<?xml version="1.0" encoding="UTF-8"?><rss version="2.0"
	xmlns:content="http://purl.org/rss/1.0/modules/content/"
	xmlns:wfw="http://wellformedweb.org/CommentAPI/"
	xmlns:dc="http://purl.org/dc/elements/1.1/"
	xmlns:atom="http://www.w3.org/2005/Atom"
	xmlns:sy="http://purl.org/rss/1.0/modules/syndication/"
	xmlns:slash="http://purl.org/rss/1.0/modules/slash/"
	>

<channel>
	<title>vulnerabilities &#8211; Noise</title>
	<atom:link href="https://noise.getoto.net/tag/vulnerabilities/feed/" rel="self" type="application/rss+xml" />
	<link>https://noise.getoto.net</link>
	<description>The collective thoughts of the interwebz</description>
	<lastBuildDate>Wed, 03 Dec 2025 14:20:00 +0000</lastBuildDate>
	<language>en-US</language>
	<sy:updatePeriod>
	hourly	</sy:updatePeriod>
	<sy:updateFrequency>
	1	</sy:updateFrequency>
	<generator>https://wordpress.org/?v=6.8.2</generator>
	<item>
		<title>Cloudflare WAF proactively protects against React vulnerability</title>
		<link>https://noise.getoto.net/2025/12/03/cloudflare-waf-proactively-protects-against-react-vulnerability/</link>
		
		<dc:creator><![CDATA[Daniele Molteni]]></dc:creator>
		<pubDate>Wed, 03 Dec 2025 14:20:00 +0000</pubDate>
				<category><![CDATA[Cloudforce One]]></category>
		<category><![CDATA[CVE]]></category>
		<category><![CDATA[React]]></category>
		<category><![CDATA[vulnerabilities]]></category>
		<category><![CDATA[waf]]></category>
		<category><![CDATA[web application firewall]]></category>
		<guid isPermaLink="false">http://noise.getoto.net/?guid=c9c13737728b03ef12f953bed1aff92a</guid>

					<description><![CDATA[Cloudflare offers protection against a new high profile vulnerability for React Server Components: CVE-2025-55182. All WAF customers are automatically protected as long as the WAF is deployed.]]></description>
		
		
		<enclosure url="" length="0" type="" />

			</item>
		<item>
		<title>Legal Restrictions on Vulnerability Disclosure</title>
		<link>https://noise.getoto.net/2025/11/19/legal-restrictions-on-vulnerability-disclosure/</link>
		
		<dc:creator><![CDATA[Bruce Schneier]]></dc:creator>
		<pubDate>Wed, 19 Nov 2025 12:04:50 +0000</pubDate>
				<category><![CDATA[courts]]></category>
		<category><![CDATA[disclosure]]></category>
		<category><![CDATA[Uncategorized]]></category>
		<category><![CDATA[video]]></category>
		<category><![CDATA[vulnerabilities]]></category>
		<guid isPermaLink="false">https://www.schneier.com/?p=71198</guid>

					<description><![CDATA[<p>Kendra Albert gave an <a href="https://www.youtube.com/watch?v=lUe3uUvIyT0">excellent talk</a> at USENIX Security this year, pointing out that the legal agreements surrounding vulnerability disclosure muzzle researchers while allowing companies to not fix the vulnerabilities—exactly the opposite of what the responsible disclosure movement of the early 2000s was supposed to prevent. This is the talk.</p>
<blockquote><p>Thirty years ago, a debate raged over whether vulnerability disclosure was good for computer security. On one side, full disclosure advocates argued that software bugs weren’t getting fixed and wouldn’t get fixed if companies that made insecure software wasn’t called out publicly. On the other side, companies argued that full disclosure led to exploitation of unpatched vulnerabilities, especially if they were hard to fix. After blog posts, public debates, and countless mailing list flame wars, there emerged a compromise solution: coordinated vulnerability disclosure, where vulnerabilities were disclosed after a period of confidentiality where vendors can attempt to fix things. Although full disclosure fell out of fashion, disclosure won and security through obscurity lost. We’ve lived happily ever after since...</p></blockquote>]]></description>
		
