A small tool to view real-world ActivityPub objects as JSON! Enter a URL
or username from Mastodon or a similar service below, and we'll send a
request with
the right
Accept
header
to the server to view the underlying object.
{
"@context": [
"https://join-lemmy.org/context.json",
"https://www.w3.org/ns/activitystreams"
],
"type": "OrderedCollection",
"id": "https://infosec.pub/c/cybersecurity/outbox",
"totalItems": 50,
"orderedItems": [
{
"actor": "https://infosec.pub/c/cybersecurity",
"to": [
"https://www.w3.org/ns/activitystreams#Public"
],
"object": {
"id": "https://infosec.pub/activities/create/f32cb4d1-7183-41b3-b260-8eb922cfc9c8",
"actor": "https://lemmy.world/u/cm0002",
"to": [
"https://www.w3.org/ns/activitystreams#Public"
],
"object": {
"type": "Page",
"id": "https://lemmy.world/post/29356669",
"attributedTo": "https://lemmy.world/u/cm0002",
"to": [
"https://infosec.pub/c/cybersecurity",
"https://www.w3.org/ns/activitystreams#Public"
],
"name": "Kickidler employee monitoring software abused in ransomware attacks",
"cc": [],
"mediaType": "text/html",
"attachment": [
{
"href": "https://www.bleepingcomputer.com/news/security/kickidler-employee-monitoring-software-abused-in-ransomware-attacks/",
"mediaType": "text/html; charset=utf-8",
"type": "Link"
}
],
"sensitive": false,
"published": "2025-05-09T01:12:29.647621Z",
"audience": "https://infosec.pub/c/cybersecurity",
"tag": [
{
"href": "https://lemmy.world/post/29356669",
"name": "#cybersecurity",
"type": "Hashtag"
}
]
},
"cc": [
"https://infosec.pub/c/cybersecurity"
],
"type": "Create",
"audience": "https://infosec.pub/c/cybersecurity"
},
"cc": [
"https://infosec.pub/c/cybersecurity/followers"
],
"type": "Announce",
"id": "https://infosec.pub/activities/announce/create/be488e50-190f-4fdc-a69c-08240d3c139d"
},
{
"actor": "https://infosec.pub/c/cybersecurity",
"to": [
"https://www.w3.org/ns/activitystreams#Public"
],
"object": {
"id": "https://infosec.pub/activities/create/1187003f-5595-4ced-8e4e-bb3716961a86",
"actor": "https://lemmy.world/u/cm0002",
"to": [
"https://www.w3.org/ns/activitystreams#Public"
],
"object": {
"type": "Page",
"id": "https://lemmy.world/post/29350024",
"attributedTo": "https://lemmy.world/u/cm0002",
"to": [
"https://infosec.pub/c/cybersecurity",
"https://www.w3.org/ns/activitystreams#Public"
],
"name": "DOGE software engineer’s computer infected by info-stealing malware",
"cc": [],
"mediaType": "text/html",
"attachment": [
{
"href": "https://arstechnica.com/security/2025/05/doge-software-engineers-computer-infected-by-info-stealing-malware/",
"mediaType": "text/html; charset=utf-8",
"type": "Link"
}
],
"image": {
"type": "Image",
"url": "https://infosec.pub/api/v3/image_proxy?url=https%3A%2F%2Fcdn.arstechnica.net%2Fwp-content%2Fuploads%2F2023%2F07%2Fexploit-vulnerability-security-1.jpg"
},
"sensitive": false,
"published": "2025-05-08T22:02:02.682890Z",
"audience": "https://infosec.pub/c/cybersecurity",
"tag": [
{
"href": "https://lemmy.world/post/29350024",
"name": "#cybersecurity",
"type": "Hashtag"
}
]
},
"cc": [
"https://infosec.pub/c/cybersecurity"
],
"type": "Create",
"audience": "https://infosec.pub/c/cybersecurity"
},
"cc": [
"https://infosec.pub/c/cybersecurity/followers"
],
"type": "Announce",
"id": "https://infosec.pub/activities/announce/create/208f88c7-33a6-48fa-8861-9cab581f09b4"
},
{
"actor": "https://infosec.pub/c/cybersecurity",
"to": [
"https://www.w3.org/ns/activitystreams#Public"
],
"object": {
"id": "https://infosec.pub/activities/create/4e3939d3-2cee-481a-8c5f-b32825c5d1a6",
"actor": "https://lemmy.world/u/cm0002",
"to": [
"https://www.w3.org/ns/activitystreams#Public"
],
"object": {
"type": "Page",
"id": "https://lemmy.world/post/29341215",
"attributedTo": "https://lemmy.world/u/cm0002",
"to": [
"https://infosec.pub/c/cybersecurity",
"https://www.w3.org/ns/activitystreams#Public"
],
"name": "Operation PowerOFF Takes Down 9 DDoS Domains",
"cc": [],
"mediaType": "text/html",
"attachment": [
{
"href": "https://www.darkreading.com/threat-intelligence/operation-poweroff-takes-down-nine-ddos-domains",
"mediaType": "text/html; charset=utf-8",
"type": "Link"
}
],
"sensitive": false,
"published": "2025-05-08T19:09:26.005611Z",
"audience": "https://infosec.pub/c/cybersecurity",
"tag": [
{
"href": "https://lemmy.world/post/29341215",
"name": "#cybersecurity",
"type": "Hashtag"
}
]
},
"cc": [
"https://infosec.pub/c/cybersecurity"
],
"type": "Create",
"audience": "https://infosec.pub/c/cybersecurity"
},
"cc": [
"https://infosec.pub/c/cybersecurity/followers"
],
"type": "Announce",
"id": "https://infosec.pub/activities/announce/create/1bdf8bec-9846-4969-9b83-07ba3f15bf37"
},
{
"actor": "https://infosec.pub/c/cybersecurity",
"to": [
"https://www.w3.org/ns/activitystreams#Public"
],
"object": {
"id": "https://infosec.pub/activities/create/ccbe5651-8f2b-4cfe-b56b-f7f3a9e6bb8e",
"actor": "https://scribe.disroot.org/u/randomname",
"to": [
"https://www.w3.org/ns/activitystreams#Public"
],
"object": {
"type": "Page",
"id": "https://scribe.disroot.org/post/2697499",
"attributedTo": "https://scribe.disroot.org/u/randomname",
"to": [
"https://infosec.pub/c/cybersecurity",
"https://www.w3.org/ns/activitystreams#Public"
],
"name": "UK under assault as number of ‘significant’ cyberattacks doubles: Foreign powers, ransomware gangs, AI threats drive surge in incidents affecting private businesses and government systems",
"cc": [],
"content": "<p>cross-posted from: <a href=\"https://scribe.disroot.org/post/2697498\">scribe.disroot.org/post/2697498</a></p>\n<blockquote>\n<p>cross-posted from: <a href=\"https://scribe.disroot.org/post/2697495\">scribe.disroot.org/post/2697495</a></p>\n<blockquote>\n<p><a href=\"https://web.archive.org/web/20250508105444/https://www.thetimes.com/uk/crime/article/uk-under-assault-as-number-of-significant-cyberattacks-doubles-w585d23j2\" rel=\"nofollow\">Archived link</a></p>\n<p><strong>Foreign powers, ransomware gangs and AI threats are driving a surge in incidents affecting British businesses and government systems, [the British Intelligence Agency] GCHQ has warned.</strong></p>\n<p>Britain has suffered double the number of “nationally significant” cyberattacks in recent months compared with the year before, according to GCHQ.</p>\n<p>Richard Horne, chief executive of the National Cyber Security Centre (NCSC), said that the GCHQ unit has managed 200 cyberattacks since September, which includes “twice as many nationally significant incidents as the same period last year”.</p>\n<p>…</p>\n<p>Referencing the recent attacks on Marks & Spencer, Co-op and Harrods, Horne told the CyberUK conference in Manchester that “the threat picture is diverse and dramatic” and called ransomware “a persistent threat”.</p>\n<p>…</p>\n<p>Rod Latham, director of cybersecurity at the Department for Science, Innovation and Technology, said: “Our statistics indicate that four in ten businesses are attacked in a year, three in ten charities — millions of cybercrimes in a year.”</p>\n<p>…</p>\n<p>Horne called China “the pacing threat in the cyber-realm” and “a cause for profound and profuse concern”.</p>\n<p>…</p>\n<p>On Russia he said that “we see a direct connection between Russian cyberattacks and physical threats to our security” and warned that amid talks on Ukraine, “it is almost certain that Russia will continue its wider cyber espionage activity … against Ukraine and supporting countries”.</p>\n<p>…</p>\n</blockquote>\n</blockquote>\n",
"mediaType": "text/html",
"source": {
"content": "cross-posted from: https://scribe.disroot.org/post/2697498\n\n> cross-posted from: https://scribe.disroot.org/post/2697495\n> \n> > [Archived link](https://web.archive.org/web/20250508105444/https://www.thetimes.com/uk/crime/article/uk-under-assault-as-number-of-significant-cyberattacks-doubles-w585d23j2)\n> > \n> > **Foreign powers, ransomware gangs and AI threats are driving a surge in incidents affecting British businesses and government systems, [the British Intelligence Agency] GCHQ has warned.**\n> > \n> > Britain has suffered double the number of “nationally significant” cyberattacks in recent months compared with the year before, according to GCHQ.\n> > \n> > Richard Horne, chief executive of the National Cyber Security Centre (NCSC), said that the GCHQ unit has managed 200 cyberattacks since September, which includes “twice as many nationally significant incidents as the same period last year”.\n> > \n> > ...\n> > \n> > Referencing the recent attacks on Marks & Spencer, Co-op and Harrods, Horne told the CyberUK conference in Manchester that “the threat picture is diverse and dramatic” and called ransomware “a persistent threat”.\n> > \n> > ...\n> > \n> > Rod Latham, director of cybersecurity at the Department for Science, Innovation and Technology, said: “Our statistics indicate that four in ten businesses are attacked in a year, three in ten charities — millions of cybercrimes in a year.”\n> > \n> > ...\n> > \n> > Horne called China “the pacing threat in the cyber-realm” and “a cause for profound and profuse concern”.\n> > \n> > ...\n> > \n> > On Russia he said that “we see a direct connection between Russian cyberattacks and physical threats to our security” and warned that amid talks on Ukraine, “it is almost certain that Russia will continue its wider cyber espionage activity … against Ukraine and supporting countries”.\n> > \n> > ...",
"mediaType": "text/markdown"
},
"attachment": [
{
"href": "https://www.thetimes.com/uk/crime/article/uk-under-assault-as-number-of-significant-cyberattacks-doubles-w585d23j2",
"mediaType": "text/html; charset=utf-8",
"type": "Link"
}
],
"image": {
"type": "Image",
"url": "https://infosec.pub/api/v3/image_proxy?url=https%3A%2F%2Fwww.thetimes.com%2Fimageserver%2Fimage%2F%252F757ef193-bbd6-4601-bafb-01e8c104a38a.jpg%3Fcrop%3D8660%252C4871%252C0%252C451%26resize%3D1200"
},
"sensitive": false,
"published": "2025-05-08T11:39:54.359598Z",
"audience": "https://infosec.pub/c/cybersecurity",
"tag": [
{
"href": "https://scribe.disroot.org/post/2697499",
"name": "#cybersecurity",
"type": "Hashtag"
}
]
},
"cc": [
"https://infosec.pub/c/cybersecurity"
],
"type": "Create",
"audience": "https://infosec.pub/c/cybersecurity"
},
"cc": [
"https://infosec.pub/c/cybersecurity/followers"
],
"type": "Announce",
"id": "https://infosec.pub/activities/announce/create/7df55763-2ebb-44c1-ac43-9508d215b9f4"
},
{
"actor": "https://infosec.pub/c/cybersecurity",
"to": [
"https://www.w3.org/ns/activitystreams#Public"
],
"object": {
"id": "https://infosec.pub/activities/create/f2319f5e-c59c-4cc1-b1bc-ce30c25a94dd",
"actor": "https://programming.dev/u/Pro",
"to": [
"https://www.w3.org/ns/activitystreams#Public"
],
"object": {
"type": "Page",
"id": "https://programming.dev/post/29919489",
"attributedTo": "https://programming.dev/u/Pro",
"to": [
"https://infosec.pub/c/cybersecurity",
"https://www.w3.org/ns/activitystreams#Public"
],
"name": "Backdoor found in popular ecommerce components",
"cc": [],
"mediaType": "text/html",
"attachment": [
{
"href": "https://sansec.io/research/license-backdoor",
"mediaType": "text/html",
"type": "Link"
}
],
"image": {
"type": "Image",
"url": "https://infosec.pub/api/v3/image_proxy?url=https%3A%2F%2Fsansec.io%2Fassets%2F2023%2Fog%2F720%2Fog-graphic-15.webp"
},
"sensitive": false,
"published": "2025-05-07T16:57:18.611852Z",
"audience": "https://infosec.pub/c/cybersecurity",
"tag": [
{
"href": "https://programming.dev/post/29919489",
"name": "#cybersecurity",
"type": "Hashtag"
}
]
},
"cc": [
"https://infosec.pub/c/cybersecurity"
],
"type": "Create",
"audience": "https://infosec.pub/c/cybersecurity"
},
"cc": [
"https://infosec.pub/c/cybersecurity/followers"
],
"type": "Announce",
"id": "https://infosec.pub/activities/announce/create/de765027-f859-4bd9-97f6-ae44647e5cb2"
},
{
"actor": "https://infosec.pub/c/cybersecurity",
"to": [
"https://www.w3.org/ns/activitystreams#Public"
],
"object": {
"id": "https://infosec.pub/activities/create/49ced3cb-865a-4b8b-b7e7-a05c90792138",
"actor": "https://lemmy.world/u/cm0002",
"to": [
"https://www.w3.org/ns/activitystreams#Public"
],
"object": {
"type": "Page",
"id": "https://lemmy.world/post/29276849",
"attributedTo": "https://lemmy.world/u/cm0002",
"to": [
"https://infosec.pub/c/cybersecurity",
"https://www.w3.org/ns/activitystreams#Public"
],
"name": "Vulnerability-Lookup 2.9.0 - MITRE EMB3D, GCVE",
"cc": [],
"content": "<blockquote>\n<p>Today we released Vulnerability-Lookup 2.9.0 with new features, enhancements, and bug fixes.</p>\n<h2>What’s New</h2>\n<h3>Adversarial Techniques from MITRE EMB3D</h3>\n<p>The Adversarial Techniques from <a href=\"https://emb3d.mitre.org/\" rel=\"nofollow\">MITRE EMB3D</a>\nare now integrated into Vulnerability-Lookup\nas a new source and are correlated with existing security advisories.</p>\n<p>This feature was contributed by\n<a href=\"https://www.linkedin.com/in/piotr-kaminski-1336b012/\" rel=\"nofollow\">Piotr Kaminski</a> during the\nlast <a href=\"https://hackathon.lu/\" rel=\"nofollow\">Hack.lu hackathon</a>.\n(<a href=\"https://github.com/vulnerability-lookup/vulnerability-lookup/pull/129\" rel=\"nofollow\">#129</a>)</p>\n<p><img src=\"https://infosec.pub/api/v3/image_proxy?url=https%3A%2F%2Flemmy.ml%2Fapi%2Fv3%2Fimage_proxy%3Furl%3Dhttps%253A%252F%252Fwww.vulnerability-lookup.org%252Fimages%252Fnews%252F2025%252F05%252F2025-05-06-emb3d-1.png\" alt=\"MITRE EMB3D\" /></p>\n<h3>Global CVE Allocation System (GCVE)</h3>\n<p>GCVE identifiers are now supported in HTML templates and URL parameters,<br />\nthanks to the <a href=\"https://pypi.org/project/gcve\" rel=\"nofollow\">GCVE Python client</a>.<br />\nThese identifiers can now be used when disclosing a new vulnerability as part of\nthe Coordinated Vulnerability Disclosure (CVD) process, in alignment with NIS 2 requirements.\n(<a href=\"https://github.com/vulnerability-lookup/vulnerability-lookup/commit/8bb3d84340ba25f0d09dcdbe5050f484e674d5fa\" rel=\"nofollow\">8bb3d84</a>,\n<a href=\"https://github.com/vulnerability-lookup/vulnerability-lookup/commit/58c394a86fa6d0581bac41aeb03f844678700705\" rel=\"nofollow\">58c394a</a>)</p>\n<p><img src=\"https://infosec.pub/api/v3/image_proxy?url=https%3A%2F%2Flemmy.ml%2Fapi%2Fv3%2Fimage_proxy%3Furl%3Dhttps%253A%252F%252Fwww.vulnerability-lookup.org%252Fimages%252Fnews%252F2025%252F05%252F2025-05-06-emb3d-2.png\" alt=\"GCVE\" /></p>\n<h3>Trustworthy Level for Members</h3>\n<p>Members of a Vulnerability-Lookup instance now have a dynamically calculated<br />\ntrustworthy level based on profile completeness and verification.<br />\nMembers affiliated with <a href=\"https://www.first.org/\" rel=\"nofollow\">FIRST.org</a> or\n<a href=\"https://csirtsnetwork.eu/\" rel=\"nofollow\">European CSIRTs (CNW)</a> are automatically<br />\ntrusted for operations that would otherwise require administrator approval<br />\n(e.g., creating comments).</p>\n<h2>Changes</h2>\n<ul>\n<li>New API endpoint for MITRE EMB3D.\n(<a href=\"https://github.com/vulnerability-lookup/vulnerability-lookup/commit/c0d6b44775b16f688a35a7d871f402fb64065cab\" rel=\"nofollow\">c0d6b44</a>)</li>\n<li>Improved the vulnerability disclosure page.\n(<a href=\"https://github.com/vulnerability-lookup/vulnerability-lookup/commit/ccfb6b1baffc73756ee692e5ac59249097939825\" rel=\"nofollow\">ccfb6b1</a>)</li>\n<li>Added page arguments to the <code>vulnerability/last</code> endpoint.\n(<a href=\"https://github.com/vulnerability-lookup/vulnerability-lookup/commit/ce75a7a55e8c8c2103fefbca3385930bf97ad6ec\" rel=\"nofollow\">ce75a7a</a>)</li>\n<li>Notification emails now include a random signoff.\n(<a href=\"https://github.com/vulnerability-lookup/vulnerability-lookup/issues/119\" rel=\"nofollow\">#119</a>)</li>\n<li>Various graphical enhancements.\n(<a href=\"https://github.com/vulnerability-lookup/vulnerability-lookup/commit/0878a314b94ba21ce7c024e4563770e9a65e7761\" rel=\"nofollow\">0878a31</a>)</li>\n</ul>\n<h2>Fixes</h2>\n<ul>\n<li>Fixed editing of notifications for Organization/Product.\n(<a href=\"https://github.com/vulnerability-lookup/vulnerability-lookup/issues/124\" rel=\"nofollow\">#124</a>)</li>\n</ul>\n<h2>Changelog</h2>\n<p>📂 To see the full rundown of the changes, users can visit the changelog on GitHub:\n<a href=\"https://github.com/vulnerability-lookup/vulnerability-lookup/releases/tag/v2.9.0\">github.com/vulnerability-lookup/…/v2.9.0</a></p>\n</blockquote>\n",
"mediaType": "text/html",
"source": {
"content": "> Today we released Vulnerability-Lookup 2.9.0 with new features, enhancements, and bug fixes.\n> \n> ## What's New\n> \n> ### Adversarial Techniques from MITRE EMB3D\n> \n> The Adversarial Techniques from [MITRE EMB3D](https://emb3d.mitre.org/)\n> are now integrated into Vulnerability-Lookup\n> as a new source and are correlated with existing security advisories. \n> \n> This feature was contributed by\n> [Piotr Kaminski](https://www.linkedin.com/in/piotr-kaminski-1336b012/) during the\n> last [Hack.lu hackathon](https://hackathon.lu/).\n> ([#129](https://github.com/vulnerability-lookup/vulnerability-lookup/pull/129))\n> \n> \n> \n> ### Global CVE Allocation System (GCVE)\n> \n> GCVE identifiers are now supported in HTML templates and URL parameters, \n> thanks to the [GCVE Python client](https://pypi.org/project/gcve). \n> These identifiers can now be used when disclosing a new vulnerability as part of\n> the Coordinated Vulnerability Disclosure (CVD) process, in alignment with NIS 2 requirements.\n> ([8bb3d84](https://github.com/vulnerability-lookup/vulnerability-lookup/commit/8bb3d84340ba25f0d09dcdbe5050f484e674d5fa),\n> [58c394a](https://github.com/vulnerability-lookup/vulnerability-lookup/commit/58c394a86fa6d0581bac41aeb03f844678700705))\n> \n> \n> \n> ### Trustworthy Level for Members\n> \n> Members of a Vulnerability-Lookup instance now have a dynamically calculated \n> trustworthy level based on profile completeness and verification. \n> Members affiliated with [FIRST.org](https://www.first.org/) or\n> [European CSIRTs (CNW)](https://csirtsnetwork.eu/) are automatically \n> trusted for operations that would otherwise require administrator approval \n> (e.g., creating comments).\n> \n> \n> ## Changes\n> \n> - New API endpoint for MITRE EMB3D.\n> ([c0d6b44](https://github.com/vulnerability-lookup/vulnerability-lookup/commit/c0d6b44775b16f688a35a7d871f402fb64065cab))\n> - Improved the vulnerability disclosure page.\n> ([ccfb6b1](https://github.com/vulnerability-lookup/vulnerability-lookup/commit/ccfb6b1baffc73756ee692e5ac59249097939825))\n> - Added page arguments to the `vulnerability/last` endpoint.\n> ([ce75a7a](https://github.com/vulnerability-lookup/vulnerability-lookup/commit/ce75a7a55e8c8c2103fefbca3385930bf97ad6ec))\n> - Notification emails now include a random signoff.\n> ([#119](https://github.com/vulnerability-lookup/vulnerability-lookup/issues/119))\n> - Various graphical enhancements.\n> ([0878a31](https://github.com/vulnerability-lookup/vulnerability-lookup/commit/0878a314b94ba21ce7c024e4563770e9a65e7761))\n> \n> \n> ## Fixes\n> \n> - Fixed editing of notifications for Organization/Product.\n> ([#124](https://github.com/vulnerability-lookup/vulnerability-lookup/issues/124))\n> \n> \n> ## Changelog\n> \n> 📂 To see the full rundown of the changes, users can visit the changelog on GitHub:\n> https://github.com/vulnerability-lookup/vulnerability-lookup/releases/tag/v2.9.0",
"mediaType": "text/markdown"
},
"attachment": [
{
"href": "https://www.vulnerability-lookup.org/2025/05/06/vulnerability-lookup-2-9-0/",
"mediaType": "text/html; charset=utf-8",
"type": "Link"
}
],
"sensitive": false,
"published": "2025-05-07T15:23:56.502336Z",
"audience": "https://infosec.pub/c/cybersecurity",
"tag": [
{
"href": "https://lemmy.world/post/29276849",
"name": "#cybersecurity",
"type": "Hashtag"
}
]
},
"cc": [
"https://infosec.pub/c/cybersecurity"
],
"type": "Create",
"audience": "https://infosec.pub/c/cybersecurity"
},
"cc": [
"https://infosec.pub/c/cybersecurity/followers"
],
"type": "Announce",
"id": "https://infosec.pub/activities/announce/create/d96ecc58-9db0-4f3a-99e4-357f92b0dc2d"
},
{
"actor": "https://infosec.pub/c/cybersecurity",
"to": [
"https://www.w3.org/ns/activitystreams#Public"
],
"object": {
"id": "https://infosec.pub/activities/create/8b875909-754e-43e0-956d-cf777667afe3",
"actor": "https://infosec.pub/u/shellsharks",
"to": [
"https://www.w3.org/ns/activitystreams#Public"
],
"object": {
"type": "Page",
"id": "https://infosec.pub/post/27859256",
"attributedTo": "https://infosec.pub/u/shellsharks",
"to": [
"https://infosec.pub/c/cybersecurity",
"https://www.w3.org/ns/activitystreams#Public"
],
"name": "What are You Working on Wednesday",
"cc": [],
"content": "<p>Weekly thread to discuss whatever you’re working on, big or small, at work or in your free time.</p>\n",
"mediaType": "text/html",
"source": {
"content": "Weekly thread to discuss whatever you’re working on, big or small, at work or in your free time.",
"mediaType": "text/markdown"
},
"attachment": [],
"sensitive": false,
"published": "2025-05-07T15:11:44.045073Z",
"audience": "https://infosec.pub/c/cybersecurity",
"tag": [
{
"href": "https://infosec.pub/post/27859256",
"name": "#cybersecurity",
"type": "Hashtag"
}
]
},
"cc": [
"https://infosec.pub/c/cybersecurity"
],
"type": "Create",
"audience": "https://infosec.pub/c/cybersecurity"
},
"cc": [
"https://infosec.pub/c/cybersecurity/followers"
],
"type": "Announce",
"id": "https://infosec.pub/activities/announce/create/3e80dae9-6648-4248-9d98-43a337f31bec"
},
{
"actor": "https://infosec.pub/c/cybersecurity",
"to": [
"https://www.w3.org/ns/activitystreams#Public"
],
"object": {
"id": "https://infosec.pub/activities/create/0e1c02b6-7f5e-4c95-89e7-e49e379fbda2",
"actor": "https://programming.dev/u/Pro",
"to": [
"https://www.w3.org/ns/activitystreams#Public"
],
"object": {
"type": "Page",
"id": "https://programming.dev/post/29899734",
"attributedTo": "https://programming.dev/u/Pro",
"to": [
"https://infosec.pub/c/cybersecurity",
"https://www.w3.org/ns/activitystreams#Public"
],
"name": "Return of the Crypto Inferno Drainer",
"cc": [],
"content": "<blockquote>\n<p>Check Point Research uncovered a sophisticated phishing campaign that abuses Discord and targets crypto users. Attackers redirects users from a legitimate Web3 website to a fake Collab.Land bot and then to a phishing site, tricking them into signing malicious transactions. The drainer script deployed on that site was directly linked to Inferno Drainer.\nDespite publicly shutting down in late 2023, Inferno Drainer remained fully operational. Smart contracts deployed in 2023 continued to be used into 2025. Recent campaigns show notable technical upgrades and infrastructure improvements.\nInferno Drainer employs advanced anti-detection tactics — including single-use and short-lived smart contracts, on-chain encrypted configurations, and proxy-based communication — successfully bypassing wallet security mechanisms and anti-phishing blacklists.\nIn just the last six months, more than 30,000 wallets were victimized by Inferno Drainer, resulting in at least $9 million in losses. The combination of evolving technical sophistication and convincing social engineering continues to drive the success of these attacks.</p>\n</blockquote>\n",
"mediaType": "text/html",
"source": {
"content": "> Check Point Research uncovered a sophisticated phishing campaign that abuses Discord and targets crypto users. Attackers redirects users from a legitimate Web3 website to a fake Collab.Land bot and then to a phishing site, tricking them into signing malicious transactions. The drainer script deployed on that site was directly linked to Inferno Drainer.\nDespite publicly shutting down in late 2023, Inferno Drainer remained fully operational. Smart contracts deployed in 2023 continued to be used into 2025. Recent campaigns show notable technical upgrades and infrastructure improvements.\nInferno Drainer employs advanced anti-detection tactics — including single-use and short-lived smart contracts, on-chain encrypted configurations, and proxy-based communication — successfully bypassing wallet security mechanisms and anti-phishing blacklists.\nIn just the last six months, more than 30,000 wallets were victimized by Inferno Drainer, resulting in at least $9 million in losses. The combination of evolving technical sophistication and convincing social engineering continues to drive the success of these attacks.",
"mediaType": "text/markdown"
},
"attachment": [
{
"href": "https://research.checkpoint.com/2025/inferno-drainer-reloaded-deep-dive-into-the-return-of-the-most-sophisticated-crypto-drainer/",
"mediaType": "text/html; charset=utf-8",
"type": "Link"
}
],
"image": {
"type": "Image",
"url": "https://infosec.pub/api/v3/image_proxy?url=https%3A%2F%2Fresearch.checkpoint.com%2Fwp-content%2Fuploads%2F2025%2F04%2FCover-1024x584.png"
},
"sensitive": false,
"published": "2025-05-07T10:48:17.341412Z",
"audience": "https://infosec.pub/c/cybersecurity",
"tag": [
{
"href": "https://programming.dev/post/29899734",
"name": "#cybersecurity",
"type": "Hashtag"
}
]
},
"cc": [
"https://infosec.pub/c/cybersecurity"
],
"type": "Create",
"audience": "https://infosec.pub/c/cybersecurity"
},
"cc": [
"https://infosec.pub/c/cybersecurity/followers"
],
"type": "Announce",
"id": "https://infosec.pub/activities/announce/create/d2b097e1-c0b0-4f30-b953-4e3e6548b35e"
},
{
"actor": "https://infosec.pub/c/cybersecurity",
"to": [
"https://www.w3.org/ns/activitystreams#Public"
],
"object": {
"id": "https://infosec.pub/activities/create/d38533f3-a94d-47b8-8928-d8800735ed35",
"actor": "https://lemmy.sdf.org/u/Hotznplotzn",
"to": [
"https://www.w3.org/ns/activitystreams#Public"
],
"object": {
"type": "Page",
"id": "https://lemmy.sdf.org/post/33999432",
"attributedTo": "https://lemmy.sdf.org/u/Hotznplotzn",
"to": [
"https://infosec.pub/c/cybersecurity",
"https://www.w3.org/ns/activitystreams#Public"
],
"name": "Italy: New decree prioritizes NATO countries in public tenders, sidelining Chinese and Russian tech suppliers in a bid to enhance national security",
"cc": [],
"content": "<p>cross-posted from: <a href=\"https://lemmy.sdf.org/post/33999334\">lemmy.sdf.org/post/33999334</a></p>\n<blockquote>\n<p><a href=\"https://web.archive.org/web/20250506142433/https://decode39.com/10677/italy-launches-buy-transatlantic-tech-procurement-law/\" rel=\"nofollow\">Archived</a></p>\n<ul>\n<li>Under the new rules, tenders will award bonus scores to offers that deploy cybersecurity technologies manufactured in Italy, EU member states, NATO countries, or other like-minded partners.</li>\n<li>The legislation follows high‑profile incidents of Chinese technology infiltrating sensitive sites, ranging from surveillance cameras in courts and ministries to thermoscanners at the prime minister’s office, and the award of customs‑scanner contracts to China’s Nuctech.</li>\n<li>Products include: video surveillance and access‑control systems (including baggage and cargo scanners); VPN‑capable digital networking products, routers, modems (including satellite types), and switches; firewalls, intrusion detection and prevention systems; network storage and backup solutions; cloud services; drone‑control software</li>\n<li>Preference is extended to suppliers from the EU, NATO members, and “like‑minded” countries with collaboration agreements—namely Australia, South Korea, Japan, Israel, New Zealand, and Switzerland.</li>\n<li>The government retains authority to update the list of covered categories and beneficiary states, based on recommendations from public administrations and intelligence agencies, ensuring the framework evolves alongside emerging security needs.</li>\n</ul>\n<p>[…]</p>\n</blockquote>\n",
"mediaType": "text/html",
"source": {
"content": "cross-posted from: https://lemmy.sdf.org/post/33999334\n\n> [Archived](https://web.archive.org/web/20250506142433/https://decode39.com/10677/italy-launches-buy-transatlantic-tech-procurement-law/)\n> \n> - Under the new rules, tenders will award bonus scores to offers that deploy cybersecurity technologies manufactured in Italy, EU member states, NATO countries, or other like-minded partners.\n> - The legislation follows high‑profile incidents of Chinese technology infiltrating sensitive sites, ranging from surveillance cameras in courts and ministries to thermoscanners at the prime minister’s office, and the award of customs‑scanner contracts to China’s Nuctech.\n> - Products include: video surveillance and access‑control systems (including baggage and cargo scanners); VPN‑capable digital networking products, routers, modems (including satellite types), and switches; firewalls, intrusion detection and prevention systems; network storage and backup solutions; cloud services; drone‑control software\n> - Preference is extended to suppliers from the EU, NATO members, and “like‑minded” countries with collaboration agreements—namely Australia, South Korea, Japan, Israel, New Zealand, and Switzerland.\n> - The government retains authority to update the list of covered categories and beneficiary states, based on recommendations from public administrations and intelligence agencies, ensuring the framework evolves alongside emerging security needs.\n> \n> [...]",
"mediaType": "text/markdown"
},
"attachment": [
{
"href": "https://decode39.com/10677/italy-launches-buy-transatlantic-tech-procurement-law",
"mediaType": "text/html; charset=utf-8",
"type": "Link"
}
],
"image": {
"type": "Image",
"url": "https://infosec.pub/api/v3/image_proxy?url=https%3A%2F%2Fdecode39.com%2Fwp-content%2Fuploads%2F2025%2F05%2FImagoeconomica_2435977-scaled.jpg"
},
"sensitive": false,
"published": "2025-05-06T14:33:35.370353Z",
"audience": "https://infosec.pub/c/cybersecurity",
"tag": [
{
"href": "https://lemmy.sdf.org/post/33999432",
"name": "#cybersecurity",
"type": "Hashtag"
}
]
},
"cc": [
"https://infosec.pub/c/cybersecurity"
],
"type": "Create",
"audience": "https://infosec.pub/c/cybersecurity"
},
"cc": [
"https://infosec.pub/c/cybersecurity/followers"
],
"type": "Announce",
"id": "https://infosec.pub/activities/announce/create/e6f95628-7ecf-4046-a997-506c238614d7"
},
{
"actor": "https://infosec.pub/c/cybersecurity",
"to": [
"https://www.w3.org/ns/activitystreams#Public"
],
"object": {
"id": "https://infosec.pub/activities/create/1490b53e-f33d-40cc-836c-ebb23d93aaad",
"actor": "https://lemmy.world/u/cm0002",
"to": [
"https://www.w3.org/ns/activitystreams#Public"
],
"object": {
"type": "Page",
"id": "https://lemmy.world/post/29219346",
"attributedTo": "https://lemmy.world/u/cm0002",
"to": [
"https://infosec.pub/c/cybersecurity",
"https://www.w3.org/ns/activitystreams#Public"
],
"name": "Threat Actor Bypass SentinelOne EDR to Deploy Babuk Ransomware",
"cc": [],
"mediaType": "text/html",
"attachment": [
{
"href": "https://cybersecuritynews.com/threat-actor-bypass-sentinelone-edr/",
"mediaType": "text/html; charset=utf-8",
"type": "Link"
}
],
"image": {
"type": "Image",
"url": "https://infosec.pub/api/v3/image_proxy?url=https%3A%2F%2Fblogger.googleusercontent.com%2Fimg%2Fb%2FR29vZ2xl%2FAVvXsEhMr8unloNU2GcehZp1R61sMrs5zE8EvT0WpETyWZ-koLgDcc0dl0XEe-kmC6UgTCcjtzSu_s-D0pJQTeSjbnGSkneVh2G4E1K9tSN-QH6eeGwKOmO5zPJIGYA5B2z1jZRwtjqEbKl9QD2KfZi8P0weLahsjYo6mza1DcG69kZA01S9S0UraAvUKKkuwRFD%2Fs16000%2FThreat%2520Actor%2520Bypass%2520SentinelOne%2520EDR%2520to%2520Deploy%2520Babuk%2520Ransomware.webp"
},
"sensitive": false,
"published": "2025-05-06T14:13:58.583461Z",
"audience": "https://infosec.pub/c/cybersecurity",
"tag": [
{
"href": "https://lemmy.world/post/29219346",
"name": "#cybersecurity",
"type": "Hashtag"
}
]
},
"cc": [
"https://infosec.pub/c/cybersecurity"
],
"type": "Create",
"audience": "https://infosec.pub/c/cybersecurity"
},
"cc": [
