HackerOne Bug Bounty Disclosure: security-check-up-ejejohn - https://www.redpacketsecurity.com/hackerone-bugbounty-disclosure-security-check-up-ejejohn/

HackerOne Bug Bounty Disclosure: use-after-free-or-assert-triggered-with-failed-allocations-in-openssl-catenacyber - https://www.redpacketsecurity.com/hackerone-bugbounty-disclosure-use-after-free-or-assert-triggered-with-failed-allocations-in-openssl-catenacyber/

CISA Alerts on Google Chromium Input Validation Flaw Actively Exploited https://gbhackers.com/cisa-alerts-on-google-chromium-input-validation-flaw/ #CVE/vulnerability #CyberSecurityNews #Vulnerability #cybersecurity #Chrome #Google

Puppet Core just got more secure and easier to use! Release 8.14 now available with:

Ask our docs! AI-powered search helps now available through the docs homepage
Critical security patches for CVEs included in this release

Details: https://dev.to/puppet/puppet-core-814-released-with-critical-security-patches-and-ai-powered-doc-search-2jn

HackerOne Bug Bounty Disclosure: mint-oauth-access-token-for-targeted-user-timothyleung - https://www.redpacketsecurity.com/hackerone-bugbounty-disclosure-mint-oauth-access-token-for-targeted-user-timothyleung/

HackerOne Bug Bounty Disclosure: gnutls-curlinfo-tls-session-curlinfo-tls-ssl-ptr-type-confusion-nyymi - https://www.redpacketsecurity.com/hackerone-bugbounty-disclosure-gnutls-curlinfo-tls-session-curlinfo-tls-ssl-ptr-type-confusion-nyymi/

Is Expanso a Keylogger?

#expanso #security #cve #keylogger
#stackexchange #question #linux #windows #opensource #oss #macos

https://security.stackexchange.com/questions/281751/is-expanso-a-keylogger

Is expanso a keylogger?

#cve #keylogger #opensource #linux #stackexchange

https://security.stackexchange.com/questions/281751/is-expanso-a-keylogger

CISA Alerts on Chinese Hackers Actively Exploiting SharePoint 0-Day https://gbhackers.com/cisa-alerts-on-chinese-hackers-actively-exploiting-sharepoint-0-day/ #CVE/vulnerability #CyberSecurityNews #Vulnerability #cybersecurity

Gaat lekker in closed source land:
Sharepoint: https://tweakers.net/nieuws/237390/microsoft-drie-chinese-hackersgroepen-misbruiken-sharepoint-kwetsbaarheid.html

Outlook: https://www.security.nl/posting/897447/Britse+overheid+waarschuwt+voor+malware+die+Outlook-accounts+kaapt

Nog een keer outlook: https://www.security.nl/posting/875288/Kritiek+Microsoft+Outlook-lek+actief+misbruikt+bij+aanvallen+waarschuwt+VS

Citrix: https://doublepulsar.com/citrixbleed-2-situation-update-everybody-already-got-owned-503c6d06da9f?gi=fb3489155925

Waarbij die laatste al *twee weken* actief misbruik werd gemaakt van het lek voordat Citrix in beweging kwam. Met dus hele grote gevolgen voor het OM in Nederland: https://www.nrc.nl/nieuws/2025/07/22/digitale-werkomgeving-om-inderdaad-gehackt-onderzoek-moet-uitwijzen-welke-informatie-is-gestolen-a4901019

Maar ga vooral door met dit soort proprietary oplossingen vol met gaten die "bedrijfsgeheim" zijn.

