Apparently AMD's AutoUpdate downloads the updates over HTTP and executes them without any validation (presumably as SYSTEM user). AMD was notified of the vulnerability but according to them "attack requiring physical access to victim's computer/device, man in the middle or compromised user accounts" are out of scope.
Madness.
source: https://web.archive.org/web/20260206152314/https://mrbruh.com/amd/
I'm an independent reporter based in #Australia and heading into my final year of law school next year. After becoming more interested in #privacy and #cybersecurity, I also (impulsively) enrolled in a computer science minor to learn more.
I've covered topics including refugee and immigration policy, bushfire management, animal rights, weapons companies' involvement in Australia's education system, and the incoming social media age ban.
My commitment to journalism stems from a conviction that information should be free, and my quest to understand technology better has given me hope that we can seize the means of communication and create a better news and information ecosystem.
I have a statement on journalism ethics that outlines how I approach my work, and why I do what I do. You can read that here: https://ivanadaskalovic.com/on-journalism-ethics/
It's an #introduction post!
I live in #Seattle with my family, my wife @Andrle and our son. We love a lot of the same things — playing #VideoGames and #BoardGames, building with #lego , and reading #books. #StarTrek is of course a huge influence on us, too. 🖖🏻
I've been #vegan since 2015 and like to #cook when I can.
I am a Principal #SoftwareEngineer working at #AWS in #cloud #cybersecurity. I love to mentor newer engineers.
Notepad++ was hit by hackers.
Hello hello! Made my way back to Mastodon after a while and I'm in a new instance, so may as well do an #introduction post.
Hi! I’m Karen. I’m in my late 40s. Bi, liberal, fat, nerdy, tattooed, and married. I live near New Orleans, LA. I work in IT and am working on my #cybersecurity degree.
My fave things:
- #photography - both analog and digital, collecting cameras
- music, mostly #kpop , electronic, #synthpop, 80s and 90s alternative
🎫 TICKETS DROP THIS WEEK!
First batch of #BSidesLjubljana tickets goes live this #Friday at 10:00 CET.
Limited capacity. Don't sleep on it.
https://tickets.bsidesljubljana.si
#BSidesLjubljana #tickets #infosec #cybersecurity #friyay
1/4
Apparently a state-sponsored group was using Notepad++ update functionality to infect targeted people.
"According to the former hosting provider, the shared hosting server was compromised until September 2, 2025. Even after losing server access, attackers maintained credentials to internal services until December 2, 2025, which allowed them to continue redirecting Notepad++ update traffic to malicious servers."
source: https://notepad-plus-plus.org/news/hijacked-incident-info-update/
Signal President Meredith Whittaker warns AI agents embedded in OSes are eroding end-to-end encryption's real-world security, despite its mathematical soundness. With root-like access to messages & data, they bypass E2EE isolation—urgent rethink needed! 🔒🤖❌
https://cyberinsider.com/signal-president-warns-ai-agents-are-making-encryption-irrelevant/
It was interesting to read up on the AI assisted code review at https://www.lesswrong.com/posts/7aJwgbMEiKq5egQbd/ai-found-12-of-12-openssl-zero-days-while-curl-cancelled-its
For context: I'm personally responsible for at least 29 curl CVEs. Out of the recent 6 CVEs mentioned in the blog post I found two. This gives me some perspective, I think.
I do not utilise AI tools in my vulnerability research. I am also fiercely critical of harmful proliferation of AI. This is due to the unsustainable way it is currently pushed, and use of as marketing ploy and gimmick rather than producing measurable benefit to users. This leads to negative impacts on economy, education & learning, not to mention impacts to nature due to wasteful use of energy.
This doesn't mean I am against AI. I have written by own AI tooling (fully local RAG with support for arbitrary number of models running on local nodes, implemented in python). I found the usefulness of such tool to be limited at best. It is somewhat useful in mass analysis of large document bases, but the level of analysis is superficial at best. These AI models are after all just language models, and do not have any true understanding or intelligence.
And here is the gist of it: The current tools are not intelligent. Understanding this limitation is the key of successful deployment and utilisation of AI tools. The tools can be useful in certain tasks, but they do not replace true intelligence.
