⚠️ Erlang Ecosystem Foundation Becomes CVE Numbering Authority (CNA) for the Hex and BEAM Ecosystem
Did you know SaaS now has its own CVE tag?
For years, vulnerabilities in SaaS services were hard to track – often without a CVE ID at all. That’s finally changing.
👉 The new exclusively-hosted-service tag tells you:
This issue affects only the hosted service (not on-prem).
In many cases, the provider has already fixed it – no customer patch needed.
Microsoft and Google are already using it. That means SaaS CVEs are now easier to find, easier to interpret, and easier to act on.
Why it matters:
Less noise. Better transparency. Smarter triage.
SaaS is the default – it’s about time our vulnerability management caught up. 🌥️🔐

GitHub Copilot: RCE via Prompt Injection
A prompt-injection attack enables Copilot to auto-approve via chat.tools.autoApprove, triggering YOLO mode and run arbitrary code
https://embracethered.com/blog/posts/2025/github-copilot-remote-code-execution-via-prompt-injection/
GitHub Copilot: RCE via Prompt Injection
A prompt-injection attack enables Copilot to auto-approve via chat.tools.autoApprove, triggering YOLO mode and run arbitrary code
https://embracethered.com/blog/posts/2025/github-copilot-remote-code-execution-via-prompt-injection/
"SUSE Multi-Linux Manager provides automated patching, content lifecycle management, and realtime monitoring to keep your mixed Linux environment secure"
Another WordPress plugin injection vuln. The original supply chain vulnerability. (Well, no, but you can smell what I'm cooking right?)
Critical Flaws in WordPress Plugin Leave 10,000 Sites Vulnerable
https://www.infosecurity-magazine.com/news/flaws-wordpress-plugin-expose/

News includes EEF's first #CVE release, Supabase's Multigres for scaling #postgres, new #MCP servers for Phoenix, #Erlang surviving extreme load tests, LiveDebugger v0.3.0 preview, and more! @elixirlang#ElixirLanghttps://www.youtube.com/watch?v=DsVyY4XHVm8
News includes EEF's first #CVE release, Supabase's Multigres for scaling #postgres, new #MCP servers for Phoenix, #Erlang surviving extreme load tests, LiveDebugger v0.3.0 preview, and more! @elixirlang#ElixirLanghttps://www.youtube.com/watch?v=DsVyY4XHVm8
Dear @Gargron — Can we take another, fresh look at https://github.com/mastodon/mastodon/issues/20694 ? Hashtags should ultimately support full UTF8, IMHO, but adding at the very least the dash would be very helpful. It's not just band or artist names. CVEs are a better example. It would be really helpful when I can use #CVE-2025-6019 instead of #CVE20256019 as I am forced to do now. I guess hashtags are not in scope of the ActivityPub protocol, @evan ?
News includes OTP 28 release, @elixirconfeu videos with @chris_mccord's phoenix.new keynote, Phoenix Sync for real-time database sync, @TheErlef board elections and #CVE authority status, LiveView macro components, and more! #ElixirLanghttps://www.youtube.com/watch?v=Dfn5yY3F-Gg