Prof. Dr. Dennis-Kenji Kipker<p>Alle Nutzer:innen von <a href="https://chaos.social/tags/WinRAR" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>WinRAR</span></a> sind aufgefordert, die neuesten Updates zu installieren, da eine <a href="https://chaos.social/tags/Sicherheitsl%C3%BCcke" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Sicherheitslücke</span></a> von Cyberangreifern aktiv ausgenutzt wird. Da WinRAR sich nicht automatisch updated, müssen die User die Version 7.13 selbst installieren.</p><p>Durch die <a href="https://chaos.social/tags/Schwachstelle" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Schwachstelle</span></a> wird der Zugriff auf normalerweise nicht zugängliche Systemverzeichnisse eröffnet und Schadcode zur Ausführung gebracht.</p><p>Ein entsprechender <a href="https://chaos.social/tags/Zeroday" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Zeroday</span></a> Exploit stand in einem Hackerforum zum Verkauf:</p><p><a href="https://www.heise.de/news/WinRAR-Sicherheitsluecke-wird-bereits-angegriffen-10516078.html" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://www.</span><span class="ellipsis">heise.de/news/WinRAR-Sicherhei</span><span class="invisible">tsluecke-wird-bereits-angegriffen-10516078.html</span></a></p>
toad.social is one of the many independent Mastodon servers you can use to participate in the fediverse.
Mastodon server operated by David Troy, a tech pioneer and investigative journalist addressing threats to democracy. Thoughtful participation and discussion welcome.
Administered by:
Server stats:
277active users
toad.social: About · Profiles directory · Privacy policy
Mastodon: About · Get the app · Keyboard shortcuts · View source code · v4.4.1
#zeroday
3 posts · 3 participants · 0 posts today
Christoph Schmees<p>Microsoft Flickentag 2025-08 und MS‘ Haltung zu Sicherheit</p><p>Fangen wir mit der guten Nachricht an: Keine der mit den August-Updates geflickten 111 Sicherheitslücken wird bereits angegriffen. Allerdings gibt es mit 17 als kritisch eingestuften Löchern etliche Kandidaten, die voraussichtlich bald ihren Weg in das Waffenarsenal der Cybergangster finden werden. Eine Zero-Day Sicherheitslücke (also vor dem Flicken schon bekannt) gibt es auch, aber die anzugreifen ist schwierig. Deshalb wird sie nur als moderates Risiko eingestuft.<br>Von den kritischen Sicherheitslücken finden sich allein 5 in Azure,</p><p><a href="https://www.pc-fluesterer.info/wordpress/2025/08/13/microsoft-flickentag-2025-08-und-ms-haltung-zu-sicherheit/" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://www.</span><span class="ellipsis">pc-fluesterer.info/wordpress/2</span><span class="invisible">025/08/13/microsoft-flickentag-2025-08-und-ms-haltung-zu-sicherheit/</span></a></p><p><a href="https://social.tchncs.de/tags/Allgemein" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Allgemein</span></a> <a href="https://social.tchncs.de/tags/Empfehlung" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Empfehlung</span></a> <a href="https://social.tchncs.de/tags/Hintergrund" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Hintergrund</span></a> <a href="https://social.tchncs.de/tags/Warnung" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Warnung</span></a> <a href="https://social.tchncs.de/tags/0day" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>0day</span></a> <a href="https://social.tchncs.de/tags/cloud" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>cloud</span></a> <a href="https://social.tchncs.de/tags/cybercrime" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>cybercrime</span></a> <a href="https://social.tchncs.de/tags/Microsoft" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Microsoft</span></a> <a href="https://social.tchncs.de/tags/office" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>office</span></a> <a href="https://social.tchncs.de/tags/sicherheit" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>sicherheit</span></a> <a href="https://social.tchncs.de/tags/UnplugTrump" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>UnplugTrump</span></a> <a href="https://social.tchncs.de/tags/vorbeugen" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>vorbeugen</span></a> <a href="https://social.tchncs.de/tags/word" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>word</span></a> <a href="https://social.tchncs.de/tags/zeroday" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>zeroday</span></a></p>