		
		<enclosure url="" length="0" type="" />

			</item>
		<item>
		<title>Defending QUIC from acknowledgement-based DDoS attacks</title>
		<link>https://noise.getoto.net/2025/10/29/defending-quic-from-acknowledgement-based-ddos-attacks/</link>
		
		<dc:creator><![CDATA[Apoorv Kothari]]></dc:creator>
		<pubDate>Wed, 29 Oct 2025 13:00:00 +0000</pubDate>
				<category><![CDATA[protocols]]></category>
		<category><![CDATA[QUIC]]></category>
		<category><![CDATA[research]]></category>
		<category><![CDATA[security]]></category>
		<category><![CDATA[vulnerabilities]]></category>
		<guid isPermaLink="false">http://noise.getoto.net/?guid=d9c3956d5bb8890f8c2889755f12242f</guid>

					<description><![CDATA[We identified and patched two DDoS vulnerabilities in our QUIC implementation related to packet acknowledgements. Cloudflare customers were not affected. We examine the "Optimistic ACK" attack vector and our solution, which dynamically skips packet numbers to validate client behavior. ]]></description>
		
		
		<enclosure url="" length="0" type="" />

			</item>
		<item>
		<title>Serious F5 Breach</title>
		<link>https://noise.getoto.net/2025/10/23/serious-f5-breach/</link>
		
		<dc:creator><![CDATA[Bruce Schneier]]></dc:creator>
		<pubDate>Thu, 23 Oct 2025 11:04:48 +0000</pubDate>
				<category><![CDATA[breaches]]></category>
		<category><![CDATA[disclosure]]></category>
		<category><![CDATA[Network security]]></category>
		<category><![CDATA[Uncategorized]]></category>
		<category><![CDATA[vulnerabilities]]></category>
		<guid isPermaLink="false">https://www.schneier.com/?p=71041</guid>

					<description><![CDATA[<p><a href="https://arstechnica.com/security/2025/10/breach-of-f5-requires-emergency-action-from-big-ip-users-feds-warn/">This</a> is bad:</p>
<blockquote><p>F5, a Seattle-based maker of networking software, <a href="https://my.f5.com/manage/s/article/K000154696">disclosed the breach</a> on Wednesday. F5 said a “sophisticated” threat group working for an undisclosed nation-state government had surreptitiously and persistently dwelled in its network over a “long-term.” Security researchers who have responded to similar intrusions in the past took the language to mean the hackers were inside the F5 network <a href="https://cyberplace.social/@GossiTheDog/115378445416288653">for years</a>.</p>
<p>During that time, F5 said, the hackers took control of the network segment the company uses to create and distribute updates for BIG IP, a line of server appliances that F5 ...</p></blockquote>]]></description>
		
		
		<enclosure url="" length="0" type="" />

			</item>
		<item>
		<title>Apple’s Bug Bounty Program</title>
		<link>https://noise.getoto.net/2025/10/15/apples-bug-bounty-program/</link>
		
		<dc:creator><![CDATA[Bruce Schneier]]></dc:creator>
		<pubDate>Wed, 15 Oct 2025 11:02:18 +0000</pubDate>
				<category><![CDATA[Apple]]></category>
		<category><![CDATA[exploits]]></category>
		<category><![CDATA[spyware]]></category>
		<category><![CDATA[Uncategorized]]></category>
		<category><![CDATA[vulnerabilities]]></category>
		<guid isPermaLink="false">https://www.schneier.com/?p=70981</guid>