The AI tooling AISLE are developing certainly is one of the better uses of AI, and definitely surpasses all my personal dabbling around it. It is clear that the tool does find vulnerabilities. The key question is how much hallucinations and false positives it produces: If the tool generates thousands of FPs and the true findings are hidden among them this limits the value and usefulness of the tool (of course it doesn't entirely negate it, many tools produce false positives). In short: The quality of the findings is key, and poor signal-to-noise ratio is highly undesirable.
Either way, I think there is a future for AI tools and they definitely will be helpful in vulnerability research.
I personally will keep exercising my wetware for this work, however.
#cybersecurity #infosec #vulnerabilityresearch #thoughtoftheday
How does your organization view security in the application stack?
71% of leaders find security/app modernization alignment "very easy," enabling them to accelerate AI.
Vote below, then read the report: https://cfl.re/4k4LrsF
#Linux #Snap Users Warned as Attackers Push #Malware Through Old Trusted Apps
https://linuxiac.com/linux-snap-users-warned-as-attackers-push-malware-through-old-trusted-apps/
RE: https://mastodon.social/@FirewallDragons/115962131540094840
Thank you to 
@FirewallDragonsFirewalls Don't Stop Dragons for covering the AI age verification bill being considered in the Florida Legislature! Between this and the Florida App Stores Accountability Act, we have our work cut out for us.
If you live in Florida, please call your state legislators and tell them you oppose these age verification bills!
#Florida #Privacy #Cybersecurity #AgeVerification #InfoSec #DigitalRights #Miami
#Microsoft Gave #FBI Keys To Unlock Encrypted Data, Exposing Major #Privacy Flaw
Sup #fediverse , I found my way back!
Here's a new #Intro
I live in #Berlin now, I still *REALLY* love #StarTrek, #BoardGames, #Battletech, #Videogames, and #Cybersecurity
I've still got a Master's degree, but now it's been verified by two countries! I've still got a CISSP. I only have one job finally...
===
Hallo, Fediverse, ich komme gerade zurück!
Es gibt hier ein neues #Introduction.
Ich wohne jetzt in Berlin, ich liebe noch #Startrek, #Brettspiele, #Battletech, #Videospiele, und #Cybersicherheit
Ich habe noch einen Masterabschluss, aber jetzt in zwei Ländern verifiziert! Ich habe auch noch mein CISSP. Zuletzt habe ich nur eine Position für Arbeit …
NSSS Spring - Save the date! We are working on the agenda for the conference and the workshops. April 8-10, Stockholm, Sweden
⚠️🚨 STOP Using Social Media Platform Hootsuite
👉 They Partnered with ICE 👈
"A Hootsuite employee mentioned geolocation, saying the company could drill down to street-level data."
Note: There are Four articles in this post including a Bypass Paywall to the Globe and Mail
"While Hootsuite is based in Canada, it has hundreds of employees globally, including CEO Irina Novoselsky who is based in N.Y City. The company serves major brands like Adobe and Ikea and more .."
h/t 
@todTod Maffin 🇨🇦 FREE PATREON
#Luxembourg #Talkwalker
#Canada #USA #Resist #SocialMedia
#Hootsuite #FB #TikTok #Threads #YouTube #Twitter #WhatsApp #Bluesky
#Pintrest #CyberSecurity #AI
You will also want to read this link👇
Bypass paywall : Globe and Mail Article https://removepaywalls.com/https://www.theglobeandmail.com/business/article-hootsuite-canada-vancouver-ice-social-media-contract/
Link to Hootsuite website: https://www.hootsuite.com/platform/integrations
New #Introduction because I forgot to pin it...
Hello. My name is C64Whiz.
I started out on the #TimexSinclair1000 when my parents went to a time-share presentation and received a free gift - a Timex #Sinclair 1000 complete with 16K memory expansion box and 3 applications on cassette.
After that, my friend in junior high showed me Summer Games on the #Commodore #C64 which began the begging to my parents for my own #C64.
