news
Security Holes and Mindless Hype
-
Security Week ☛ In Other News: Volkswagen App Hacked, DR32 Sentenced, New OT Security Solution
Noteworthy stories that might have slipped under the radar: serious vulnerabilities found in a Volkswagen app, Australian hacker DR32 sentenced in the US, and Immersive launches OT security training solution.
-
HackRead ☛ Chrome 0-Day CVE-2025-4664 Exposes Windows, Linux Browser Activity [Ed: When your "browser" is proprietary and does too much, far more than rendering pages]
A newly disclosed vulnerability in Google Chrome and Chromium-based browsers is putting users at risk of data leaks. Tracked as CVE-2025-4664, the flaw allows attackers to extract sensitive information like login tokens and session IDs from previously visited websites.
The security issue was detailed today by Wazuh, a cybersecurity company specializing in open-source threat detection. It affects users on both Windows and Linux, including Debian and Gentoo systems.
-
Cyble Inc ☛ AI Finds What Humans Missed: OpenAI’s o3 Spots Linux Zero-Day [Ed: Slop is not "AI" and this is not "really" Linux; In practice, slop is a waste of time for bug finding/reporting: The Register UK ☛ Curl project founder snaps over deluge of time-sucking AI slop bug reports]
-
OpenAI’s o3 model helps identify significant Linux security threat [Ed: This is about SMB2 and Ubuntu ☛ it isn't critical]
The root of this flaw lies in concurrent session operations. When a thread processes a logoff command, it releases the sess->user object. Simultaneously, if another connection initiates a session setup to the same session, it may access sess->user, leading to classic use-after-free conditions. Such scenarios can result in memory corruption, providing an attacker with the opportunity to execute arbitrary commands with kernel privileges.