Infosec.Pub

4,750 readers
103 users here now

To support infosec.pub, please consider donating through one of the following services:

Paypal: jerry@infosec.exchange

Ko-Fi: https://ko-fi.com/infosecexchange

Patreon: https://www.patreon.com/infosecexchange

founded 2 years ago
ADMINS
jerry
shellsharks
modbot
listing: all - local
1
17
Judge blocks Trump admin. from deploying California National Guard in Los Angeles (www.cbsnews.com)
submitted 3 hours ago by TacoButtPlug@sh.itjust.works to c/los_angeles
0 comments fedilink
2
1
Purbaya Blak-blakan UU Ciptaker Bikin Kantong Negara Boncos Rp25 T (cnnindonesia.com)
submitted 1 hour ago* (last edited 1 hour ago) by cm0002@lemmy.cafe to c/indonesia
0 comments fedilink
 
 

Sebagai pengingat, hanya dua partai yang menolak tegas UU Cilaka ini, yaitu PKS dan partai Demokrat.

Pelaku utama : Mulyono Nipunegoro.

3
9
GitLab discovers widespread npm supply chain attack (about.gitlab.com)
submitted 4 hours ago by cm0002@lemmy.cafe to c/cybersecurity
3 comments fedilink
4
4
Senior Manager for Government Contractor Charged in Cybersecurity Fraud Scheme (www.justice.gov)
submitted 4 hours ago by digicat to c/blueteamsec
0 comments fedilink
5
25
A Developer Accidentally Found CSAM in AI Data. Google Banned Him For It (www.404media.co)
submitted 7 hours ago by lemmydev2 to c/pulse_of_truth
3 comments fedilink
 
 

Mark Russo reported the dataset to all the right organizations, but still couldn't get into his accounts for months.

6
2
PeerBlight Linux Backdoor Exploits React2Shell CVE-2025-55182 (www.huntress.com)
submitted 4 hours ago by digicat to c/blueteamsec
0 comments fedilink
7
7
HTTPS certificate industry phasing out less secure domain validation methods (security.googleblog.com)
submitted 6 hours ago by lemmydev2 to c/pulse_of_truth
1 comments fedilink
 
 

Posted by Chrome Root Program Team

Secure connections are the backbone of the modern web, but a certificate is only as trustworthy as the validation process and issuance practices behind it. Recently, the Chrome Root Program and the CA/Browser Forum have taken decisive steps toward a more secure internet by adopting new security requirements for HTTPS certificate issuers.

These initiatives, driven by Ballots SC-080, SC-090, and SC-091, will sunset 11 legacy methods for Domain Control Validation. By retiring these outdated practices, which rely on weaker verification signals like physical mail, phone calls, or emails, we are closing potential loopholes for attackers and pushing the ecosystem toward automated, cryptographically verifiable security.

To allow affected website operators to transition smoothly, the deprecation will be phased in, with its full security value realized by March 2028.

This effort is a key part of our public roadmap, “Moving Forward, Together,” launched in 2022. Our vision is to improve security by modernizing infrastructure and promoting agility through automation. While "Moving Forward, Together" sets the aspirational direction, the recent updates to the TLS Baseline Requirements turn that vision into policy. This builds on our momentum from earlier this year, including the successful advocacy for the adoption of other security enhancing initiatives as industry-wide standards.

What’s Domain Control Validation?

Domain Control[...]

8
8
700+ self-hosted Gits battered in 0-day attacks with no fix imminent (www.theregister.com)
submitted 6 hours ago by lemmydev2 to c/pulse_of_truth
0 comments fedilink
 
 

More than half of internet-exposed instances already compromised Attackers are actively exploiting a zero-day bug in Gogs, a popular self-hosted Git service, and the open source project doesn't yet have a fix.…

9
4
The Unseen Threat: DNA as Malware (www.bankinfosecurity.com)
submitted 6 hours ago by lemmydev2 to c/pulse_of_truth
2 comments fedilink
 
 

The Next Major Cyber Risk Could Come Through a Biological SampleResearchers demonstrated that it is feasible to encode executable payloads into synthetic DNA that, once sequenced and processed, could trigger malware in sequencing software. When a vulnerability in a sequencer becomes a vulnerability in national health or food security, the stakes are existential.

10
3
Hijackers Stole a Delivery Truck After Hack, Spotlighting Uptick in Cargo Theft (www.bloomberg.com)
submitted 6 hours ago by lemmydev2 to c/pulse_of_truth
0 comments fedilink
 
 

Vape seller Fifty Bar is trying to recover more than $1 million worth of produc

11
4
US extradites Ukrainian woman accused of hacking meat processing plant for Russia (www.theregister.com)
submitted 6 hours ago by lemmydev2 to c/pulse_of_truth
0 comments fedilink
 
 

The digital intrusion allegedly caused thousands of pounds of meat to spoil and triggered an ammonia leak in the facility A Ukrainian woman accused of hacking US public drinking water systems and a meat processing facility on behalf of Kremlin-backed cyber groups was extradited to the US earlier this year and will stand trial in early 2026.…

12
3
Over 10,000 Docker Hub images found leaking credentials, auth keys (www.bleepingcomputer.com)
submitted 6 hours ago by lemmydev2 to c/pulse_of_truth
0 comments fedilink
 
 

More than 10,000 Docker Hub container images expose data that should be protected, including live credentials to production systems, CI/CD databases, or LLM model keys. [...]