					<description><![CDATA[<p>Apple is now offering a <a href="https://arstechnica.com/security/2025/10/apple-ups-the-reward-for-finding-major-exploits-to-2-million/">$2M</a> <a href="https://www.csoonline.com/article/4071044/apple-bumps-rce-bug-bounties-to-2m-to-counter-commercial-spyware-vendors.html">bounty</a> for a zero-click exploit. According to <a href="https://security.apple.com/blog/apple-security-bounty-evolved/">the Apple website</a>:</p>
<blockquote><p>Today we’re announcing the next major chapter for Apple Security Bounty, featuring the industry’s highest rewards, expanded research categories, and a flag system for researchers to objectively demonstrate vulnerabilities and obtain accelerated awards.</p>
<ol>
<li>We’re doubling our top award to $2 million for exploit chains that can achieve similar goals as sophisticated mercenary spyware attacks. This is an unprecedented amount in the industry and the largest payout offered by any bounty program we’re aware of ­ and our bonus system, providing additional rewards for Lockdown Mode bypasses and vulnerabilities discovered in beta software, can more than double this reward, with a maximum payout in excess of $5 million. We’re also doubling or significantly increasing rewards in many other categories to encourage more intensive research. This includes $100,000 for a complete Gatekeeper bypass, and $1 million for broad unauthorized iCloud access, as no successful exploit has been demonstrated to date in either category.
...</li></ol></blockquote>]]></description>
		
		
		<enclosure url="" length="0" type="" />

			</item>
		<item>
		<title>Autonomous AI Hacking and the Future of Cybersecurity</title>
		<link>https://noise.getoto.net/2025/10/10/autonomous-ai-hacking-and-the-future-of-cybersecurity/</link>
		
		<dc:creator><![CDATA[Bruce Schneier]]></dc:creator>
		<pubDate>Fri, 10 Oct 2025 11:06:53 +0000</pubDate>
				<category><![CDATA[AI]]></category>
		<category><![CDATA[cyberattack]]></category>
		<category><![CDATA[hacking]]></category>
		<category><![CDATA[LLM]]></category>
		<category><![CDATA[Uncategorized]]></category>
		<category><![CDATA[vulnerabilities]]></category>
		<guid isPermaLink="false">https://www.schneier.com/?p=70935</guid>

					<description><![CDATA[<p>AI agents are now hacking computers. They’re getting better at all phases of cyberattacks, faster than most of us expected. They can chain together different aspects of a cyber operation, and hack autonomously, at computer speeds and scale. This is going to change everything.</p>
<p>Over the summer, hackers proved the concept, industry institutionalized it, and criminals operationalized it. In June, AI company XBOW took the <a href="https://www.techrepublic.com/article/news-ai-xbow-tops-hackerone-us-leaderboad">top spot</a> on HackerOne’s US leaderboard after submitting over 1,000 new vulnerabilities in just a few months. In August, the seven teams competing in DARPA’s AI Cyber Challenge ...</p>]]></description>
		
		
		<enclosure url="" length="0" type="" />

			</item>
		<item>
		<title>Safe in the sandbox: security hardening for Cloudflare Workers</title>
		<link>https://noise.getoto.net/2025/09/25/safe-in-the-sandbox-security-hardening-for-cloudflare-workers/</link>
		
		<dc:creator><![CDATA[Erik Corry]]></dc:creator>
		<pubDate>Thu, 25 Sep 2025 14:00:00 +0000</pubDate>
				<category><![CDATA[Attacks]]></category>
		<category><![CDATA[Birthday Week]]></category>
		<category><![CDATA[Cloudflare Workers]]></category>
		<category><![CDATA[Engineering]]></category>
		<category><![CDATA[linux]]></category>
		<category><![CDATA[Malicious JavaScript]]></category>
		<category><![CDATA[security]]></category>
		<category><![CDATA[vulnerabilities]]></category>
		<guid isPermaLink="false">http://noise.getoto.net/?guid=fd8d79357b0568cba93e1074460c9922</guid>

					<description><![CDATA[We are further hardening Cloudflare Workers with the latest software and hardware features. We use defense-in-depth, including V8 sandboxes and the CPU's memory protection keys to keep your data safe.]]></description>
		
		
		<enclosure url="" length="0" type="" />

			</item>
		<item>
		<title>Apple’s New Memory Integrity Enforcement</title>
		<link>https://noise.getoto.net/2025/09/23/apples-new-memory-integrity-enforcement/</link>
		
