Stacksmasher
@stacksmasher.bsky.social
See Nothing, Hear Nothing, Say Nothing
Reposted by Stacksmasher
Comcast will pay a $1.5 million fine to settle an FCC investigation into a February 2024 vendor data breach that exposed the personal information of nearly 275,000 customers.
Comcast to pay $1.5M fine for vendor breach affecting 270K customers
Comcast will pay a $1.5 million fine to settle an FCC investigation into a February 2024 vendor data breach that exposed the personal information of nearly 275,000 customers.
www.bleepingcomputer.com
November 26, 2025 at 6:30 PM
Comcast will pay a $1.5 million fine to settle an FCC investigation into a February 2024 vendor data breach that exposed the personal information of nearly 275,000 customers.
Reposted by Stacksmasher
Lifetime access to AI-for-evil WormGPT 4 costs just $220
Lifetime access to WormGPT 4 costs just $220
: 'Ah, I see you're ready to escalate. Let's make digital destruction simple and effective.'
www.theregister.com
November 25, 2025 at 11:59 PM
Lifetime access to AI-for-evil WormGPT 4 costs just $220
Reposted by Stacksmasher
This Threads series is … really a great synopsis of how insane the past 24 hours have been on X since the location feature was switched on and then… quite promptly off 😀😅🫠
www.threads.com/@barrettpall...
www.threads.com/@barrettpall...
BARRETT PALL (@barrettpall) on Threads
www.threads.com
November 23, 2025 at 1:50 PM
This Threads series is … really a great synopsis of how insane the past 24 hours have been on X since the location feature was switched on and then… quite promptly off 😀😅🫠
www.threads.com/@barrettpall...
www.threads.com/@barrettpall...
Reposted by Stacksmasher
Critical Oracle Identity Manager Vulnerability Added to CISA KEV Catalog
Critical Oracle Identity Manager Vulnerability Added to CISA KEV Catalog
CISA officially added a critical vulnerability, CVE-2025-61757, to its Known Exploited Vulnerabilities (KEV) catalog, underscoring the urgent need for organizations using Oracle Identity Manager to…
thecyberthrone.in
November 22, 2025 at 5:33 PM
Critical Oracle Identity Manager Vulnerability Added to CISA KEV Catalog
Reposted by Stacksmasher
Microsoft has discovered a side-channel attack (Whisper Leak) on the network communications between AI chatbots and their backend LLMs
www.microsoft.com/en-us/securi...
www.microsoft.com/en-us/securi...
November 9, 2025 at 2:38 PM
Microsoft has discovered a side-channel attack (Whisper Leak) on the network communications between AI chatbots and their backend LLMs
www.microsoft.com/en-us/securi...
www.microsoft.com/en-us/securi...
Reposted by Stacksmasher
It me! My story! I dun writ it! 🧪🔭
Some asteroids spin smoothly. Others tumble chaotically. Understanding their differences could help us learn more about asteroid history and improve planetary defense measures.
What Tumbling Asteroids Tell Us About Their Innards - Eos
Data from the Gaia space observatory reveal that many slowly spinning asteroids rotate chaotically. A new theory links that chaos to their inner structure and history.
eos.org
November 9, 2025 at 4:31 PM
It me! My story! I dun writ it! 🧪🔭
Reposted by Stacksmasher
706,000+ BIND 9 Resolver Instances Vulnerable to Cache Poisoning Exposed Online – PoC Released
706,000+ BIND 9 Resolver Instances Vulnerable to Cache Poisoning Exposed Online - PoC Released
cybersecuritynews.com
October 26, 2025 at 2:33 AM
706,000+ BIND 9 Resolver Instances Vulnerable to Cache Poisoning Exposed Online – PoC Released
Reposted by Stacksmasher
Amazon Web Services experienced DNS resolution issues on Monday morning, taking down wide swaths of the web—and highlighting a long-standing weakness in the internet's infrastructure.
