CVE-2026-33017: Critical Langflow Vulnerability Exploited Within 20 Hours of Disclosure
The discovery of CVE-2026-33017 reveals a critical remote code execution vulnerability in Langflow that is being actively exploited in the…
Security
Microsoft Xbox One Hacked
It’s an impressive feat, over a decade after the box was released: Since reset glitching wasn’t possible, Gaasedelen thought some…
Friday Squid Blogging: Jumbo Flying Squid in the South Pacific
The population needs better conservation. As usual, you can also use this squid post to talk about the security stories…
Proton Mail Shared User Information with the Police
404 Media has a story about Proton Mail giving subscriber data to the Swiss government, who passed the information to…
Operation GhostMail: Analysis of Russian APT Exploitation of Zimbra XSS
Executive Summary Operation GhostMail is a high-stakes cyber-espionage campaign attributed to the Russian threat actor APT28 (Fancy Bear). By exploiting…
Hacking a Robot Vacuum
Someone tries to remote control his own DJI Romo vacuum, and ends up controlling 7,000 of them from all around…
What is an SSL Stripping Attack and How to Prevent It
For years, people learned to associate HTTPS with a “secure site.” When a browser connects using SSL/TLS, the traffic between…
Meta’s AI Glasses and Privacy
Surprising no one, Meta’s new AI glasses are a privacy disaster. I’m not sure what can be done here. This…
South Korean Police Accidentally Post Cryptocurrency Wallet Password
An expensive mistake: Someone jumped at the opportunity to steal $4.4 million in crypto assets after South Korea’s National Tax…
Weekly Update 495
Presently sponsored by: Report URI: Guarding you from rogue JavaScript! Don’t get pwned; get real-time alerts & prevent breaches #SecureYourSite…