Insecure defaults can lead to surprises. When creating FIFO sockets with systemd, be sure to note that SocketMode defaults to 0666 - that is world readable and writable. That is: any local user can communicate with the FIFO. If your FIFO is used to perform privileged operations you must ensure that either the FIFO file itself is located in secured location or set SocketMode to stricter value.
I spotted one such insecure use in cloud-init: the hotplug FIFO was world writable. This is CVE-2024-11584 and fixed in cloud-init 25.1.3.
The commit fixing this is in
Russian citizens and dual nationals are not permitted to operate unmanned aircraft (such as #drones) in Finland. While the updated EU #sanctions regulation (EU) No. 833/2014 gives member states the option to grant exceptions, Finnish authorities have not deemed it necessary to do so.
source:
I always recommend everyone to turn off any kind of motherboard manufacturers' driver auto-installers. They have a history of containing significant vulnerabilities leading to arbitrary code execution.
The vulnerabilities discovered by MrBruh in ASUS Driver Hub again confirm this recommendation. There were several vulnerabilities that, when combined, lead to a devastating end result.
S-ryhmä on tuomassa kaikenlaista uutta tekoälytoimintoa S-etukortteihin ja muihin palveluihinsa. Huomioitavaa on, että S-ryhmä hyödyntää oletuksena tietojasi tekoälymallien kouluttamisessa, ellet sitä erikseen kiellä: "Tietosuoja on sisäänrakennettu, ja edes mallin kouluttamiseen ei käytetä sellaisten asiakkaiden dataa, jotka ovat asettaneet analytiikkakiellon."
Kiellon voi tehdä täällä:
Why does the #AISlop problem exist at #hackerone (and likely other bug bounty platforms)?
Because apparently it works: https://hackerone.com/evilginx/hacktivity?type=user
It seems that some projects pay bounties for such AI Slop reports.
"Apple is aware of a report that this issue may have been exploited in an extremely sophisticated attack against specific targeted individuals on iOS."
While iOS has been known to be targeted, the fixes are available for all Apple devices and should be installed as soon as possible.
#activeexploitation #CVE_2025_31200 #CVE_2025_31201