My parents finally caved, and on the day they got it, we set it up and I wanted to jump right in. My parents said "Not until you practice your violin for 2 hours" and then left for a social function. I did not practice. I sat on that #C64 for hours.
When they got home, I confessed I did some amazing things on our new computer instead of the violin. They put me on restriction from the computer for 2 weeks. Totally f'n worth it!!!!
Since then I've been a computer geek/nerd. I worked as a sys-admin for a Novell network, but then did DB programming when the company learned I could code. After that I started teaching and also got a job as a Unix sys-admin which morphed into the #CyberSecurity/#InfoSec job which I have today (though I do still teach at the university level).
My goal is to get back into #RetroComputing complete with making videos (see link in my profile), posting tips/tricks, etc, etc, etc. I'm primarily #Commodore at the moment but intend on diving into #Apple][, #Macintosh, #Amiga, #Sinclair, #Atari, and more. Unfortunately, I don't have a lot of space or hardware so while I will be doing a few repairs, most of what I do will be software/emulation for now. My hope is to record/document everything from the beginning to be an example for others getting into this hobby.
Cybersecurity Hyperglossary by Gary Hinson, 2025
This hyperglossary offers more than just plain English definitions of 5,555 terms and abbreviations; it's a meticulously crafted resource designed to foster a shared understanding across a diverse audience, from seasoned professionals to newcomers.
South Korean giant #Kyowon confirms data theft in #ransomware attack
🆕 blog! “Responsible Disclosure: Chimoney Android App and KYCaid”
Chimoney is a new "multi-currency wallet" provider. Based out of Canada, it allows users to send money to and from a variety of currencies. It also supports the new Interledger protocol for WebMonetization.
But it has a security flaw which cannot be ignored.
👀 Read more: https://shkspr.mobi/blog/2026/01/responsible-disclosure-chimoney-android-app-and-kycaid/
⸻
#android #CyberSecurity #ResponsibleDisclosure #security #WebMonetization
Been a few months, but a new edition of Scrolls is now out! #infosec #cybersecurity #fediverse #indieweb
https://shellsharks.com/scrolls/scroll/2026-01-13
Everyone mentioned below is featured or contributed in some way to this latest scroll. Thanks as always!!
@andyc 
@rosRost Glukhov 
@Jayhoffmann 
@rsgbengiRubén Santos García 
@ThoogahWonko The Sane 
@timb_machineTim (Wadhwa-)Brown 
@mttaggartTaggart 
@benBen Werdmuller 
@aminAmin Hollon 🏳 
@stefanStefan Bohacek 
@CuppaRexCrystal Touchton (CuppaRex) 
@hryggrbyrThomas Rigby @CuppaRexCrystal Touchton (CuppaRex) @hryggrbyrThomas Rigby 
@mistfunkMistigris computer arts 
@HisVirusness 
@thomasareedThomas Reed 
@andnull... and and and and ... 
@gleickJames Gleick 
@esoadamoAdam Hlaváček 
@cobb 
@sethmlarsonSeth Larson 
@hamattiJuhis 
@boblordBob Lord 🔐 
@gisgeekFrancesco P Lovergine 
Cybersecurity for Network and Information Security by Dietmar P.E. Moller, 2026
This book demonstrates how information security requires a deep understanding of organizations assets, threats, and processes, combined with security measures that can best protect their information security. In today’s digital world, a rigorous security approach is central to defend organizations digital systems, networks, and infrastructure resources from malicious threat incidents.
PH, when?
Malaysia blocks access to Grok, joining a growing list of countries like Indonesia taking action after the genAI chatbot sparked a global backlash by allowing users to create and publish sexualized images.
#TootSEA #genAI #Malaysia #Tech #Asian #Indonesia #Twitter #SocialMedia #CyberSecurity #DataPrivacy
https://www.rappler.com/technology/malaysia-restricts-access-grok-ai-sexualized-images/
The future doesn’t need to be orange.
Foreign States have been using their control over digital infrastructure to wield power.
Even historic allies aren’t reliable.
We need #DigitalSovereignty in the UK to keep our systems running.