Marco Ciappelli🎙️✨:verified: :donor:<p>🎯 NOW PUBLISHING: On-Location Coverage from <a href="https://infosec.exchange/tags/BlackHatUSA" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>BlackHatUSA</span></a> 2025!</p><p>We're back in the office and excited to start sharing all the conversations we captured on location in Las Vegas with our amazing sponsors and editorial coverage!</p><p>🔔 Follow ITSPmagazine, Sean Martin, CISSP, and Marco Ciappelli to get this content fresh as it drops!</p><p>We're honored to share this eye-opening Brand Story conversation thanks to our friends at runZero 🙏</p><p>The Often-Overlooked Truth in <a href="https://infosec.exchange/tags/Cybersecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Cybersecurity</span></a>: Seeing the Unseen in Vulnerability Management</p><p>Most successful breaches don't happen because defenders ignored known vulnerabilities. They happen because attackers exploited assets that organizations never knew existed.</p><p>HD Moore, founder and CEO of runZero and creator of <a href="https://infosec.exchange/tags/Metasploit" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Metasploit</span></a>, reveals the uncomfortable truth: organizations routinely miss half their actual attack surface. Through decades of penetration testing high-security environments, Moore discovered that traditional discovery methods only find properly managed systems while <a href="https://infosec.exchange/tags/shadowIT" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>shadowIT</span></a>, legacy hardware, and misconfigured devices remain invisible.</p><p>Key insights from our conversation: </p><p>• When using attacker-grade discovery techniques, asset counts typically DOUBLE what organizations thought they had </p><p>• The industry's CVE obsession creates false security while real attacks exploit misconfigurations and zero-days </p><p>• Unknown assets—from IoT devices to forgotten servers—bypass even sophisticated security controls </p><p>• Traditional agent-based tools can't see what attackers see</p><p><a href="https://infosec.exchange/tags/RunZero" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>RunZero</span></a> inverts the traditional model by starting with unauthenticated discovery that mirrors how attackers actually probe networks. This reveals the true attack surface and transforms vulnerability management from reactive patching to strategic risk reduction.</p><p>📺 Watch the video: <a href="https://youtu.be/hkKJsKUugIU" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="">youtu.be/hkKJsKUugIU</span><span class="invisible"></span></a> </p><p>🎧 Listen to the podcast: <a href="https://brand-stories-podcast.simplecast.com/episodes/the-often-overlooked-truth-in-cybersecurity-seeing-the-unseen-in-vulnerability-management-a-brand-story-with-hd-moore-founder-and-ceo-of-runzero-a-black-hat-usa-2025-conference-on-location-brand-story-bM0PrkAw" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">brand-stories-podcast.simpleca</span><span class="invisible">st.com/episodes/the-often-overlooked-truth-in-cybersecurity-seeing-the-unseen-in-vulnerability-management-a-brand-story-with-hd-moore-founder-and-ceo-of-runzero-a-black-hat-usa-2025-conference-on-location-brand-story-bM0PrkAw</span></a> 📖 Read the blog: <a href="https://www.itspmagazine.com/their-stories/the-often-overlooked-truth-in-cybersecurity-seeing-the-unseen-in-vulnerability-management-a-brand-story-with-hd-moore-founder-and-ceo-of-runzero-a-black-hat-usa-2025-conference-on-location-brand-story" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://www.</span><span class="ellipsis">itspmagazine.com/their-stories</span><span class="invisible">/the-often-overlooked-truth-in-cybersecurity-seeing-the-unseen-in-vulnerability-management-a-brand-story-with-hd-moore-founder-and-ceo-of-runzero-a-black-hat-usa-2025-conference-on-location-brand-story</span></a></p><p>➤ Learn more about RunZero: <a href="https://itspm.ag/runzero-5733" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="">itspm.ag/runzero-5733</span><span class="invisible"></span></a> </p><p>✦ Catch more stories from RunZero: <a href="https://www.itspmagazine.com/directory/runzero" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://www.</span><span class="ellipsis">itspmagazine.com/directory/run</span><span class="invisible">zero</span></a> </p><p>🎪 Follow all of our <a href="https://infosec.exchange/tags/BHUSA" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>BHUSA</span></a> 2025 coverage: <a href="https://www.itspmagazine.com/bhusa25" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://www.