Experimental News Clipping Site

Tag: vulnerability

  • The Register: Cybercrims claim raid on 28,000 Red Hat repos, say they have sensitive customer files

    by

    Kurt Seifried
    in

    Source URL: https://www.theregister.com/2025/10/02/cybercrims_claim_raid_on_28000/ Source: The Register Title: Cybercrims claim raid on 28,000 Red Hat repos, say they have sensitive customer files Feedly Summary: 570GB of data claimed to be stolen by the Crimson Collective A hacking crew claims to have broken into Red Hat’s private GitHub repositories, exfiltrating some 570GB of compressed data, including sensitive…

  • The Register: ‘Delightful’ root-access bug in Red Hat OpenShift AI allows full cluster takeover

    by

    Kurt Seifried
    in

    Source URL: https://www.theregister.com/2025/10/01/critical_red_hat_openshift_ai_bug/ Source: The Register Title: ‘Delightful’ root-access bug in Red Hat OpenShift AI allows full cluster takeover Feedly Summary: Who wouldn’t want root access on cluster master nodes? A 9.9 out of 10 severity bug in Red Hat’s OpenShift AI service could allow a remote attacker with minimal authentication to steal data, disrupt…

  • Cisco Talos Blog: Nvidia and Adobe vulnerabilities

    by

    Kurt Seifried
    in

    Source URL: https://blog.talosintelligence.com/nvidia-and-adobe-vulnerabilities/ Source: Cisco Talos Blog Title: Nvidia and Adobe vulnerabilities Feedly Summary: Cisco Talos’ Vulnerability Discovery & Research team recently disclosed five vulnerabilities in Nvidia and one in Adobe Acrobat.The vulnerabilities mentioned in this blog post have been patched by their respective vendors, all in adherence to Cisco’s third-party vulnerability disclosure policy.    For Snort…

  • Schneier on Security: Use of Generative AI in Scams

    by

    Kurt Seifried
    in

    Source URL: https://www.schneier.com/blog/archives/2025/10/use-of-generative-ai-in-scams.html Source: Schneier on Security Title: Use of Generative AI in Scams Feedly Summary: New report: “Scam GPT: GenAI and the Automation of Fraud.” This primer maps what we currently know about generative AI’s role in scams, the communities most at risk, and the broader economic and cultural shifts that are making people…

  • Unit 42: TOTOLINK X6000R: Three New Vulnerabilities Uncovered

    by

    Kurt Seifried
    in

    Source URL: https://unit42.paloaltonetworks.com/totolink-x6000r-vulnerabilities/ Source: Unit 42 Title: TOTOLINK X6000R: Three New Vulnerabilities Uncovered Feedly Summary: Researchers identified vulnerabilities in TOTOLINK X6000R routers: CVE-2025-52905, CVE-2025-52906 and CVE-2025-52907. We discuss root cause and impact. The post TOTOLINK X6000R: Three New Vulnerabilities Uncovered appeared first on Unit 42. AI Summary and Description: Yes Summary: The text highlights newly…

  • The Register: Tile trackers are a stalker’s dream, say Georgia Tech researchers

    by

    Kurt Seifried
    in

    Source URL: https://www.theregister.com/2025/09/30/tile_trackers_unencrypted_info/ Source: The Register Title: Tile trackers are a stalker’s dream, say Georgia Tech researchers Feedly Summary: Plaintext transmissions, fixed MAC addresses, rotating ‘unique’ IDs, and more, make abuse easy Tile Bluetooth trackers leak identifying data in plain text, giving stalkers an easy way to track victims despite Life360’s security promises, a group…

  • Slashdot: Windows 11’s 2025 Update Arrives

    by

    Kurt Seifried
    in

    Source URL: https://tech.slashdot.org/story/25/09/30/1827229/windows-11s-2025-update-arrives?utm_source=rss1.0mainlinkanon&utm_medium=feed Source: Slashdot Title: Windows 11’s 2025 Update Arrives Feedly Summary: AI Summary and Description: Yes Summary: Microsoft is rolling out Windows 11 version 25H2, which includes advancements in vulnerability detection and AI-assisted secure coding. This update aims to enhance security in alignment with Microsoft’s security development lifecycle policy. Detailed Description: Microsoft has…

  • The Register: Warnings about Cisco vulns under active exploit are falling on deaf ears

    by

    Kurt Seifried
    in

    Source URL: https://www.theregister.com/2025/09/30/cisco_firewall_vulns/ Source: The Register Title: Warnings about Cisco vulns under active exploit are falling on deaf ears Feedly Summary: 50,000 firewall devices still exposed Nearly 50,000 Cisco ASA/FTD instances vulnerable to two bugs that are actively being exploited by “advanced" attackers remain exposed to the internet, according to Shadowserver data.… AI Summary and…

  • The Register: One line of malicious npm code led to massive Postmark email heist

    by

    Kurt Seifried
    in

    Source URL: https://www.theregister.com/2025/09/29/postmark_mcp_server_code_hijacked/ Source: The Register Title: One line of malicious npm code led to massive Postmark email heist Feedly Summary: MCP plus open source plus typosquatting … what could possibly go wrong? A fake npm package posing as Postmark’s MCP (Model Context Protocol) server silently stole potentially thousands of emails a day by adding…