how it is affecting Tails:
This vulnerability will be fixed in Tails 5.1 (May 31), but our team doesn't have the capacity to publish an emergency release earlier.
A warning about this security vulnerability is displayed during system start.
By that we make sure all Tails user are well informed.
Incident report on malicious takeover of ctx package on PyPI has been published.
Read details, mitigation, analysis, and more at https://python-security.readthedocs.io/pypi-vuln/index-2022-05-24-ctx-domain-takeover.html
"The Justice Department Will No Longer Charge Security Researchers with Criminal Hacking"
"BPFDoor — an active Chinese global surveillance tool"
"How to Disable Ad ID Tracking on iOS and Android, and Why You Should Do It Now"
The EU Commission is planning automatic CSAM scanning of your private communication – or total surveillance in the name of child protection. But Europe is not China. Together we will fight for privacy! Sign the petition: https://aktion.campact.de/datenschutz/chatkontrolle-stoppen/teilnehmen
Read more: https://tutanota.com/blog/posts/eu-surveillance-csam
"Some top 100,000 websites collect everything you type—before you hit submit"
Not cool 🤨
"Faster, more memory-efficient Python JSON parsing with msgspec"
"... An attacker having permission to create non-temp objects in at least one schema could execute arbitrary SQL functions under a superuser identity."
The EU Commission is planning automatic CSAM scanning of your private communication – or total surveillance in the name of child protection. This would be the worst surveillance apparatus outside of China, and completely disproportionate. Affected would be all communication providers, also when operating outside of Europe. We must fight against this draft to protect our privacy! 💪💪💪
"Along this journey, we found a few things. Command injection, container escapes, our Github tokens, Cloudflare’s Github tokens, Cloudflare API Keys to Cloudflare Organisation, and Cloudflare’s Azure API tokens amongst other things."
"Due to a bug in the yank action, it was possible for any RubyGems.org user to remove and replace certain gems even if that user was not authorized to do so."
"Themes from Real World Crypto 2022"
Those side channels ... crazy stuff...
"CVE-2022-21449: Psychic Signatures in Java"
Maximum PC - July 2008