What the Huge AWS Outage Reveals About the Internet
Amazon Web Services experienced DNS resolution issues on Monday morning, taking down wide swaths of the web—and highlighting a long-standing weakness in the internet's infrastructure.
wrd.cm
October 26, 2025 at 2:45 AM
Amazon Web Services experienced DNS resolution issues on Monday morning, taking down wide swaths of the web—and highlighting a long-standing weakness in the internet's infrastructure.
Reposted by Stacksmasher
Hackers Hijacking IIS Servers in The Wild Using Exposed ASP .NET Machine Keys to Inject Malicious Modules
Hackers Hijacking IIS Servers in The Wild Using Exposed ASP .NET Machine Keys to Inject Malicious Modules
cybersecuritynews.com
October 25, 2025 at 7:47 PM
Hackers Hijacking IIS Servers in The Wild Using Exposed ASP .NET Machine Keys to Inject Malicious Modules
Reposted by Stacksmasher
OWASP is teaming up with @InfoSecMap to make cybersecurity events & resources more accessible, inclusive, and global - including OWASP Chapters & Events!
No marketing, pay-to-play nonsense - just human curated community & events.
Explore the brand new OWASP hub now: InfoSecMap.com/owasp
No marketing, pay-to-play nonsense - just human curated community & events.
Explore the brand new OWASP hub now: InfoSecMap.com/owasp
October 19, 2025 at 4:31 PM
OWASP is teaming up with @InfoSecMap to make cybersecurity events & resources more accessible, inclusive, and global - including OWASP Chapters & Events!
No marketing, pay-to-play nonsense - just human curated community & events.
Explore the brand new OWASP hub now: InfoSecMap.com/owasp
No marketing, pay-to-play nonsense - just human curated community & events.
Explore the brand new OWASP hub now: InfoSecMap.com/owasp
Reposted by Stacksmasher
October 8, 2025 at 11:23 AM
Reposted by Stacksmasher
Clop Ransomware Hits Oracle Customers Via Zero-Day Flaw
Clop Ransomware Hits Oracle Customers Via Zero-Day Flaw
The infamous Clop gang has targeted a wide range of Oracle E-Business Suite customers using a newly disclosed zero-day vulnerability.
www.darkreading.com
October 6, 2025 at 7:35 PM
Clop Ransomware Hits Oracle Customers Via Zero-Day Flaw
Reposted by Stacksmasher
Reposted by Stacksmasher
Microsoft Entra ID flaw allowed hijacking any company's tenant
Microsoft Entra ID flaw allowed hijacking any company's tenant
A critical combination of legacy components could have allowed complete access to the Microsoft Entra ID tenant of every company in the world.
www.bleepingcomputer.com
September 21, 2025 at 5:38 PM
Microsoft Entra ID flaw allowed hijacking any company's tenant
Reposted by Stacksmasher
Rest in peace, Iryna Zarutska.
Vichnaya Pamyat🕯🙏🏻🕯
(Ukrainian: Memory Eternal)
Vichnaya Pamyat🕯🙏🏻🕯
(Ukrainian: Memory Eternal)
September 9, 2025 at 6:17 PM
Rest in peace, Iryna Zarutska.
Vichnaya Pamyat🕯🙏🏻🕯
(Ukrainian: Memory Eternal)
Vichnaya Pamyat🕯🙏🏻🕯
(Ukrainian: Memory Eternal)
Reposted by Stacksmasher
Cyber Attacks Targeting Education Sector Surges Following Back-to-School Season
Cyber Attacks Targeting Education Sector Surges Following Back-to-School Season
cybersecuritynews.com
August 29, 2025 at 2:10 PM
Cyber Attacks Targeting Education Sector Surges Following Back-to-School Season
Reposted by Stacksmasher
CVE-2025-26496 (CVSS 9.6): Critical Flaw in Tableau Server Expose Enterprises to Code Execution Risks
CVE-2025-26496 (CVSS 9.6): Critical Flaw in Tableau Server Expose Enterprises to Code Execution Risks
Salesforce has patched several critical vulnerabilities in Tableau Server, including a Type Confusion flaw with a CVSS score of 9.6 that could allow for local code inclusion.
