Overview
Description
Statistics
- 6 Posts
Fediverse
Codex CLI Silent RCE Flaw (CVE-2025-61260)
https://www.technadu.com/codex-cli-flaw-allowed-silent-remote-code-execution-through-malicious-repository-configurations/614994/
• Repo configs auto-executed MCP commands
• Backdoors via commit/PR access
• CI & developer endpoints at risk
• Root cause: trusted repo-level config execution
• Patched in v0.23.0
A critical reminder that AI-powered developer tools must adopt strict zero-trust defaults.
Follow us for ongoing security coverage.
#Cybersecurity #CodexCLI #RCE #AIThreats #SupplyChainSecurity #DevSecOps #InfoSec
The Codex CLI vulnerability tracked as CVE-2025-61260 can be exploited for command execution. https://www.securityweek.com/vulnerability-in-openai-coding-agent-could-facilitate-attacks-on-developers/
Bluesky
Overview
- Avast
- Antivirus
Description
Statistics
- 1 Post
- 48 Interactions
Fediverse
Security product vulns are maddening but will also never not be funny to me.
Heap-based Buffer Overflow, Out-of-bounds Write vulnerability in Avast Antivirus on MacOS of a crafted Mach-O file may allow Local Execution of Code or Denial of Service of antivirus protection.\nThis issue affects Antivirus: from 15.7 before 3.9.2025.
Overview
Description
Statistics
- 4 Posts
- 2 Interactions
Fediverse
I examined the patch and wrote a proof-of-concept:
https://worthdoingbadly.com/bluetooth/
My proof-of-concept is available at https://github.com/zhuowei/blueshrimp; it gets "fault addr 0x4141414141414141" on the Android Automotive emulator... once you accept the pairing request.
Alas, I don't have a physical Android 14 device with headset client already enabled. Only smartwatches, wearables, and cars support acting as Bluetooth headsets. I'm not about to drop $70,000 on a car for a blog post.
Bluesky
Overview
Description
Statistics
- 3 Posts
- 3 Interactions
Fediverse
"A security advisory being sent out due to a woops. Noted as CVE-2025-66270, that woops could allow an attacker to entirely skip proper authentication": KDE Connect security advisory released due to possible authentication bypass https://www.gamingonlinux.com/2025/12/kde-connect-security-advisory-released-due-to-possible-authentication-bypass/
KDE Project Security Advisory
=============================
Title: KDE Connect: Impersonation of paired devices, bypassing authentication
Risk rating: Critical
CVE: CVE-2025-66270
[…]
Workaround
==========
Until you can upgrade to a non-vulnerable version, we advise you to stop KDE Connect when on
untrusted networks like those on airports or conferences and/or unpair all devices from KDE Connect.Weiterlesen: #^https://kde.org/info/security/advisory-20251128-1.txt
Overview
- Avast
- Antivirus
Description
Statistics
- 2 Posts
- 5 Interactions
Fediverse
And another one:
Integer Overflow or Wraparound vulnerability in Avast Antivirus (25.1.981.6) on Windows allows Privilege Escalation.This issue affects Antivirus: from 25.1.981.6 before 25.3.
🚨 CRITICAL: CVE-2025-3500—Avast Antivirus ≤25.1.981.6 on Windows suffers integer overflow allowing privilege escalation. Patch to 25.3+ ASAP. Monitor for exploitation & restrict privileges. Details: https://radar.offseq.com/threat/cve-2025-3500-cwe-190-integer-overflow-or-wraparou-15cc1095 #OffSeq #Vulnerability #Avast #InfoSec
Description
Statistics
- 2 Posts
Bluesky
Overview
- expressjs
- express
Description
Statistics
- 5 Posts
Fediverse
🚨 low-severity security fix in express@4.22.0 just released!
Patches CVE-2024-51999 — improperly controlled modification of query properties in express
Bluesky
Overview
Description
Statistics
- 2 Posts
Fediverse
Qualcomm has detailed six high-priority vulnerabilities — including a critical secure boot flaw (CVE-2025-47372). Additional issues affect TZ Firmware, HLOS components, DSP, audio, and camera modules.
OEMs are receiving patches and users may need to check manufacturer timelines for deployment.
Follow us for more non-sensationalized security reporting.
Source: https://gbhackers.com/qualcomm-alerts-users-to-critical-flaws/
#Infosec #Qualcomm #SecureBoot #FirmwareSecurity #ThreatIntel #TechNadu #CVEs #DeviceSecurity
Bluesky
Overview
Description
Statistics
- 4 Posts
- 6 Interactions
Fediverse
🔒 Google patches two actively exploited Android zero-days (CVE-2025-48633 & CVE-2025-48572) in Dec 2025 update! High-severity info disclosure & privilege escalation flaws fixed for Android. Update now to stay safe! 📱💻
Android December security bulletin:
https://source.android.com/docs/security/bulletin/2025-12-01
Including:
Note: There are indications that the following may be under limited, targeted exploitation.
- CVE-2025-48633
- CVE-2025-48572
⚠️ Google just fixed 107 security flaws in Android — including two that hackers already used in real attacks.
The exploited bugs (CVE-2025-48633 & CVE-2025-48572) affect the Android Framework and could expose data or give attackers higher access.
Read: https://thehackernews.com/2025/12/google-patches-107-android-flaws.html
📱 Update your device as soon as the December patch is available.
Bluesky
Overview
Description
Statistics
- 4 Posts
- 6 Interactions
Fediverse
🔒 Google patches two actively exploited Android zero-days (CVE-2025-48633 & CVE-2025-48572) in Dec 2025 update! High-severity info disclosure & privilege escalation flaws fixed for Android. Update now to stay safe! 📱💻
Android December security bulletin:
https://source.android.com/docs/security/bulletin/2025-12-01
Including:
Note: There are indications that the following may be under limited, targeted exploitation.
- CVE-2025-48633
- CVE-2025-48572
⚠️ Google just fixed 107 security flaws in Android — including two that hackers already used in real attacks.
The exploited bugs (CVE-2025-48633 & CVE-2025-48572) affect the Android Framework and could expose data or give attackers higher access.
Read: https://thehackernews.com/2025/12/google-patches-107-android-flaws.html
📱 Update your device as soon as the December patch is available.
Bluesky