The Rust Project is now a CVE Numbering Authority (CNA) assigning CVE IDs for repositories, packages, & websites maintained by the Rust Project
https://cve.org/Media/News/item/news/2025/07/22/The-Rust-Project-Added-as-CNA

#cve #cna #vulnerability #vulnerabilitymanagement #cybersecurity #opensource

TCS-CERT is now a CVE Numbering Authority (CNA) assigning CVE IDs for vulnerabilities related to TCS-CERT’s customers’ environment and vulnerabilities related to research conducted by Cyber Solutions by Thales’ Intrusion and Application Security Team

https://cve.org/Media/News/item/news/2025/07/22/TCS-CERT-Added-as-CNA

CrushFTP zero-day actively exploited at least since July 18 – Source: securityaffairs.com https://ciso2ciso.com/crushftp-zero-day-actively-exploited-at-least-since-july-18-source-securityaffairs-com/ #rssfeedpostgeneratorecho #informationsecuritynews #ITInformationSecurity #SecurityAffairscom #CyberSecurityNews #PierluigiPaganini #SecurityAffairs #SecurityAffairs #CVE-2025-54309 #BreakingNews #SecurityNews #hackingnews #CrushFTP #hacking

Minutes from the CVE Board teleconference meeting on July 9 are now available

https://www.mail-archive.com/cve-editorial-board-list@mitre.org/msg00283.html

#cve #vulnerability #vulnerabilitymanagement #hssedi #cisa #infosec #cybersecurity

SharePoint Under Attack: Microsoft Warns of Zero-Day Exploited in the Wild – No Patch Available – Source: www.securityweek.com https://ciso2ciso.com/sharepoint-under-attack-microsoft-warns-of-zero-day-exploited-in-the-wild-no-patch-available-source-www-securityweek-com/ #rssfeedpostgeneratorecho #ThreatIntelligence #CyberSecurityNews #vulnerabilities #securityweekcom #CVE-2025-53770 #Vulnerability #securityweek #SharePoint #Microsoft #FEATURED #exploit

Critical Sophos Firewall Flaws Allow Pre-Auth RCE https://gbhackers.com/critical-sophos-firewall-flaws-allow-pre-auth-rce/ #CVE/vulnerability #CyberSecurityNews #Vulnerabilities #Vulnerability #cybersecurity

wolfSSL Security Update Addresses Apple Trust Store Bypass https://gbhackers.com/wolfssl-security-update/ #CVE/vulnerability #CyberSecurityNews #SecurityUpdates #SecurityUpdate #Vulnerability #cybersecurity #Apple

Microsoft Fix Targets Attacks on SharePoint Zero-Day – Source: krebsonsecurity.com https://ciso2ciso.com/microsoft-fix-targets-attacks-on-sharepoint-zero-day-source-krebsonsecurity-com/ #Cybersecurity&InfrastructureSecurityAgency #rssfeedpostgeneratorecho #CyberSecurityNews #SharePointServer #KrebsonSecurity #KrebsOnSecurity #CVE-2025-49704 #CVE-2025-49706 #CVE-2025-53770 #CVE-2025-53771 #LatestWarnings #TheComingStorm #MicrosoftCorp #EyeSecurity #TimetoPatch #Rapid7 #CISA

SharePoint zero-day CVE-2025-53770 actively exploited in the wild – Source: securityaffairs.com https://ciso2ciso.com/sharepoint-zero-day-cve-2025-53770-actively-exploited-in-the-wild-source-securityaffairs-com/ #rssfeedpostgeneratorecho #informationsecuritynews #ITInformationSecurity #SecurityAffairscom #CyberSecurityNews #PierluigiPaganini #SecurityAffairs #SecurityAffairs #CVE-2025-53770 #BreakingNews #SecurityNews #hackingnews #SharePoint #Microsoft #hacking

Microsoft issues emergency patches for SharePoint zero-days exploited in “ToolShell” attacks – Source: securityaffairs.com https://ciso2ciso.com/microsoft-issues-emergency-patches-for-sharepoint-zero-days-exploited-in-toolshell-attacks-source-securityaffairs-com/ #rssfeedpostgeneratorecho #informationsecuritynews #ITInformationSecurity #SecurityAffairscom #CyberSecurityNews #PierluigiPaganini #SecurityAffairs #SecurityAffairs #CVE-2025-53770 #BreakingNews #SecurityNews #SharePoint #ToolShell