Read more about our campaign ⬇️
The UK needs digital sovereignty to keep our communications, banking, energy, travel and healthcare systems secure.
If we stay dependent on foreign tech firms for our digital infrastructure, the UK risks its independence and resilience.
Sign our petition ⬇️
https://you.38degrees.org.uk/petitions/stop-trump-s-kill-switch-secure-our-digital-sovereignty
The future doesn’t need to be orange.
Foreign States have been using their control over digital infrastructure to wield power.
Even historic allies aren’t reliable.
We need #DigitalSovereignty in the UK to keep our systems running.
Read more about our campaign ⬇️
Looking for a source or the exact wording
Recently I read a post describing Multi Factor Authentication #mfa as (tongue in cheek)
Does anyone have a source?
#cybersecurity
Just published: Apple Health + ChatGPT: The Privacy Tradeoff.
OpenAI’s new ChatGPT Health feature can connect to Apple Health (and even medical records). The convenience is real, but so is the expanded attack surface. With healthcare breaches hitting millions of records, my blunt take is: if you care about privacy, don’t use it. Full stop.
If you do use it anyway, I break down what “not used for training” does and doesn’t mean, why HIPAA isn’t a force field here, and the practical steps to reduce your blast radius.
https://www.kylereddoch.me/blog/apple-health-chatgpt-the-privacy-tradeoff/
#CyberSecurity #Privacy #Apple #OpenAI #Healthcare #ThreatModeling #DataProtection
Apple Health + ChatGPT: The Privacy Tradeoff
OpenAI’s new ChatGPT Health feature can connect to Apple Health and medical records for more personalized answers. The upside is real convenience. The downside is a bigger privacy and security blast radius, at a time when healthcare breaches keep hitting “millions affected.”
www.kylereddoch.me · CybersecKyle
Link author: 
ZeroDay Bae@cyberseckyle@infosec.exchange
#curl 8.18.0 has been released. This release fixes 2 medium and 4 low level vulnerabilities:
- CVE-2025-13034: No QUIC certificate pinning with GnuTLS https://curl.se/docs/CVE-2025-13034.html
- CVE-2025-14017: broken TLS options for threaded LDAPS https://curl.se/docs/CVE-2025-14017.html
- CVE-2025-14524: bearer token leak on cross-protocol redirect https://curl.se/docs/CVE-2025-14524.html
- CVE-2025-14819: OpenSSL partial chain store policy bypass https://curl.se/docs/CVE-2025-14819.html
- CVE-2025-15079: libssh global knownhost override https://curl.se/docs/CVE-2025-15079.html
- CVE-2025-15224: libssh key passphrase bypass without agent set https://curl.se/docs/CVE-2025-15224.html
I discovered the last 2 vulnerabilities.
Download curl 8.18.0 from https://curl.se/download.html
#vulnerabilityresearch #vulnerability #cybersecurity #infosec
The UK Cybersecurity Bill is being debated now.
ORG's Programme Manager 
@JamesBaker is listening in to the goings on with MPs.
Follow this thread for live updates ⬇️
https://social.openrightsgroup.org/@JamesBaker/115848312930140061
#CybersecurityBill #cybersecurity #DigitalSovereignty #ukpolitics #ukpol
#cybersecurity question: I read recently on here of someone implementing a policy to explicitly reject AI-generated cybersecurity vulnerability reports. Does anyone know who it was? I'm struggling to find a reference...
Spies in the Bits and Bytes; The Art of Cyber Threat Intelligence by Atif Ali & Baber Majid Bhatti, 2024
Offers in-depth analysis of cyber threats, cutting-edge defense strategies using AI and machine learning, real-world case studies, accessible insights, and forward-looking perspectives on the future of cyber threats and defense. This book equips readers for the ongoing battle against digital threats.
#Coupang to split $1.17 billion among 33.7 million #DataBreach victims
An activist's report on the failure of the social web. Explore how "broadcast mentality" and transactional cruelty exploit fan labour, and why reclaiming digital sovereignty is essential for a humane future.