"https://infosec.pub/c/cybersecurity/followers"
],
"type": "Announce",
"id": "https://infosec.pub/activities/announce/create/79ab198d-89a2-4620-88f8-eddebd9a701f"
},
{
"actor": "https://infosec.pub/c/cybersecurity",
"to": [
"https://www.w3.org/ns/activitystreams#Public"
],
"object": {
"id": "https://infosec.pub/activities/create/514a9376-a191-4b27-8dae-724b268c23d2",
"actor": "https://infosec.pub/u/CryptoLek",
"to": [
"https://www.w3.org/ns/activitystreams#Public"
],
"object": {
"type": "Page",
"id": "https://infosec.pub/post/27789162",
"attributedTo": "https://infosec.pub/u/CryptoLek",
"to": [
"https://infosec.pub/c/cybersecurity",
"https://www.w3.org/ns/activitystreams#Public"
],
"name": "Basic analysis of Kidflix users’ passwords – Kinda Blog by CryptoLek",
"cc": [],
"content": "<p>Blogged a bit about Kidflix login credentials and tried to make some basic password analysis. Originally the bulk of the post was written in the beginning of April, but I forgot and it was just sitting there in my drafts directory.</p>\n",
"mediaType": "text/html",
"source": {
"content": "Blogged a bit about Kidflix login credentials and tried to make some basic password analysis. Originally the bulk of the post was written in the beginning of April, but I forgot and it was just sitting there in my drafts directory.",
"mediaType": "text/markdown"
},
"attachment": [
{
"href": "https://cryptolek.info/2025/05/02/basic-analysis-of-kidflix-users-passwords/",
"mediaType": "text/html; charset=utf-8",
"type": "Link"
}
],
"sensitive": false,
"published": "2025-05-06T10:26:53.635360Z",
"audience": "https://infosec.pub/c/cybersecurity",
"tag": [
{
"href": "https://infosec.pub/post/27789162",
"name": "#cybersecurity",
"type": "Hashtag"
}
]
},
"cc": [
"https://infosec.pub/c/cybersecurity"
],
"type": "Create",
"audience": "https://infosec.pub/c/cybersecurity"
},
"cc": [
"https://infosec.pub/c/cybersecurity/followers"
],
"type": "Announce",
"id": "https://infosec.pub/activities/announce/create/af58a3c8-17dc-4956-8ddb-f3aa50652b9a"
},
{
"actor": "https://infosec.pub/c/cybersecurity",
"to": [
"https://www.w3.org/ns/activitystreams#Public"
],
"object": {
"id": "https://infosec.pub/activities/create/b502cf78-4eec-4525-a2d6-74075b765195",
"actor": "https://scribe.disroot.org/u/randomname",
"to": [
"https://www.w3.org/ns/activitystreams#Public"
],
"object": {
"type": "Page",
"id": "https://scribe.disroot.org/post/2673820",
"attributedTo": "https://scribe.disroot.org/u/randomname",
"to": [
"https://infosec.pub/c/cybersecurity",
"https://www.w3.org/ns/activitystreams#Public"
],
"name": "China has found its assassin’s mace: high-altitude electromagnetic pulse (HEMP) weapons",
"cc": [],
"content": "<p>cross-posted from: <a href=\"https://scribe.disroot.org/post/2673818\">scribe.disroot.org/post/2673818</a></p>\n<blockquote>\n<p>[This is an op-ed by Tin Pak, visiting academic at the National Defense University and a researcher at the Institute for National Defense and Security Research in Taiwan, and Chen Yu-cheng, an associate professor at the National Defense University.</p>\n<p>The term “assassin’s mace” originates from Chinese folklore, describing a concealed weapon used by a weaker hero to defeat a stronger adversary with an unexpected strike. In more general military parlance, the concept refers to an asymmetric capability that targets a critical vulnerability of an adversary. China has found its modern equivalent of the assassin’s mace with its high-altitude electromagnetic pulse (HEMP) weapons, which are nuclear warheads detonated at a high altitude, emitting intense electromagnetic radiation capable of disabling and destroying electronics.</p>\n<p>An assassin’s mace weapon possesses two essential characteristics: strategic surprise and the ability to neutralize a core dependency. HEMP weapons fit both criteria. In nanoseconds, a single HEMP detonation at an altitude between 20km and 50km can disable electronic infrastructure across large swathes of Taiwan. There would be little warning, as the Chinese People’s Liberation Army (PLA) fields DF-17 hypersonic missiles, capable of delivering a HEMP warhead above Taiwan in a matter of minutes.</p>\n<p>HEMPs strike at the foundation of modern society, its electronic systems. Every critical infrastructure uses electronics, from telecommunications, hospitals, energy production and distribution facilities, and even water purification systems.</p>\n<p>…</p>\n</blockquote>\n",
"mediaType": "text/html",
"source": {
"content": "cross-posted from: https://scribe.disroot.org/post/2673818\n\n> [This is an op-ed by Tin Pak, visiting academic at the National Defense University and a researcher at the Institute for National Defense and Security Research in Taiwan, and Chen Yu-cheng, an associate professor at the National Defense University.\n> \n> The term “assassin’s mace” originates from Chinese folklore, describing a concealed weapon used by a weaker hero to defeat a stronger adversary with an unexpected strike. In more general military parlance, the concept refers to an asymmetric capability that targets a critical vulnerability of an adversary. China has found its modern equivalent of the assassin’s mace with its high-altitude electromagnetic pulse (HEMP) weapons, which are nuclear warheads detonated at a high altitude, emitting intense electromagnetic radiation capable of disabling and destroying electronics. \n> \n> An assassin’s mace weapon possesses two essential characteristics: strategic surprise and the ability to neutralize a core dependency. HEMP weapons fit both criteria. In nanoseconds, a single HEMP detonation at an altitude between 20km and 50km can disable electronic infrastructure across large swathes of Taiwan. There would be little warning, as the Chinese People’s Liberation Army (PLA) fields DF-17 hypersonic missiles, capable of delivering a HEMP warhead above Taiwan in a matter of minutes. \n> \n> HEMPs strike at the foundation of modern society, its electronic systems. Every critical infrastructure uses electronics, from telecommunications, hospitals, energy production and distribution facilities, and even water purification systems.\n> \n> ...",
"mediaType": "text/markdown"
},
"attachment": [
{
"href": "https://www.taipeitimes.com/News/editorials/archives/2025/05/06/2003836382",
"mediaType": "text/html; charset=utf-8",
"type": "Link"
}
],
"image": {
"type": "Image",
"url": "https://infosec.pub/api/v3/image_proxy?url=https%3A%2F%2Fwww.taipeitimes.com%2Fassets%2Fimages%2FTaipeiTimesLogo-1200X1200px_new.jpg"
},
"sensitive": false,
"published": "2025-05-06T09:03:56.950784Z",
"audience": "https://infosec.pub/c/cybersecurity",
"tag": [
{
"href": "https://scribe.disroot.org/post/2673820",
"name": "#cybersecurity",
"type": "Hashtag"
}
]
},
"cc": [
"https://infosec.pub/c/cybersecurity"
],
"type": "Create",
"audience": "https://infosec.pub/c/cybersecurity"
},
"cc": [
"https://infosec.pub/c/cybersecurity/followers"
],
"type": "Announce",
"id": "https://infosec.pub/activities/announce/create/42625f9f-2cfa-4299-b267-2e89b3364b83"
},
{
"actor": "https://infosec.pub/c/cybersecurity",
"to": [
"https://www.w3.org/ns/activitystreams#Public"
],
"object": {
"id": "https://infosec.pub/activities/create/383f4f4b-5b58-4a76-a06e-58c0f780e90c",
"actor": "https://programming.dev/u/Pro",
"to": [
"https://www.w3.org/ns/activitystreams#Public"
],
"object": {
"type": "Page",
"id": "https://programming.dev/post/29831303",
"attributedTo": "https://programming.dev/u/Pro",
"to": [
"https://infosec.pub/c/cybersecurity",
"https://www.w3.org/ns/activitystreams#Public"
],
"name": "\"Mirai\" Now Exploits Samsung MagicINFO CMS (CVE-2024-7399)",
"cc": [],
"mediaType": "text/html",
"attachment": [
{
"href": "https://isc.sans.edu/diary/rss/31920",
"mediaType": "text/html; charset=utf-8",
"type": "Link"
}
],
"image": {
"type": "Image",
"url": "https://infosec.pub/api/v3/image_proxy?url=https%3A%2F%2Fisc.sans.edu%2Fimages%2Flogos%2Fisc%2Flarge.png"
},
"sensitive": false,
"published": "2025-05-06T08:04:46.553533Z",
"audience": "https://infosec.pub/c/cybersecurity",
"tag": [
{
"href": "https://programming.dev/post/29831303",
"name": "#cybersecurity",
"type": "Hashtag"
}
]
},
"cc": [
"https://infosec.pub/c/cybersecurity"
],
"type": "Create",
"audience": "https://infosec.pub/c/cybersecurity"
},
"cc": [
"https://infosec.pub/c/cybersecurity/followers"
],
"type": "Announce",
"id": "https://infosec.pub/activities/announce/create/7c26c1a0-a84d-4ca0-9de5-5678cf8f0dc4"
},
{
"actor": "https://infosec.pub/c/cybersecurity",
"to": [
"https://www.w3.org/ns/activitystreams#Public"
],
"object": {
"id": "https://infosec.pub/activities/create/32d7f94f-3244-4541-9a92-3789a7894edd",
"actor": "https://infosec.pub/u/shellsharks",
"to": [
"https://www.w3.org/ns/activitystreams#Public"
],
"object": {
"type": "Page",
"id": "https://infosec.pub/post/27744444",
"attributedTo": "https://infosec.pub/u/shellsharks",
"to": [
"https://infosec.pub/c/cybersecurity",
"https://www.w3.org/ns/activitystreams#Public"
],
"name": "Mentorship Monday - Discussions for career and learning!",
"cc": [],
"content": "<p>Weekly thread for any and all career, learning and general guidance questions. Thinking of taking a training or going for a cert? Wondering how to level up your career? Wondering what NOT to do? Got other questions? This is the time and place to ask!</p>\n",
"mediaType": "text/html",
"source": {
"content": "Weekly thread for any and all career, learning and general guidance questions. Thinking of taking a training or going for a cert? Wondering how to level up your career? Wondering what NOT to do? Got other questions? This is the time and place to ask!",
"mediaType": "text/markdown"
},
"attachment": [],
"sensitive": false,
"published": "2025-05-05T14:09:47.156458Z",
"audience": "https://infosec.pub/c/cybersecurity",
"tag": [
{
"href": "https://infosec.pub/post/27744444",
"name": "#cybersecurity",
"type": "Hashtag"
}
]
},
"cc": [
"https://infosec.pub/c/cybersecurity"
],
"type": "Create",
"audience": "https://infosec.pub/c/cybersecurity"
},
"cc": [
"https://infosec.pub/c/cybersecurity/followers"
],
"type": "Announce",
"id": "https://infosec.pub/activities/announce/create/cd9bb772-4fdc-4b8e-906c-cf16099fc7d0"
},
{
"actor": "https://infosec.pub/c/cybersecurity",
"to": [
"https://www.w3.org/ns/activitystreams#Public"
],
"object": {
"id": "https://infosec.pub/activities/create/2d94aef1-d713-457d-a588-bdcd078fb158",
"actor": "https://infosec.pub/u/CryptoLek",
"to": [
"https://www.w3.org/ns/activitystreams#Public"
],
"object": {
"type": "Page",
"id": "https://infosec.pub/post/27729302",
"attributedTo": "https://infosec.pub/u/CryptoLek",
"to": [
"https://infosec.pub/c/cybersecurity",
"https://www.w3.org/ns/activitystreams#Public"
],
"name": "All things infostealers. Week 18, 2025 – Kinda Blog by CryptoLek",
"cc": [],
"content": "<p>A brief look at all things infostealers for the week 18, 2025 (28.04.2025–04.05.2025). This week observed updates from LummaC2 and StealC infostealers. Grabbed some numbers from marketplaces and some interesting news/articles.</p>\n",
"mediaType": "text/html",
"source": {
"content": "A brief look at all things infostealers for the week 18, 2025 (28.04.2025–04.05.2025). This week observed updates from LummaC2 and StealC infostealers. Grabbed some numbers from marketplaces and some interesting news/articles.",
"mediaType": "text/markdown"
},
"attachment": [
{
"href": "https://cryptolek.info/2025/05/04/all-things-infostealers-week-18-2025/",
"mediaType": "text/html; charset=utf-8",
"type": "Link"
}
],
"sensitive": false,
"published": "2025-05-05T06:16:30.760551Z",
"audience": "https://infosec.pub/c/cybersecurity",
"tag": [
{
"href": "https://infosec.pub/post/27729302",
"name": "#cybersecurity",
"type": "Hashtag"
}
]
},
"cc": [
"https://infosec.pub/c/cybersecurity"
],
"type": "Create",
"audience": "https://infosec.pub/c/cybersecurity"
},
"cc": [
"https://infosec.pub/c/cybersecurity/followers"
],
"type": "Announce",
"id": "https://infosec.pub/activities/announce/create/aa8bd997-2174-4a5d-929f-9f0e04031abd"
},
{
"actor": "https://infosec.pub/c/cybersecurity",
"to": [
"https://www.w3.org/ns/activitystreams#Public"
],
"object": {
"id": "https://infosec.pub/activities/create/9b6ea684-8a88-4e82-bceb-45498b40f5ba",
"actor": "https://sh.itjust.works/u/kugmo",
"to": [
"https://www.w3.org/ns/activitystreams#Public"
],
"object": {
"type": "Page",
"id": "https://sh.itjust.works/post/37162627",
"attributedTo": "https://sh.itjust.works/u/kugmo",
"to": [
"https://infosec.pub/c/cybersecurity",
"https://www.w3.org/ns/activitystreams#Public"
],
"name": "How NSA Can Spy on Air-Gapped Networks? Meet FIREWALK",
"cc": [],
"content": "<p>cross-posted from: <a href=\"https://sh.itjust.works/post/37162345\">sh.itjust.works/post/37162345</a></p>\n<blockquote>\n<p>Came out in 2008 and leaked in 2013, the glowies have been able to send out malicious packets from air-gapped networks for exuberant prices.</p>\n</blockquote>\n",
"mediaType": "text/html",
"source": {
"content": "cross-posted from: https://sh.itjust.works/post/37162345\n\n> Came out in 2008 and leaked in 2013, the glowies have been able to send out malicious packets from air-gapped networks for exuberant prices.",
"mediaType": "text/markdown"
},
"attachment": [
{
"href": "https://youtu.be/e8uT53Srk_E",
"mediaType": "text/html; charset=utf-8",
"type": "Link"
}
],
"sensitive": false,
"published": "2025-05-02T17:30:08.297874Z",
"audience": "https://infosec.pub/c/cybersecurity",
"tag": [
{
"href": "https://sh.itjust.works/post/37162627",
"name": "#cybersecurity",
"type": "Hashtag"
}
]
},
"cc": [
"https://infosec.pub/c/cybersecurity"
],
"type": "Create",
"audience": "https://infosec.pub/c/cybersecurity"
},
"cc": [
"https://infosec.pub/c/cybersecurity/followers"
],
"type": "Announce",
"id": "https://infosec.pub/activities/announce/create/50a90558-fd40-4fee-a760-e5a90da61a97"
},
{
"actor": "https://infosec.pub/c/cybersecurity",
"to": [
"https://www.w3.org/ns/activitystreams#Public"
],
"object": {
"id": "https://infosec.pub/activities/create/e7ceef9f-4161-4976-a74f-76c1be25d305",
"actor": "https://ponder.cat/u/PhilipTheBucket",
"to": [
"https://www.w3.org/ns/activitystreams#Public"
],
"object": {
"type": "Page",
"id": "https://ponder.cat/post/2668084",
"attributedTo": "https://ponder.cat/u/PhilipTheBucket",
"to": [
"https://infosec.pub/c/cybersecurity",
"https://www.w3.org/ns/activitystreams#Public"
],
"name": "Disney Slack hacker was Californian, not Russian",
"cc": [],
"mediaType": "text/html",
"attachment": [
{
"href": "https://go.theregister.com/feed/www.theregister.com/2025/05/02/disney_slack_hacker_revealed_to/",
"mediaType": "text/html; charset=utf-8",
"type": "Link"
}
],
"image": {
"type": "Image",
"url": "https://infosec.pub/api/v3/image_proxy?url=https%3A%2F%2Fregmedia.co.uk%2F2025%2F05%2F02%2Fdisney-live-action-pinocchio.jpg"
},
"sensitive": false,
"published": "2025-05-02T17:06:28.965496Z",
"audience": "https://infosec.pub/c/cybersecurity",
"tag": [
{
"href": "https://ponder.cat/post/2668084",
"name": "#cybersecurity",
"type": "Hashtag"
}
]
},
"cc": [
"https://infosec.pub/c/cybersecurity"
],
"type": "Create",
"audience": "https://infosec.pub/c/cybersecurity"
},
"cc": [
"https://infosec.pub/c/cybersecurity/followers"
],
"type": "Announce",
"id": "https://infosec.pub/activities/announce/create/de7b79a3-dcc6-4cd8-a7ee-8df690d36bf3"
},
{
"actor": "https://infosec.pub/c/cybersecurity",
"to": [
"https://www.w3.org/ns/activitystreams#Public"
],
"object": {
"id": "https://infosec.pub/activities/create/90b90510-faca-49dc-95b8-90207bbb1c5d",
"actor": "https://infosec.pub/u/shellsharks",
"to": [
"https://www.w3.org/ns/activitystreams#Public"
],
"object": {
"type": "Page",
"id": "https://infosec.pub/post/27590235",
"attributedTo": "https://infosec.pub/u/shellsharks",
"to": [
"https://infosec.pub/c/cybersecurity",
