#Tag · bonfire.cafe

Apparently AMD's AutoUpdate downloads the updates over HTTP and executes them without any validation (presumably as SYSTEM user). AMD was notified of the vulnerability but according to them "attack requiring physical access to victim's computer/device, man in the middle or compromised user accounts" are out of scope.

Madness.

source: https://mrbruh.com/amd/

#vulnerability #infosec #cybersecurity

The RCE that AMD won't fix!

After reporting a RCE in AMD's auto-update software, they decided to not patch it due to it requiring a man-in-the-middle attack to perform.

Harry Sintonen

@harrysintonen@infosec.exchange · 2 days ago

Madness.

source: https://mrbruh.com/amd/

#vulnerability #infosec #cybersecurity

The RCE that AMD won't fix!

After reporting a RCE in AMD's auto-update software, they decided to not patch it due to it requiring a man-in-the-middle attack to perform.

Harry Sintonen

@harrysintonen@infosec.exchange · 2 days ago

Madness.

source: https://mrbruh.com/amd/

#vulnerability #infosec #cybersecurity

The RCE that AMD won't fix!

After reporting a RCE in AMD's auto-update software, they decided to not patch it due to it requiring a man-in-the-middle attack to perform.

Robert W. Gehl boosted

Lorenzo Ancora :verified:

@LorenzoAncora@ieji.de · 6 days ago

Notepad++'s update servers have been compromised by Chinese hackers and all users had been exposed to malware. The developer estimated the overall compromise period spanned from June through December 2, 2025.
Users should update to version 8.9.1 (or superior) immediately.

Source: https://notepad-plus-plus.org/news/hijacked-incident-info-update/

#security #vulnerability #windows #text #editor #notepad #foss #freesoftware #software

Notepad++ Hijacked by State-Sponsored Hackers | Notepad++

Lorenzo Ancora :verified:

@LorenzoAncora@ieji.de · 6 days ago

Source: https://notepad-plus-plus.org/news/hijacked-incident-info-update/

#security #vulnerability #windows #text #editor #notepad #foss #freesoftware #software

Notepad++ Hijacked by State-Sponsored Hackers | Notepad++

Hacker News

@h4ckernews@mastodon.social · 3 weeks ago

Cloudflare zero-day: Accessing any host globally

https://fearsoff.org/research/cloudflare-acme

#HackerNews #Cloudflare #ZeroDay #CloudSecurity #CyberThreats #Vulnerability #Research #AccessControl

Cloudflare Zero-day: Accessing Any Host Globally

Discover how a Cloudflare WAF bypass in /.well-known/acme-challenge/ exposed origins, its impact, and the fix. A must-read for security pros.

Ael Yokan and 1 other boosted

AAKL

@AAKL@infosec.exchange · 3 weeks ago

New.

Cyata Research: Breaking Anthropic’s Official MCP Server https://cyata.ai/blog/cyata-research-breaking-anthropics-official-mcp-server/

mcp-server-git 2026.1.14 https://pypi.org/project/mcp-server-git/

The Hacker News: Three Flaws in Anthropic MCP Git Server Enable File Access and Code Execution https://thehackernews.com/2026/01/three-flaws-in-anthropic-mcp-git-server.html @thehackernews #infosec #Anthropic #vulnerability

The Hacker News

Three Flaws in Anthropic MCP Git Server Enable File Access and Code Execution

Three vulnerabilities in Anthropic’s MCP Git server allow prompt injection attacks that can read or delete files and, in some cases, lead to RCE.

Client Challenge

Cyata | The Control Plane for Agentic Identity

Cyata Research: Breaking Anthropic's Official MCP Server - Cyata | The Control Plane for Agentic Identity

How We Found Code Execution in Anthropic’s Official Git MCP Server TL;DR What happened: Cyata discovered three security vulnerabilities in mcp-server-git, the official Git MCP server maintained by Anthropic. These flaws can be exploited through prompt injection, meaning an attacker who can influence what an AI assistant reads (a malicious README, a poisoned issue description, […]

AAKL

@AAKL@infosec.exchange · 3 weeks ago

New.

Cyata Research: Breaking Anthropic’s Official MCP Server https://cyata.ai/blog/cyata-research-breaking-anthropics-official-mcp-server/

mcp-server-git 2026.1.14 https://pypi.org/project/mcp-server-git/

The Hacker News

Three Flaws in Anthropic MCP Git Server Enable File Access and Code Execution

Three vulnerabilities in Anthropic’s MCP Git server allow prompt injection attacks that can read or delete files and, in some cases, lead to RCE.

Client Challenge

Cyata | The Control Plane for Agentic Identity

Cyata Research: Breaking Anthropic's Official MCP Server - Cyata | The Control Plane for Agentic Identity

Brad Linder

@bradlinder@fosstodon.org · 3 weeks ago

WhisperPair leverages a vulnerability in Google Fast Pair to let an attacker hijack devices to listen to audio, track location, or play audio. It only takes 10 seconds and physical proximity (around 14 meters (46 feet)). https://arstechnica.com/gadgets/2026/01/researchers-reveal-whisperpair-attack-to-eavesdrop-on-google-fast-pair-headphones/ #FastPair #WhisperPair #Vulnerability

Ars Technica

Researchers reveal “WhisperPair” attack to eavesdrop on Google Fast Pair headphones

Even Google's own earbuds are vulnerable to the Fast Pair hack.