		<dc:creator><![CDATA[Bruce Schneier]]></dc:creator>
		<pubDate>Tue, 23 Sep 2025 11:07:17 +0000</pubDate>
				<category><![CDATA[Apple]]></category>
		<category><![CDATA[cybersecurity]]></category>
		<category><![CDATA[hardware]]></category>
		<category><![CDATA[integrity]]></category>
		<category><![CDATA[Uncategorized]]></category>
		<category><![CDATA[vulnerabilities]]></category>
		<guid isPermaLink="false">https://www.schneier.com/?p=70843</guid>

					<description><![CDATA[<p>Apple has introduced a new hardware/software security feature in the iPhone 17: “<a href="https://security.apple.com/blog/memory-integrity-enforcement/">Memory Integrity Enforcement</a>,” targeting the memory safety vulnerabilities that spyware products like Pegasus tend to use to get unauthorized system access. From <a href="https://www.wired.com/story/apple-iphone-17-memory-integrity-enforcement/"><i>Wired</i></a>:</p>
<blockquote><p>In recent years, a movement has been steadily growing across the global tech industry to address a ubiquitous and insidious type of bugs known as memory-safety vulnerabilities. A computer’s memory is a shared resource among all programs, and memory safety issues crop up when software can pull data that should be off limits from a computer’s memory or manipulate data in memory that shouldn’t be accessible to the program. When developers—­even experienced and security-conscious developers—­write software in ubiquitous, historic programming languages, like C and C++, it’s easy to make mistakes that lead to memory safety vulnerabilities. That’s why proactive tools like ...</p></blockquote>]]></description>
		
		
		<enclosure url="" length="0" type="" />

			</item>
		<item>
		<title>Time-of-Check Time-of-Use Attacks Against LLMs</title>
		<link>https://noise.getoto.net/2025/09/18/time-of-check-time-of-use-attacks-against-llms/</link>
		
		<dc:creator><![CDATA[Bruce Schneier]]></dc:creator>
		<pubDate>Thu, 18 Sep 2025 11:06:38 +0000</pubDate>
				<category><![CDATA[academic papers]]></category>
		<category><![CDATA[cyberattack]]></category>
		<category><![CDATA[LLM]]></category>
		<category><![CDATA[Uncategorized]]></category>
		<category><![CDATA[vulnerabilities]]></category>
		<guid isPermaLink="false">https://www.schneier.com/?p=70832</guid>

					<description><![CDATA[<p>This is a nice piece of research: “<a href="https://arxiv.org/abs/2508.17155">Mind the Gap: Time-of-Check to Time-of-Use Vulnerabilities in LLM-Enabled Agents</a>“.:</p>
<blockquote><p><b>Abstract:</b> Large Language Model (LLM)-enabled agents are rapidly emerging across a wide range of applications, but their deployment introduces vulnerabilities with security implications. While prior work has examined prompt-based attacks (e.g., prompt injection) and data-oriented threats (e.g., data exfiltration), time-of-check to time-of-use (TOCTOU) remain largely unexplored in this context. TOCTOU arises when an agent validates external state (e.g., a file or API response) that is later modified before use, enabling practical attacks such as malicious configuration swaps or payload injection. In this work, we present the first study of TOCTOU vulnerabilities in LLM-enabled agents. We introduce TOCTOU-Bench, a benchmark with 66 realistic user tasks designed to evaluate this class of vulnerabilities. As countermeasures, we adapt detection and mitigation techniques from systems security to this setting and propose prompt rewriting, state integrity monitoring, and tool-fusing. Our study highlights challenges unique to agentic workflows, where we achieve up to 25% detection accuracy using automated detection methods, a 3% decrease in vulnerable plan generation, and a 95% reduction in the attack window. When combining all three approaches, we reduce the TOCTOU vulnerabilities from an executed trajectory from 12% to 8%. Our findings open a new research direction at the intersection of AI safety and systems security...</p></blockquote>]]></description>
		
