#vulnerability

These are public posts tagged with #vulnerability. You can interact with them if you have an account anywhere in the fediverse.

🌴 todb

#CVE Foundation just dropped a FAQ.

thecvefoundation.org/frequentl

Also, just FYI, I’ve been helping with the Foundation setup and goals articulation and logistics for the last few weeks. I didn’t expect we’d pull the trigger on being public this week, precisely, but here we are!

I’m not employed there or anything (I work at @runZeroInc) but since I care about CVE, I want to do what I can to make sure it thrives and we don’t wind up back again with 15 competing standards for #vulnerability tracking if USG funding goes 💨 poof! 💨 one day (or other single-source-funding style disasters).

Anyway, back to my ill-timed family vacation. I’ll be more online next week. :)

CVE Foundation - Frequently Asked Questions

What do you believe? We believe that CVEs are the cornerstone…

www.thecvefoundation.org
Apr 18, 2025, 13:39 · · 1 · 0
Arie van Deursen 🇳🇱🇪🇺🟥

As part of the 2022 EU NIS2 directive, the EU agency for cybersecurity (ENISA) has been setting up the EU Vulnerability Database (EUVD) at euvd.enisa.europa.eu/ (now in beta).

Started as a collaboration with MITRE's authoritative CVE database, EUVD may now end up replacing it, as US funding for the CVE database has stopped.

#enisa #euvd #cve #mitre #cybersecurity #vulnerability

Apr 18, 2025, 12:43 · · · 1 · 0
Alexandre Dulaunoy

we talk about ssh with @jtk and bam there is this

vulnerability.circl.lu/vuln/CV

“SSH server (Erlang) may allow an attacker to perform unauthenticated remote code execution (RCE).”

We should be careful when we talk.

#vulnerability #ssh #erlang

cvelistv5 - CVE-2025-32433

Vulnerability-Lookup - Fast vulnerability lookup correlation…

vulnerability.circl.lu
Apr 17, 2025, 17:06 · · 1 · 0
Estelle Platini

‘Our moral intuitions about merit and personal worth are changing.’

an interview with Marion Fourcade about her book "The Ordinal Society" co-written by @kjhealy: news.berkeley.edu/2024/04/23/f

#TheOrdinalSociety #concentration #merit #meritocracy #MarionFourcade #Fourcade #school #credit #scores #scoring #reward #rewards #sociology #psychology #socioPsych #socioPsychology #ranking #selfWorth #universalism #digitalization #inequality #inequalities #recognition #data #AIRisks #AIEthics #gaming #socialization #Tracking #surveillance #power #socialControl #governance #regulation #rules #socialMedia #attention #reintermediation #intermediation #enshittification #risk #derisking #vulnerability #morality #confidence #trust #dataDon

From Uber ratings to credit scores: What’s lost in a society that counts and sorts everything? - Berkeley News

In her book, UC Berkeley sociology professor Marion…

Berkeley News
Apr 17, 2025, 16:43 · · 1 · 0
OTX Bot

CVE-2025-24054, NTLM Exploit in the Wild

A critical vulnerability, CVE-2025-24054, related to NTLM hash disclosure via spoofing, has been actively exploited since March 19, 2025. The flaw allows attackers to leak NTLM hashes or user passwords using a maliciously crafted .library-ms file, potentially compromising systems. A campaign targeting government and private institutions in Poland and Romania used malspam to distribute Dropbox links containing archives exploiting this vulnerability. The exploit can be triggered with minimal user interaction, such as right-clicking or navigating to the folder containing the malicious file. This vulnerability appears to be a variant of the previously patched CVE-2024-43451, sharing several similarities.

Pulse ID: 680034fc84efc0751b3bc07d
Pulse Link: otx.alienvault.com/pulse/68003
Pulse Author: AlienVault
Created: 2025-04-16 22:53:48

Be advised, this data is unverified and should be considered preliminary. Always do further verification.

