Notices by Christoffer S. (nopatience@swecyb.com)

@GossiTheDog Worth mentioning that Node.js appears affected 15.x and 16.x.

https://nextjs.org/blog/CVE-2025-66478

@GossiTheDog I'm seeing the same thing, several orders of magnitude more retries than usual.

Why? I mean... how could many small instances possibly need "protection" from Cloudflare? C'mon the fuck on.

Get something like Anubis (https://github.com/TecharoHQ/anubis) and be done with it.

Cloudlare? ...Shsszz...

In the words of my dear internet friend @cR0w

... path traversal ( ../ ) vulnerability in Smithery.ai, a popular Model Context Protocol (MCP) server hosting service.

Go hack some AI shit.

https://blog.gitguardian.com/breaking-mcp-server-hosting/

#Cybersecurity #AI #MCP

@dansup How do you intend on making Loops continued development sustainable over time?

It's one thing to support creators, and I'm obviously all for it, but would also argue that it's quite important that the platform gets sufficient support as well!

@dansup I'm quite excited about this. Because I have decided to put online a "controlled" environment for my daughter and her friends at school, and involve other parents in "responsible" use of Social Media.

I want to give them the opportunity to make and share videos, but at the same time allow them a more ... slow and control progression towards a federated instance.

So for me Loops in a non-federated configuration is ideal (at the moment)! ;-)

Thank you so much for building this. I can't wait to tell my daughter that she is finally going to get "TikTok"... ;-)

@DamonCrowley Ah shite... would have loved to get that as a big print... got an A2 printer at home ;-)

@_z_ @DamonCrowley

Thank you so much for that. I clicked all the links, and I purchased a 50x70 picture.

Hopefully I'll get something ;-)

@evan I don't like the premise, 'speaking negatively'.

You can certainly speak critically and constructively about another network but ultimately why?

Let's continue to evolve the network we're on and speak constructively about how to make THIS better instead of focusing our limited energy on how the other ones are wrong.

I've done my fair share of bashing of BSky for example, but I've come to realize... I don't know enough to make assertions about other networks.

I only know that I like the "ideals" behind ActivityPub and it resonates with me on a deeper level than what other networks have done.

... I'm ranting. Let's stop focusing on other networks, and focus more on "our own" and make this one better. That's all I'm trying to say I guess.

@GossiTheDog Cheap will almost always prevail, until it doesn't.

TrendMicro has published an analysis of Warlock, the ransomware group that most likely was behind the attack on Colt.

https://www.trendmicro.com/en_us/research/25/h/warlock-ransomware.html

@GossiTheDog @campuscodi
#ThreatIntel #Cybersecurity #Infosec

@GossiTheDog Cloudflare.

@GossiTheDog https://www.cloudflarestatus.com/

@argv_minus_one @GossiTheDog

I genuinely think that #Passkeys may be the first and only real solution in decades to have a chance at replacing the password/MFA issues.

It will work for individuals as well as organizations and their employees.

Until then we'll have to accept reality which is compromised private computers leaking credentials, and having enforced MFA will help in some instances.

Smart cards has never, imho, been a realistic solution to almost any organisations; ever.

@argv_minus_one
Impractical, expensive, not especially user friendly. Sure they are secure, but there are so many other things (again, imho) that makes them not ideal to use for carrying user identities.
@GossiTheDog

(sophos.com) Evilginx: How Attackers Bypass MFA Through Adversary-in-the-Middle Attacks https://news.sophos.com/en-us/2025/03/28/stealing-user-credentials-with-evilginx/

A short descriptive article about Evilginx and how stealing credentials work, a few suggested ways of detecting etc.

Summary:
This article examines Evilginx, a tool that leverages the legitimate nginx web server to conduct Adversary-in-the-Middle (AitM) attacks that can bypass multifactor authentication (MFA). The tool works by proxying web traffic through malicious sites that mimic legitimate services like Microsoft 365, capturing not only usernames and passwords but also session tokens. The article demonstrates how Evilginx operates, showing how attackers can gain full access to a user's account even when protected by MFA. It provides detection methods through Azure/Microsoft 365 logs and suggests both preemptive and reactive mitigations, emphasizing the need to move toward phishing-resistant FIDO2-based authentication methods.

#Cybersecurity #ThreatIntel #Evilginx #Phishing #Credentials #MFA #Azure #Sophos

@troed Feel free to explain, and interpret "the latest" as fitting for your particular context.

I'm genuinely interested to hear what people, of different roles, do to keep up. Consider it part of a research project if that helps ;-)

Can I pick the collective brain a bit about "keeping up" with #Cybersecurity ?

How do you do it? What's your primary way of ensuring you stay up-to-date with... the latest?

It would appear as if Wiz may have discovered another supply-chain compromise:

https://www.wiz.io/blog/new-github-action-supply-chain-attack-reviewdog-action-setup

The attack involved compromising the v1 tag of reviewdog/action-setup between March 11th 18:42 and 20:31 UTC. Unlike the tj-actions attack that used curl to retrieve a payload, this attack directly inserted a base64-encoded malicious payload into the install.sh file. When executed, the code dumped CI runner memory containing workflow secrets, which were then visible in logs as double-encoded base64 strings. The attack chain appears to have started with the compromise of reviewdog/action-setup, which was then used to compromise the tj-actions-bot Personal Access Token (PAT), ultimately leading to the compromise of tj-actions/changed-files. Organizations are advised to check for affected repositories using GitHub queries, examine workflow logs for evidence of compromise, rotate any leaked secrets, and implement preventive measures like pinning actions to specific commit hashes rather than version tags.

#CyberSecurity #SupplyChain

@anderseknert
For wherever it's worth, I'm a swede and this did indeed happen.

I would like to see the fact checking process of the mods to reach the stated conclusion.

I appreciate that many do this on a volunteer basis, but then we need to be even more considerate and ensure we work together.

Of course it will be reported by some as fake news, or course. But... No.

@GossiTheDog @dangoodin

If you perhaps remember the attack against TietoEvry in Sweden... there has been speculation that it was executed because of exactly this.

Attacker escaped from VM into the entire VMware cluster... which led to pretty much a full compromise of the entire datacenter.

Now it's NOT KNOWN whether this was the actual flaw that led to the successful attack, but it certainly is a very plausible (and viable) vector.