Hacker News

@h4ckernews@mastodon.social · 4 weeks ago

Unauthenticated remote code execution in OpenCode

https://cy.md/opencode-rce/

#HackerNews #Unauthenticated #remote #code #execution #OpenCode #security #vulnerability #cybersecurity #hacking #news

Unauthenticated Remote Code Execution in OpenCode

Sascha Foerster :bonndigital: boosted

gcve.eu

@gcve@social.circl.lu · last month

🔗 For more details - https://gcve.eu/2026/01/07/gcve-db-announce/
🔗 https://db.gcve.eu/

#cve #gcve #cybersecurity #vulnerabilitymanagement #vulnerability

The project is co-funded by CIRCL and the European Union (ECCC) under the FETTA project, supporting the development of open, resilient, and strengthen EU Cyber Threat Intelligence.

The db.gcve.eu platform is hosted and operated by CIRCL in its own datacenter located in the Grand-Duchy of Luxembourg (Europe). This ensures full control over the infrastructure, data, and operations. By combining open-source software, open data, and European-controlled infrastructure, GCVE and CIRCL contribute to strengthening digital sovereignty, strategic autonomy, and trust in vulnerability information sharing.

While the infrastructure relies on a global hardware supply chain and therefore includes non-EU manufactured equipment, the platform is fully operated, administered, and governed from within Europe by CIRCL. — The project is co-funded by CIRCL and the European Union (ECCC) under the FETTA project, supporting the development of open, resilient, and strengthen EU Cyber Threat Intelligence. The db.gcve.eu platform is hosted and operated by CIRCL in its own datacenter located in the Grand-Duchy of Luxembourg (Europe). This ensures full control over the infrastructure, data, and operations. By combining open-source software, open data, and European-controlled infrastructure, GCVE and CIRCL contribute to strengthening digital sovereignty, strategic autonomy, and trust in vulnerability information sharing. While the infrastructure relies on a global hardware supply chain and therefore includes non-EU manufactured equipment, the platform is fully operated, administered, and governed from within Europe by CIRCL.

GCVE Announces the Launch of db.gcve.eu: A New Open Public Vulnerability Advisory Database

Luxembourg, 2026/01/07 - The GCVE initiative is proud to announce the public launch of db.gcve.eu, a new open and freely accessible vulnerability advisory database. The platform aggregates and correlates vulnerability information from more than 25 public sources, including GCVE GNA (Numbering Authority) sources and other established vulnerability databases. The goal of db.gcve.eu is to provide the community with a single, unified, and openly accessible reference point for vulnerability intelligence, enabling defenders, researchers, CSIRTs, vendors, and open-source projects to more easily track, correlate, and analyze security advisories across ecosystems.

Em :official_verified: boosted

PrivacyDigest

@PrivacyDigest@mas.to · last month

#ChatGPT falls to new data-pilfering attack as a vicious cycle in #AI continues

There’s a well-worn pattern in the development of AI #chatbots. Researchers discover a #vulnerability and #exploit it to do something bad. The platform introduces a guardrail that stops the attack from working. Then, researchers devise a simple tweak that once again imperils #chatbot users.
#privacy

https://arstechnica.com/security/2026/01/chatgpt-falls-to-new-data-pilfering-attack-as-a-vicious-cycle-in-ai-continues/

Ars Technica

ChatGPT falls to new data-pilfering attack as a vicious cycle in AI continues

Will LLMs ever be able to stamp out the root cause of these attacks? Possibly not.

PrivacyDigest

@PrivacyDigest@mas.to · last month

#ChatGPT falls to new data-pilfering attack as a vicious cycle in #AI continues

https://arstechnica.com/security/2026/01/chatgpt-falls-to-new-data-pilfering-attack-as-a-vicious-cycle-in-ai-continues/

Ars Technica

ChatGPT falls to new data-pilfering attack as a vicious cycle in AI continues

Will LLMs ever be able to stamp out the root cause of these attacks? Possibly not.

daniel:// stenberg:// and 1 other boosted

Harry Sintonen

@harrysintonen@infosec.exchange · last month

#curl 8.18.0 has been released. This release fixes 2 medium and 4 low level vulnerabilities:
- CVE-2025-13034: No QUIC certificate pinning with GnuTLS https://curl.se/docs/CVE-2025-13034.html
- CVE-2025-14017: broken TLS options for threaded LDAPS https://curl.se/docs/CVE-2025-14017.html
- CVE-2025-14524: bearer token leak on cross-protocol redirect https://curl.se/docs/CVE-2025-14524.html
- CVE-2025-14819: OpenSSL partial chain store policy bypass https://curl.se/docs/CVE-2025-14819.html
- CVE-2025-15079: libssh global knownhost override https://curl.se/docs/CVE-2025-15079.html
- CVE-2025-15224: libssh key passphrase bypass without agent set https://curl.se/docs/CVE-2025-15224.html