#CyberSecurity #Dropbox #Government #InfoSec #MalSpam #Nim #OTX #OpenThreatExchange #Password #Passwords #Poland #Spam #Vulnerability #Word #bot #AlienVault

LevelBlue - Open Threat Exchange

Learn about the latest cyber threats. Research, collaborate,…

LevelBlue Open Threat Exchange
Apr 17, 2025, 16:31 · · 4 · 0
gcve.eu

Five GNA register to Global CVE (GCVE) allocation system vuldb.com, Ericsson PSIRT, EACG, SCHUTZWERK and DFN-CERT.

If you want to join and get a unique identifier
gcve.eu/about/#eligibility-and

#cve #gcve #cybersecurity #vulnerability

About

GCVE: Global CVE Allocation SystemThe Global CVE (GCVE)…

gcve.eu
Apr 17, 2025, 14:02 · · 2 · 0
Ciarán McNally

Some Lessons learned from the tabletop exercise of continuing our top-tier #vulnerability #intelligence post "CVE" at #Cytidel

● We still have capability to monitor different Social media platforms and trusted expert sources for vulnerability info impacting products
● Collection of News, blogs, CSIRT updates are still fit to serve purpose
● Following vendor feeds directly is a big win as with sourcing info from primary source

Apr 17, 2025, 06:35 · · · 0 · 0
Nick Espinosa

Why The CVE Database Is Beyond Important To Cybersecurity and the World. Note: check out the video for a presentation on this one!

Edit: Funding has been extended for a while but this is still a critical issue. It's clear that no single source should be funding this critical project.

#News #TechNews #MITRE #CVE #Cybersecurity #Vulnerability #USA

youtu.be/-psdhAJINXc

- YouTube

Enjoy the videos and music you love, upload original…

www.youtube.com
Apr 16, 2025, 18:09 · · · 0 · 0
Nick Espinosa

Daily podcast: Why The CVE Database Is Beyond Important To Cybersecurity and the World. Note: check out the video for a presentation on this one!

Edit: Funding has been extended for a while but this is still a critical issue. It's clear that no single source should be funding this critical project.

#News #TechNews #MITRE #CVE #Cybersecurity #Vulnerability #USA #podcast

soundcloud.com/nickaesp/cve

Why The CVE Database Is Beyond Important To Cybersecurity and the WorldSoundCloud
Apr 16, 2025, 18:09 · · · 0 · 0
Whiskey Jack

I asked "TomGPT" to render the desk of a vulnerability management analyst if funding goes away for the CVE. #cve #vulnerability #humour

Image of a desktop with a half-empty bottle of whisky, and post-it notes. One post-it note says, "No cve? We're all fuc...".
Apr 16, 2025, 17:01 · · 0 · 0
PrivacyDigest

Researchers claim breakthrough in fight against AI’s frustrating #security hole

In the #AI world, a #vulnerability called "prompt injection" has haunted developers since #chatbots went mainstream in 2022. Despite numerous attempts to solve this fundamental vulnerability—the digital equivalent of whispering secret instructions to override a system's intended behavior—no one has found a reliable solution. Until now, perhaps.
#promptinjection

arstechnica.com/information-te

Researchers claim breakthrough in fight against AI’s frustrating security hole

Prompt injections are the Achilles’ heel of AI assistants.…

Ars Technica
Apr 16, 2025, 13:40 · · 0 · 0
cybervegan

You know when you see news articles about hacks of password databases or critical vulnerabilities in popular software, they usually quote a "CVE" number that officially identified the issue and allowed it to be defined precisely, and tracked? Well that's gone as of today. Looks like the trump regime has cancelled one off the foundational authorities on cybersecurity, the CVE or Common Vulnerabilities and Exposures program, without explanation. Basically the whole of "tech" relies on this, but I guess it's just America supporting the rest of the world, so it has to go. #cybersecurity #cybersec #cve #vulnerability #VulnerabilityDatabase

Edits: typos/autocorrupt

Apr 16, 2025, 09:22 · · · 1 · 0

Resources

Developers

What is Mastodon?

qoto.org

More…

v3.5.19-qoto · Privacy policy