		
		<enclosure url="" length="0" type="" />

			</item>
		<item>
		<title>Hacking Electronic Safes</title>
		<link>https://noise.getoto.net/2025/09/17/hacking-electronic-safes/</link>
		
		<dc:creator><![CDATA[Bruce Schneier]]></dc:creator>
		<pubDate>Wed, 17 Sep 2025 11:05:59 +0000</pubDate>
				<category><![CDATA[backdoors]]></category>
		<category><![CDATA[disclosure]]></category>
		<category><![CDATA[Locks]]></category>
		<category><![CDATA[patching]]></category>
		<category><![CDATA[safes]]></category>
		<category><![CDATA[Uncategorized]]></category>
		<category><![CDATA[vulnerabilities]]></category>
		<guid isPermaLink="false">https://www.schneier.com/?p=70818</guid>

					<description><![CDATA[<p>Vulnerabilities in <a href="https://www.wired.com/story/securam-prologic-safe-lock-backdoor-exploits/">electronic safes</a> that use Securam Prologic locks:</p>
<blockquote><p>While both their techniques represent glaring security vulnerabilities, Omo says it’s the one that exploits a feature intended as a legitimate unlock method for locksmiths that’s the more widespread and dangerous. “This attack is something where, if you had a safe with this kind of lock, I could literally pull up the code right now with no specialized hardware, nothing,” Omo says. “All of a sudden, based on our testing, it seems like people can get into almost any Securam Prologic lock in the world.”...</p></blockquote>]]></description>
		
		
		<enclosure url="" length="0" type="" />

			</item>
		<item>
		<title>Lawsuit About WhatsApp Security</title>
		<link>https://noise.getoto.net/2025/09/15/lawsuit-about-whatsapp-security/</link>
		
		<dc:creator><![CDATA[Bruce Schneier]]></dc:creator>
		<pubDate>Mon, 15 Sep 2025 11:05:45 +0000</pubDate>
				<category><![CDATA[Facebook]]></category>
		<category><![CDATA[Uncategorized]]></category>
		<category><![CDATA[vulnerabilities]]></category>
		<category><![CDATA[whatsapp]]></category>
		<category><![CDATA[whistleblowers]]></category>
		<guid isPermaLink="false">https://www.schneier.com/?p=70758</guid>

					<description><![CDATA[<p>Attaullah Baig, WhatsApp’s former head of security, has filed a <a href="https://arstechnica.com/security/2025/09/former-whatsapp-security-boss-sues-meta-for-systemic-cybersecurity-failures/">whistleblower</a> lawsuit alleging that Facebook deliberately failed to fix a bunch of security flaws, in violation of its 2019 settlement agreement with the Federal Trade Commission.</p>
<blockquote><p>The lawsuit, alleging violations of the whistleblower protection provision of the Sarbanes-Oxley Act passed in 2002, said that in 2022, roughly 100,000 WhatsApp users had their accounts hacked every day. By last year, the complaint alleged, as many as 400,000 WhatsApp users were getting locked out of their accounts each day as a result of such account takeovers...</p></blockquote>]]></description>
		
		
		<enclosure url="" length="0" type="" />

			</item>
		<item>
		<title>MadeYouReset: An HTTP/2 vulnerability thwarted by Rapid Reset mitigations</title>
		<link>https://noise.getoto.net/2025/08/15/madeyoureset-an-http-2-vulnerability-thwarted-by-rapid-reset-mitigations/</link>
		
		<dc:creator><![CDATA[Alex Forster]]></dc:creator>
		<pubDate>Thu, 14 Aug 2025 22:03:00 +0000</pubDate>
				<category><![CDATA[Attacks]]></category>
		<category><![CDATA[ddos]]></category>
		<category><![CDATA[security]]></category>
		<category><![CDATA[vulnerabilities]]></category>
		<guid isPermaLink="false">http://noise.getoto.net/?guid=3ada2472ff9e62157d1d588e57d5953b</guid>