securityonline.info
August 25, 2025 at 11:23 PM
CVE-2025-26496 (CVSS 9.6): Critical Flaw in Tableau Server Expose Enterprises to Code Execution Risks
Reposted by Stacksmasher
SAP fixed 26 flaws in August 2025 Update, including 4 Critical
SAP fixed 26 flaws in August 2025 Update, including 4 Critical
SAP’s August 2025 Patch Tuesday released 15 new security notes, including critical fixes, plus four updates to previously released patches.
securityaffairs.com
August 13, 2025 at 12:49 AM
SAP fixed 26 flaws in August 2025 Update, including 4 Critical
Reposted by Stacksmasher
A newly discovered Linux malware, which has evaded detection for over a year, allows attackers to gain persistent SSH access and bypass authentication on compromised systems.
New Plague Linux malware stealthily maintains SSH access
A newly discovered Linux malware, which has evaded detection for over a year, allows attackers to gain persistent SSH access and bypass authentication on compromised systems.
www.bleepingcomputer.com
August 4, 2025 at 2:42 PM
A newly discovered Linux malware, which has evaded detection for over a year, allows attackers to gain persistent SSH access and bypass authentication on compromised systems.
Reposted by Stacksmasher
As the AI talent wars reach a fever pitch, Mark Zuckerberg is offering top tier recruits to Meta’s new superintelligence lab pay packages of up to $300 million over four years, with more than $100 million in total compensation for the first year.
Here’s What Mark Zuckerberg Is Offering Top AI Talent
The Meta CEO is leading a hiring blitz, offering top talent at OpenAI eye-watering pay packages and endless access to cutting-edge chips.
wrd.cm
July 4, 2025 at 11:54 PM
As the AI talent wars reach a fever pitch, Mark Zuckerberg is offering top tier recruits to Meta’s new superintelligence lab pay packages of up to $300 million over four years, with more than $100 million in total compensation for the first year.
Reposted by Stacksmasher
"Microsoft and CrowdStrike are teaming up to create alignment across our individual threat actor taxonomies"
...but what about the other 23846289467 security firms and their naming schemes?
www.microsoft.com/en-us/securi...
...but what about the other 23846289467 security firms and their naming schemes?
www.microsoft.com/en-us/securi...
Announcing a new strategic collaboration to bring clarity to threat actor naming | Microsoft Security Blog
Microsoft and CrowdStrike are teaming up to create alignment across our individual threat actor taxonomies to help security professionals connect insights faster.
www.microsoft.com
June 2, 2025 at 4:58 PM
"Microsoft and CrowdStrike are teaming up to create alignment across our individual threat actor taxonomies"
...but what about the other 23846289467 security firms and their naming schemes?
www.microsoft.com/en-us/securi...
...but what about the other 23846289467 security firms and their naming schemes?
www.microsoft.com/en-us/securi...
Reposted by Stacksmasher
Not Every CVE Deserves a Fire Drill: Focus on What’s Exploitable
Not Every CVE Deserves a Fire Drill: Focus on What’s Exploitable
Not every "critical" vulnerability is a critical risk. Picus Exposure Validation cuts through the noise by testing what's actually exploitable in your environment — so you can patch what matters.
www.bleepingcomputer.com
May 27, 2025 at 2:55 PM
Not Every CVE Deserves a Fire Drill: Focus on What’s Exploitable
Reposted by Stacksmasher
Chinese intelligence is using a network of front companies to recruit laid-off US government workers on "consulting work," per a new FDD report: www.fdd.org/analysis/202...
The UAE is also doing this, but they're not a nuclear power and sworn enemy of the US: www.zetter-zeroday.com/uae-recruiti...
The UAE is also doing this, but they're not a nuclear power and sworn enemy of the US: www.zetter-zeroday.com/uae-recruiti...
May 20, 2025 at 11:27 AM
Chinese intelligence is using a network of front companies to recruit laid-off US government workers on "consulting work," per a new FDD report: www.fdd.org/analysis/202...
The UAE is also doing this, but they're not a nuclear power and sworn enemy of the US: www.zetter-zeroday.com/uae-recruiti...
The UAE is also doing this, but they're not a nuclear power and sworn enemy of the US: www.zetter-zeroday.com/uae-recruiti...