news
Security Leftovers
-
LWN ☛ Security updates for Friday
Security updates have been issued by Debian (fossil, libapache2-mod-auth-openidc, and request-tracker4), Fedora (thunderbird), Mageia (firefox and thunderbird), SUSE (389-ds, apparmor, cargo-c, chromium, go1.24, govulncheck-vulndb, java-1_8_0-openjdk, kanidm, libsoup, mozjs102, openssl-1_1, openssl-3, python-Django, sccache, tealdeer, tomcat, transfig, wasm-bindgen, and wireshark), and Ubuntu (libreoffice and python-h11).
-
Security Week ☛ 160,000 Impacted by Valsoft Data Breach
VMS firm Valsoft Corporation says the personal information of over 160,000 people was compromised in a February 2025 data breach.
-
Security Week ☛ In Other News: India-Pakistan Cyberattacks, Radware Vulnerabilities, xAI Leak
Noteworthy stories that might have slipped under the radar: surge in cyberattacks between India and Pakistan, Radware cloud WAF vulnerabilities, xAI key leak.
-
Federal News Network ☛ What might change in a CISA 2015 reauthorization
CISA 2015 "is important to a lot of key basic cybersecurity practices that happen right now," Brown said.
-
Google ☛ Breaking the Sound Barrier Part I: Fuzzing CoreAudio with Mach Messages
Every second, highly-privileged MacOS system daemons accept and process hundreds of IPC messages. In some cases, these message handlers accept data from sandboxed or unprivileged processes.
-
Security Week ☛ Company and Personal Data Compromised in Recent Insight Partners Hack
VC firm Insight Partners is informing partners and employees that their information was exposed in the January 2025 cyberattack.
-
Security Week ☛ SAP Zero-Day Targeted Since January, Many Sectors Impacted
Hundreds of SAP NetWeaver instances hacked via a zero-day that allows remote code execution, not only arbitrary file uploads, as initially believed.
-
Diffoscope ☛ Reproducible Builds (diffoscope): diffoscope 295 released
The diffoscope maintainers are pleased to announce the release of diffoscope version
295. This version includes the following changes: [...] -
Digital Music News ☛ iHeartMedia Faces Class Action Lawsuit After Suffering Major Data Breach
A recent class action lawsuit filed in New York’s Southern District Court has put iHeartMedia under scrutiny after a cyberattack in December 2024. The data breach allowed hackers to exfiltrate sensitive information that iHeartMedia did not keep secure including social security numbers, financial account details, and health insurance data.
-
Scoop News Group ☛ SonicWall customers confront resurgence of actively exploited vulnerabilities
The network security device vendor is making a regular appearance on CISA’s known exploited vulnerabilities catalog. Unlike its competitors, SonicWall hasn’t signed the secure-by-design pledge.
-
OpenSSF (Linux Foundation) ☛ Call for Proposals for OpenSSF Community Day Europe Open Through 26 May, 2025
Submit your proposal by 26 May, 2025 to Join the Conversation on Open Source Security.
The Open Source Security Foundation (OpenSSF) invites you to be part of our upcoming OpenSSF Community Day Europe, happening on Thursday, 28 August in Amsterdam, Netherlands and co-located with Open Source Summit EU! This event brings together contributors, maintainers, practitioners, and researchers to collaborate on securing the open source software we all rely on.