Cloudflare zero-day: Accessing any host globally
https://fearsoff.org/research/cloudflare-acme
#HackerNews #Cloudflare #ZeroDay #CloudSecurity #CyberThreats #Vulnerability #Research #AccessControl
informapirata ⁂ :privacypride:
boosted
⁂ Article
Origin-mo: il trucco pigro che ha aperto 40.000 siti WordPress agli hacker
I ricercatori hanno scoperto una vulnerabilità critica nel plugin Modular DS per WordPress che ha permesso a hacker di compromettere oltre 40.000 siti con un metodo sorprendentemente semplice.
La vulnerabilità CVE-2026-23550
Il plugin Modular DS, installato su decine di migliaia di siti WordPress, presentava una falla di privilege escalation classificata con un punteggio CVSS di 10.0, il massimo livello di severità. Questa debolezza, identificata come CVE-2026-23550 e catalogata nel […]
⁂ Article
Origin-mo: il trucco pigro che ha aperto 40.000 siti WordPress agli hacker
I ricercatori hanno scoperto una vulnerabilità critica nel plugin Modular DS per WordPress che ha permesso a hacker di compromettere oltre 40.000 siti con un metodo sorprendentemente semplice.
La vulnerabilità CVE-2026-23550
Il plugin Modular DS, installato su decine di migliaia di siti WordPress, presentava una falla di privilege escalation classificata con un punteggio CVSS di 10.0, il massimo livello di severità. Questa debolezza, identificata come CVE-2026-23550 e catalogata nel […]
🚨 Mozilla drops urgent Firefox update patching 16 vulnerabilities incl. critical remote code execution & sandbox escapes in versions 145 & ESR 115.30/140.5. Users must update NOW to stay safe! 🔐🔥 Details: https://gbhackers.com/mozilla-issues-urgent-firefox-update-2/ #CyberSecurity #FirefoxUpdate #ZeroDay #newz
Wenn IT-Sicherheit "oberste Prio" hat 🙈
Zero-Day-Lücke bei LNK-Anzeige in Windows gegen Diplomaten missbraucht
#Microsoft #Windows
https://www.heise.de/news/Windows-Zero-Day-Luecke-bei-LNK-Anzeige-gegen-Diplomaten-missbraucht-10983101.html?wt_mc=rss.red.ho.ho.rdf.beitrag.beitrag
@pallenberg
Wer weiß, wie viele Geheimdienste die #sicherheitslucken schon lange kennen, aber keinen was sagen, weil sie die Lücke selbst nutzen wollen.
Diese staatliche #Hacking-Strategie ist eine Katastrophe. Vor allem das kaufen und geheim halten von #ZeroDay|s. Die wissen dass eine Schwachstelle verkauft wird, alle User sind angreifbar, sie wissen nicht von wenn alles, aber sie sagen niemandem etwas, und finanzieren durch ihren Kauf #blackhats (kriminelle Hacker).
Stefano Marinelli
boosted
Hackers can steal 2FA codes and private messages from Android phones
> Android devices are vulnerable to a new attack that can covertly steal 2FA codes, location timelines, and other private data in less than 30 seconds.
> The new attack, named Pixnapping by the team of academic researchers who devised it, requires a victim to first install a malicious app on an Android phone or tablet.
> The app, which requires no system permissions, can then effectively read data that any other installed app displays on the screen. Pixnapping has been demonstrated on Google Pixel phones and the Samsung Galaxy S25 phone and likely could be modified to work on other models with additional work. Google released mitigations last month, but the researchers said a modified version of the attack works even when the update is installed.
https://arstechnica.com/security/2025/10/no-fix-yet-for-attack-that-lets-hackers-pluck-2fa-codes-from-android-phones/ #Android #Cybersecurity #InfoSec #2FA #Privacy #Pixnapping #GooglePixel #Samsung #MobileSecurity #DataBreach #ZeroDay #TechNews #Hacking
Hackers can steal 2FA codes and private messages from Android phones
> Android devices are vulnerable to a new attack that can covertly steal 2FA codes, location timelines, and other private data in less than 30 seconds.
> The new attack, named Pixnapping by the team of academic researchers who devised it, requires a victim to first install a malicious app on an Android phone or tablet.
> The app, which requires no system permissions, can then effectively read data that any other installed app displays on the screen. Pixnapping has been demonstrated on Google Pixel phones and the Samsung Galaxy S25 phone and likely could be modified to work on other models with additional work. Google released mitigations last month, but the researchers said a modified version of the attack works even when the update is installed.
https://arstechnica.com/security/2025/10/no-fix-yet-for-attack-that-lets-hackers-pluck-2fa-codes-from-android-phones/ #Android #Cybersecurity #InfoSec #2FA #Privacy #Pixnapping #GooglePixel #Samsung #MobileSecurity #DataBreach #ZeroDay #TechNews #Hacking
“Microsoft has released patches to “fully protect” SharePoint 2019 and SharePoint Subscription Edition servers, and the company is actively working on a patch for SharePoint 2016.
#CISA …says that the scope and impact of the attacks are still being assessed, and that any servers that have been impacted by the exploit should be disconnected from the internet until an official resolution is available.”
#Sharepoint #zerodayhttps://mastodon.social/@verge/114890559136880575
Ariadne Conill 🐰:therian:
boosted
#Bluetooth was a mistake: Millions of Bluetooth headphones can potentially be turned in eavesdropping devices. Best-seller #Sony and #Bose #headphones are affected by at least some of the disclosed flaws among many others. The true dimension of these flaws is yet unknown as the the vulnerable component is very widely in use under different names.
Disclosure of the vulnerabilities: https://insinuator.net/2025/06/airoha-bluetooth-security-vulnerabilities/
No updates or official statements available yet. ☠️
#Bluetooth was a mistake: Millions of Bluetooth headphones can potentially be turned in eavesdropping devices. Best-seller #Sony and #Bose #headphones are affected by at least some of the disclosed flaws among many others. The true dimension of these flaws is yet unknown as the the vulnerable component is very widely in use under different names.
Disclosure of the vulnerabilities: https://insinuator.net/2025/06/airoha-bluetooth-security-vulnerabilities/
No updates or official statements available yet. ☠️