"https://www.w3.org/ns/activitystreams#Public"
],
"name": "Off-Topic Friday",
"cc": [],
"content": "<p>Wanna chat about something non-infosec amongst those of us who frequent /c/cybersecurity? Here’s your chance! (Keep things civil & respectful please)</p>\n",
"mediaType": "text/html",
"source": {
"content": "Wanna chat about something non-infosec amongst those of us who frequent /c/cybersecurity? Here’s your chance! (Keep things civil & respectful please)",
"mediaType": "text/markdown"
},
"attachment": [],
"sensitive": false,
"published": "2025-05-02T12:28:58.721877Z",
"audience": "https://infosec.pub/c/cybersecurity",
"tag": [
{
"href": "https://infosec.pub/post/27590235",
"name": "#cybersecurity",
"type": "Hashtag"
}
]
},
"cc": [
"https://infosec.pub/c/cybersecurity"
],
"type": "Create",
"audience": "https://infosec.pub/c/cybersecurity"
},
"cc": [
"https://infosec.pub/c/cybersecurity/followers"
],
"type": "Announce",
"id": "https://infosec.pub/activities/announce/create/722cf9bf-893b-4862-82dd-4e65387d9338"
},
{
"actor": "https://infosec.pub/c/cybersecurity",
"to": [
"https://www.w3.org/ns/activitystreams#Public"
],
"object": {
"id": "https://infosec.pub/activities/create/858ded7c-ae8f-47d5-9320-644979f27903",
"actor": "https://programming.dev/u/Pro",
"to": [
"https://www.w3.org/ns/activitystreams#Public"
],
"object": {
"type": "Page",
"id": "https://programming.dev/post/29606333",
"attributedTo": "https://programming.dev/u/Pro",
"to": [
"https://infosec.pub/c/cybersecurity",
"https://www.w3.org/ns/activitystreams#Public"
],
"name": "A Flaw With the Security Level Slider in Tor Browser",
"cc": [],
"mediaType": "text/html",
"attachment": [
{
"href": "https://www.privacyguides.org/articles/2025/05/02/tor-security-slider-flaw/",
"mediaType": "text/html",
"type": "Link"
}
],
"image": {
"type": "Image",
"url": "https://infosec.pub/api/v3/image_proxy?url=https%3A%2F%2Fwww.privacyguides.org%2Farticles%2Fassets%2Fimg%2Fsocial%2F2025%2F05%2F02%2Ftor-security-slider-flaw.png"
},
"sensitive": false,
"published": "2025-05-02T12:16:28.644052Z",
"audience": "https://infosec.pub/c/cybersecurity",
"tag": [
{
"href": "https://programming.dev/post/29606333",
"name": "#cybersecurity",
"type": "Hashtag"
}
]
},
"cc": [
"https://infosec.pub/c/cybersecurity"
],
"type": "Create",
"audience": "https://infosec.pub/c/cybersecurity"
},
"cc": [
"https://infosec.pub/c/cybersecurity/followers"
],
"type": "Announce",
"id": "https://infosec.pub/activities/announce/create/5f992aaf-d92e-437f-abbc-20944d2681f5"
},
{
"actor": "https://infosec.pub/c/cybersecurity",
"to": [
"https://www.w3.org/ns/activitystreams#Public"
],
"object": {
"id": "https://infosec.pub/activities/create/e0a87601-ab74-4faf-a1f9-f58c9ba23e0b",
"actor": "https://lemmy.world/u/cm0002",
"to": [
"https://www.w3.org/ns/activitystreams#Public"
],
"object": {
"type": "Page",
"id": "https://lemmy.world/post/28956877",
"attributedTo": "https://lemmy.world/u/cm0002",
"to": [
"https://infosec.pub/c/cybersecurity",
"https://www.w3.org/ns/activitystreams#Public"
],
"name": "🚨 April 2025 Vulnerability Report is out! 🚨",
"cc": [],
"content": "<blockquote>\n<p>🚨 April 2025 Vulnerability Report is out! 🚨</p>\n<p>👉 <a href=\"https://www.vulnerability-lookup.org/2025/05/01/vulnerability-report-april-2025/\">vulnerability-lookup.org/…/vulnerability-report-a…</a></p>\n<p>The most prominent vulnerabilities affect the following products:</p>\n<ul>\n<li>Ivanti / ConnectSecure</li>\n<li>Erlang / OTP</li>\n<li>SAP / SAP NetWeaver</li>\n</ul>\n<p>The Continuous Exploitation section highlights several resurgent vulnerabilities (recently exploited at a high rate), including:</p>\n<ul>\n<li>CVE-2017-17215 (Huawei router)</li>\n<li>CVE-2015-2051 (D-Link)</li>\n</ul>\n<p>Check out the report for more details.</p>\n<p>A huge thank you to all contributors and data sources that make this possible! 🙌</p>\n<p>Want to help shape the next report? Join us:\n👉 <a href=\"https://vulnerability.circl.lu/user/signup\">vulnerability.circl.lu/user/signup</a></p>\n<p>💻 NISDUC Conference</p>\n<p>Vulnerability-Lookup will be presented during the fourth NISDUC conference.</p>\n<p>👉 <a href=\"https://www.nisduc.eu/\">www.nisduc.eu</a></p>\n</blockquote>\n",
"mediaType": "text/html",
"source": {
"content": "> 🚨 April 2025 Vulnerability Report is out! 🚨\n> \n> 👉 https://www.vulnerability-lookup.org/2025/05/01/vulnerability-report-april-2025/\n> \n> The most prominent vulnerabilities affect the following products:\n> \n> - Ivanti / ConnectSecure\n> - Erlang / OTP\n> - SAP / SAP NetWeaver\n> \n> The Continuous Exploitation section highlights several resurgent vulnerabilities (recently exploited at a high rate), including:\n> \n> - CVE-2017-17215 (Huawei router)\n> - CVE-2015-2051 (D-Link)\n> \n> Check out the report for more details.\n> \n> A huge thank you to all contributors and data sources that make this possible! 🙌\n> \n> \n> Want to help shape the next report? Join us:\n> 👉 https://vulnerability.circl.lu/user/signup\n> \n> \n> 💻 NISDUC Conference\n> \n> Vulnerability-Lookup will be presented during the fourth NISDUC conference.\n> \n> 👉 https://www.nisduc.eu/\n> \n> ",
"mediaType": "text/markdown"
},
"attachment": [],
"sensitive": false,
"published": "2025-05-01T14:27:10.846626Z",
"audience": "https://infosec.pub/c/cybersecurity",
"tag": [
{
"href": "https://lemmy.world/post/28956877",
"name": "#cybersecurity",
"type": "Hashtag"
}
]
},
"cc": [
"https://infosec.pub/c/cybersecurity"
],
"type": "Create",
"audience": "https://infosec.pub/c/cybersecurity"
},
"cc": [
"https://infosec.pub/c/cybersecurity/followers"
],
"type": "Announce",
"id": "https://infosec.pub/activities/announce/create/cd64d1ec-f229-44af-b763-65efb60bac1b"
},
{
"actor": "https://infosec.pub/c/cybersecurity",
"to": [
"https://www.w3.org/ns/activitystreams#Public"
],
"object": {
"id": "https://infosec.pub/activities/create/13bb464d-7d32-4def-9b4b-aa033f9c514c",
"actor": "https://lemmy.world/u/cm0002",
"to": [
"https://www.w3.org/ns/activitystreams#Public"
],
"object": {
"type": "Page",
"id": "https://lemmy.world/post/28940346",
"attributedTo": "https://lemmy.world/u/cm0002",
"to": [
"https://infosec.pub/c/cybersecurity",
"https://www.w3.org/ns/activitystreams#Public"
],
"name": "Apache Tomcat Vulnerability Let Attackers Bypass Rules & Trigger DoS Condition",
"cc": [],
"mediaType": "text/html",
"attachment": [
{
"href": "https://cybersecuritynews.com/apache-tomcat-vulnerability-let-bypass-rules/",
"mediaType": "text/html; charset=utf-8",
"type": "Link"
}
],
"image": {
"type": "Image",
"url": "https://infosec.pub/api/v3/image_proxy?url=https%3A%2F%2Fblogger.googleusercontent.com%2Fimg%2Fb%2FR29vZ2xl%2FAVvXsEijgqu4th7ERwLXBgt1v5puhs5Dhi_3LrtYDwxujIJUjbp4rKkpOX04vvhn5xfmObxdSefcVgG6NwtVVtRUMlq93W_8SZ_h_l7A_IVtiMW27B5-lhAqjWZ8IeIfKePwhpNgrfMw4lN_b6eyHBR19TrAZl73vDe30ObadkkOEW-6A6BxTxTVbMGipO92Q1rA%2Fs16000%2FApache%2520Tomcat%2520Vulnerability%2520%282%29.webp"
},
"sensitive": false,
"published": "2025-05-01T06:02:09.729828Z",
"audience": "https://infosec.pub/c/cybersecurity",
"tag": [
{
"href": "https://lemmy.world/post/28940346",
"name": "#cybersecurity",
"type": "Hashtag"
}
]
},
"cc": [
"https://infosec.pub/c/cybersecurity"
],
"type": "Create",
"audience": "https://infosec.pub/c/cybersecurity"
},
"cc": [
"https://infosec.pub/c/cybersecurity/followers"
],
"type": "Announce",
"id": "https://infosec.pub/activities/announce/create/03a2702b-91b1-4e6a-8027-48a00eb4f397"
},
{
"actor": "https://infosec.pub/c/cybersecurity",
"to": [
"https://www.w3.org/ns/activitystreams#Public"
],
"object": {
"id": "https://infosec.pub/activities/create/993ed712-1f70-4238-b452-d1f2812e57d0",
"actor": "https://infosec.pub/u/shellsharks",
"to": [
"https://www.w3.org/ns/activitystreams#Public"
],
"object": {
"type": "Page",
"id": "https://infosec.pub/post/27477157",
"attributedTo": "https://infosec.pub/u/shellsharks",
"to": [
"https://infosec.pub/c/cybersecurity",
"https://www.w3.org/ns/activitystreams#Public"
],
"name": "What are You Working on Wednesday",
"cc": [],
"content": "<p>Weekly thread to discuss whatever you’re working on, big or small, at work or in your free time.</p>\n",
"mediaType": "text/html",
"source": {
"content": "Weekly thread to discuss whatever you’re working on, big or small, at work or in your free time.",
"mediaType": "text/markdown"
},
"attachment": [],
"sensitive": false,
"published": "2025-04-30T05:00:06.839296Z",
"audience": "https://infosec.pub/c/cybersecurity",
"tag": [
{
"href": "https://infosec.pub/post/27477157",
"name": "#cybersecurity",
"type": "Hashtag"
}
]
},
"cc": [
"https://infosec.pub/c/cybersecurity"
],
"type": "Create",
"audience": "https://infosec.pub/c/cybersecurity"
},
"cc": [
"https://infosec.pub/c/cybersecurity/followers"
],
"type": "Announce",
"id": "https://infosec.pub/activities/announce/create/1ca0c551-63c1-409e-b1f1-bdf6c7afa37c"
},
{
"actor": "https://infosec.pub/c/cybersecurity",
"to": [
"https://www.w3.org/ns/activitystreams#Public"
],
"object": {
"id": "https://infosec.pub/activities/create/2dc26229-4de3-4d0e-9549-9640052bc377",
"actor": "https://infosec.pub/u/shellsharks",
"to": [
"https://www.w3.org/ns/activitystreams#Public"
],
"object": {
"type": "Page",
"id": "https://infosec.pub/post/27390687",
"attributedTo": "https://infosec.pub/u/shellsharks",
"to": [
"https://infosec.pub/c/cybersecurity",
"https://www.w3.org/ns/activitystreams#Public"
],
"name": "Mentorship Monday - Discussions for career and learning!",
"cc": [],
"content": "<p>Weekly thread for any and all career, learning and general guidance questions. Thinking of taking a training or going for a cert? Wondering how to level up your career? Wondering what NOT to do? Got other questions? This is the time and place to ask!</p>\n",
"mediaType": "text/html",
"source": {
"content": "Weekly thread for any and all career, learning and general guidance questions. Thinking of taking a training or going for a cert? Wondering how to level up your career? Wondering what NOT to do? Got other questions? This is the time and place to ask!",
"mediaType": "text/markdown"
},
"attachment": [],
"sensitive": false,
"published": "2025-04-28T13:47:30.544153Z",
"audience": "https://infosec.pub/c/cybersecurity",
"tag": [
{
"href": "https://infosec.pub/post/27390687",
"name": "#cybersecurity",
"type": "Hashtag"
}
]
},
"cc": [
"https://infosec.pub/c/cybersecurity"
],
"type": "Create",
"audience": "https://infosec.pub/c/cybersecurity"
},
"cc": [
"https://infosec.pub/c/cybersecurity/followers"
],
"type": "Announce",
"id": "https://infosec.pub/activities/announce/create/1894dfb8-c832-443f-9774-e6b90a64286f"
},
{
"actor": "https://infosec.pub/c/cybersecurity",
"to": [
"https://www.w3.org/ns/activitystreams#Public"
],
"object": {
"id": "https://infosec.pub/activities/create/621d302b-b511-44a2-b6b1-75353bc084ca",
"actor": "https://lemmy.world/u/cm0002",
"to": [
"https://www.w3.org/ns/activitystreams#Public"
],
"object": {
"type": "Page",
"id": "https://lemmy.world/post/28813164",
"attributedTo": "https://lemmy.world/u/cm0002",
"to": [
"https://infosec.pub/c/cybersecurity",
"https://www.w3.org/ns/activitystreams#Public"
],
"name": "A Python client for the Global CVE Allocation System.",
"cc": [],
"content": "<blockquote>\n<p><img src=\"https://infosec.pub/api/v3/image_proxy?url=https%3A%2F%2Flemmy.ml%2Fpictrs%2Fimage%2F8149d5ea-5d01-41e2-960a-c4f2132620f0.png\" alt=\"\" /></p>\n<p>The <a href=\"https://gcve.eu/\" rel=\"nofollow\">Global CVE (GCVE) allocation system</a> is a new, decentralized\napproach to vulnerability identification and numbering, designed to improve flexibility,\nscalability, and autonomy for participating entities.</p>\n<p>This client can be integrated into software such as\n<a href=\"https://github.com/vulnerability-lookup/vulnerability-lookup\" rel=\"nofollow\">Vulnerability-Lookup</a>\nto provide core GCVE functionalities by adhering to the\n<a href=\"https://gcve.eu/bcp/\" rel=\"nofollow\">Best Current Practices</a>.<br />\nIt can also be used as a standalone command-line tool.</p>\n<h2>Examples of usage</h2>\n<h3>As a command line tool</h3>\n<p>First install the gcve client:</p>\n<pre style=\"background-color:#ffffff;\">\n<span style=\"color:#323232;\">$ python -m pip install --user pipx\n</span><span style=\"color:#323232;\">$ python -m pipx ensurepath\n</span><span style=\"color:#323232;\">\n</span><span style=\"color:#323232;\">$ pipx install gcve\n</span><span style=\"color:#323232;\"> installed package gcve 0.6.0, installed using Python 3.13.0\n</span><span style=\"color:#323232;\"> These apps are now globally available\n</span><span style=\"color:#323232;\"> - gcve\n</span><span style=\"font-weight:bold;color:#a71d5d;\">done</span><span style=\"color:#323232;\">! ✨ 🌟 ✨\n</span></pre>\n<h4>Pulling the registry locally</h4>\n<pre style=\"background-color:#ffffff;\">\n<span style=\"color:#323232;\">$ gcve registry --pull\n</span><span style=\"color:#323232;\">Pulling from registry...\n</span><span style=\"color:#323232;\">Downloaded updated https://gcve.eu/dist/key/public.pem to data/public.pem\n</span><span style=\"color:#323232;\">Downloaded updated https://gcve.eu/dist/gcve.json.sigsha512 to data/gcve.json.sigsha512\n</span><span style=\"color:#323232;\">Downloaded updated https://gcve.eu/dist/gcve.json to data/gcve.json\n</span><span style=\"color:#323232;\">Integrity check passed successfully.\n</span></pre>\n<h4>Retrieving a GNA</h4>\n<p>Note: This operation is case sensitive.</p>\n<pre style=\"background-color:#ffffff;\">\n<span style=\"color:#323232;\">$ gcve registry --get CIRCL\n</span><span style=\"color:#323232;\">{\n</span><span style=\"color:#323232;\"> </span><span style=\"color:#183691;\">"id"</span><span style=\"color:#323232;\">: 1,\n</span><span style=\"color:#323232;\"> </span><span style=\"color:#183691;\">"short_name"</span><span style=\"color:#323232;\">: </span><span style=\"color:#183691;\">"CIRCL"</span><span style=\"color:#323232;\">,\n</span><span style=\"color:#323232;\"> </span><span style=\"color:#183691;\">"cpe_vendor_name"</span><span style=\"color:#323232;\">: </span><span style=\"color:#183691;\">"circl"</span><span style=\"color:#323232;\">,\n</span><span style=\"color:#323232;\"> </span><span style=\"color:#183691;\">"full_name"</span><span style=\"color:#323232;\">: </span><span style=\"color:#183691;\">"Computer Incident Response Center Luxembourg"</span><span style=\"color:#323232;\">,\n</span><span style=\"color:#323232;\"> </span><span style=\"color:#183691;\">"gcve_url"</span><span style=\"color:#323232;\">: </span><span style=\"color:#183691;\">"https://vulnerability.circl.lu/"</span><span style=\"color:#323232;\">,\n</span><span style=\"color:#323232;\"> </span><span style=\"color:#183691;\">"gcve_api"</span><span style=\"color:#323232;\">: </span><span style=\"color:#183691;\">"https://vulnerability.circl.lu/api/"</span><span style=\"color:#323232;\">,\n</span><span style=\"color:#323232;\"> </span><span style=\"color:#183691;\">"gcve_dump"</span><span style=\"color:#323232;\">: </span><span style=\"color:#183691;\">"https://vulnerability.circl.lu/dumps/"</span><span style=\"color:#323232;\">,\n</span><span style=\"color:#323232;\"> </span><span style=\"color:#183691;\">"gcve_allocation"</span><span style=\"color:#323232;\">: </span><span style=\"color:#183691;\">"https://vulnerability.circl.lu/"</span><span style=\"color:#323232;\">,\n</span><span style=\"color:#323232;\"> </span><span style=\"color:#183691;\">"gcve_sync_api"</span><span style=\"color:#323232;\">: </span><span style=\"color:#183691;\">"https://vulnerability.circl.lu/"\n</span><span style=\"color:#323232;\">}\n</span><span style=\"color:#323232;\">\n</span><span style=\"color:#323232;\">$ gcve registry --get CIRCL </span><span style=\"font-weight:bold;color:#a71d5d;\">| </span><span style=\"color:#323232;\">jq .id\n</span><span style=\"color:#323232;\">1\n</span></pre>\n<h4>Searching the Registry</h4>\n<p>Note: Search operations are case insensitive.</p>\n<pre style=\"background-color:#ffffff;\">\n<span style=\"color:#323232;\">$ gcve registry --find cert\n</span><span style=\"color:#62a35c;\">[\n</span><span style=\"color:#323232;\"> {\n</span><span style=\"color:#323232;\"> </span><span style=\"color:#183691;\">"id"</span><span style=\"color:#323232;\">: 680,\n</span><span style=\"color:#323232;\"> </span><span style=\"color:#183691;\">"short_name"</span><span style=\"color:#323232;\">: </span><span style=\"color:#183691;\">"DFN-CERT"</span><span style=\"color:#323232;\">,\n</span><span style=\"color:#323232;\"> </span><span style=\"color:#183691;\">"full_name"</span><span style=\"color:#323232;\">: </span><span style=\"color:#183691;\">"DFN-CERT Services GmbH"</span><span style=\"color:#323232;\">,\n</span><span style=\"color:#323232;\"> </span><span style=\"color:#183691;\">"gcve_url"</span><span style=\"color:#323232;\">: </span><span style=\"color:#183691;\">"https://adv-archiv.dfn-cert.de/"\n</span><span style=\"color:#323232;\"> }\n</span><span style=\"color:#323232;\">]\n</span></pre>\n<p>More information in the <a href=\"https://github.com/gcve-eu/gcve\" rel=\"nofollow\">Git repository</a>.</p>\n</blockquote>\n",
