Forwarded from The Hacker News
👀 Hackers could be one path away from your sensitive files!
🚨 New CVEs expose major flaws in Rack & Infodraw systems:
🔹 CVE-2025-27610 lets attackers read config files & credentials via path traversal.
🔹 Infodraw CVE-2025-43928 allows any file to be read or deleted—no login needed.
Learn more: https://thehackernews.com/2025/04/researchers-identify-rackstatic.html
🔥 Exploits are trivial & patches missing. Systems in Belgium & Luxembourg already hit. Update now or go offline!
🚨 New CVEs expose major flaws in Rack & Infodraw systems:
🔹 CVE-2025-27610 lets attackers read config files & credentials via path traversal.
🔹 Infodraw CVE-2025-43928 allows any file to be read or deleted—no login needed.
Learn more: https://thehackernews.com/2025/04/researchers-identify-rackstatic.html
🔥 Exploits are trivial & patches missing. Systems in Belgium & Luxembourg already hit. Update now or go offline!
Forwarded from The Hacker News
🛑 Critical SAP Exploit Alert!
Hackers are abusing a flaw in SAP NetWeaver to drop JSP web shells—even fully patched systems are hit.
Likely tied to CVE-2025-31324 (CVSS 10.0) | Allows unauthenticated file uploads via /metadatauploader.
Details → https://thehackernews.com/2025/04/sap-confirms-critical-netweaver-flaw.html
Hackers are abusing a flaw in SAP NetWeaver to drop JSP web shells—even fully patched systems are hit.
Likely tied to CVE-2025-31324 (CVSS 10.0) | Allows unauthenticated file uploads via /metadatauploader.
Details → https://thehackernews.com/2025/04/sap-confirms-critical-netweaver-flaw.html
Forwarded from The Hacker News
🔥 Machines are talking. And they hold the keys.
70% of leaked secrets still work. NHIs outnumber humans 100:1 — no MFA, no alerts, no control.
Most teams don’t know where these secrets are, or who’s using them.
👀 Time to find the risks. Fix them. Before it’s too late.
See how: https://thehackernews.com/2025/04/why-nhis-are-securitys-most-dangerous.html
70% of leaked secrets still work. NHIs outnumber humans 100:1 — no MFA, no alerts, no control.
Most teams don’t know where these secrets are, or who’s using them.
👀 Time to find the risks. Fix them. Before it’s too late.
See how: https://thehackernews.com/2025/04/why-nhis-are-securitys-most-dangerous.html
Forwarded from The Hacker News
🔥 Fake jobs, real danger.
North Korean hackers are posing as crypto firms to lure devs into malware traps.
🔹3 fronts: BlockNovas, Angeloper, SoftGlide
🔹3 Malware: BeaverTail, InvisibleFerret, OtterCookie 🔹3 Target: Your wallet, data & trust.
Read: https://thehackernews.com/2025/04/north-korean-hackers-spread-malware-via.html
North Korean hackers are posing as crypto firms to lure devs into malware traps.
🔹3 fronts: BlockNovas, Angeloper, SoftGlide
🔹3 Malware: BeaverTail, InvisibleFerret, OtterCookie 🔹3 Target: Your wallet, data & trust.
Read: https://thehackernews.com/2025/04/north-korean-hackers-spread-malware-via.html
Forwarded from NoGoolag
Proton Mail Report – https://a.devs.today/https://intelod.net/reports/proton-mail/
We don’t Trust Proton and recommend making a plan to migrate off their email system soon. This stinks, big time, as many on our team and in our circles have been users and proponents of the service for many years… until we started doing the homework, following the money and asking the hard questions.
#Proton #ProtonMail
We don’t Trust Proton and recommend making a plan to migrate off their email system soon. This stinks, big time, as many on our team and in our circles have been users and proponents of the service for many years… until we started doing the homework, following the money and asking the hard questions.
#Proton #ProtonMail
intelod.net
Proton Mail Reports
- Intel On Demand
- Intel On Demand
protonmail
Forwarded from NoGoolag
#microg Release v0.3.7.250923
https://github.com/microg/GmsCore/releases/tag/v0.3.7.250932
New Features and changes:
Work Profile
You can now sign into various work accounts that setup a work profile when using microG. As microG does not comply with all functionality imposed by organization administrators, you need to enable this feature manually in microG Settings > Work profile. Together with this comes functionality to view and install apps suggested by the organization administrator through the Play Store.
Play Feature Delivery
Apps can request installation of additional languages or features from split packages. You can activate this from microG Settings > Play Store
Face detection
This release ships with initial support for Google's Face Detection API. This functionality is still very incomplete, but works for some apps using it.
Changelog
Maps: Various fixes for HMS Maps (#2737, #2754, #2778, #2825). Thanks @DaVinci9196.
Vision: Improve Barcode Scanning APIs (#2735, #2787). Thanks @DaVinci9196.
Vision: Add initial support for face detection API (#2793). Thanks @DaVinci9196.
Location: Add support for moving WiFis in Eurostar trains (#2821). Thanks @TimoWilken.
Fitness: Add dummy for Recording API (#2760). Thanks @DaVinci9196.
Auth: Various fixes for quick login and third-party Google sign-in (#2660, #2698, #2798). Thanks @DaVinci9196.
Auth: Add support for work accounts (#2553). Thanks @fynngodau.