					<description><![CDATA[A new HTTP/2 denial-of-service (DoS) vulnerability called MadeYouReset was recently disclosed by security researchers. Cloudflare HTTP DDoS mitigation, already protects from MadeYouReset.]]></description>
		
		
		<enclosure url="" length="0" type="" />

			</item>
		<item>
		<title>Friday Squid Blogging: New Vulnerability in Squid HTTP Proxy Server</title>
		<link>https://noise.getoto.net/2025/08/09/friday-squid-blogging-new-vulnerability-in-squid-http-proxy-server/</link>
		
		<dc:creator><![CDATA[Bruce Schneier]]></dc:creator>
		<pubDate>Fri, 08 Aug 2025 23:22:02 +0000</pubDate>
				<category><![CDATA[squid]]></category>
		<category><![CDATA[Uncategorized]]></category>
		<category><![CDATA[vulnerabilities]]></category>
		<guid isPermaLink="false">https://www.schneier.com/?p=70574</guid>

					<description><![CDATA[In a rare squid/security combined post, a new vulnerability was discovered in the Squid HTTP proxy server.
]]></description>
		
		
		<enclosure url="" length="0" type="" />

			</item>
		<item>
		<title>Google Project Zero Changes Its Disclosure Policy</title>
		<link>https://noise.getoto.net/2025/08/08/google-project-zero-changes-its-disclosure-policy/</link>
		
		<dc:creator><![CDATA[Bruce Schneier]]></dc:creator>
		<pubDate>Fri, 08 Aug 2025 11:01:14 +0000</pubDate>
				<category><![CDATA[disclosure]]></category>
		<category><![CDATA[google]]></category>
		<category><![CDATA[patching]]></category>
		<category><![CDATA[Uncategorized]]></category>
		<category><![CDATA[vulnerabilities]]></category>
		<guid isPermaLink="false">https://www.schneier.com/?p=70559</guid>

					<description><![CDATA[<p>Google’s vulnerability finding team is again <a href="https://www.infosecurity-magazine.com/news/google-report-new-vulnerabilities/">pushing the envelope</a> of responsible disclosure:</p>
<blockquote><p>Google’s Project Zero team will retain its existing 90+30 policy regarding vulnerability disclosures, in which it provides vendors with 90 days before full disclosure takes place, with a 30-day period allowed for patch adoption if the bug is fixed before the deadline.</p>
<p>However, as of July 29, Project Zero will also release limited details about any discovery they make within one week of vendor disclosure. This information will encompass:</p>
<ul>
<li>The vendor or open-source project that received the report
...</li></ul></blockquote>]]></description>
		
		
		<enclosure url="" length="0" type="" />

			</item>
		<item>
		<title>Vulnerability disclosure on SSL for SaaS v1 (Managed CNAME)</title>
		<link>https://noise.getoto.net/2025/08/01/vulnerability-disclosure-on-ssl-for-saas-v1-managed-cname/</link>
		
		<dc:creator><![CDATA[Mia Malden]]></dc:creator>
		<pubDate>Fri, 01 Aug 2025 13:00:00 +0000</pubDate>
				<category><![CDATA[Cloudflare for SaaS]]></category>
		<category><![CDATA[security]]></category>
		<category><![CDATA[vulnerabilities]]></category>
		<guid isPermaLink="false">http://noise.getoto.net/?guid=d05198729390adb3c92734229a7872e2</guid>

					<description><![CDATA[An upcoming vulnerability disclosure in Cloudflare’s SSL for SaaSv1 is detailed, explaining the steps we’ve taken towards deprecation.]]></description>
		
		
		<enclosure url="" length="0" type="" />

			</item>
		<item>
		<title>Spying on People Through Airportr Luggage Delivery Service</title>
		<link>https://noise.getoto.net/2025/08/01/spying-on-people-through-airportr-luggage-delivery-service/</link>
		
		<dc:creator><![CDATA[Bruce Schneier]]></dc:creator>
		<pubDate>Fri, 01 Aug 2025 11:07:28 +0000</pubDate>
				<category><![CDATA[air travel]]></category>
		<category><![CDATA[hacking]]></category>
		<category><![CDATA[Uncategorized]]></category>
		<category><![CDATA[vulnerabilities]]></category>
		<guid isPermaLink="false">https://www.schneier.com/?p=70536</guid>

					<description><![CDATA[<p>Airportr is a service that allows passengers to have their luggage picked up, checked, and  delivered to their destinations. As you might expect, it’s used by wealthy or important people. So if the company’s website is <a href="https://www.wired.com/story/luggage-service-web-bugs-exposed-travel-plans-users-diplomats-airportr/">insecure</a>, you’d be able to spy on lots of wealthy or important people. And maybe even steal their luggage.</p>
<blockquote><p>Researchers at the firm CyberX9 found that simple bugs in Airportr’s website allowed them to access virtually all of those users’ personal information, including travel plans, or even gain administrator privileges that would have allowed a hacker to redirect or steal luggage in transit. Among even the small sample of user data that the researchers reviewed and shared with WIRED they found what appear to be the personal information and travel records of multiple government officials and diplomats from the UK, Switzerland, and the US...</p></blockquote>]]></description>
		
		
		<enclosure url="" length="0" type="" />

			</item>
		<item>
		<title>Microsoft SharePoint Zero-Day</title>
		<link>https://noise.getoto.net/2025/07/28/microsoft-sharepoint-zero-day/</link>
		
		<dc:creator><![CDATA[Bruce Schneier]]></dc:creator>
		<pubDate>Mon, 28 Jul 2025 11:09:22 +0000</pubDate>
				<category><![CDATA[exploits]]></category>
		<category><![CDATA[hacking]]></category>
		<category><![CDATA[microsoft]]></category>
		<category><![CDATA[Uncategorized]]></category>
		<category><![CDATA[vulnerabilities]]></category>
		<category><![CDATA[zero day]]></category>
		<guid isPermaLink="false">https://www.schneier.com/?p=70517</guid>

					<description><![CDATA[<p>Chinese hackers are exploiting a high-severity vulnerability in Microsoft SharePoint to <a href="https://arstechnica.com/security/2025/07/sharepoint-vulnerability-with-9-8-severity-rating-is-under-exploit-across-the-globe/">steal data</a> worldwide:</p>
<blockquote><p>The vulnerability, tracked as CVE-2025-53770, carries a severity rating of 9.8 out of a possible 10. It gives unauthenticated remote access to SharePoint Servers exposed to the Internet. Starting Friday, researchers began warning of active exploitation of the vulnerability, which affects SharePoint Servers that infrastructure customers run in-house. Microsoft’s cloud-hosted SharePoint Online and Microsoft 365 are not affected.</p></blockquote>
<p><a href="https://msrc.microsoft.com/blog/2025/07/customer-guidance-for-sharepoint-vulnerability-cve-2025-53770/">Here’s...</a></p>]]></description>
		
		
		<enclosure url="" length="0" type="" />

			</item>
		<item>
		<title>Another Supply Chain Vulnerability</title>
		<link>https://noise.getoto.net/2025/07/21/another-supply-chain-vulnerability/</link>
		
		<dc:creator><![CDATA[Bruce Schneier]]></dc:creator>
		<pubDate>Mon, 21 Jul 2025 11:04:59 +0000</pubDate>
				<category><![CDATA[china]]></category>
		<category><![CDATA[risks]]></category>
		<category><![CDATA[supply chain]]></category>
		<category><![CDATA[Uncategorized]]></category>
		<category><![CDATA[vulnerabilities]]></category>
		<guid isPermaLink="false">https://www.schneier.com/?p=70490</guid>