"mediaType": "text/html",
"source": {
"content": "> \n> \n> The [Global CVE (GCVE) allocation system](https://gcve.eu/) is a new, decentralized\n> approach to vulnerability identification and numbering, designed to improve flexibility,\n> scalability, and autonomy for participating entities.\n> \n> This client can be integrated into software such as\n> [Vulnerability-Lookup](https://github.com/vulnerability-lookup/vulnerability-lookup)\n> to provide core GCVE functionalities by adhering to the\n> [Best Current Practices](https://gcve.eu/bcp/). \n> It can also be used as a standalone command-line tool.\n> \n> \n> ## Examples of usage\n> \n> ### As a command line tool\n> \n> First install the gcve client:\n> \n> ```bash\n> $ python -m pip install --user pipx\n> $ python -m pipx ensurepath\n> \n> $ pipx install gcve\n> installed package gcve 0.6.0, installed using Python 3.13.0\n> These apps are now globally available\n> - gcve\n> done! ✨ 🌟 ✨\n> ```\n> \n> #### Pulling the registry locally\n> \n> ```bash\n> $ gcve registry --pull\n> Pulling from registry...\n> Downloaded updated https://gcve.eu/dist/key/public.pem to data/public.pem\n> Downloaded updated https://gcve.eu/dist/gcve.json.sigsha512 to data/gcve.json.sigsha512\n> Downloaded updated https://gcve.eu/dist/gcve.json to data/gcve.json\n> Integrity check passed successfully.\n> ```\n> \n> #### Retrieving a GNA\n> \n> Note: This operation is case sensitive.\n> \n> ```bash\n> $ gcve registry --get CIRCL\n> {\n> \"id\": 1,\n> \"short_name\": \"CIRCL\",\n> \"cpe_vendor_name\": \"circl\",\n> \"full_name\": \"Computer Incident Response Center Luxembourg\",\n> \"gcve_url\": \"https://vulnerability.circl.lu/\",\n> \"gcve_api\": \"https://vulnerability.circl.lu/api/\",\n> \"gcve_dump\": \"https://vulnerability.circl.lu/dumps/\",\n> \"gcve_allocation\": \"https://vulnerability.circl.lu/\",\n> \"gcve_sync_api\": \"https://vulnerability.circl.lu/\"\n> }\n> \n> $ gcve registry --get CIRCL | jq .id\n> 1\n> ```\n> \n> #### Searching the Registry\n> \n> Note: Search operations are case insensitive.\n> \n> ```bash\n> $ gcve registry --find cert\n> [\n> {\n> \"id\": 680,\n> \"short_name\": \"DFN-CERT\",\n> \"full_name\": \"DFN-CERT Services GmbH\",\n> \"gcve_url\": \"https://adv-archiv.dfn-cert.de/\"\n> }\n> ]\n> ```\n> \n> More information in the [Git repository](https://github.com/gcve-eu/gcve).",
"mediaType": "text/markdown"
},
"attachment": [
{
"href": "https://github.com/gcve-eu/gcve",
"mediaType": "text/html; charset=utf-8",
"type": "Link"
}
],
"image": {
"type": "Image",
"url": "https://infosec.pub/api/v3/image_proxy?url=https%3A%2F%2Frepository-images.githubusercontent.com%2F967321096%2F37198165-3031-4bad-90d1-9852234e164b"
},
"sensitive": false,
"published": "2025-04-28T08:06:44.824716Z",
"audience": "https://infosec.pub/c/cybersecurity",
"tag": [
{
"href": "https://lemmy.world/post/28813164",
"name": "#cybersecurity",
"type": "Hashtag"
}
]
},
"cc": [
"https://infosec.pub/c/cybersecurity"
],
"type": "Create",
"audience": "https://infosec.pub/c/cybersecurity"
},
"cc": [
"https://infosec.pub/c/cybersecurity/followers"
],
"type": "Announce",
"id": "https://infosec.pub/activities/announce/create/7ec87122-e020-4225-8202-f81bef1d9325"
},
{
"actor": "https://infosec.pub/c/cybersecurity",
"to": [
"https://www.w3.org/ns/activitystreams#Public"
],
"object": {
"id": "https://infosec.pub/activities/create/eaa0599e-b409-42ad-b4a5-281d99c674ad",
"actor": "https://scribe.disroot.org/u/randomname",
"to": [
"https://www.w3.org/ns/activitystreams#Public"
],
"object": {
"type": "Page",
"id": "https://scribe.disroot.org/post/2539597",
"attributedTo": "https://scribe.disroot.org/u/randomname",
"to": [
"https://infosec.pub/c/cybersecurity",
"https://www.w3.org/ns/activitystreams#Public"
],
"name": "Chinese hackers undertaking global infiltration campaign across 12 countries and 20 industries",
"cc": [],
"content": "<p>cross-posted from: <a href=\"https://scribe.disroot.org/post/2539529\">scribe.disroot.org/post/2539529</a></p>\n<blockquote>\n<p><a href=\"https://web.archive.org/web/20250423164558/https://teamt5.org/en/posts/china-nexus-apt-exploits-ivanti-connect-secure-vpn-vulnerability-to-infiltrate-multiple-entities/\" rel=\"nofollow\">Archived version</a></p>\n<p>Here is also a <a href=\"https://www.cybersecurityintelligence.com/blog/chinese-hackers-undertaking-a-global-infiltration-campaign-8377.html\" rel=\"nofollow\">report</a>.</p>\n<p>China-nexus APT exploits Ivanti Connect Secure VPN vulnerability to infiltrate multiple entities, according to Cyber Security firm TeamT5.</p>\n<ul>\n<li>\n<p>The campaign, active since late March 2025, exploits the CVE-2025-0282 and CVE-2025-22457 vulnerabilities’ stack-based buffer overflow flaws, which have maximum CVSS (Common Vulnerability Scoring System) scores of 9.0, to deploy the SPAWNCHIMERA malware suite and establish network access.</p>\n</li>\n<li>\n<p>The victim countries include Austria, Australia, France, Spain, Japan, South Korea, Netherlands, Singapore, Taiwan, the United Arab Emirates, the United Kingdom, and the United States.</p>\n</li>\n<li>\n<p>Targeted industries include Automotive, Chemical, Conglomerate, Construction, Information Security, Education, Electronics, Financial Institution, Gambling, Government, Intergovernmental Organizations (IGO), Information Technology, Law Firm, Manufacturing, Materials, Media, Non-Governmental Organizations (NGOs), Research Institutes, Telecommunication.</p>\n</li>\n</ul>\n<p>…</p>\n</blockquote>\n",
"mediaType": "text/html",
"source": {
"content": "cross-posted from: https://scribe.disroot.org/post/2539529\n\n> [Archived version](https://web.archive.org/web/20250423164558/https://teamt5.org/en/posts/china-nexus-apt-exploits-ivanti-connect-secure-vpn-vulnerability-to-infiltrate-multiple-entities/)\n> \n> Here is also a [report](https://www.cybersecurityintelligence.com/blog/chinese-hackers-undertaking-a-global-infiltration-campaign-8377.html).\n> \n> China-nexus APT exploits Ivanti Connect Secure VPN vulnerability to infiltrate multiple entities, according to Cyber Security firm TeamT5.\n> \n> - The campaign, active since late March 2025, exploits the CVE-2025-0282 and CVE-2025-22457 vulnerabilities' stack-based buffer overflow flaws, which have maximum CVSS (Common Vulnerability Scoring System) scores of 9.0, to deploy the SPAWNCHIMERA malware suite and establish network access.\n> \n> - The victim countries include Austria, Australia, France, Spain, Japan, South Korea, Netherlands, Singapore, Taiwan, the United Arab Emirates, the United Kingdom, and the United States.\n> \n> - Targeted industries include Automotive, Chemical, Conglomerate, Construction, Information Security, Education, Electronics, Financial Institution, Gambling, Government, Intergovernmental Organizations (IGO), Information Technology, Law Firm, Manufacturing, Materials, Media, Non-Governmental Organizations (NGOs), Research Institutes, Telecommunication.\n> \n> ...",
"mediaType": "text/markdown"
},
"attachment": [
{
"href": "https://teamt5.org/en/posts/china-nexus-apt-exploits-ivanti-connect-secure-vpn-vulnerability-to-infiltrate-multiple-entities",
"mediaType": "text/html",
"type": "Link"
}
],
"image": {
"type": "Image",
"url": "https://infosec.pub/api/v3/image_proxy?url=https%3A%2F%2Fuploads.teamt5.org%2Fupload%2Foriginal%2FCompany%2520Cover%2520Image.png"
},
"sensitive": false,
"published": "2025-04-23T17:05:01.446566Z",
"audience": "https://infosec.pub/c/cybersecurity",
"tag": [
{
"href": "https://scribe.disroot.org/post/2539597",
"name": "#cybersecurity",
"type": "Hashtag"
}
]
},
"cc": [
"https://infosec.pub/c/cybersecurity"
],
"type": "Create",
"audience": "https://infosec.pub/c/cybersecurity"
},
"cc": [
"https://infosec.pub/c/cybersecurity/followers"
],
"type": "Announce",
"id": "https://infosec.pub/activities/announce/create/8ce147a7-5908-4a79-87f2-a5252c87647d"
},
{
"actor": "https://infosec.pub/c/cybersecurity",
"to": [
"https://www.w3.org/ns/activitystreams#Public"
],
"object": {
"id": "https://infosec.pub/activities/create/7948dc8f-3c17-4d73-9360-ac1852d88e74",
"actor": "https://lemmy.world/u/cm0002",
"to": [
"https://www.w3.org/ns/activitystreams#Public"
],
"object": {
"type": "Page",
"id": "https://lemmy.world/post/28607707",
"attributedTo": "https://lemmy.world/u/cm0002",
"to": [
"https://infosec.pub/c/cybersecurity",
"https://www.w3.org/ns/activitystreams#Public"
],
"name": "America's cyber defenses are being dismantled from the inside",
"cc": [],
"mediaType": "text/html",
"attachment": [
{
"href": "https://www.theregister.com/2025/04/23/trump_us_security/",
"mediaType": "text/html; charset=utf-8",
"type": "Link"
}
],
"image": {
"type": "Image",
"url": "https://infosec.pub/api/v3/image_proxy?url=https%3A%2F%2Fregmedia.co.uk%2F2022%2F03%2F24%2Fshutterstock_newton_dimbulb.jpg"
},
"sensitive": false,
"published": "2025-04-23T14:25:21.813906Z",
"audience": "https://infosec.pub/c/cybersecurity",
"tag": [
{
"href": "https://lemmy.world/post/28607707",
"name": "#cybersecurity",
"type": "Hashtag"
}
]
},
"cc": [
"https://infosec.pub/c/cybersecurity"
],
"type": "Create",
"audience": "https://infosec.pub/c/cybersecurity"
},
"cc": [
"https://infosec.pub/c/cybersecurity/followers"
],
"type": "Announce",
"id": "https://infosec.pub/activities/announce/create/f63b99ad-edbd-4023-a395-fe61738b906b"
},
{
"actor": "https://infosec.pub/c/cybersecurity",
"to": [
"https://www.w3.org/ns/activitystreams#Public"
],
"object": {
"id": "https://infosec.pub/activities/create/10a44080-33bb-4905-b9d0-7772dc5d6571",
"actor": "https://infosec.pub/u/shellsharks",
"to": [
"https://www.w3.org/ns/activitystreams#Public"
],
"object": {
"type": "Page",
"id": "https://infosec.pub/post/27123488",
"attributedTo": "https://infosec.pub/u/shellsharks",
"to": [
"https://infosec.pub/c/cybersecurity",
"https://www.w3.org/ns/activitystreams#Public"
],
"name": "What are You Working on Wednesday",
"cc": [],
"content": "<p>Weekly thread to discuss whatever you’re working on, big or small, at work or in your free time.</p>\n",
"mediaType": "text/html",
"source": {
"content": "Weekly thread to discuss whatever you’re working on, big or small, at work or in your free time.",
"mediaType": "text/markdown"
},
"attachment": [],
"sensitive": false,
"published": "2025-04-23T12:56:56.036405Z",
"audience": "https://infosec.pub/c/cybersecurity",
"tag": [
{
"href": "https://infosec.pub/post/27123488",
"name": "#cybersecurity",
"type": "Hashtag"
}
]
},
"cc": [
"https://infosec.pub/c/cybersecurity"
],
"type": "Create",
"audience": "https://infosec.pub/c/cybersecurity"
},
"cc": [
"https://infosec.pub/c/cybersecurity/followers"
],
"type": "Announce",
"id": "https://infosec.pub/activities/announce/create/ca38e5b9-d4f5-4fa1-ba07-c98dd633250e"
},
{
"actor": "https://infosec.pub/c/cybersecurity",
"to": [
"https://www.w3.org/ns/activitystreams#Public"
],
"object": {
"id": "https://infosec.pub/activities/create/3b68d2e7-346a-43c0-bfba-b11b30529e91",
"actor": "https://lemmy.world/u/cm0002",
"to": [
"https://www.w3.org/ns/activitystreams#Public"
],
"object": {
"type": "Page",
"id": "https://lemmy.world/post/28544135",
"attributedTo": "https://lemmy.world/u/cm0002",
"to": [
"https://infosec.pub/c/cybersecurity",
"https://www.w3.org/ns/activitystreams#Public"
],
"name": "AI models can generate exploit code at lightning speed",
"cc": [],
"mediaType": "text/html",
"attachment": [
{
"href": "https://www.theregister.com/2025/04/21/ai_models_can_generate_exploit/",
"mediaType": "text/html; charset=utf-8",
"type": "Link"
}
],
"image": {
"type": "Image",
"url": "https://infosec.pub/api/v3/image_proxy?url=https%3A%2F%2Fregmedia.co.uk%2F2021%2F09%2F07%2Fzero_day_shutterstock.jpg"
},
"sensitive": false,
"published": "2025-04-22T02:34:25.768895Z",
"audience": "https://infosec.pub/c/cybersecurity",
"tag": [
{
"href": "https://lemmy.world/post/28544135",
"name": "#cybersecurity",
"type": "Hashtag"
}
]
},
"cc": [
"https://infosec.pub/c/cybersecurity"
],
"type": "Create",
"audience": "https://infosec.pub/c/cybersecurity"
},
"cc": [
"https://infosec.pub/c/cybersecurity/followers"
],
"type": "Announce",
"id": "https://infosec.pub/activities/announce/create/043f1262-cfe2-4830-b9f5-2eb24acbbd68"
},
{
"actor": "https://infosec.pub/c/cybersecurity",
"to": [
"https://www.w3.org/ns/activitystreams#Public"
],
"object": {
"id": "https://infosec.pub/activities/create/c4105b8c-64d1-4ea9-8817-eb1098cfdb4b",
"actor": "https://infosec.pub/u/shellsharks",
"to": [
"https://www.w3.org/ns/activitystreams#Public"
],
"object": {
"type": "Page",
"id": "https://infosec.pub/post/27012668",
"attributedTo": "https://infosec.pub/u/shellsharks",
"to": [
"https://infosec.pub/c/cybersecurity",
"https://www.w3.org/ns/activitystreams#Public"
],
"name": "Mentorship Monday - Discussions for career and learning!",
"cc": [],
"content": "<p>Weekly thread for any and all career, learning and general guidance questions. Thinking of taking a training or going for a cert? Wondering how to level up your career? Wondering what NOT to do? Got other questions? This is the time and place to ask!</p>\n",
"mediaType": "text/html",
"source": {
"content": "Weekly thread for any and all career, learning and general guidance questions. Thinking of taking a training or going for a cert? Wondering how to level up your career? Wondering what NOT to do? Got other questions? This is the time and place to ask!",
"mediaType": "text/markdown"
},
"attachment": [],
"sensitive": false,
"published": "2025-04-21T13:36:51.542131Z",
"audience": "https://infosec.pub/c/cybersecurity",
"tag": [
{
"href": "https://infosec.pub/post/27012668",
"name": "#cybersecurity",
"type": "Hashtag"
}
]
},
"cc": [
"https://infosec.pub/c/cybersecurity"
],
"type": "Create",
"audience": "https://infosec.pub/c/cybersecurity"
},
"cc": [
"https://infosec.pub/c/cybersecurity/followers"
],
"type": "Announce",
"id": "https://infosec.pub/activities/announce/create/ef1b16df-cd47-482a-af6e-af613a8e1616"
},
{
"actor": "https://infosec.pub/c/cybersecurity",
"to": [
"https://www.w3.org/ns/activitystreams#Public"
],
"object": {
"id": "https://infosec.pub/activities/create/e1bdaa3a-345c-4ead-92d7-4a13d7582bfe",
"actor": "https://infosec.pub/u/fishynoob",
"to": [
"https://www.w3.org/ns/activitystreams#Public"
],
"object": {
"type": "Page",
"id": "https://infosec.pub/post/26893336",
"attributedTo": "https://infosec.pub/u/fishynoob",
"to": [
"https://infosec.pub/c/cybersecurity",
"https://www.w3.org/ns/activitystreams#Public"
],
"name": "What are your methods to harden *nix servers?",
"cc": [],
