Overview
Description
Statistics
- 2 Posts
- 11 Interactions
Fediverse
Google „Fast Pair“ ist Sicherheitsrisiko
Hier kann man wieder sehen, dass "Komfort" (oder was auch immer die Amerikaner dafür halten) ein natürlicher Feind der Sicherheit ist. Google hatte ein Verfahren namens Fast Pair ersonnen, das die Kopplung von Bluetooth (BT) Zubehörgeräten mit Android vereinfachen soll. Gut gedacht, schlecht gemacht. Forschende der Uni Leuven (Belgien) haben schon im vorigen Jahr eine Schwachstelle in dem System gefunden und vertraulich an Google gemeldet. Wann genau das war, ist nirgends dokumentiert. Die zugeordnete Fehlernummer CVE-2025-36911 muss (aus der Zahl zu schließen) ungefähr um die Jahresmitte vergeben worden sein.
Die Schwachstelle
https://www.pc-fluesterer.info/wordpress/2026/01/20/google-fast-pair-ist-sicherheitsrisiko/
#Empfehlung #Mobilfunk #Warnung #android #bluetooth #google #hersteller #sicherheit #vorbeugen
‼️WPair is a defensive security research tool that demonstrates the CVE-2025-36911 (eg WhisperPair) vulnerability in Google's Fast Pair protocol.
https://github.com/zalexdev/wpair-app
Features:
▪️BLE Scanner - Discovers Fast Pair devices broadcasting the 0xFE2C service UUID
▪️Vulnerability Tester - Non-invasive check if device is patched against CVE-2025-36911
▪️Exploit Demonstration - Full proof-of-concept for authorized security testing
▪️HFP Audio Access - Demonstrates microphone access post-exploitation
▪️Live Listening - Real-time audio streaming to phone speaker
▪️Recording - Save captured audio as M4A files
Overview
- hwk-fr
- Advanced Custom Fields: Extended
Description
Statistics
- 2 Posts
- 2 Interactions
Fediverse
🔴 CVE-2025-14533 - Critical (9.8)
The Advanced Custom Fields: Extended plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 0.9.2.1. This is due to the 'insert_user' function not restricting the roles with which a user can register. This...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2025-14533/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
‼️CVE-2025-14533: The Advanced Custom Fields: Extended plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 0.9.2.1, exposing 100,000 sites.
CVSS: 9.8
CVE Published: January 20th, 2026
Bounty: $975.00
Advisory: https://github.com/advisories/GHSA-jm76-5g2j-p4hp
Description: The Advanced Custom Fields: Extended plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 0.9.2.1. This is due to the 'insert_user' function not restricting the roles with which a user can register. This makes it possible for unauthenticated attackers to supply the 'administrator' role during registration and gain administrator access to the site. Note: The vulnerability can only be exploited if 'role' is mapped to the custom field.
Overview
Description
Statistics
- 1 Post
- 10 Interactions
Fediverse
2026-01-19 (Monday): Catching up on two infections in my lab from last week, and I added an entry with a #pcap of scans and probes and web traffic hitting my web server.
I attempted to set up MongoDB on my server to detect any "MongoBleed" CVE-2025-14847 activity, but I was unable to configure the server properly.
I opened TCP port 27017 on my Apache web server, and I'm only receiving web scans/probes on that port.
Feel free to check out my latest posts at https://www.malware-traffic-analysis.net/2026/index.html
Or not. I'm not your parent. I can't tell you what to do.
Overview
Description
Statistics
- 1 Post
- 10 Interactions
Fediverse
Heads up for my fellow Red Hat Enterprise Linux (RHEL) 10 users:
Important: kernel security update
kernel: libceph: fix potential use-after-free in have_mon_and_osd_map() (CVE-2025-68285)
So do your `dnf update` ASAP :)
More details: https://access.redhat.com/errata/RHSA-2026:0786
Overview
- TP-Link Systems Inc.
- VIGI InSight Sx45 Series (S245/S345/S445)
Description
Statistics
- 1 Post
- 3 Interactions
Fediverse
Eine kritische Sicherheitslücke CVE-2026-0629 erlaubt es Angreifern, Admin-Zugriff auf zahlreiche #TPLink Vigi-Überwachungskameras per Fernzugriff zu erlangen. https://www.golem.de/specials/tp-link/
Overview
Description
Statistics
- 1 Post
- 3 Interactions
Fediverse
🟠 CVE-2026-0899 - High (8.8)
Out of bounds memory access in V8 in Google Chrome prior to 144.0.7559.59 allowed a remote attacker to potentially exploit object corruption via a crafted HTML page. (Chromium security severity: High)
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-0899/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
Overview
- Beckhoff Automation
- TwinCAT.HMI.Server
Description
Statistics
- 1 Post
- 2 Interactions
Fediverse
#OT #Advisory VDE-2025-106
Beckhoff: XSS Vulnerability in TwinCAT 3 HMI Server
On an instance of TwinCAT 3 HMI Server running on a device an authenticated administrator can inject arbitrary content into the custom CSS field which is persisted on the device and later returned via the login page and error page.
#CVE CVE-2025-41768
https://certvde.com/en/advisories/vde-2025-106/
#CSAF https://beckhoff.csaf-tp.certvde.com/.well-known/csaf/white/2026/vde-2025-106.json
Overview
Description
Statistics
- 1 Post
- 2 Interactions
Fediverse
This looks to be Hajime only going after Mikrotik routers in some scanner's inventory. Highly targeted (only hitting our Mikrotiks), low and slow over time.
Definitely coming from a wide array of other compromised edge devices.
https://viz.greynoise.io/tags/mikrotik-routeros-rce-cve-2017-20149-attempt?days=90
Overview
Description
Statistics
- 1 Post
- 1 Interaction
Fediverse
🔴 CVE-2026-0907 - Critical (9.8)
Incorrect security UI in Split View in Google Chrome prior to 144.0.7559.59 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Low)
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-0907/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
Overview
Description
Statistics
- 1 Post
- 1 Interaction
Fediverse
🔴 CVE-2026-0610 - Critical (9.8)
SQL Injection vulnerability in remote-sessions in Devolutions Server.This issue affects Devolutions Server 2025.3.1 through 2025.3.12
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-0610/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack