WhisperPair leverages a vulnerability in Google Fast Pair to let an attacker hijack devices to listen to audio, track location, or play audio. It only takes 10 seconds and physical proximity (around 14 meters (46 feet)). https://arstechnica.com/gadgets/2026/01/researchers-reveal-whisperpair-attack-to-eavesdrop-on-google-fast-pair-headphones/ #FastPair #WhisperPair #Vulnerability
Unauthenticated remote code execution in OpenCode
#HackerNews #Unauthenticated #remote #code #execution #OpenCode #security #vulnerability #cybersecurity #hacking #news
Sascha Foerster :bonndigital:
boosted
Luxembourg, 2026/01/07 - The GCVE initiative is proud to announce the public launch of db.gcve.eu , a new open and freely accessible vulnerability advisory database. The platform aggregates and correlates vulnerability information from more than 25 public sources, including GCVE GNA (Numbering Authority) sources and other established vulnerability databases.
🔗 For more details - https://gcve.eu/2026/01/07/gcve-db-announce/
🔗 https://db.gcve.eu/
#cve #gcve #cybersecurity #vulnerabilitymanagement #vulnerability
Em :official_verified:
boosted
#ChatGPT falls to new data-pilfering attack as a vicious cycle in #AI continues
There’s a well-worn pattern in the development of AI #chatbots. Researchers discover a #vulnerability and #exploit it to do something bad. The platform introduces a guardrail that stops the attack from working. Then, researchers devise a simple tweak that once again imperils #chatbot users.
#privacy
#ChatGPT falls to new data-pilfering attack as a vicious cycle in #AI continues
There’s a well-worn pattern in the development of AI #chatbots. Researchers discover a #vulnerability and #exploit it to do something bad. The platform introduces a guardrail that stops the attack from working. Then, researchers devise a simple tweak that once again imperils #chatbot users.
#privacy
daniel:// stenberg://
and 1 other
boosted
#curl 8.18.0 has been released. This release fixes 2 medium and 4 low level vulnerabilities:
- CVE-2025-13034: No QUIC certificate pinning with GnuTLS https://curl.se/docs/CVE-2025-13034.html
- CVE-2025-14017: broken TLS options for threaded LDAPS https://curl.se/docs/CVE-2025-14017.html
- CVE-2025-14524: bearer token leak on cross-protocol redirect https://curl.se/docs/CVE-2025-14524.html
- CVE-2025-14819: OpenSSL partial chain store policy bypass https://curl.se/docs/CVE-2025-14819.html
- CVE-2025-15079: libssh global knownhost override https://curl.se/docs/CVE-2025-15079.html
- CVE-2025-15224: libssh key passphrase bypass without agent set https://curl.se/docs/CVE-2025-15224.html
I discovered the last 2 vulnerabilities.
Download curl 8.18.0 from https://curl.se/download.html
#vulnerabilityresearch #vulnerability #cybersecurity #infosec
Luxembourg, 2026/01/07 - The GCVE initiative is proud to announce the public launch of db.gcve.eu , a new open and freely accessible vulnerability advisory database. The platform aggregates and correlates vulnerability information from more than 25 public sources, including GCVE GNA (Numbering Authority) sources and other established vulnerability databases.
🔗 For more details - https://gcve.eu/2026/01/07/gcve-db-announce/
🔗 https://db.gcve.eu/
#cve #gcve #cybersecurity #vulnerabilitymanagement #vulnerability
#curl 8.18.0 has been released. This release fixes 2 medium and 4 low level vulnerabilities:
- CVE-2025-13034: No QUIC certificate pinning with GnuTLS https://curl.se/docs/CVE-2025-13034.html
- CVE-2025-14017: broken TLS options for threaded LDAPS https://curl.se/docs/CVE-2025-14017.html
- CVE-2025-14524: bearer token leak on cross-protocol redirect https://curl.se/docs/CVE-2025-14524.html
- CVE-2025-14819: OpenSSL partial chain store policy bypass https://curl.se/docs/CVE-2025-14819.html
- CVE-2025-15079: libssh global knownhost override https://curl.se/docs/CVE-2025-15079.html
- CVE-2025-15224: libssh key passphrase bypass without agent set https://curl.se/docs/CVE-2025-15224.html
I discovered the last 2 vulnerabilities.
