Serious security vulnerability in Tails 5.0 due to security vulnerability in the JavaScript engine of Firefox and Tor Browser.

how it is affecting Tails:
tails.boum.org/security/protot

This vulnerability will be fixed in Tails 5.1 (May 31), but our team doesn't have the capacity to publish an emergency release earlier.

A warning about this security vulnerability is displayed during system start.
By that we make sure all Tails user are well informed.

RT @pypi
Incident report on malicious takeover of ctx package on PyPI has been published.

Read details, mitigation, analysis, and more at python-security.readthedocs.io

The EU Commission is planning automatic CSAM scanning of your private communication – or total surveillance in the name of child protection. But Europe is not China. Together we will fight for privacy! Sign the petition: aktion.campact.de/datenschutz/
Read more: tutanota.com/blog/posts/eu-sur

"... An attacker having permission to create non-temp objects in at least one schema could execute arbitrary SQL functions under a superuser identity."

postgresql.org/support/securit

The EU Commission is planning automatic CSAM scanning of your private communication – or total surveillance in the name of child protection. This would be the worst surveillance apparatus outside of China, and completely disproportionate. Affected would be all communication providers, also when operating outside of Europe. We must fight against this draft to protect our privacy! 💪💪💪
tutanota.com/blog/posts/eu-sur

"Along this journey, we found a few things. Command injection, container escapes, our Github tokens, Cloudflare’s Github tokens, Cloudflare API Keys to Cloudflare Organisation, and Cloudflare’s Azure API tokens amongst other things."

blog.assetnote.io/2022/05/06/c

"Due to a bug in the yank action, it was possible for any RubyGems.org user to remove and replace certain gems even if that user was not authorized to do so."

github.com/rubygems/rubygems.o

Heroku's "breach" looks to be even worse than what was previously shared.

First Github integration, now passwords... whats next?

news.ycombinator.com/item?id=3

"RFC 9116
A File Format to Aid in Security Vulnerability Disclosure"

rfc-editor.org/rfc/rfc9116

Seems it's official, the RFC for "securiy.txt" got published.

Show older
Social feed

This is a personal and private instance.