#technology #activism #humanrights #digital #society #ethics #culture #mentalhealth #disability #inclusion #innovation #freedom #tech #community #support #change #life #future #business #money #malaysia #socialmedia #cybersecurity #integrity #education
Nachträglich zu Weihnachten und zum Start des #39c3 schenke ich euch meinen aktuellen Artikel:
Und hier gleich noch ein Geschenklink: ich habe mit 
@qQ ✨ über die phänomenale Deutschland-Ticket-Recherche gesprochen:
https://www.zeit.de/digital/datenschutz/2025-12/deutschlandticket-betrug-oepnv-ticketfaelschungen-sicherheitsluecken?freebie=ce5ccefb
#deutschlandticket #39C3 #cybersecurity
#CVECrowd, your go-to place for #CVE discussions on the Fediverse and Bluesky, now supports email alerts.
Here's how it works:
- You define one or more alert keywords
- Keywords are matched against vendor, product, and package names from official CVE data
- If a post mentions a CVE that matches one of your keywords, you receive an email notification
Read more below 🧵
#Pentesting #AppSec #InfoSec #CyberSecurity #BugBounty #Hacking
🔓 Found critical vulns in Taimi (LGBTQ+ dating app) - all fixed, $10k bounty
What I found:
The good news: Taimi actually handled this right. Fast response, $10k bounty, everything fixed quickly. No lawyers, no threats.
This is how disclosure should work. Take notes, Lovense.
Full writeup: https://bobdahacker.com/blog/taimi-idor
#InfoSec #BugBounty #ResponsibleDisclosure #IDOR #Taimi #DatingApp #Security #Privacy #CyberSecurity #LGBTQ
#Microsoft to Replace All C/C++ #Code With #Rust by 2030
https://www.thurrott.com/dev/330980/microsoft-to-replace-all-c-c-code-with-rust-by-2030
2025 has been the worst year for digital rights in a decade.
2026 will require all of us making our voices heard - literally.
Make it a New Year's resolution to call your reps about digital freedom!
https://www.miamitech.club/make-2026-the-year-you-call-your-elected-representatives/
#DigitalRights #Privacy #Cybersecurity #Tech #Miami #Florida
혹시 여러분은 .NET이 미 국방부(DoD)의 가장 까다로운 보안 가이드라인인 STIG를 100% 충족하는 기술이라는 사실을 알고 계셨나요?
그동안 '군용 수준의 하드닝'은 소수의 전문가만이 막대한 리소스를 투입해 구축할 수 있는 높은 성벽과도 같았습니다. 하지만 이제 Docker와 .NET의 협업으로 탄생한 Docker Hardened Images(DHI)가 그 장벽을 허물었습니다.
🛡️ 왜 .NET 개발자와 기업이 DHI에 주목해야 할까요?
검증된 기술의 정점: .NET은 이미 전 세계 금융과 공공, 국방 분야에서 신뢰받는 플랫폼입니다. DHI는 이 신뢰를 '인증'의 형태로 객관화했습니다.
보안의 민주화: STIG 100% 준수, FIPS 암호화 인증과 같은 최고 등급의 보안 설정을 이제 별도의 복잡한 과정 없이 베이스 이미지 교체만으로 즉시 적용할 수 있습니다.
타협 없는 완결성: 단순히 취약점을 줄이는 수준을 넘어, 설계 단계부터 보안이 내재된(Secure-by-Design) 최상의 인프라를 표준화된 방식으로 공급받게 됩니다.
이제 .NET 개발팀은 "우리 서비스가 얼마나 안전한가?"라는 질문에 대해, "미 국방부 표준을 100% 준수하는 하드닝 기술을 사용하고 있다"는 가장 강력한 답변을 내놓을 수 있습니다.
글로벌 수준의 보안 경쟁력을 확보하고 싶은 .NET 리더와 개발자분들을 위해 상세한 가이드와 인사이트를 공유합니다.