</span><span class="">itspmagazine.com/bhusa25</span><span class="invisible"></span></a></p><p><a href="https://infosec.exchange/tags/Cybersecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Cybersecurity</span></a> <a href="https://infosec.exchange/tags/VulnerabilityManagement" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>VulnerabilityManagement</span></a> <a href="https://infosec.exchange/tags/AssetDiscovery" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>AssetDiscovery</span></a> <a href="https://infosec.exchange/tags/AttackSurface" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>AttackSurface</span></a> <a href="https://infosec.exchange/tags/BlackHatUSA" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>BlackHatUSA</span></a> <a href="https://infosec.exchange/tags/BHUSA25" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>BHUSA25</span></a> <a href="https://infosec.exchange/tags/ShadowIT" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>ShadowIT</span></a> <a href="https://infosec.exchange/tags/SecurityVisibility" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>SecurityVisibility</span></a> <a href="https://infosec.exchange/tags/Metasploit" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Metasploit</span></a> <a href="https://infosec.exchange/tags/ZeroDay" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>ZeroDay</span></a> <a href="https://infosec.exchange/tags/tech" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>tech</span></a> <a href="https://infosec.exchange/tags/technology" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>technology</span></a> <a href="https://infosec.exchange/tags/cybersecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>cybersecurity</span></a></p>
OTX Bot<p>ToolShell: An all-you-can-eat buffet for threat actors</p><p>A set of zero-day vulnerabilities in SharePoint Server, dubbed ToolShell, has been exploited in the wild since July 17, 2025. The vulnerabilities, CVE-2025-53770 and CVE-2025-53771, allow remote code execution and server spoofing, affecting on-premises SharePoint servers. Attackers have been chaining these with previously patched vulnerabilities to bypass authentication and deploy webshells. The attacks have been observed globally, with the US being the most targeted country. Various threat actors, including China-aligned APT groups, have been exploiting ToolShell. A backdoor associated with LuckyMouse was detected on a compromised machine in Vietnam. The ongoing attacks are expected to continue, targeting high-value government organizations and other vulnerable systems.</p><p>Pulse ID: 689b1b3eccb7ac11fb95c4d1<br>Pulse Link: <a href="https://otx.alienvault.com/pulse/689b1b3eccb7ac11fb95c4d1" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">otx.alienvault.com/pulse/689b1</span><span class="invisible">b3eccb7ac11fb95c4d1</span></a> <br>Pulse Author: AlienVault<br>Created: 2025-08-12 10:45:18</p><p>Be advised, this data is unverified and should be considered preliminary. Always do further verification.</p><p><a href="https://social.raytec.co/tags/BackDoor" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>BackDoor</span></a> <a href="https://social.raytec.co/tags/China" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>China</span></a> <a href="https://social.raytec.co/tags/CyberSecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>CyberSecurity</span></a> <a href="https://social.raytec.co/tags/Government" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Government</span></a> <a href="https://social.raytec.co/tags/InfoSec" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>InfoSec</span></a> <a href="https://social.raytec.co/tags/Mac" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Mac</span></a> <a href="https://social.raytec.co/tags/OTX" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>OTX</span></a> <a href="https://social.raytec.co/tags/OpenThreatExchange" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>OpenThreatExchange</span></a> <a href="https://social.raytec.co/tags/RemoteCodeExecution" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>RemoteCodeExecution</span></a> <a href="https://social.raytec.co/tags/Vietnam" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Vietnam</span></a> <a href="https://social.raytec.co/tags/ZeroDay" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>ZeroDay</span></a> <a href="https://social.raytec.co/tags/bot" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>bot</span></a> <a href="https://social.raytec.co/tags/AlienVault" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>AlienVault</span></a></p>