"content": "<p>I have been looking at hardening *nix servers for my lab and maybe carry some of that over to work. CIS benchmarks are something I like doing but that’s barely scratching the surface. What do you do for your servers?</p>\n<p>I have Lynis, systemd-analyze, Kernel self protection in mind but I’d love to hear your thoughts. Bonus points for the most paranoid setups!</p>\n",
"mediaType": "text/html",
"source": {
"content": "I have been looking at hardening *nix servers for my lab and maybe carry some of that over to work. CIS benchmarks are something I like doing but that's barely scratching the surface. What do you do for your servers?\n\nI have Lynis, systemd-analyze, Kernel self protection in mind but I'd love to hear your thoughts. Bonus points for the most paranoid setups! ",
"mediaType": "text/markdown"
},
"attachment": [],
"sensitive": false,
"published": "2025-04-19T05:42:31.375255Z",
"audience": "https://infosec.pub/c/cybersecurity",
"tag": [
{
"href": "https://infosec.pub/post/26893336",
"name": "#cybersecurity",
"type": "Hashtag"
}
]
},
"cc": [
"https://infosec.pub/c/cybersecurity"
],
"type": "Create",
"audience": "https://infosec.pub/c/cybersecurity"
},
"cc": [
"https://infosec.pub/c/cybersecurity/followers"
],
"type": "Announce",
"id": "https://infosec.pub/activities/announce/create/720c55a0-8b4a-4474-ba0e-10f64584e865"
},
{
"actor": "https://infosec.pub/c/cybersecurity",
"to": [
"https://www.w3.org/ns/activitystreams#Public"
],
"object": {
"id": "https://infosec.pub/activities/create/bdfdcbfc-fcd8-4d8d-b606-505844888a98",
"actor": "https://infosec.pub/u/shellsharks",
"to": [
"https://www.w3.org/ns/activitystreams#Public"
],
"object": {
"type": "Page",
"id": "https://infosec.pub/post/26854815",
"attributedTo": "https://infosec.pub/u/shellsharks",
"to": [
"https://infosec.pub/c/cybersecurity",
"https://www.w3.org/ns/activitystreams#Public"
],
"name": "Off-Topic Friday",
"cc": [],
"content": "<p>Wanna chat about something non-infosec amongst those of us who frequent /c/cybersecurity? Here’s your chance! (Keep things civil & respectful please)</p>\n",
"mediaType": "text/html",
"source": {
"content": "Wanna chat about something non-infosec amongst those of us who frequent /c/cybersecurity? Here’s your chance! (Keep things civil & respectful please)",
"mediaType": "text/markdown"
},
"attachment": [],
"sensitive": false,
"published": "2025-04-18T14:33:47.280649Z",
"audience": "https://infosec.pub/c/cybersecurity",
"tag": [
{
"href": "https://infosec.pub/post/26854815",
"name": "#cybersecurity",
"type": "Hashtag"
}
]
},
"cc": [
"https://infosec.pub/c/cybersecurity"
],
"type": "Create",
"audience": "https://infosec.pub/c/cybersecurity"
},
"cc": [
"https://infosec.pub/c/cybersecurity/followers"
],
"type": "Announce",
"id": "https://infosec.pub/activities/announce/create/a9be71be-4045-43ca-b21f-184d9df4f935"
},
{
"actor": "https://infosec.pub/c/cybersecurity",
"to": [
"https://www.w3.org/ns/activitystreams#Public"
],
"object": {
"id": "https://infosec.pub/activities/create/32bc8a8a-2305-4136-be72-46a5ab4638d8",
"actor": "https://lemmy.world/u/cm0002",
"to": [
"https://www.w3.org/ns/activitystreams#Public"
],
"object": {
"type": "Page",
"id": "https://lemmy.world/post/28318602",
"attributedTo": "https://lemmy.world/u/cm0002",
"to": [
"https://infosec.pub/c/cybersecurity",
"https://www.w3.org/ns/activitystreams#Public"
],
"name": "GCVE: Global CVE Allocation System",
"cc": [],
"content": "<blockquote>\n<p>The Global CVE (GCVE) allocation system is a new, decentralized approach to vulnerability identification and numbering, designed to improve flexibility, scalability, and autonomy for participating entities.</p>\n</blockquote>\n<blockquote>\n<p>While remaining compatible with the traditional CVE system, GCVE introduces GCVE Numbering Authorities (GNAs). GNAs are independent entities that can allocate identifiers without relying on a centralised block distribution system or rigid policy enforcement.</p>\n</blockquote>\n",
"mediaType": "text/html",
"source": {
"content": ">The Global CVE (GCVE) allocation system is a new, decentralized approach to vulnerability identification and numbering, designed to improve flexibility, scalability, and autonomy for participating entities.\n\n>While remaining compatible with the traditional CVE system, GCVE introduces GCVE Numbering Authorities (GNAs). GNAs are independent entities that can allocate identifiers without relying on a centralised block distribution system or rigid policy enforcement.",
"mediaType": "text/markdown"
},
"attachment": [
{
"href": "https://gcve.eu/",
"mediaType": "text/html",
"type": "Link"
}
],
"sensitive": false,
"published": "2025-04-16T18:57:37.264709Z",
"audience": "https://infosec.pub/c/cybersecurity",
"tag": [
{
"href": "https://lemmy.world/post/28318602",
"name": "#cybersecurity",
"type": "Hashtag"
}
]
},
"cc": [
"https://infosec.pub/c/cybersecurity"
],
"type": "Create",
"audience": "https://infosec.pub/c/cybersecurity"
},
"cc": [
"https://infosec.pub/c/cybersecurity/followers"
],
"type": "Announce",
"id": "https://infosec.pub/activities/announce/create/5b178090-e050-489c-9307-6f5edd08de70"
},
{
"actor": "https://infosec.pub/c/cybersecurity",
"to": [
"https://www.w3.org/ns/activitystreams#Public"
],
"object": {
"id": "https://infosec.pub/activities/create/e62a5fb2-955f-42e8-821f-cf62607eab81",
"actor": "https://lemmy.world/u/cm0002",
"to": [
"https://www.w3.org/ns/activitystreams#Public"
],
"object": {
"type": "Page",
"id": "https://lemmy.world/post/28306708",
"attributedTo": "https://lemmy.world/u/cm0002",
"to": [
"https://infosec.pub/c/cybersecurity",
"https://www.w3.org/ns/activitystreams#Public"
],
"name": "ActiveX blocked by default in Microsoft 365 because remote code execution is bad, OK?",
"cc": [],
"mediaType": "text/html",
"attachment": [
{
"href": "https://www.theregister.com/2025/04/15/activex_microsoft_365/",
"mediaType": "text/html; charset=utf-8",
"type": "Link"
}
],
"image": {
"type": "Image",
"url": "https://infosec.pub/api/v3/image_proxy?url=https%3A%2F%2Fregmedia.co.uk%2F2017%2F02%2F21%2Faccess_denied.jpg"
},
"sensitive": false,
"published": "2025-04-16T15:45:13.537944Z",
"audience": "https://infosec.pub/c/cybersecurity",
"tag": [
{
"href": "https://lemmy.world/post/28306708",
"name": "#cybersecurity",
"type": "Hashtag"
}
]
},
"cc": [
"https://infosec.pub/c/cybersecurity"
],
"type": "Create",
"audience": "https://infosec.pub/c/cybersecurity"
},
"cc": [
"https://infosec.pub/c/cybersecurity/followers"
],
"type": "Announce",
"id": "https://infosec.pub/activities/announce/create/8cb93f51-100a-4753-86b3-9fdd18920b8f"
},
{
"actor": "https://infosec.pub/c/cybersecurity",
"to": [
"https://www.w3.org/ns/activitystreams#Public"
],
"object": {
"id": "https://infosec.pub/activities/create/3ac5a9c8-2573-4e24-b9e5-6f8c7180b62b",
"actor": "https://lemmy.world/u/cm0002",
"to": [
"https://www.w3.org/ns/activitystreams#Public"
],
"object": {
"type": "Page",
"id": "https://lemmy.world/post/28305998",
"attributedTo": "https://lemmy.world/u/cm0002",
"to": [
"https://infosec.pub/c/cybersecurity",
"https://www.w3.org/ns/activitystreams#Public"
],
"name": "Researchers claim breakthrough in fight against AI’s frustrating security hole",
"cc": [],
"mediaType": "text/html",
"attachment": [
{
"href": "https://arstechnica.com/information-technology/2025/04/researchers-claim-breakthrough-in-fight-against-ais-frustrating-security-hole/",
"mediaType": "text/html; charset=utf-8",
"type": "Link"
}
],
"image": {
"type": "Image",
"url": "https://infosec.pub/api/v3/image_proxy?url=https%3A%2F%2Fcdn.arstechnica.net%2Fwp-content%2Fuploads%2F2025%2F04%2Fcamel_image-1152x648.jpg"
},
"sensitive": false,
"published": "2025-04-16T15:30:37.343664Z",
"audience": "https://infosec.pub/c/cybersecurity",
"tag": [
{
"href": "https://lemmy.world/post/28305998",
"name": "#cybersecurity",
"type": "Hashtag"
}
]
},
"cc": [
"https://infosec.pub/c/cybersecurity"
],
"type": "Create",
"audience": "https://infosec.pub/c/cybersecurity"
},
"cc": [
"https://infosec.pub/c/cybersecurity/followers"
],
"type": "Announce",
"id": "https://infosec.pub/activities/announce/create/6e6d3e57-aeb1-4b9b-b3d5-8977b5e042f6"
},
{
"actor": "https://infosec.pub/c/cybersecurity",
"to": [
"https://www.w3.org/ns/activitystreams#Public"
],
"object": {
"id": "https://infosec.pub/activities/create/5de2b4b4-264d-498c-8075-bda6d65affce",
"actor": "https://infosec.pub/u/shellsharks",
"to": [
"https://www.w3.org/ns/activitystreams#Public"
],
"object": {
"type": "Page",
"id": "https://infosec.pub/post/26724379",
"attributedTo": "https://infosec.pub/u/shellsharks",
"to": [
"https://infosec.pub/c/cybersecurity",
"https://www.w3.org/ns/activitystreams#Public"
],
"name": "What are You Working on Wednesday",
"cc": [],
"content": "<p>Weekly thread to discuss whatever you’re working on, big or small, at work or in your free time.</p>\n",
"mediaType": "text/html",
"source": {
"content": "Weekly thread to discuss whatever you’re working on, big or small, at work or in your free time.",
"mediaType": "text/markdown"
},
"attachment": [],
"sensitive": false,
"published": "2025-04-16T04:08:11.726618Z",
"audience": "https://infosec.pub/c/cybersecurity",
"tag": [
{
"href": "https://infosec.pub/post/26724379",
"name": "#cybersecurity",
"type": "Hashtag"
}
]
},
"cc": [
"https://infosec.pub/c/cybersecurity"
],
"type": "Create",
"audience": "https://infosec.pub/c/cybersecurity"
},
"cc": [
"https://infosec.pub/c/cybersecurity/followers"
],
"type": "Announce",
"id": "https://infosec.pub/activities/announce/create/f5aa9cf6-f56b-4a05-9457-cb4135373cb0"
},
{
"actor": "https://infosec.pub/c/cybersecurity",
"to": [
"https://www.w3.org/ns/activitystreams#Public"
],
"object": {
"id": "https://infosec.pub/activities/create/a41809b7-5ce3-4fba-848d-c7545ccdb99a",
"actor": "https://lemmy.world/u/cm0002",
"to": [
"https://www.w3.org/ns/activitystreams#Public"
],
"object": {
"type": "Page",
"id": "https://lemmy.world/post/28283694",
"attributedTo": "https://lemmy.world/u/cm0002",
"to": [
"https://infosec.pub/c/cybersecurity",
"https://www.w3.org/ns/activitystreams#Public"
],
"name": "The CVE program for tracking security flaws is about to lose federal funding",
"cc": [],
"mediaType": "text/html",
"attachment": [
{
"href": "https://www.theverge.com/news/649314/cve-mitre-funding-vulnerabilities-exposures-funding",
"mediaType": "text/html; charset=utf-8",
"type": "Link"
}
],
"image": {
"type": "Image",
"url": "https://infosec.pub/api/v3/image_proxy?url=https%3A%2F%2Fplatform.theverge.com%2Fwp-content%2Fuploads%2Fsites%2F2%2F2025%2F04%2FVRG_ILLO_STK001_carlo_cadenas_cybersecurity_virus.jpg%3Fquality%3D90%26strip%3Dall%26crop%3D0%252C10.732984293194%252C100%252C78.534031413613%26w%3D1200"
},
"sensitive": false,
"published": "2025-04-16T02:54:28.619404Z",
"audience": "https://infosec.pub/c/cybersecurity",
"tag": [
{
"href": "https://lemmy.world/post/28283694",
"name": "#cybersecurity",
"type": "Hashtag"
}
]
},
"cc": [
"https://infosec.pub/c/cybersecurity"
],
"type": "Create",
"audience": "https://infosec.pub/c/cybersecurity"
},
"cc": [
"https://infosec.pub/c/cybersecurity/followers"
],
"type": "Announce",
"id": "https://infosec.pub/activities/announce/create/65d99ad6-a836-41c5-a0c1-8a3f81e6cb59"
},
{
"actor": "https://infosec.pub/c/cybersecurity",
"to": [
"https://www.w3.org/ns/activitystreams#Public"
],
"object": {
"id": "https://infosec.pub/activities/create/b01b13e6-1fb9-4422-a929-2b633b5e24e4",
"actor": "https://discuss.tchncs.de/u/CyberSeeker",
"to": [
"https://www.w3.org/ns/activitystreams#Public"
],
"object": {
"type": "Page",
"id": "https://discuss.tchncs.de/post/34441978",
"attributedTo": "https://discuss.tchncs.de/u/CyberSeeker",
"to": [
"https://infosec.pub/c/cybersecurity",
"https://www.w3.org/ns/activitystreams#Public"
],
"name": "MITRE funding for the Common Vulnerabilities and Exposures (CVE) program will expire on April 16th",
"cc": [],
"mediaType": "text/html",
"attachment": [
{
"href": "https://infosec.exchange/@briankrebs/114343835430587973",
"mediaType": "text/html; charset=utf-8",
"type": "Link"
}
],
"image": {
"type": "Image",
"url": "https://infosec.pub/api/v3/image_proxy?url=https%3A%2F%2Fmedia.infosec.exchange%2Finfosec.exchange%2Fmedia_attachments%2Ffiles%2F114%2F343%2F825%2F030%2F064%2F900%2Foriginal%2Fe3075f25266481ee.png"
},
"sensitive": false,
"published": "2025-04-15T22:50:07.595242Z",
"audience": "https://infosec.pub/c/cybersecurity",
"tag": [
{
"href": "https://discuss.tchncs.de/post/34441978",
"name": "#cybersecurity",
"type": "Hashtag"
}
]
},
"cc": [
"https://infosec.pub/c/cybersecurity"
],
"type": "Create",
"audience": "https://infosec.pub/c/cybersecurity"
},
"cc": [
"https://infosec.pub/c/cybersecurity/followers"
],
"type": "Announce",
"id": "https://infosec.pub/activities/announce/create/93320b6a-c610-4f42-ae86-de5a31f96221"
},
{
"actor": "https://infosec.pub/c/cybersecurity",
"to": [
"https://www.w3.org/ns/activitystreams#Public"
],
"object": {
"id": "https://infosec.pub/activities/create/ceab9e0e-bab3-4c89-b76d-24ca270a2c59",
"actor": "https://lemmy.world/u/cm0002",
"to": [
"https://www.w3.org/ns/activitystreams#Public"
],
"object": {
"type": "Page",
"id": "https://lemmy.world/post/28276761",
"attributedTo": "https://lemmy.world/u/cm0002",
"to": [
"https://infosec.pub/c/cybersecurity",
"https://www.w3.org/ns/activitystreams#Public"
],
"name": "Landmark Admin now says info on 1.6M people stolen from it",
"cc": [],
"mediaType": "text/html",
"attachment": [
{
"href": "https://www.theregister.com/2025/04/15/landmark_admin_data_loss/",
"mediaType": "text/html; charset=utf-8",
"type": "Link"
}
],
"image": {
"type": "Image",
"url": "https://infosec.pub/api/v3/image_proxy?url=https%3A%2F%2Fregmedia.co.uk%2F2025%2F04%2F15%2Fshutterstock_double_whisky.jpg"
},
"sensitive": false,
"published": "2025-04-15T22:12:34.563909Z",
"audience": "https://infosec.pub/c/cybersecurity",
"tag": [
{
"href": "https://lemmy.world/post/28276761",
"name": "#cybersecurity",
"type": "Hashtag"
}
]
},
"cc": [
"https://infosec.pub/c/cybersecurity"
],
"type": "Create",
"audience": "https://infosec.pub/c/cybersecurity"
},
"cc": [
"https://infosec.pub/c/cybersecurity/followers"
],
"type": "Announce",
"id": "https://infosec.pub/activities/announce/create/be577599-1f51-4f8c-a83a-a42ecb2214fa"
},
{
"actor": "https://infosec.pub/c/cybersecurity",
"to": [
"https://www.w3.org/ns/activitystreams#Public"
],
"object": {
"id": "https://infosec.pub/activities/create/17d8e49b-c093-4516-890f-10c2ae0cbe53",
"actor": "https://infosec.pub/u/Deebster",
"to": [
"https://www.w3.org/ns/activitystreams#Public"
],
"object": {
"type": "Page",
"id": "https://infosec.pub/post/26698516",
"attributedTo": "https://infosec.pub/u/Deebster",
"to": [
"https://infosec.pub/c/cybersecurity",
"https://www.w3.org/ns/activitystreams#Public"
],
"name": "4chan Is Down Following What Looks to Be a Major Hack Spurred By Meme War",
"cc": [],