13
3
Justice Department Announces Actions to Combat Two Russian State-Sponsored Cyber Criminal Hacking Groups (www.justice.gov)
submitted 9 hours ago by digicat to c/blueteamsec
0 comments fedilink
14
1
Midnight Launch AAR (www.youtube.com)
submitted 7 hours ago by rss@ibbit.at to c/cardano
0 comments fedilink
 
 

From Charles Hoskinson via this RSS feed

15
1
Congratulations Midnight (www.youtube.com)
submitted 7 hours ago by rss@ibbit.at to c/cardano
0 comments fedilink
 
 

From Charles Hoskinson via this RSS feed

16
4
2 Men Linked to China’s Salt Typhoon Hacker Group Likely Trained in a Cisco ‘Academy’ (www.wired.com)
submitted 10 hours ago by lemmydev2 to c/pulse_of_truth
0 comments fedilink
 
 

The names of two partial owners of firms linked to the Salt Typhoon hacker group also appeared in records for a Cisco training program—years before the group targeted Cisco’s devices in a spy campaign.

17
6
What are You Working on Wednesday (self.cybersecurity)
submitted 14 hours ago by shellsharks to c/cybersecurity
0 comments fedilink
 
 

Weekly thread to discuss whatever you’re working on, big or small, at work or in your free time.

18
4
Vulnerability-Lookup 2.19.0 (discourse.ossbase.org)
submitted 14 hours ago by cm0002@lemmy.cafe to c/cybersecurity
0 comments fedilink
19
15
How Google Maps quietly allocates survival across London’s restaurants - and how I built a dashboard to see through it (laurenleek.substack.com)
submitted 22 hours ago by lemmydev2 to c/pulse_of_truth
0 comments fedilink
 
 

Comments

20
49
Man Charged for Wiping Phone Before CBP Could Search It (www.404media.co)
submitted 1 day ago by lemmydev2 to c/pulse_of_truth
8 comments fedilink
 
 

The exact circumstances around the search are not known. But activist Samuel Tunick is charged with deleting data from a Google Pixel before CBP’s Tactical Terrorism Response Team could search it.

21
2
OGhidra: OGhidra bridges Large Language Models (LLMs) via Ollama with the Ghidra reverse engineering platform, enabling AI-driven binary analysis through natural language. (github.com)
submitted 22 hours ago by digicat to c/blueteamsec
0 comments fedilink
22
1
Patch Tuesday - Décembre 2025 : 57 vulnérabilités, dont 3 zero-day (www.it-connect.fr)
submitted 19 hours ago by decio to c/cyberveille
0 comments fedilink
 
 

Microsoft a publié son Patch Tuesday de décembre 2025, soit le dernier de l'année 2025 ! Au total, 57 failles de sécurité ont été corrigées dans les produits et services Microsoft, dont 3 failles zero-day. Voici un récapitulatif

Ce Patch Tuesday contient beaucoup de vulnérabilités importantes, dont 19 vulnérabilités permettant une exécution de code à distance, mais seulement 4 sont considérées comme critiques :

  • Microsoft Office : CVE-2025-62554, CVE-2025-62557
  • Microsoft Outlook : CVE-2025-62562
  • Windows - GDI+ : CVE-2025-60724
23
15
As humanoid robots enter the mainstream, security pros flag the risk of botnets on legs (www.theregister.com)
submitted 1 day ago by lemmydev2 to c/pulse_of_truth
0 comments fedilink
 
 

Have we learned nothing from sci-fi films and TV shows? Interview  Imagine botnets in physical form and you've got a pretty good idea of what could go wrong with the influx of AI-infused humanoid robots expected to integrate into society over the next few decades.…

24
2
AI-Automated Threat Hunting Brings GhostPenguin Out of the Shadows (www.trendmicro.com)
submitted 23 hours ago by digicat to c/blueteamsec
1 comments fedilink
25
1
[France] Espions, policiers ou militaires d’élite français trahis par les données publicitaires de leurs smartphones (www.lemonde.fr)
submitted 21 hours ago by decio to c/cyberveille
0 comments fedilink
 
 

[paywall🔒] Enquête En utilisant des données publicitaires d’accès facile, « Le Monde » a pu déterminer avec certitude ou un haut niveau de probabilité l’identité, le domicile et les habitudes de plusieurs dizaines de salariés ou fonctionnaires d’entités sensibles.

...

La faute incombe à une industrie publicitaire boulimique, opaque et hors de contrôle qui extrait chaque jour des smartphones des milliards de données personnelles, et notamment des déplacements précis à quelques mètres près, avant de les revendre. A moins d’une hygiène numérique à toute épreuve, il est difficile de lui échapper.

view more: next ›