Erik Jonker<p>Lezenswaardige update van het NCSC over de Citrix kwetsbaarheid.<br>"Het NCSC stelt vast dat er meerdere kritieke organisaties binnen Nederland succesvol aangevallen zijn via een kwetsbaarheid met kenmerk CVE-2025-6543 in Citrix NetScaler...."<br><a href="https://www.ncsc.nl/actueel/nieuws/2025/07/22/casus-citrix-kwetsbaarheid" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://www.</span><span class="ellipsis">ncsc.nl/actueel/nieuws/2025/07</span><span class="invisible">/22/casus-citrix-kwetsbaarheid</span></a><br><a href="https://mastodon.social/tags/citrix" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>citrix</span></a> <a href="https://mastodon.social/tags/netscaler" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>netscaler</span></a> <a href="https://mastodon.social/tags/ncsc" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>ncsc</span></a> <a href="https://mastodon.social/tags/cybersecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>cybersecurity</span></a> <a href="https://mastodon.social/tags/zeroday" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>zeroday</span></a></p>
nemo™ 🇺🇦<p>🚨 WinRAR zero-day CVE-2025-8088 exploited by Russian hacker group RomCom in targeted attacks on financial & defense sectors 🇷🇺🎯 Malicious RAR files drop stealthy malware on extraction. Update to v7.13 NOW to stay protected! 🔒 <a href="https://mas.to/tags/WinRAR" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>WinRAR</span></a> <a href="https://mas.to/tags/ZeroDay" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>ZeroDay</span></a> <a href="https://mas.to/tags/Cybersecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Cybersecurity</span></a> <a href="https://mas.to/tags/Malware" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Malware</span></a> <a href="https://mas.to/tags/RomCom" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>RomCom</span></a> <a href="https://www.bleepingcomputer.com/news/security/details-emerge-on-winrar-zero-day-attacks-that-infected-pcs-with-malware/" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://www.</span><span class="ellipsis">bleepingcomputer.com/news/secu</span><span class="invisible">rity/details-emerge-on-winrar-zero-day-attacks-that-infected-pcs-with-malware/</span></a><br><a href="https://mas.to/tags/newz" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>newz</span></a></p>
nemo™ 🇺🇦<p>🚨 The Netherlands' National Cyber Security Centre warns a critical Citrix NetScaler flaw CVE-2025-6543 has been exploited to breach multiple key organizations! This zero-day memory overflow bug enables remote code execution & erases attack traces. Update NOW! 🔐⚠️ <a href="https://mas.to/tags/Cybersecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Cybersecurity</span></a> <a href="https://mas.to/tags/ZeroDay" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>ZeroDay</span></a> <a href="https://mas.to/tags/Citrix" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Citrix</span></a> <a href="https://mas.to/tags/newz" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>newz</span></a> </p><p>Read more: <a href="https://www.bleepingcomputer.com/news/security/netherlands-citrix-netscaler-flaw-cve-2025-6543-exploited-to-breach-orgs/" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://www.</span><span class="ellipsis">bleepingcomputer.com/news/secu</span><span class="invisible">rity/netherlands-citrix-netscaler-flaw-cve-2025-6543-exploited-to-breach-orgs/</span></a></p>
nemo™ 🇺🇦<p>🚨 Russian hackers linked to RomCom exploited a critical WinRAR zero-day (CVE-2025-8088) in targeted spear-phishing attacks against finance, defense & logistics sectors in Europe & Canada. Update to WinRAR 7.13 NOW to block hidden malware deployment! 🔐🛡️ <a href="https://mas.to/tags/Cybersecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Cybersecurity</span></a> <a href="https://mas.to/tags/WinRAR" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>WinRAR</span></a> <a href="https://mas.to/tags/ZeroDay" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>ZeroDay</span></a> <a href="https://cyberinsider.com/russian-hackers-exploit-winrar-zero-day-vulnerability-patch-now/" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">cyberinsider.com/russian-hacke</span><span class="invisible">rs-exploit-winrar-zero-day-vulnerability-patch-now/</span></a><br><a href="https://mas.to/tags/newz" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>newz</span></a></p>
PrivacyDigest<p>High-severity <a href="https://mas.to/tags/WinRAR" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>WinRAR</span></a> 0-day <a href="https://mas.to/tags/exploited" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>exploited</span></a> for weeks by 2 groups <br><a href="https://mas.to/tags/0day" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>0day</span></a> <a href="https://mas.to/tags/security" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>security</span></a> <a href="https://mas.to/tags/zeroday" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>zeroday</span></a> <a href="https://mas.to/tags/exploit" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>exploit</span></a></p><p><a href="https://arstechnica.com/security/2025/08/high-severity-winrar-0-day-exploited-for-weeks-by-2-groups/" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">arstechnica.com/security/2025/</span><span class="invisible">08/high-severity-winrar-0-day-exploited-for-weeks-by-2-groups/</span></a></p>
Offensive Sequence<p>🚨 CRITICAL WinRAR zero-day under active exploitation! Attackers can leverage malicious archives to compromise systems. Urgently update WinRAR to the latest version and restrict archive file handling. No CVE yet. Details: <a href="https://radar.offseq.com/threat/winrar-zero-day-under-active-exploitation-update-t-ecd984ee" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">radar.offseq.com/threat/winrar</span><span class="invisible">-zero-day-under-active-exploitation-update-t-ecd984ee</span></a> <a href="https://infosec.exchange/tags/OffSeq" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>OffSeq</span></a> <a href="https://infosec.exchange/tags/WinRAR" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>WinRAR</span></a> <a href="https://infosec.exchange/tags/ZeroDay" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>ZeroDay</span></a></p>
Christoph Schmees<p>Trend Micro: „Sicherheitssoftware“ als Sicherheitsrisiko</p><p>Es ist ja schon vom Ansatz her verfehlt, ein löchriges System durch nachträglich anzubringende Pflaster flicken zu wollen. Ja, die Rede ist natürlich von Windows. Ein Schutz im zu schützenden System kann immer umgangen werden, wenn man die richtige "Sicherheitslücke" (oder Hintertür) kennt. Antivirus, das auf Schädlings-Signaturen beruht, ist längst obsolet; auch die Verhaltens-Analyse kann nicht alles finden. Beispiele von Systemen, die trotz Antivirus gehackt wurden, gibt es ja zuhauf. Noch absurder wird die Sache, wenn die "Schutz"-Software selber zum Sicherheitsrisiko wird </p><p><a href="https://www.pc-fluesterer.info/wordpress/2025/08/11/trend-micro-sicherheitssoftware-als-sicherheitsrisiko/" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://www.</span><span class="ellipsis">pc-fluesterer.info/wordpress/2</span><span class="invisible">025/08/11/trend-micro-sicherheitssoftware-als-sicherheitsrisiko/</span></a></p><p><a href="https://social.tchncs.de/tags/Allgemein" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Allgemein</span></a> <a href="https://social.tchncs.de/tags/Hintergrund" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Hintergrund</span></a> <a href="https://social.tchncs.de/tags/Warnung" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Warnung</span></a> <a href="https://social.tchncs.de/tags/antivirus" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>antivirus</span></a> <a href="https://social.tchncs.de/tags/cybercrime" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>cybercrime</span></a> <a href="https://social.tchncs.de/tags/Microsoft" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Microsoft</span></a> <a href="https://social.tchncs.de/tags/sicherheit" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>sicherheit</span></a> <a href="https://social.tchncs.de/tags/vorbeugen" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>vorbeugen</span></a> <a href="https://social.tchncs.de/tags/vorf%C3%A4lle" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>vorfälle</span></a> <a href="https://social.tchncs.de/tags/windows" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>windows</span></a> <a href="https://social.tchncs.de/tags/wissen" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>wissen</span></a> <a href="https://social.tchncs.de/tags/zeroday" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>zeroday</span></a></p>