DroidGuard: Disable access to hardware attestation.
Vending: Fix handling of IAP for multi-account setups (#2681). Thanks @DaVinci9196.
Vending: Add work app store (#2553). Thanks @fynngodau.
Vending: Disable access to hardware keys for play integrity (#2740). Thanks @DaVinci9196
Vending: Add dummys (#2759, #2791). Thanks @DaVinci9196.
Various fixes to improve support for Google Apps (#2652, #2654, #2684, #2738, #2767, #2779, #2780). Thanks @DaVinci9196.
Various fixes for dynamic links (#2662), Fido (#2811), SmsRetriever API (#2786), AppSet dummy (#2781), web view handling (#2836, #2862). Thanks @DaVinci9196, @ale5000-git.
Version bumps (#2813, #2829). Thanks @DaVinci9196, @ale5000-git
String and location infrastructure fixes (#2693, #2755, #2781). Thanks @lucasmz-dev, @Fs00.
New/Updated translations
https://github.com/microg/GmsCore/releases/tag/v0.3.7.250932
New Features and changes:
Work Profile
You can now sign into various work accounts that setup a work profile when using microG. As microG does not comply with all functionality imposed by organization administrators, you need to enable this feature manually in microG Settings > Work profile. Together with this comes functionality to view and install apps suggested by the organization administrator through the Play Store.
Play Feature Delivery
Apps can request installation of additional languages or features from split packages. You can activate this from microG Settings > Play Store
Face detection
This release ships with initial support for Google's Face Detection API. This functionality is still very incomplete, but works for some apps using it.
Changelog
Maps: Various fixes for HMS Maps (#2737, #2754, #2778, #2825). Thanks @DaVinci9196.
Vision: Improve Barcode Scanning APIs (#2735, #2787). Thanks @DaVinci9196.
Vision: Add initial support for face detection API (#2793). Thanks @DaVinci9196.
Location: Add support for moving WiFis in Eurostar trains (#2821). Thanks @TimoWilken.
Fitness: Add dummy for Recording API (#2760). Thanks @DaVinci9196.
Auth: Various fixes for quick login and third-party Google sign-in (#2660, #2698, #2798). Thanks @DaVinci9196.
Auth: Add support for work accounts (#2553). Thanks @fynngodau.
DroidGuard: Disable access to hardware attestation.
Vending: Fix handling of IAP for multi-account setups (#2681). Thanks @DaVinci9196.
Vending: Add work app store (#2553). Thanks @fynngodau.
Vending: Disable access to hardware keys for play integrity (#2740). Thanks @DaVinci9196
Vending: Add dummys (#2759, #2791). Thanks @DaVinci9196.
Various fixes to improve support for Google Apps (#2652, #2654, #2684, #2738, #2767, #2779, #2780). Thanks @DaVinci9196.
Various fixes for dynamic links (#2662), Fido (#2811), SmsRetriever API (#2786), AppSet dummy (#2781), web view handling (#2836, #2862). Thanks @DaVinci9196, @ale5000-git.
Version bumps (#2813, #2829). Thanks @DaVinci9196, @ale5000-git
String and location infrastructure fixes (#2693, #2755, #2781). Thanks @lucasmz-dev, @Fs00.
New/Updated translations
GitHub
Release v0.3.7.250932 · microg/GmsCore
New Features
Work Profile
You can now sign into various work accounts that setup a work profile when using microG. As microG does not comply with all functionality imposed by organization administr...
Work Profile
You can now sign into various work accounts that setup a work profile when using microG. As microG does not comply with all functionality imposed by organization administr...
Forwarded from Mishaal's Android News Feed
🔒How Android 16's new security mode will stop USB-based attacks
Advanced Protection Mode in Android 16 will disable USB data access when your phone is locked.
More info & why this matters👇
🔗 https://www.androidauthority.com/android-16-usb-data-advanced-protection-3548018/
Advanced Protection Mode in Android 16 will disable USB data access when your phone is locked.
More info & why this matters👇
🔗 https://www.androidauthority.com/android-16-usb-data-advanced-protection-3548018/
Android Authority
How Android 16's new security mode will stop USB-based attacks
Advanced Protection Mode, a new security mode in Android 16, will stop USB attacks by disabling USB data access when your device is locked.
Forwarded from Mishaal's Android News Feed
Native PDF support is now available by default in the latest Chrome for Android release!
I haven't tested Android 14 or earlier yet, but I can confirm it works on Android 15.
I haven't tested Android 14 or earlier yet, but I can confirm it works on Android 15.
Android Authority
Chrome for Android finally lets you view PDFs without leaving the browser
The Chrome browser for Android now has a native PDF reader that lets you view documents directly in the app.
Forwarded from Hacker News
Random ASCII - tech blog of Bruce Dawson
Google Maps Doesn’t Know How Street Addresses Work
(or actually they do, but they don’t use this knowledge effectively)Update, April 26, 2025: the address fix for W 6th Ave is live, mostly. Going forward I wish that Google Maps would make it harder…
Forwarded from Hacker News
CNCF
Protecting NATS and the integrity of open source: CNCF’s commitment to the community
Updated May 1, 2025: CNCF and Synadia have come to an agreement to ensure that NATS continues to thrive as a healthy open source project within CNCF, with Synadia’s continued support and involvement.
Forwarded from Hacker News