"content": "<p>The notorious imageboard 4chan is down following what appears to be a major hack of its backend. The hackers claim to have exposed code for the site, the emails of moderators, and a list of mod communications. This happened, it seems, as part of a five year long, inter-image board beef between users of 4chan and Soyjak, another image board that splintered off of 4chan.</p>\n<p>It’s still unclear what the fallout of the hack will be, but the notorious image board remains down and a huge amount of data appears to have been leaked.</p>\n<p>Users struggled to load 4chan on the evening of April 14, 2025, according to posts on other imageboards and forums. A few hours before that, the banned board /qa/ reappeared on the site and someone using the hiroyuki account, named after 4chan’s owner Hiroyuki Nishimura, posted “FUCKING LMAO” and “U GOT HACKED XD.</p>\n<p>The hiroyuki account was flagged in bold red as an admin, suggesting the person posting the messages had control over a real admin account. /qa/ was a “questions and answer” imageboard on 4chan. Pitched as a place to discuss concerns that affected the whole of 4chan, /qa/ was in practice a board where various factions fought.</p>\n<p>Soyjak is a popular meme you’ve probably seen before. It’s a balding man with glasses and shaggy beard, his mouth agape in docile joy. He is now the name of a rival imageboard.</p>\n<p>At about the same time 4chan struggled to load, someone on the soyjak.st posted a thread that claimed to explain what happened. “Tonight has been a very special night for many of us at the soyjak party,” the thread said. “Today, April 14, 2025, a hacker who has been in 4cuck’s system for over a year, executed the true operation soyclipse, reopening /qa/, exposing personal information of various 4cuck staff, and leaking code from the site.”</p>\n<p>The thread shared images of the resurrected and defaced /qa/ board as well as what appear to be screenshots from 4chan’s internal moderation tools. The screenshots included discussion about why users had been banned from 4chan, pieces of its backend in phpMyAdmin (the infrastructure that runs 4chan and other forums and imageboards), and traffic stats for specific boards.</p>\n<p>Elsewhere on the internet, someone leaked an alleged list of moderator email addresses and a portion of what they described as the “source code” for the site. 404 Media reached out to an email in the leaked list that appeared to be for Nishimura but did not hear back.</p>\n<p>It appears that 4chan was susceptible to a hack because it was running very out of date code that contained various vulnerabilities, according to 404 Media’s look at the code and people sorting through the hack online.</p>\n<blockquote>\n<p>So 4chan very likely got hacked because they were running on an extremely out of date version of PHP that has a lot of vulnerabilities and exploits and are using deprecated function to interact with there MySQL database.</p>\n<p>Web security 101: Keep your code and software up to date. <a href=\"https://pic.twitter.com/JFDOsbr5rt\" rel=\"nofollow\">pic.twitter.com/JFDOsbr5rt</a></p>\n<p>— Yushe (@_yushe) <a href=\"https://x.com/_yushe/status/1912025058953867353?ref=404media.co\" rel=\"nofollow\">April 15, 2025</a></p>\n</blockquote>\n<p>That starts to answer the question of how this happened. But why did it happen? This all has roots in a five year old meme fight.</p>\n<p>Soyjak.party, the site where a user began posting about the 4chan hack, was an offshoot of 4chan created as a joke about five years ago. Besides being a general cesspool,</p>\n<p>4chan has long been a place that incubates memes. lolcats, the NavySeal copypasta, and Pepe the Frog grew and spread on 4chan’s imageboards. From time to time a meme is overplayed or spammed and mods on the site get tired of it.</p>\n<p>Five years ago, users spammed the /qa/ board with soyjaks. Unable to quash the tide of soyfaced jpegs, 4chan shut down the entire /qa/ board. The soyajk loving exiles of 4chan started a new site called soyjak.party where they could craft open mouthed soyboy memes to their heart’s content. When 4chan was hacked on the night of April 14, the /qa/ board briefly returned. “/QA/ RETURNS SOYJAK.PARTY WON” read a banner image at the top of the board.</p>\n<p>As of this writing, 4chan is still down. When you attempt to access a specific board, the connection times out. “The initial connection between Cloudflare’s network and the origin web server timed out. As a result, the web page can not be displayed,” the error page says.</p>\n",
"mediaType": "text/html",
"source": {
"content": "The notorious imageboard 4chan is down following what appears to be a major hack of its backend. The hackers claim to have exposed code for the site, the emails of moderators, and a list of mod communications. This happened, it seems, as part of a five year long, inter-image board beef between users of 4chan and Soyjak, another image board that splintered off of 4chan.\n\nIt’s still unclear what the fallout of the hack will be, but the notorious image board remains down and a huge amount of data appears to have been leaked.\n\nUsers struggled to load 4chan on the evening of April 14, 2025, according to posts on other imageboards and forums. A few hours before that, the banned board /qa/ reappeared on the site and someone using the hiroyuki account, named after 4chan’s owner Hiroyuki Nishimura, posted “FUCKING LMAO” and “U GOT HACKED XD.\n\nThe hiroyuki account was flagged in bold red as an admin, suggesting the person posting the messages had control over a real admin account. /qa/ was a “questions and answer” imageboard on 4chan. Pitched as a place to discuss concerns that affected the whole of 4chan, /qa/ was in practice a board where various factions fought.\n\nSoyjak is a popular meme you’ve probably seen before. It’s a balding man with glasses and shaggy beard, his mouth agape in docile joy. He is now the name of a rival imageboard.\n\nAt about the same time 4chan struggled to load, someone on the soyjak.st posted a thread that claimed to explain what happened. “Tonight has been a very special night for many of us at the soyjak party,” the thread said. “Today, April 14, 2025, a hacker who has been in 4cuck’s system for over a year, executed the true operation soyclipse, reopening /qa/, exposing personal information of various 4cuck staff, and leaking code from the site.” \n\nThe thread shared images of the resurrected and defaced /qa/ board as well as what appear to be screenshots from 4chan’s internal moderation tools. The screenshots included discussion about why users had been banned from 4chan, pieces of its backend in phpMyAdmin (the infrastructure that runs 4chan and other forums and imageboards), and traffic stats for specific boards. \n\nElsewhere on the internet, someone leaked an alleged list of moderator email addresses and a portion of what they described as the “source code” for the site. 404 Media reached out to an email in the leaked list that appeared to be for Nishimura but did not hear back.\n\nIt appears that 4chan was susceptible to a hack because it was running very out of date code that contained various vulnerabilities, according to 404 Media’s look at the code and people sorting through the hack online.\n\n> So 4chan very likely got hacked because they were running on an extremely out of date version of PHP that has a lot of vulnerabilities and exploits and are using deprecated function to interact with there MySQL database. \n> \n> Web security 101: Keep your code and software up to date. [pic.twitter.com/JFDOsbr5rt](https://pic.twitter.com/JFDOsbr5rt) \n> \n> — Yushe (@_yushe) [April 15, 2025](https://x.com/_yushe/status/1912025058953867353?ref=404media.co)\n\nThat starts to answer the question of how this happened. But why did it happen? This all has roots in a five year old meme fight.\n\nSoyjak.party, the site where a user began posting about the 4chan hack, was an offshoot of 4chan created as a joke about five years ago. Besides being a general cesspool, \n\n4chan has long been a place that incubates memes. lolcats, the NavySeal copypasta, and Pepe the Frog grew and spread on 4chan’s imageboards. From time to time a meme is overplayed or spammed and mods on the site get tired of it. \n\nFive years ago, users spammed the /qa/ board with soyjaks. Unable to quash the tide of soyfaced jpegs, 4chan shut down the entire /qa/ board. The soyajk loving exiles of 4chan started a new site called soyjak.party where they could craft open mouthed soyboy memes to their heart’s content. When 4chan was hacked on the night of April 14, the /qa/ board briefly returned. “/QA/ RETURNS SOYJAK.PARTY WON” read a banner image at the top of the board.\n\nAs of this writing, 4chan is still down. When you attempt to access a specific board, the connection times out. “The initial connection between Cloudflare's network and the origin web server timed out. As a result, the web page can not be displayed,” the error page says.",
"mediaType": "text/markdown"
},
"attachment": [
{
"href": "https://www.404media.co/4chan-is-down-following-what-looks-to-be-a-major-hack-spurred-by-meme-war/?ref=weekly-roundup-newsletter",
"mediaType": "text/html; charset=utf-8",
"type": "Link"
}
],
"image": {
"type": "Image",
"url": "https://infosec.pub/api/v3/image_proxy?url=https%3A%2F%2Fwww.404media.co%2Fcontent%2Fimages%2Fsize%2Fw1200%2F2025%2F04%2FHappyLittleFriend.jpg"
},
"sensitive": false,
"published": "2025-04-15T17:50:07.800819Z",
"audience": "https://infosec.pub/c/cybersecurity",
"tag": [
{
"href": "https://infosec.pub/post/26698516",
"name": "#cybersecurity",
"type": "Hashtag"
}
]
},
"cc": [
"https://infosec.pub/c/cybersecurity"
],
"type": "Create",
"audience": "https://infosec.pub/c/cybersecurity"
},
"cc": [
"https://infosec.pub/c/cybersecurity/followers"
],
"type": "Announce",
"id": "https://infosec.pub/activities/announce/create/04e0939a-2b2d-4889-b7ac-7360febdd26a"
},
{
"actor": "https://infosec.pub/c/cybersecurity",
"to": [
"https://www.w3.org/ns/activitystreams#Public"
],
"object": {
"id": "https://infosec.pub/activities/create/83df8ccd-3159-456c-a58b-fa737b0fb0d1",
"actor": "https://infosec.pub/u/shellsharks",
"to": [
"https://www.w3.org/ns/activitystreams#Public"
],
"object": {
"type": "Page",
"id": "https://infosec.pub/post/26629378",
"attributedTo": "https://infosec.pub/u/shellsharks",
"to": [
"https://infosec.pub/c/cybersecurity",
"https://www.w3.org/ns/activitystreams#Public"
],
"name": "Mentorship Monday - Discussions for career and learning!",
"cc": [],
"content": "<p>Weekly thread for any and all career, learning and general guidance questions. Thinking of taking a training or going for a cert? Wondering how to level up your career? Wondering what NOT to do? Got other questions? This is the time and place to ask!</p>\n",
"mediaType": "text/html",
"source": {
"content": "Weekly thread for any and all career, learning and general guidance questions. Thinking of taking a training or going for a cert? Wondering how to level up your career? Wondering what NOT to do? Got other questions? This is the time and place to ask!",
"mediaType": "text/markdown"
},
"attachment": [],
"sensitive": false,
"published": "2025-04-14T12:38:01.634331Z",
"audience": "https://infosec.pub/c/cybersecurity",
"tag": [
{
"href": "https://infosec.pub/post/26629378",
"name": "#cybersecurity",
"type": "Hashtag"
}
]
},
"cc": [
"https://infosec.pub/c/cybersecurity"
],
"type": "Create",
"audience": "https://infosec.pub/c/cybersecurity"
},
"cc": [
"https://infosec.pub/c/cybersecurity/followers"
],
"type": "Announce",
"id": "https://infosec.pub/activities/announce/create/c9351aee-51fa-4e42-86cf-abd310a265cd"
},
{
"actor": "https://infosec.pub/c/cybersecurity",
"to": [
"https://www.w3.org/ns/activitystreams#Public"
],
"object": {
"id": "https://infosec.pub/activities/create/ca863323-74a6-4411-9138-ebef3bf39ee0",
"actor": "https://ponder.cat/u/PhilipTheBucket",
"to": [
"https://www.w3.org/ns/activitystreams#Public"
],
"object": {
"type": "Page",
"id": "https://ponder.cat/post/2397649",
"attributedTo": "https://ponder.cat/u/PhilipTheBucket",
"to": [
"https://infosec.pub/c/cybersecurity",
"https://www.w3.org/ns/activitystreams#Public"
],
"name": "In Secret Meeting, China Acknowledged Role in U.S. Infrastructure Hacks",
"cc": [],
"mediaType": "text/html",
"attachment": [
{
"href": "https://www.wsj.com/politics/national-security/in-secret-meeting-china-acknowledged-role-in-u-s-infrastructure-hacks-c5ab37cb",
"mediaType": "text/html;charset=utf-8",
"type": "Link"
}
],
"sensitive": false,
"published": "2025-04-14T04:25:23.068353Z",
"audience": "https://infosec.pub/c/cybersecurity",
"tag": [
{
"href": "https://ponder.cat/post/2397649",
"name": "#cybersecurity",
"type": "Hashtag"
}
]
},
"cc": [
"https://infosec.pub/c/cybersecurity"
],
"type": "Create",
"audience": "https://infosec.pub/c/cybersecurity"
},
"cc": [
"https://infosec.pub/c/cybersecurity/followers"
],
"type": "Announce",
"id": "https://infosec.pub/activities/announce/create/84c9b991-7fe0-434b-9e3f-a07104750970"
},
{
"actor": "https://infosec.pub/c/cybersecurity",
"to": [
"https://www.w3.org/ns/activitystreams#Public"
],
"object": {
"id": "https://infosec.pub/activities/create/8cc7b673-c172-45b7-9592-7ef81d58a5b0",
"actor": "https://ponder.cat/u/PhilipTheBucket",
"to": [
"https://www.w3.org/ns/activitystreams#Public"
],
"object": {
"type": "Page",
"id": "https://ponder.cat/post/2393919",
"attributedTo": "https://ponder.cat/u/PhilipTheBucket",
"to": [
"https://infosec.pub/c/cybersecurity",
"https://www.w3.org/ns/activitystreams#Public"
],
"name": "Hacktivism is back – but don't be fooled, it's often state-backed goons in masks",
"cc": [],
"mediaType": "text/html",
"attachment": [
{
"href": "https://go.theregister.com/feed/www.theregister.com/2025/04/13/hacktivism_is_having_a_resurgence/",
"mediaType": "text/html; charset=utf-8",
"type": "Link"
}
],
"image": {
"type": "Image",
"url": "https://infosec.pub/api/v3/image_proxy?url=https%3A%2F%2Fregmedia.co.uk%2F2025%2F03%2F21%2Fshutetrstock_guy_fawkes_masks.jpg"
},
"sensitive": false,
"published": "2025-04-13T21:29:46.708589Z",
"audience": "https://infosec.pub/c/cybersecurity",
"tag": [
{
"href": "https://ponder.cat/post/2393919",
"name": "#cybersecurity",
"type": "Hashtag"
}
]
},
"cc": [
"https://infosec.pub/c/cybersecurity"
],
"type": "Create",
"audience": "https://infosec.pub/c/cybersecurity"
},
"cc": [
"https://infosec.pub/c/cybersecurity/followers"
],
"type": "Announce",
"id": "https://infosec.pub/activities/announce/create/774f03fd-16e3-4ace-a16b-06906056754e"
},
{
"actor": "https://infosec.pub/c/cybersecurity",
"to": [
"https://www.w3.org/ns/activitystreams#Public"
],
"object": {
"id": "https://infosec.pub/activities/create/15b8c835-f0fb-48d3-a456-2d5248fe2524",
"actor": "https://lemmy.world/u/cm0002",
"to": [
"https://www.w3.org/ns/activitystreams#Public"
],
"object": {
"type": "Page",
"id": "https://lemmy.world/post/28069830",
"attributedTo": "https://lemmy.world/u/cm0002",
"to": [
"https://infosec.pub/c/cybersecurity",
"https://www.w3.org/ns/activitystreams#Public"
],
"name": "AMD confirms security vulnerability in every Zen 1 to Zen 5 processor",
"cc": [],
"mediaType": "text/html",
"attachment": [
{
"href": "https://www.tweaktown.com/news/104554/amd-confirms-security-vulnerability-in-every-zen-1-to-5-processor/index.html",
"mediaType": "text/html; charset=utf-8",
"type": "Link"
}
],
"sensitive": false,
"published": "2025-04-11T06:12:23.393568Z",
"audience": "https://infosec.pub/c/cybersecurity",
"tag": [
{
"href": "https://lemmy.world/post/28069830",
"name": "#cybersecurity",
"type": "Hashtag"
}
]
},
"cc": [
"https://infosec.pub/c/cybersecurity"
],
"type": "Create",
"audience": "https://infosec.pub/c/cybersecurity"
},
"cc": [
"https://infosec.pub/c/cybersecurity/followers"
],
"type": "Announce",
"id": "https://infosec.pub/activities/announce/create/4c94f282-5299-476d-bf47-fe15e113cc50"
},
{
"actor": "https://infosec.pub/c/cybersecurity",
"to": [
"https://www.w3.org/ns/activitystreams#Public"
],
"object": {
"id": "https://infosec.pub/activities/create/eb8082bb-314f-43da-8a15-1981f91eb9de",
"actor": "https://infosec.pub/u/shellsharks",
"to": [
"https://www.w3.org/ns/activitystreams#Public"
],
"object": {
"type": "Page",
"id": "https://infosec.pub/post/26452031",
"attributedTo": "https://infosec.pub/u/shellsharks",
"to": [
"https://infosec.pub/c/cybersecurity",
"https://www.w3.org/ns/activitystreams#Public"
],
"name": "Off-Topic Friday",
"cc": [],
"content": "<p>Wanna chat about something non-infosec amongst those of us who frequent /c/cybersecurity? Here’s your chance! (Keep things civil & respectful please)</p>\n",
"mediaType": "text/html",
"source": {
"content": "Wanna chat about something non-infosec amongst those of us who frequent /c/cybersecurity? Here’s your chance! (Keep things civil & respectful please)",