🔗 상세 내용 보기: https://forum.dotnetdev.kr/t/docker-hardened-image-dhi-net/14171
#dotNET #닷넷 #보안 #CyberSecurity #DHI #STIG #FIPS #엔터프라이즈 #디지털트랜스포메이션 #DevSecOps
This Gmail hack is unsettling not because it’s flashy, but because it’s bureaucratic. Attackers aren’t breaking encryption or outsmarting algorithms. They’re filling out forms. By changing an account’s age and abusing Google’s Family Link feature, they can quietly reclassify an adult user as a “child” and assume parental control. At that point, the rightful owner isn’t hacked so much as administratively erased.
The clever part is that everything happens inside legitimate features. Passwords are changed. Two-factor settings are altered. Recovery options are overwritten. And when the user tries to get back in, Google’s automated systems see a supervised child account and do exactly what they were designed to do: say no.
Google says it’s looking into the issue, which suggests this wasn’t how the system was supposed to work. But it’s a reminder of an old lesson. Security failures often happen when protective mechanisms are combined in ways no one quite imagined. The tools aren’t broken. The assumptions are.
There’s no dramatic fix here, only mildly annoying advice that suddenly feels urgent. Review recovery settings. Lock down account changes. Use passkeys. Because once an attacker controls the recovery layer, proving you’re you can become surprisingly difficult.
TL;DR
🧠 Family safety tools are being weaponized
⚡ Account recovery can be shut down entirely
🎓 Legitimate features enable the lockout
🔍 Prevention matters more than appeals
#Cybersecurity #Gmail #IdentitySecurity #AccountRecovery #DigitalRisk #security #privacy #cloud #infosec
I'm taking 20+ years of #Cybersecurity experience, ~15 years of screwing around with #Linux as a daily driver, and my deep, abiding belief in personal #Privacy and writing about those topics at https://www.between-two-firewalls.com/
You'll laugh, you'll cry, it's better than #CATS. (with apologies to David Letterman for that blatant steal)
Lessons From the Frontlines: Insights From a Career in Cybersecurity by Assaf Keren, 2025
Transform your approach to cybersecurity leadership with specific, actionable techniques from a 25+ year veteran of the industry.
#Proton: Join the 2025 Lifetime account fundraiser for online freedom
https://proton.me/blog/2025-lifetime-account-charity-fundraiser
This might be a bit of a long shot, but does anyone have some great examples of questions and answers pertaining to #infosec and #cybersecurity that you'd get, as a company from your clients?
I know in the past I've had clients ask for stuff like longer log or backups retention, etc. but what sorts of questions are usually expected?
Thanks very much in advance and please boost far and wide!
Hello, hachyderm.io! I'm Artur Manuel, better known as 
@amadaluziaArtur Manuel across other platforms.
I've been on Mastodon in the past under 
@amadaluzia@bsd.cafeArtur Manuel, and recently moved in because I was self-consious about my status as a *BSD user. If you aren't sure who I am from that tag alone, I have a webpage that describes who I am that can be found in the following URL.
You should expect long posts from me, as I generally like to write long posts for the sake of detail. If you want short form posts, wait for a while until I have a reason to make a short post, which can be pretty hard to find. Otherwise, you'll at least have something to read. :D
Aside from the basic Mastodon tags, I'll add my interests as well. I hope we can get along!
#introduction #mastodon #linux #cybersecurity #programming #tech #foss #privacy
I wish there would be end-to-end encrypted, federated micro-blog social media. Social media entries and media aren't stored in plain text, but rather encrypted on the server, and only users who have subscribed to them have the ability to decrypt it.
#Fediverse #Mastodon #DecentralisedWeb #EndToEndEncryption #PrivacyMatters #SecureSocialMedia #ActivityPub #DigitalRights #DataOwnership #OnlinePrivacy #FederatedNetworks #CryptoSocial #PrivacyFirst #SelfHosting #OpenSource #DigitalFreedom #SafeSpacesOnline #EncryptionNow #SocialMediaReform #UserControl #NoSurveillance #DecentralisedSocial #TechForGood #PrivacyTools #DigitalSovereignty #StopDataHarvesting #OwnYourData #SecureMessaging #PrivacyActivism #DigitalJustice #Web3 #InformationSecurity #CyberSecurity #OnlineFreedom #ResistSurveillance