nemo™ 🇺🇦<p>🚨 WinRAR zero-day vulnerability (CVE-2025-8088) exploited by Russian-tied RomCom hackers in phishing attacks to plant malware via malicious archives! Extracted files auto-run from Startup folders, enabling remote code execution. Update to WinRAR 7.13 NOW to stay safe! 🔐🛡️</p><p>Read more: <a href="https://www.bleepingcomputer.com/news/security/winrar-zero-day-flaw-exploited-by-romcom-hackers-in-phishing-attacks/" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://www.</span><span class="ellipsis">bleepingcomputer.com/news/secu</span><span class="invisible">rity/winrar-zero-day-flaw-exploited-by-romcom-hackers-in-phishing-attacks/</span></a></p><p><a href="https://mas.to/tags/WinRAR" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>WinRAR</span></a> <a href="https://mas.to/tags/CyberSecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>CyberSecurity</span></a> <a href="https://mas.to/tags/Malware" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Malware</span></a> <a href="https://mas.to/tags/RomCom" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>RomCom</span></a> <a href="https://mas.to/tags/Phishing" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Phishing</span></a> <a href="https://mas.to/tags/ZeroDay" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>ZeroDay</span></a> <a href="https://mas.to/tags/InfoSec" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>InfoSec</span></a><br><a href="https://mas.to/tags/newz" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>newz</span></a></p>
Pyrzout :vm:<p>Multiple Zero-Day Exploits Discover That Bypass BitLocker, Exposing All Encrypted Data <a href="https://gbhackers.com/researchers-discover-multiple-zero-day-exploits-that-bypass-bitlocker/" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">gbhackers.com/researchers-disc</span><span class="invisible">over-multiple-zero-day-exploits-that-bypass-bitlocker/</span></a> <a href="https://social.skynetcloud.site/tags/CyberSecurityNews" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>CyberSecurityNews</span></a> <a href="https://social.skynetcloud.site/tags/cybersecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>cybersecurity</span></a> <a href="https://social.skynetcloud.site/tags/ZeroDay" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>ZeroDay</span></a></p>
AAKL<p>This reads like a commercial.</p><p>"Google’s AI agent Big Sleep identified the critical vulnerability CVE-2025-6965 before cybercriminals could exploit it in the wild. And, Microsoft’s Security Copilot uncovered a wave of bootloader flaws that could have allowed attackers to bypass." </p><p>Tech Republic: AI Beats Hackers to a Zero-Day Cybersecurity Discovery, Twice <a href="https://www.techrepublic.com/article/news-ai-beats-hackers-to-zero-day-exploits/" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://www.</span><span class="ellipsis">techrepublic.com/article/news-</span><span class="invisible">ai-beats-hackers-to-zero-day-exploits/</span></a> <a href="https://infosec.exchange/tags/cybersecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>cybersecurity</span></a> <a href="https://infosec.exchange/tags/infosec" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>infosec</span></a> <a href="https://infosec.exchange/tags/AI" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>AI</span></a> <a href="https://infosec.exchange/tags/zeroday" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>zeroday</span></a> <a href="https://infosec.exchange/tags/Google" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Google</span></a> <a href="https://infosec.exchange/tags/Microsoft" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Microsoft</span></a></p>
Zach 🇮🇱 🇺🇸<p><span class="h-card" translate="no"><a href="https://mastodon.online/@spocko" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>spocko</span></a></span> <br>The <a href="https://fosstodon.org/tags/conspiracy" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>conspiracy</span></a>-like part is connecting the <a href="https://fosstodon.org/tags/Epstein" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Epstein</span></a> FBI <a href="https://fosstodon.org/tags/SharePoint" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>SharePoint</span></a> file exposure to the recent <a href="https://fosstodon.org/tags/Chinese" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Chinese</span></a> <a href="https://fosstodon.org/tags/zeroday" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>zeroday</span></a> <a href="https://fosstodon.org/tags/exploit" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>exploit</span></a>, potentially implying it was either:<br>exploited intentionally,<br>the result of deep systemic failure,<br>or even deliberate mishandling tied to a broader cover-up.