"mediaType": "text/markdown"
},
"attachment": [],
"sensitive": false,
"published": "2025-04-11T04:12:47.613010Z",
"audience": "https://infosec.pub/c/cybersecurity",
"tag": [
{
"href": "https://infosec.pub/post/26452031",
"name": "#cybersecurity",
"type": "Hashtag"
}
]
},
"cc": [
"https://infosec.pub/c/cybersecurity"
],
"type": "Create",
"audience": "https://infosec.pub/c/cybersecurity"
},
"cc": [
"https://infosec.pub/c/cybersecurity/followers"
],
"type": "Announce",
"id": "https://infosec.pub/activities/announce/create/38552c89-bc2a-4284-83a7-e83a4161791f"
},
{
"actor": "https://infosec.pub/c/cybersecurity",
"to": [
"https://www.w3.org/ns/activitystreams#Public"
],
"object": {
"id": "https://infosec.pub/activities/create/48aad920-8518-4fb1-a6b3-94a6986cbb97",
"actor": "https://infosec.pub/u/shellsharks",
"to": [
"https://www.w3.org/ns/activitystreams#Public"
],
"object": {
"type": "Page",
"id": "https://infosec.pub/post/26342224",
"attributedTo": "https://infosec.pub/u/shellsharks",
"to": [
"https://infosec.pub/c/cybersecurity",
"https://www.w3.org/ns/activitystreams#Public"
],
"name": "What are You Working on Wednesday",
"cc": [],
"content": "<p>Weekly thread to discuss whatever you’re working on, big or small, at work or in your free time.</p>\n",
"mediaType": "text/html",
"source": {
"content": "Weekly thread to discuss whatever you’re working on, big or small, at work or in your free time.",
"mediaType": "text/markdown"
},
"attachment": [],
"sensitive": false,
"published": "2025-04-09T04:01:54.437225Z",
"audience": "https://infosec.pub/c/cybersecurity",
"tag": [
{
"href": "https://infosec.pub/post/26342224",
"name": "#cybersecurity",
"type": "Hashtag"
}
]
},
"cc": [
"https://infosec.pub/c/cybersecurity"
],
"type": "Create",
"audience": "https://infosec.pub/c/cybersecurity"
},
"cc": [
"https://infosec.pub/c/cybersecurity/followers"
],
"type": "Announce",
"id": "https://infosec.pub/activities/announce/create/35edc59d-c5e6-4175-be65-bd6fd0d99a8a"
},
{
"actor": "https://infosec.pub/c/cybersecurity",
"to": [
"https://www.w3.org/ns/activitystreams#Public"
],
"object": {
"id": "https://infosec.pub/activities/create/08152360-e3db-46b0-bc6a-f1f29401f7b6",
"actor": "https://lemmy.world/u/cm0002",
"to": [
"https://www.w3.org/ns/activitystreams#Public"
],
"object": {
"type": "Page",
"id": "https://lemmy.world/post/27965676",
"attributedTo": "https://lemmy.world/u/cm0002",
"to": [
"https://infosec.pub/c/cybersecurity",
"https://www.w3.org/ns/activitystreams#Public"
],
"name": "Google fixes two Android zero-day bugs actively exploited by hackers",
"cc": [],
"mediaType": "text/html",
"attachment": [
{
"href": "https://techcrunch.com/2025/04/08/google-fixes-two-android-zero-day-bugs-actively-exploited-by-hackers/",
"mediaType": "text/html; charset=utf-8",
"type": "Link"
}
],
"image": {
"type": "Image",
"url": "https://infosec.pub/api/v3/image_proxy?url=https%3A%2F%2Ftechcrunch.com%2Fwp-content%2Fuploads%2F2020%2F04%2FGettyImages-924145016.jpg%3Fresize%3D1200%2C800"
},
"sensitive": false,
"published": "2025-04-09T02:53:45.730151Z",
"audience": "https://infosec.pub/c/cybersecurity",
"tag": [
{
"href": "https://lemmy.world/post/27965676",
"name": "#cybersecurity",
"type": "Hashtag"
}
]
},
"cc": [
"https://infosec.pub/c/cybersecurity"
],
"type": "Create",
"audience": "https://infosec.pub/c/cybersecurity"
},
"cc": [
"https://infosec.pub/c/cybersecurity/followers"
],
"type": "Announce",
"id": "https://infosec.pub/activities/announce/create/53a6e6f5-6a65-4236-9481-4413ef9e7ba0"
},
{
"actor": "https://infosec.pub/c/cybersecurity",
"to": [
"https://www.w3.org/ns/activitystreams#Public"
],
"object": {
"id": "https://infosec.pub/activities/create/200b21b4-d29e-44bc-8c1b-8ba96fbf5abb",
"actor": "https://infosec.pub/u/shellsharks",
"to": [
"https://www.w3.org/ns/activitystreams#Public"
],
"object": {
"type": "Page",
"id": "https://infosec.pub/post/26250151",
"attributedTo": "https://infosec.pub/u/shellsharks",
"to": [
"https://infosec.pub/c/cybersecurity",
"https://www.w3.org/ns/activitystreams#Public"
],
"name": "Mentorship Monday - Discussions for career and learning!",
"cc": [],
"content": "<p>Weekly thread for any and all career, learning and general guidance questions. Thinking of taking a training or going for a cert? Wondering how to level up your career? Wondering what NOT to do? Got other questions? This is the time and place to ask!</p>\n",
"mediaType": "text/html",
"source": {
"content": "Weekly thread for any and all career, learning and general guidance questions. Thinking of taking a training or going for a cert? Wondering how to level up your career? Wondering what NOT to do? Got other questions? This is the time and place to ask!",
"mediaType": "text/markdown"
},
"attachment": [],
"sensitive": false,
"published": "2025-04-07T13:27:46.847077Z",
"audience": "https://infosec.pub/c/cybersecurity",
"tag": [
{
"href": "https://infosec.pub/post/26250151",
"name": "#cybersecurity",
"type": "Hashtag"
}
]
},
"cc": [
"https://infosec.pub/c/cybersecurity"
],
"type": "Create",
"audience": "https://infosec.pub/c/cybersecurity"
},
"cc": [
"https://infosec.pub/c/cybersecurity/followers"
],
"type": "Announce",
"id": "https://infosec.pub/activities/announce/create/3d4e0ff9-ae4a-4cee-8db9-303e1473da95"
},
{
"actor": "https://infosec.pub/c/cybersecurity",
"to": [
"https://www.w3.org/ns/activitystreams#Public"
],
"object": {
"id": "https://infosec.pub/activities/create/0414a64d-4947-4614-ae99-5d21195b11f5",
"actor": "https://lemmy.ca/u/maltfield",
"to": [
"https://www.w3.org/ns/activitystreams#Public"
],
"object": {
"type": "Page",
"id": "https://lemmy.ca/post/41837943",
"attributedTo": "https://lemmy.ca/u/maltfield",
"to": [
"https://infosec.pub/c/cybersecurity",
"https://www.w3.org/ns/activitystreams#Public"
],
"name": "Why OAuth MUST share access token with 3rd party?!?",
"cc": [],
"content": "<p>Why does Stripe require OAuth tokens to pass through a third party server?</p>\n<p>Can someone who understands OAuth better than me explain to me why Stripe REQUIRES that their OAuth Access Keys get shared with a third party?</p>\n<p>I’ve tried RTFM, but my biggest hangup is that the OAuth docs appear describe a very different situation than mine. They usually describe a user agent (web browser) as the client. And they talk about “your users” as if I have a bunch of users that I’m going to be fetching access keys for.</p>\n<p>Nah, this is server <–> server. I have a server. Stripe has a server. I am one user. All I need is ONE API key for ONE account. But I’m forced to use OAuth. It doesn’t seem appropriate, and it’s especially concerning that the “flow” requires the (non-expiring!) Access Token to be shared with a third party server. Why?!?</p>\n<p>I recently learned that Stripe has been pushing OAuth (branded as “Stripe Connect”) to its integration apps as the “more secure” solution, compared to Restricted API Keys. In fact, we’ve found that most integrations we’ve encountered that use Stripe Connect are <em>less</em> secure than using Restricted API Keys because the (private!) tokens are shared with a third party!</p>\n<p>I’ve been using Stripe to handle credit card payments on my e-commerce website for years. Recently, we updated our wordpress e-commerce website and all its plugins. And then we discovered that all credit card payments were broken because our Stripe Payment Gateway plugin stopped allowing use of Restricted API Keys. Instead they only support “Stripe Connect” (which, afaict, is a marketing term for OAuth). This change forced us to do a security audit to make sure that the new authentication method met our org’s security requirements. What we found was shocking.</p>\n<p>So far we’ve started auditing two woocommerce plugins for Stripe, and both have admitted that the OAuth tokens are shared with their (the developer’s) servers!</p>\n<p>One of them is a “Stripe Verified Partner”, and they told us that they’re contractually obligated by Stripe to use <em>only</em> “Stripe Connect” (OAuth) – they are not allowed to use good-'ol API Keys.</p>\n<p>They also told us that Stripe REQUIRED them to include them in the OAuth flow, such that their servers are given our (very secret!) OAuth Access Keys!</p>\n<p>The benefit of normal API Keys, of course, is that they’re more secure than this OAuth setup for (at least) two reasons:</p>\n<ol>\n<li>\n<p>I generate the API keys myself, and I can restrict the scope of the keys permissions</p>\n</li>\n<li>\n<p>I store the key myself on my own server. It’s never transmitted-to nor stored-on any third party servers. Only my server and Stripe’s servers ever see it.</p>\n</li>\n</ol>\n<p>Can someone shine a light onto this darkpattern? I understand that standardization is good. OAuth Refresh Keys add security (this service doesn’t use them). But why-oh-why would you FORCE OAuth flows that share the (non-expiring) Access Tokens with a third party? And why would you claim that’s more secure than good-ol-API-keys?</p>\n<p>Does OAuth somehow not support server<–>server flows? Or is it a library issue?</p>\n<p>What am I missing?</p>\n",
"mediaType": "text/html",
"source": {
"content": "Why does Stripe require OAuth tokens to pass through a third party server?\n\nCan someone who understands OAuth better than me explain to me why Stripe REQUIRES that their OAuth Access Keys get shared with a third party?\n\nI've tried RTFM, but my biggest hangup is that the OAuth docs appear describe a very different situation than mine. They usually describe a user agent (web browser) as the client. And they talk about \"your users\" as if I have a bunch of users that I'm going to be fetching access keys for.\n\nNah, this is server <--> server. I have a server. Stripe has a server. I am one user. All I need is ONE API key for ONE account. But I'm forced to use OAuth. It doesn't seem appropriate, and it's especially concerning that the \"flow\" requires the (non-expiring!) Access Token to be shared with a third party server. Why?!?\n\nI recently learned that Stripe has been pushing OAuth (branded as \"Stripe Connect\") to its integration apps as the \"more secure\" solution, compared to Restricted API Keys. In fact, we've found that most integrations we've encountered that use Stripe Connect are *less* secure than using Restricted API Keys because the (private!) tokens are shared with a third party!\n\nI've been using Stripe to handle credit card payments on my e-commerce website for years. Recently, we updated our wordpress e-commerce website and all its plugins. And then we discovered that all credit card payments were broken because our Stripe Payment Gateway plugin stopped allowing use of Restricted API Keys. Instead they only support \"Stripe Connect\" (which, afaict, is a marketing term for OAuth). This change forced us to do a security audit to make sure that the new authentication method met our org's security requirements. What we found was shocking.\n\nSo far we've started auditing two woocommerce plugins for Stripe, and both have admitted that the OAuth tokens are shared with their (the developer's) servers!\n\nOne of them is a \"Stripe Verified Partner\", and they told us that they're contractually obligated by Stripe to use *only* \"Stripe Connect\" (OAuth) -- they are not allowed to use good-'ol API Keys.\n\nThey also told us that Stripe REQUIRED them to include them in the OAuth flow, such that their servers are given our (very secret!) OAuth Access Keys!\n\nThe benefit of normal API Keys, of course, is that they're more secure than this OAuth setup for (at least) two reasons:\n\n1. I generate the API keys myself, and I can restrict the scope of the keys permissions\n\n2. I store the key myself on my own server. It's never transmitted-to nor stored-on any third party servers. Only my server and Stripe's servers ever see it.\n\nCan someone shine a light onto this darkpattern? I understand that standardization is good. OAuth Refresh Keys add security (this service doesn't use them). But why-oh-why would you FORCE OAuth flows that share the (non-expiring) Access Tokens with a third party? And why would you claim that's more secure than good-ol-API-keys?\n\nDoes OAuth somehow not support server<-->server flows? Or is it a library issue?\n\nWhat am I missing?",
"mediaType": "text/markdown"
},
"attachment": [],
"sensitive": false,
"published": "2025-04-06T01:43:38.291026Z",
"audience": "https://infosec.pub/c/cybersecurity",
"tag": [
{
"href": "https://lemmy.ca/post/41837943",
"name": "#cybersecurity",
"type": "Hashtag"
}
]
},
"cc": [
"https://infosec.pub/c/cybersecurity"
],
"type": "Create",
"audience": "https://infosec.pub/c/cybersecurity"
},
"cc": [
"https://infosec.pub/c/cybersecurity/followers"
],
"type": "Announce",
"id": "https://infosec.pub/activities/announce/create/95f3d2a0-c52d-471e-8a3d-069f13b12b81"
},
{
"actor": "https://infosec.pub/c/cybersecurity",
"to": [
"https://www.w3.org/ns/activitystreams#Public"
],
"object": {
"id": "https://infosec.pub/activities/create/765e60d8-87eb-4b5a-afd3-3762147872f9",
"actor": "https://infosec.pub/u/shellsharks",
"to": [
"https://www.w3.org/ns/activitystreams#Public"
],
"object": {
"type": "Page",
"id": "https://infosec.pub/post/26102243",
"attributedTo": "https://infosec.pub/u/shellsharks",
"to": [
"https://infosec.pub/c/cybersecurity",
"https://www.w3.org/ns/activitystreams#Public"
],
"name": "Off-Topic Friday",
"cc": [],
"content": "<p>Wanna chat about something non-infosec amongst those of us who frequent /c/cybersecurity? Here’s your chance! (Keep things civil & respectful please)</p>\n",
"mediaType": "text/html",
"source": {
"content": "Wanna chat about something non-infosec amongst those of us who frequent /c/cybersecurity? Here’s your chance! (Keep things civil & respectful please)",
"mediaType": "text/markdown"
},
"attachment": [],
"sensitive": false,
"published": "2025-04-04T13:16:51.657123Z",
"audience": "https://infosec.pub/c/cybersecurity",
"tag": [
{
"href": "https://infosec.pub/post/26102243",
"name": "#cybersecurity",
"type": "Hashtag"
}
]
},
"cc": [
"https://infosec.pub/c/cybersecurity"
],
"type": "Create",
"audience": "https://infosec.pub/c/cybersecurity"
},
"cc": [
"https://infosec.pub/c/cybersecurity/followers"
],
"type": "Announce",
"id": "https://infosec.pub/activities/announce/create/b1c3f147-04f8-4db4-8437-ff324c25a64d"
},
{
"actor": "https://infosec.pub/c/cybersecurity",
"to": [
"https://www.w3.org/ns/activitystreams#Public"
],
"object": {
"id": "https://infosec.pub/activities/create/1fa90381-0cc0-4877-aa0c-a0c465d9d008",
"actor": "https://lemmy.world/u/cm0002",
"to": [
"https://www.w3.org/ns/activitystreams#Public"
],
"object": {
"type": "Page",
"id": "https://lemmy.world/post/27746699",
"attributedTo": "https://lemmy.world/u/cm0002",
"to": [
"https://infosec.pub/c/cybersecurity",
"https://www.w3.org/ns/activitystreams#Public"
],
"name": "Unknown scanners probing Juniper and Palo Alto products",
"cc": [],
"mediaType": "text/html",
"attachment": [
{
"href": "https://www.theregister.com/2025/04/03/unknown_scanners_probing_juniper_paloalto/",
"mediaType": "text/html; charset=utf-8",
"type": "Link"
}
],
"image": {
"type": "Image",
"url": "https://infosec.pub/api/v3/image_proxy?url=https%3A%2F%2Fregmedia.co.uk%2F2025%2F04%2F02%2Fshutterstock_digital_eye.jpg"
},
"sensitive": false,
"published": "2025-04-03T17:40:13.688713Z",
"audience": "https://infosec.pub/c/cybersecurity",
"tag": [
{
"href": "https://lemmy.world/post/27746699",
"name": "#cybersecurity",
"type": "Hashtag"
}
]
},
"cc": [
"https://infosec.pub/c/cybersecurity"
],
"type": "Create",
"audience": "https://infosec.pub/c/cybersecurity"
},
"cc": [
"https://infosec.pub/c/cybersecurity/followers"
],
"type": "Announce",
"id": "https://infosec.pub/activities/announce/create/9036cb20-9fb1-4615-997b-9c053a3ebec1"
}
]
}