Israeli exec at Paragon accidentally exposed Graphite spyware dashboard on LinkedIn—real-time access to Czech user's WhatsApp, Signal, geolocation, camera/mic via zero-click exploits 🔍

Post deleted, shows US agency sales after Trump lifted rights bans, fueling surveillance concerns ⚠️

🔗 https://news-pravda.com/world/2026/02/12/2071096.html

#TechNews #Privacy #Spyware #Security #Surveillance #Cybersecurity #Data #Encryption #Graphite #HumanRights #Tech #FOSS #DigitalRights #Cyber #Israel #Paragon #CzechRepublic #US #Trump

Israeli exec at Paragon accidentally exposed Graphite spyware dashboard on LinkedIn—real-time access to Czech user's WhatsApp, Signal, geolocation, camera/mic via zero-click exploits 🔍

Post deleted, shows US agency sales after Trump lifted rights bans, fueling surveillance concerns ⚠️

🔗 https://news-pravda.com/world/2026/02/12/2071096.html

#TechNews #Privacy #Spyware #Security #Surveillance #Cybersecurity #Data #Encryption #Graphite #HumanRights #Tech #FOSS #DigitalRights #Cyber #Israel #Paragon #CzechRepublic #US #Trump

Yesterday, DomainTools Investigations released research on Lotus Blossom and the Notepad++ attack - but also, we went far beyond the attack and deeper into Lotus Blossom's larger profile.

#threatintel #infosec #cybersecurity

https://dti.domaintools.com/research/lotus-blossom-and-the-notepad-supply-chain-espionage-campaign

Yesterday, DomainTools Investigations released research on Lotus Blossom and the Notepad++ attack - but also, we went far beyond the attack and deeper into Lotus Blossom's larger profile.

#threatintel #infosec #cybersecurity

https://dti.domaintools.com/research/lotus-blossom-and-the-notepad-supply-chain-espionage-campaign

🐼 US Senator says AT&T, Verizon blocking release of Salt Typhoon security assessment reports

“If AT&T and Verizon are not going to provide Congress key documentation voluntarily, then I believe this committee must promptly convene a hearing with their CEOs so they can explain why Americans should have confidence in the security of their networks amid mounting evidence that the Salt Typhoon hackers remain active and undeterred,”

https://www.reuters.com/business/media-telecom/senator-says-att-verizon-blocking-release-salt-typhoon-security-assessment-2026-02-03/

#SaltTyphoon #china #cybersecurity

They finally did it. Microsoft has successfully over-engineered a text editor into a threat vector.

This CVE is an 8.8 severity RCE in Notepad of all things lmao.

Apparently, the "innovation" of adding markdown support came with the ability of launching unverified protocols that load and execute remote files.

We have reached a point where the simple act of opening a .md file in a native utility can compromise your system. Is nothing safe anymore? 😭

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-20841

#noai #microslop #microsoft #windows #programming #writing #windows11 #enshittification #cybersecurity #infosec #technology

🐼 US Senator says AT&T, Verizon blocking release of Salt Typhoon security assessment reports

“If AT&T and Verizon are not going to provide Congress key documentation voluntarily, then I believe this committee must promptly convene a hearing with their CEOs so they can explain why Americans should have confidence in the security of their networks amid mounting evidence that the Salt Typhoon hackers remain active and undeterred,”

https://www.reuters.com/business/media-telecom/senator-says-att-verizon-blocking-release-salt-typhoon-security-assessment-2026-02-03/

#SaltTyphoon #china #cybersecurity

🐞 Breaking Down CVE-2026-25049: How TypeScript Types Failed n8n's Security // Het Mehta

｢ CVE-2026-25049, a critical vulnerability with a CVSS score of 9.4 that let attackers execute arbitrary system commands on n8n servers. What makes this particularly interesting (and painful for n8n’s security team) is that this vulnerability bypassed a security fix they had just deployed two months earlier ｣

https://hetmehta.com/posts/n8n-type-confusion-rce/

#typescript #rce #cybersecurity #CVE202625049

Tesla exec tells Congress ‘no one has ever’ taken control of its vehicles — but that’s not true

Tesla Vice President of Vehicle Engineering Lars Moravy told a Senate committee this week that no one has ever remotely taken control of Tesla vehicles. That claim doesn’t hold up to the facts of history.

In fact, a single hacker once gained control of Tesla’s entire fleet.

#LarsMoravy #tesla #security #cybersecurity #automotive #auto #cars #transportation #hacked

https://electrek.co/2026/02/06/tesla-exec-tells-congress-no-one-has-ever-taken-control-vehicles-but-thats-not-true/

⚠️ Improper neutralization of special elements used in a command ('command injection') in Windows Notepad App allows an unauthorized attacker to execute code over a network

https://www.cve.org/CVERecord?id=CVE-2026-20841

#notepad #CVE202620841 #cybersecurity

🐞 Breaking Down CVE-2026-25049: How TypeScript Types Failed n8n's Security // Het Mehta

｢ CVE-2026-25049, a critical vulnerability with a CVSS score of 9.4 that let attackers execute arbitrary system commands on n8n servers. What makes this particularly interesting (and painful for n8n’s security team) is that this vulnerability bypassed a security fix they had just deployed two months earlier ｣

https://hetmehta.com/posts/n8n-type-confusion-rce/

#typescript #rce #cybersecurity #CVE202625049