<br>There’s currently no <a href="https://fosstodon.org/tags/credible" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>credible</span></a> evidence backing that link. Misconfiguration is a more parsimonious explanation for the older <a href="https://fosstodon.org/tags/FBI" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>FBI</span></a> case. <a href="https://fosstodon.org/tags/conspiracytheorists" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>conspiracytheorists</span></a> <a href="https://fosstodon.org/tags/infosec" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>infosec</span></a></p>
Spocko<p>Question for my <a href="https://mastodon.online/tags/Infosec" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Infosec</span></a> friends<br><span class="h-card" translate="no"><a href="https://mastodon.social/@emptywheel" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>emptywheel</span></a></span> talked about how FBI agents reviewing the <a href="https://mastodon.online/tags/Epstein" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Epstein</span></a> <a href="https://mastodon.online/tags/Maxwell" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Maxwell</span></a> materials put together a list for <a href="https://mastodon.online/tags/PamBondi" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>PamBondi</span></a> & placed it on an internal <a href="https://mastodon.online/tags/SharePoint" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>SharePoint</span></a> server.<br><a href="https://www.muellershewrote.com/p/the-epstein-cover-up-at-the-fbi" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://www.</span><span class="ellipsis">muellershewrote.com/p/the-epst</span><span class="invisible">ein-cover-up-at-the-fbi</span></a> <br> <span class="h-card" translate="no"><a href="https://infosec.exchange/@briankrebs" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>briankrebs</span></a></span> wrote about this <a href="https://mastodon.online/tags/ZeroDay" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>ZeroDay</span></a> exploit 7-21-25 <a href="https://krebsonsecurity.com/2025/07/microsoft-fix-targets-attacks-on-sharepoint-zero-day/" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">krebsonsecurity.com/2025/07/mi</span><span class="invisible">crosoft-fix-targets-attacks-on-sharepoint-zero-day/</span></a><br>Do you think a group has that info?<br>If so, what's the best way to use existence of that hacked list as POLITICAL leverage against DJT to get the full list out?<br><span class="h-card" translate="no"><a href="https://mstdn.social/@nicolesandler" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>nicolesandler</span></a></span> <a href="https://www.youtube.com/live/thdaQyDzYFI?si=EjKSqi7B3cRCBIO4&t=4110" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://www.</span><span class="ellipsis">youtube.com/live/thdaQyDzYFI?s</span><span class="invisible">i=EjKSqi7B3cRCBIO4&t=4110</span></a></p>
TechNadu<p>⚠️ China has accused U.S. intelligence of exploiting a <span class="h-card" translate="no"><a href="https://lea.pet/@microsoft" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>microsoft</span></a></span> Exchange zero-day to infiltrate its military defense infrastructure for a year. This latest cyber storm adds fuel to ongoing claims and counterclaims around Exchange and SharePoint vulnerabilities.</p><p>Software platforms are now battlegrounds. Who should be held accountable when nation‑state actors exploit them?</p><p>🔍 Thoughts? </p><p><a href="https://infosec.exchange/tags/CyberSecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>CyberSecurity</span></a> <a href="https://infosec.exchange/tags/microsoft" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>microsoft</span></a> <a href="https://infosec.exchange/tags/ZeroDay" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>ZeroDay</span></a> <a href="https://infosec.exchange/tags/CyberEspionage" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>CyberEspionage</span></a> <a href="https://infosec.exchange/tags/China" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>China</span></a> <a href="https://infosec.exchange/tags/usa" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>usa</span></a></p>
