consumption vulnerability in the FTP analyzer that allows unauthenticated remote attackers to cause process termination by sending a crafted FTP control session negotiating AUTH GSSAPI followed by a large ADAT cont...
π https://euvd.enisa.europa.eu/vulnerability/EUVD-2026-42597
-
π EUVD Daily CVSS Summary
π‘ Average Score: 6.62/10 (Medium)
π Vulnerabilities: 314
β¬οΈ Min: 1.3 | β¬οΈ Max: 9.9π Date: 2026-07-08
-
π¨ EUVD-2026-42598
π Score: 8.7/10 (CVSS v3.1)
π¦ Product: zeek
π’ Vendor: zeek
π Updated: 2026-07-09π Zeek before 8.0.9 contains a null pointer dereference vulnerability in its Kerberos protocol analyzer that allows unauthenticated remote attackers to crash the sensor by sending a crafted KRB_ERROR message with error-code 25 (KDC_ERR_PREAUTH_REQUIRED) containing a...
π https://euvd.enisa.europa.eu/vulnerability/EUVD-2026-42598
-
π EUVD Daily CVSS Summary
π‘ Average Score: 6.62/10 (Medium)
π Vulnerabilities: 314
β¬οΈ Min: 1.3 | β¬οΈ Max: 9.9π Date: 2026-07-08
-
π¨ EUVD-2026-42598
π Score: 8.7/10 (CVSS v3.1)
π¦ Product: zeek
π’ Vendor: zeek
π Updated: 2026-07-09π Zeek before 8.0.9 contains a null pointer dereference vulnerability in its Kerberos protocol analyzer that allows unauthenticated remote attackers to crash the sensor by sending a crafted KRB_ERROR message with error-code 25 (KDC_ERR_PREAUTH_REQUIRED) containing a...
π https://euvd.enisa.europa.eu/vulnerability/EUVD-2026-42598
-
#OnlyFans Models Are Accidentally Making Hacked Government Websites Disappear
https://www.wired.com/story/onlyfans-creators-dmca-hacked-government-websites/
-
#OnlyFans Models Are Accidentally Making Hacked Government Websites Disappear
https://www.wired.com/story/onlyfans-creators-dmca-hacked-government-websites/
-
NEW: A Puerto Rico Government Agency Exposed 1 Million Social Security Numbers
A cybersecurity loophole in an official government mapping service left private data easily accessible, Centro de Periodismo Investigativo and ProPublica learned.
https://www.propublica.org/article/puerto-rico-crim-data-breach?utm_source=mastodon&utm_medium=social&utm_campaign=mastodon-post#News #PuertoRico #Government #Cybersecurity #Data #Privacy #SocialSecurity #Tech #Technology
-
NEW: A Puerto Rico Government Agency Exposed 1 Million Social Security Numbers
A cybersecurity loophole in an official government mapping service left private data easily accessible, Centro de Periodismo Investigativo and ProPublica learned.
https://www.propublica.org/article/puerto-rico-crim-data-breach?utm_source=mastodon&utm_medium=social&utm_campaign=mastodon-post#News #PuertoRico #Government #Cybersecurity #Data #Privacy #SocialSecurity #Tech #Technology
-
De voordeur van ons digitale leven zit beter op slot dan ooit. En juist daarom worden er meer accounts gestolen dan een jaar geleden.
Elke dag een nieuwe vraag die je kunt beantwoorden op https://www.ccinfo.nl
Hoe controleert jouw organisatie of iemand die een account wil herstellen ook echt is wie hij zegt te zijn?
#Cybersecurity #accountovername #identiteitsverificatie #NIS2 #phishing
-
Online dating: demographics, bias, and discrimination #negativepid #digitalInvestigations #OSINT #cybersecurity #AI #tech #onlineInvestigations #robotics #cyberpsychology #cybercrime https://negativepid.blog/online-dating-demographics-bias-and-discrimination/?utm_source=mastodon&utm_medium=social&utm_campaign=fedica-Negative-PID-Blog
-
Online dating: demographics, bias, and discrimination #negativepid #digitalInvestigations #OSINT #cybersecurity #AI #tech #onlineInvestigations #robotics #cyberpsychology #cybercrime https://negativepid.blog/online-dating-demographics-bias-and-discrimination/?utm_source=mastodon&utm_medium=social&utm_campaign=fedica-Negative-PID-Blog
-
#chrome extension Eztoolvn seems malicious. Its #cybersecurity badness score is 86/100!