Download curl 8.18.0 from https://curl.se/download.html
#vulnerabilityresearch #vulnerability #cybersecurity #infosec
Eurostar AI vulnerability: when a chatbot goes off the rails
#HackerNews #Eurostar #AI #vulnerability #chatbot #security #tech #news #AI #ethics
Heap Overflow in FFmpeg EXIF
#HackerNews #HeapOverflow #FFmpeg #EXIF #SecurityBug #Vulnerability #Cybersecurity
A Vulnerability in Libsodium
https://00f.net/2025/12/30/libsodium-vulnerability/
#HackerNews #Libsodium #Vulnerability #Security #Cybersecurity #OpenSource #TechNews
It's called Inbox for a reason, I'm working on Encrypted Direct Messages that will interoperate with Pixelfed's upcoming E2EE DMs 😎
@dansup can you PLEEEEAAASE (!!) first fix the Pixelfed privacy vulnerability I was reporting over a month ago?
I only got one email that you are "looking into this" and that you are "working on a fix"
I haven't heard anything about this yet. but messages are still publicly available.
I can also report the issue officially on Pixelfeds Github, if you prefer it.
Thx
#pixelfed #bug #vulnerability #privacy #privacyvulnerability
hypebot
boosted
»WhatsApp und Signal: Privatsphäre angreifbar, Tracker-Software verfügbar«.
Der heise-Artikel und auch der PoC auf GitHub geben leider keine Auskunft darüber, was man bei Signal einstellen kann, um das Risiko zu minimieren. Wenn es die gleiche/ähnliche Einstellung wie bei WhatsApp ist, dürfte aber helfen: Einstellungen -> Datenschutz -> Unbekannte (Nummern) blockieren: Aktivieren. (Aktuell nur beim Signal-Fork Molly verfügbar).
https://github.com/Xh4H/WhatsApp-device-activity-tracker
#whatsapp #signal #vulnerability
/kuk
Linux Kernel Rust Code Sees Its First CVE Vulnerability
https://www.phoronix.com/news/First-Linux-Rust-CVE
#HackerNews #LinuxKernel #RustCVE #Vulnerability #CyberSecurity #OpenSource #TechNews
»WhatsApp und Signal: Privatsphäre angreifbar, Tracker-Software verfügbar«.
Der heise-Artikel und auch der PoC auf GitHub geben leider keine Auskunft darüber, was man bei Signal einstellen kann, um das Risiko zu minimieren. Wenn es die gleiche/ähnliche Einstellung wie bei WhatsApp ist, dürfte aber helfen: Einstellungen -> Datenschutz -> Unbekannte (Nummern) blockieren: Aktivieren. (Aktuell nur beim Signal-Fork Molly verfügbar).
https://github.com/Xh4H/WhatsApp-device-activity-tracker
#whatsapp #signal #vulnerability
/kuk
Michał "rysiek" Woźniak · 🇺🇦
boosted
Siemens reports critical flaw in IAM Client on multiple industrial products
Siemens is reporting a critical vulnerability (CVE-2025-40800) in its IAM client component affecting multiple industrial software products, which allows unauthenticated attackers to conduct man-in-the-middle attacks due to improper certificate validation. Patches are available for most affected products.
**Make sure all your industrial systems are isolated from the internet and accessible from trusted networks only. If you are using COMOS, NX, Simcenter 3D, Simcenter Femap, Solid Edge plan a quick update for them. Not an urgent thing, but don't ignore this one. Someone will find a way to hack them.**
#cybersecurity #infosec #advisory #vulnerability
https://beyondmachines.net/event_details/siemens-reports-critical-flaw-in-iam-client-on-multiple-industrial-products-1-d-o-3-h/gD2P6Ple2L
Siemens reports critical flaw in IAM Client on multiple industrial products
Siemens is reporting a critical vulnerability (CVE-2025-40800) in its IAM client component affecting multiple industrial software products, which allows unauthenticated attackers to conduct man-in-the-middle attacks due to improper certificate validation. Patches are available for most affected products.
**Make sure all your industrial systems are isolated from the internet and accessible from trusted networks only. If you are using COMOS, NX, Simcenter 3D, Simcenter Femap, Solid Edge plan a quick update for them. Not an urgent thing, but don't ignore this one. Someone will find a way to hack them.**
#cybersecurity #infosec #advisory #vulnerability
https://beyondmachines.net/event_details/siemens-reports-critical-flaw-in-iam-client-on-multiple-industrial-products-1-d-o-3-h/gD2P6Ple2L
Home Depot GitHub token exposed for a year, granted access to internal systems
#HackerNews #HomeDepot #GitHubToken #SecurityBreach #InternalAccess #Vulnerability #TechNews
