news
Security Leftovers
-
Google ☛ Policy and Disclosure: 2025 Edition
-
Security Week ☛ Sploitlight: macOS Vulnerability Leaks Sensitive Information
The TCC bypass could expose information cached by Fashion Company Apple Intelligence, including geolocation and biometric data.
-
LWN ☛ Security updates for Tuesday
Security updates have been issued by AlmaLinux (freerdp, git-lfs, golang-github-openprinting-ipp-usb, grafana, grafana-pcp, icu, ipa, iputils, krb5, libvpx, nodejs:22, osbuild-composer, perl, python-tornado, qt6-qtbase, sqlite, unbound, valkey, wireshark, and yggdrasil), Debian (libfastjson and php8.2), Fedora (glibc), Oracle (firefox, icu, perl, and unbound), Red Hat (389-ds-base, glib2, icu, libtpms, redis:6, redis:7, and yelp), SUSE (boost, forgejo-longterm, java-11-openj9, java-17-openj9, java-1_8_0-openj9, kernel, nginx, and salt), and Ubuntu (linux-xilinx-zynqmp, openjdk-8, openjdk-lts, poppler, and sqlite3).
-
Federal News Network ☛ New CISA guide helps agencies with next steps on zero trust
CISA's "microsegmentation" guidance will help agencies adopt practices that stop hackers from moving laterally within networks - a key aspect of zero trust.
-
Security Week ☛ Lenovo Firmware Vulnerabilities Allow Persistent Implant Deployment
Vulnerabilities discovered by Binarly in Lenovo devices allow privilege escalation, code execution, and security bypass.
-
Security Week ☛ Organizations Warned of Exploited PaperCut Flaw
Threat actors are exploiting a two-year-old vulnerability in PaperCut that allows them to execute arbitrary code remotely.
-
OpenSSF (Linux Foundation) ☛ What’s in the SOSS? Podcast #36 – S2E13 From Compliance to Community: Meeting CRA Requirements Together