Offensive Sequence<p>Akira ransomware is exploiting a likely zero-day in fully-patched SonicWall VPNs (no CVE yet). Target: secure remote access, risk: ransomware deployment & business disruption. Urgent: audit VPNs, monitor advisories, enforce MFA. <a href="https://radar.offseq.com/threat/akira-ransomware-exploits-sonicwall-vpns-in-likely-4fa9cf85" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">radar.offseq.com/threat/akira-</span><span class="invisible">ransomware-exploits-sonicwall-vpns-in-likely-4fa9cf85</span></a> <a href="https://infosec.exchange/tags/OffSeq" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>OffSeq</span></a> <a href="https://infosec.exchange/tags/Ransomware" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Ransomware</span></a> <a href="https://infosec.exchange/tags/SonicWall" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>SonicWall</span></a> <a href="https://infosec.exchange/tags/ZeroDay" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>ZeroDay</span></a></p>
nemo™ 🇺🇦<p>🚨 Apple has released urgent security updates patching CVE-2025-6558, a zero-day vulnerability exploited in Google Chrome attacks! 🛡️ This flaw in the ANGLE graphics layer could let hackers run code via malicious HTML, escaping browser sandbox protections. Update your devices now! 🔒 <a href="https://mas.to/tags/Cybersecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Cybersecurity</span></a> <a href="https://mas.to/tags/ZeroDay" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>ZeroDay</span></a> <a href="https://mas.to/tags/Apple" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Apple</span></a> <a href="https://mas.to/tags/Chrome" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Chrome</span></a> <a href="https://mas.to/tags/newz" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>newz</span></a> </p><p>Details ➡️ <a href="https://www.bleepingcomputer.com/news/security/apple-patches-security-flaw-exploited-in-chrome-zero-day-attacks/" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://www.</span><span class="ellipsis">bleepingcomputer.com/news/secu</span><span class="invisible">rity/apple-patches-security-flaw-exploited-in-chrome-zero-day-attacks/</span></a></p>
Tino Eberl<p>Oh je...</p><p>Eine <a href="https://mastodon.online/tags/Sicherheitsl%C3%BCcke" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Sicherheitslücke</span></a> in <a href="https://mastodon.online/tags/Microsoft" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Microsoft</span></a> <a href="https://mastodon.online/tags/Sharepoint" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Sharepoint</span></a> ließ sich nach einem Patch mit nur einem zusätzlichen Zeichen im Code wieder aushebeln.</p><p><a href="https://www.golem.de/news/sharepoint-angriffe-hacker-umgehen-microsofts-patch-mit-nur-einem-zeichen-2507-198577.html" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://www.</span><span class="ellipsis">golem.de/news/sharepoint-angri</span><span class="invisible">ffe-hacker-umgehen-microsofts-patch-mit-nur-einem-zeichen-2507-198577.html</span></a></p><p><a href="https://mastodon.online/tags/Cybersecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Cybersecurity</span></a> <a href="https://mastodon.online/tags/Toolshell" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Toolshell</span></a> <a href="https://mastodon.online/tags/ITSecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>ITSecurity</span></a> <a href="https://mastodon.online/tags/ZeroDay" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>ZeroDay</span></a> <a href="https://mastodon.online/tags/Hacking" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Hacking</span></a> <a href="https://mastodon.online/tags/Security" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Security</span></a> <a href="https://mastodon.online/tags/Hacker" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Hacker</span></a> <a href="https://mastodon.online/tags/Sicherheitsl%C3%BCcken" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Sicherheitslücken</span></a> <a href="https://mastodon.online/tags/Schwachstellen" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Schwachstellen</span></a></p>
TrendingLive feeds
Mastodon is the best way to keep up with what's happening.
Follow anyone across the fediverse and see it all in chronological order. No algorithms, ads, or clickbait in sight.
Create accountLoginDrag & drop to upload