					<description><![CDATA[<p>ProPublica is <a href="https://www.propublica.org/article/microsoft-digital-escorts-pentagon-defense-department-china-hackers">reporting</a>:</p>
<blockquote><p>Microsoft is using engineers in China to help maintain the Defense Department’s computer systems—with minimal supervision by U.S. personnel—leaving some of the nation’s most sensitive data vulnerable to hacking from its leading cyber adversary, a ProPublica investigation has found.</p>
<p>The arrangement, which was critical to Microsoft winning the federal government’s cloud computing business a decade ago, relies on U.S. citizens with security clearances to oversee the work and serve as a barrier against espionage and sabotage...</p></blockquote>]]></description>
		
		
		<enclosure url="" length="0" type="" />

			</item>
		<item>
		<title>Security Vulnerabilities in ICEBlock</title>
		<link>https://noise.getoto.net/2025/07/17/security-vulnerabilities-in-iceblock/</link>
		
		<dc:creator><![CDATA[Bruce Schneier]]></dc:creator>
		<pubDate>Thu, 17 Jul 2025 11:06:51 +0000</pubDate>
				<category><![CDATA[anonymity]]></category>
		<category><![CDATA[ios]]></category>
		<category><![CDATA[Privacy]]></category>
		<category><![CDATA[Uncategorized]]></category>
		<category><![CDATA[vulnerabilities]]></category>
		<guid isPermaLink="false">https://www.schneier.com/?p=70479</guid>

					<description><![CDATA[<p>The ICEBlock tool has <a href="https://www.theverge.com/cyber-security/707116/iceblock-data-privacy-security-android-version">vulnerabilities</a>:</p>
<blockquote><p>The developer of ICEBlock, an iOS app for anonymously reporting sightings of US Immigration and Customs Enforcement (ICE) officials, promises that it “ensures user privacy by storing no personal data.” But that claim has come under scrutiny. ICEBlock creator Joshua Aaron has been accused of making false promises regarding user anonymity and privacy, being “misguided” about the privacy offered by iOS, and of being an Apple fanboy. The issue isn’t what ICEBlock stores. It’s about what it could accidentally reveal through its tight integration with iOS...</p></blockquote>]]></description>
		
		
		<enclosure url="" length="0" type="" />

			</item>
		<item>
		<title>New Linux Vulnerabilities</title>
		<link>https://noise.getoto.net/2025/06/03/new-linux-vulnerabilities/</link>
		
		<dc:creator><![CDATA[Bruce Schneier]]></dc:creator>
		<pubDate>Tue, 03 Jun 2025 11:07:32 +0000</pubDate>
				<category><![CDATA[linux]]></category>
		<category><![CDATA[passwords]]></category>
		<category><![CDATA[Uncategorized]]></category>
		<category><![CDATA[vulnerabilities]]></category>
		<guid isPermaLink="false">https://www.schneier.com/?p=70309</guid>

					<description><![CDATA[<p>They’re <a href="https://thehackernews.com/2025/05/new-linux-flaws-allow-password-hash.html">interesting</a>:</p>
<blockquote><p>Tracked as <a href="https://www.openwall.com/lists/oss-security/2025/05/29/3">CVE-2025-5054 and CVE-2025-4598</a>, both vulnerabilities are race condition bugs that could enable a local attacker to obtain access to access sensitive information. Tools like Apport and systemd-coredump are designed to handle crash reporting and core dumps in Linux systems.</p>
<p>[…]</p>
<p>“This means that if a local attacker manages to induce a crash in a privileged process and quickly replaces it with another one with the same process ID that resides inside a mount and pid namespace, apport will attempt to forward the core dump (which might contain sensitive information belonging to the original, privileged process) into the namespace.”...</p></blockquote>]]></description>
		
		
		<enclosure url="" length="0" type="" />

			</item>
	</channel>
</rss>

<!--
Performance optimized by W3 Total Cache. Learn more: https://www.boldgrid.com/w3-total-cache/

Object Caching 48/355 objects using Memcached
Page Caching using Disk: Enhanced 
Lazy Loading (feed)
Database Caching using Memcached

Served from: noise.getoto.net @ 2025-12-11 21:34:19 by W3 Total Cache
-->