»Over 600 Laravel Apps Exposed to Remote Code Execution Due to Leaked APP_KEYs on GitHub:
Cybersecurity researchers have discovered a serious security issue that allows leaked Laravel APP_KEY's to be weaponized to gain remote code execution capabilities on hundreds of applications.«
Never store your access keys in Git, especially not in the code – do programmers need to be taught this?!??
https://thehackernews.com/2025/07/over-600-laravel-apps-exposed-to-remote.html
TIL all your #2FA's can hit at once.
"Hello, Browser, I'd like to log in."
"Great! Check your email. Also, you have 35 seconds to respond to this before I lock you out."
"Hi Email! Can I see my last message?"
"Um, you've been ignoring me lately so go get your tablet. Also, I have a decade of your email inside me so you better respond within 10 seconds before I nuke it all."
"Hey Tablet, I need to open you up now."
"Who dat? I'm going to need you to grab your phone..."
»Googles KI darf spionieren – Gemini erhält umfangreichen App-Zugriff:
Googles Gemini kann neuerdings auf Android-Geräten Whatsapp-Chats mitlesen. Wer das nicht möchte, muss viel tun.«
Wenn dies nicht noch eine Risikofaktor mehr in Unternehmen ergibt und die IT-Sicherheit Dienstleister evt. profitieren? Aber auch priv. ist die meines Erachtens bedänklich.
@cryptadamist @panigrc @finalstaticfox @dansup
Obviously that's another evidence of why #KYC IS THE ILLICIT ACTIVITY!...
That problem doesn't exist with #Monero as one cannot determine #transactions, #balances or link wallets by observing the #blockchain. Unlike with all those Shitcoins like #Bitcoin or #Ethereum!
So even if I had a Monero Wallet and even if you knew the wallet address, you cannot see what's on it or what transactions go in and out.
It's even more secure than #SEPA because thanks to #SWIFT & #FATCA the #IRS and #TreasuryDept. have bulk access to these systems and can basically see account balances in real time (when it comes to #US citizens! The rest they can approximate with bulk access to payment providers and intelligence).
So yeah, blame lack of #privacy, #secrecy, and #custody as well as #doxxing in the form of KYC under the false pretense of #AML for the rampant rise of #kidnappings and armed robberies of #shitcoin HODL'ers.
The fact that there are automated, idiot-proof tools like #chainalysis that enable statistical tracking and linking of transactions for everything except Monero is the problem.
IOW: OFC I'd have to expect getting robbed by organized crime if I were to post evidence of me sleeping on genuine gold bars.
Critical Sudo Vulnerabilities Let Local Users Gain Root Access on Linux, Impacting Major Distros
Cybersecurity researchers have disclosed two security flaws in the Sudo command-line utility for Linux and Unix-like operating systems that could enable local attackers to escalate their privileges to root on susceptible machines.
https://thehackernews.com/2025/07/critical-sudo-vulnerabilities-let-local.html
Guten Morgen vom Küchentisch. Heute letzte Vorlesung für die Medizin-FH-Studis. Gleich noch ein bisschen vorbereiten. Der lustigste Teil kommt immer zum Schluss: ePA und Telematik-Infrastruktur. ;) #TeamDatenschutz #Datenschutz #ITSicherheit #ITSec
@patcharcana how we all love outdated regulations...
Guten Morgen vom Schreibtisch. Heute darf ich mal wieder FH-Studis mit #Datenschutz beglücken. Damit das nicht ganz so staubig wird, mach ich mit denen aber immer warum wir den granzen Kram überhaupt haben und was passiert, wenn wir uns nicht dran halten. Die Malware-VM löuft, TOR-Browser mit Marktplatz, wo man u.a. Zugänge zu Social-Media- und Paypal-Konten einkaufen kann läuft auch. Vorlesung kann losgehen. ;D #TeamDatenschutz #ITSec #ITSicherheit #Informationssicherheit
I think @VXShare & @vxunderground are important #archival sites because they help keep track of #malware, it's trends and how it worked.
Bot or not? A short history of web bots and bot detection techniques
– from @OlegWock
Zero-Day: Bluetooth-Lücke macht Millionen Kopfhörer zu Abhörstationen | via heise online
https://www.heise.de/news/Zero-Day-Bluetooth-Luecke-macht-Millionen-Kopfhoerer-zu-Abhoerstationen-10457857.html
#Security #ITsec #Privacy
Hey, @AuswaertigesAmt, ihr wisst schon dass eure #ComSec #pwned wurde?
Vielleicht mal in OpenSource investieren?
CC: @bsi @Bundesregierung
@mrmasterkeyboard I hope this is a #shitpost, not a real setup, because #RedStarOS is literally the #GovwareOS:
»Was Mailadressen über Parlamentarierinnen alles verraten (viel!)«
– von @nohillside
Viele Firmen gehen lapitar mit ihren E-Mails um weil sie anscheinend nichts zu verbergen haben. Doch "nur" schon anscheinend oberflächliche Metadaten sagen sehr viel über jemenschen was aus. Deren Gleichgültigkeit auch von Firmen ist einfach nur übel aber nicht leider nicht erschreckend, da üblich.
https://dnip.ch/2025/06/24/was-mailadressen-ueber-parlamentarierinnen-alles-verraten-viel/
@BrodieOnLinux @torproject @guardianproject
At this point I'd like to ask when @EUCommission and other #regulators start #banning #StasiBook and other #GAFAM|s for their blatant actions as #OrganizedCrime to violate #privacy standards in the #EU and elsewhere?
https://infosec.space/@kkarhan/114733606176520273
Cuz at this point the €32B fines at maximum are a joke.
Simply because this isn't a mere violation of #GDPR, #BDSG and other standards, but literal #malware that has been deployed against users in the wild...
@BrodieOnLinux I am pretty shure @torproject / #TorBrowser and any #App that does #Proxy through @guardianproject / #Orbot for #Tor access is not affected but I do encourage both #Tor and Orbot devs to test against #LocalhostTracking!
The fact that #NSAbook is literally developing #Govware to track users and bypass #Android #sandbox as well as #tracking them regardless of #VPN, #Cookies or #IncognitoMode use or blockage.
https://www.youtube.com/watch?v=LUtctMShGJw via @BrodieOnLinux
More to readup upon.
https://redact.dev/blog/meta-yandex-localhost-tracking
https://www.zeropartydata.es/p/localhost-tracking-explained-it-could
@afreytes +9001%
It's impossible to get #GDPR compliance with #GAFAMs' products!
It's impossible to get #ITsec, #InfoSec, #OpSec & #ComSec on a compliant level when a literal #Govware (#Windows) is being used.
I cannot work as #Linux Sysadmin unter WinShit just like a cardiologist can't perform a heart transplant just cutlery from a prison mess hall and NSAIDs and just like a nurse can't CPR a toddler with a pneumatic jackhammer!