Security Leftovers
-
Diffoscope ☛ Reproducible Builds (diffoscope): diffoscope 286 released
The diffoscope maintainers are pleased to announce the release of diffoscope version
286. This version includes the following changes: [...] -
LWN ☛ Security updates for Friday
Security updates have been issued by Debian (chromium and python-django), Fedora (git-lfs and pam-u2f), Mageia (golang), Red Hat (java-11-openjdk with Extended Lifecycle Support, java-17-openjdk, and java-21-openjdk), SUSE (cheat, dante, docker-stable, grafana, and kernel), and Ubuntu (cacti, cyrus-imapd, HTMLDOC, and PCL).
-
Hackaday ☛ This Week In Security: ClamAV, The AMD Leak, And The Unencrypted Power Grid [Ed: Windows TCO]
Cisco’s ClamAV has a heap-based buffer overflow in its OLE2 file scanning. That’s a big deal, because ClamAV is used to scan file attachments on incoming emails. All it takes to trigger the vulnerability is to send a malicious file through an email system that uses ClamAV.
-
Pen Test Partners ☛ Cyber security guidance for small fleet operators
Cyber threats aren’t just a problem for large shipping organizations, small maritime fleet operators are also at risk.
-
Security Week ☛ Conduent Confirms Cyberattack After Government Agencies Report Outages
Conduent has confirmed suffering disruptions due to a cyberattack after government agencies reported service outages.
-
Security Week ☛ Palo Alto Networks Addresses Impact of BIOS, Bootloader Vulnerabilities on Its Firewalls
Eclypsium warns that Palo Alto Networks firewalls are impacted by BIOS and bootloader flaws, but the vendor says users should not be concerned.
-
Security Week ☛ Hackers Earn $886,000 at Pwn2Own Automotive 2025 for Charger, OS, Infotainment Exploits
Pwn2Own Automotive 2025 has come to an end and participants have earned a total of $886,000 for exploits targeting EV chargers and infotainment systems.
-
Security Week ☛ Subaru Starlink Vulnerability Exposed Cars to Remote Hacking
A vulnerability in Subaru’s Starlink connected vehicle service exposed US, Canada, and Japan vehicle and customer accounts.
-
Security Week ☛ North Korean Fake IT Workers More Aggressively Extorting Enterprises
North Korean fake IT workers are more aggressively extorting their employers in response to law enforcement actions.
-
Security Week ☛ US Charges Five People Over North Korean IT Worker Scheme
The US has announced charges against five individuals involved in a fake IT workers scheme to funnel funds to North Korea.
-
Security Week ☛ CISA Warns of Old jQuery Vulnerability Linked to Chinese APT
CISA has added the JQuery flaw CVE-2020-11023, previously linked to APT1, to its Known Exploited Vulnerabilities (KEV) catalog.
-
Windows TCO / Windows Bot Nets
-
Security Week ☛ Millions Impacted by PowerSchool Data Breach
Four decades of student and educator information was stolen from PowerSchool – tens of millions are potentially affected.
-
Security Week ☛ In Other News: VPN Supply Chain Attack, PayPal $2M Settlement, RAT Builder Hacks Script Kiddies
Noteworthy stories that might have slipped under the radar: Korean VPN supply chain attack, PayPal settles with New York for $2 million, trojanized RAT builder targets script kiddies.
-