```json
{"id": "oeifegedbdbjcmooefolmnchojjihaap", "score": 86, "platform": "chrome", "name": "Eztoolvn"}
``` -
#chrome extension Eztoolvn seems malicious. Its #cybersecurity badness score is 86/100!
```json
{"id": "oeifegedbdbjcmooefolmnchojjihaap", "score": 86, "platform": "chrome", "name": "Eztoolvn"}
``` -
What Happens if #China Hacks the #US #Water Supply? I Went to a Secret War Game to Find Out
https://www.wired.com/story/what-happens-if-china-hacks-the-us-water-supply-war-game-volt-typhoon/
-
What Happens if #China Hacks the #US #Water Supply? I Went to a Secret War Game to Find Out
https://www.wired.com/story/what-happens-if-china-hacks-the-us-water-supply-war-game-volt-typhoon/
-
Alberta wants AI government, but still expects citizens to trust spoofable calls, callback numbers, exposed voter data, and broken verification systems.
That is not modernization.
That is old process wearing new technology.
Modernization cannot mean scanning old code while leaving old risks untouched.
https://open.substack.com/pub/lawrencenault/p/alberta-wants-ai-government-it-still
-
Alberta wants AI government, but still expects citizens to trust spoofable calls, callback numbers, exposed voter data, and broken verification systems.
That is not modernization.
That is old process wearing new technology.
Modernization cannot mean scanning old code while leaving old risks untouched.
https://open.substack.com/pub/lawrencenault/p/alberta-wants-ai-government-it-still
-
π©β¨ Oh, look! Another thrilling manifesto on TLS certificates, because who doesn't love a bedtime story about internal services? ππ€ The author, obviously a #clickbait connoisseur, promises the secrets to "doing it right" while leading us through a labyrinth of #VPNs and apex domainsβspoiler alert: it's as riveting as watching paint dry. π΅οΈββοΈπ°
https://tuxnet.dev/posts/tls-for-internal-services/ #TLSCertificates #Cybersecurity #TechHumor #HackerNews #ngated -
π©β¨ Oh, look! Another thrilling manifesto on TLS certificates, because who doesn't love a bedtime story about internal services? ππ€ The author, obviously a #clickbait connoisseur, promises the secrets to "doing it right" while leading us through a labyrinth of #VPNs and apex domainsβspoiler alert: it's as riveting as watching paint dry. π΅οΈββοΈπ°
https://tuxnet.dev/posts/tls-for-internal-services/ #TLSCertificates #Cybersecurity #TechHumor #HackerNews #ngated -
IBM and Red Hat have launched Lightwell, an automated remediation engine to backport open-source fixes into long-lived production environments. https://www.developer-tech.com/news/ibm-and-red-hat-automate-open-source-vulnerability-remediation/ #ibm #redhat #devsecops #lightwell #automation #cybersecurity #infosec #developers #opensource #ai #technology
-
IBM and Red Hat have launched Lightwell, an automated remediation engine to backport open-source fixes into long-lived production environments. https://www.developer-tech.com/news/ibm-and-red-hat-automate-open-source-vulnerability-remediation/ #ibm #redhat #devsecops #lightwell #automation #cybersecurity #infosec #developers #opensource #ai #technology
-
Some devs love acting like theyβre above IT and cyber.
Then we spend a week and a half troubleshooting only to find out they didnβt follow the copy-pasted vendor docs with the exact scopes, settings, and instructions.
Please just read the damn instructions first.
-
Critical RCE Vulnerabilities Exploited in Joomla Page Builder Extensions
CISA has warned of active exploitation of two critical RCE vulnerabilities in Joomla's SP Page Builder and Page Builder CK extensions. Attackers are using these flaws to upload web shells and create rogue Super Administrator accounts to maintain persistent access.
**If you run Joomla with SP Page Builder or Page Builder CK, update SP Page Builder to 6.6.2 and Page Builder CK to 3.6.0 immediately. Both have critical flaws under active attack. Then check your user list for any accounts using the @secure.local email domain, delete any you find, scan the /images/ and /media/ folders for suspicious PHP files, and if anything looks compromised, change all database passwords and secret keys.**
#cybersecurity #infosec #attack #activeexploit
https://beyondmachines.net/event_details/critical-rce-vulnerabilities-exploited-in-joomla-page-builder-extensions-v-v-q-9-p/gD2P6Ple2L