freeatlantis.com is one of the many independent Mastodon servers you can use to participate in the fediverse.

Administered by:

Server stats:

197
active users

#hacking

2 posts2 participants0 posts today

GNU Emacs: new critical remote shell injection vulnerability.

Red Hat discovered a command injection flaw in the text editor Emacs. It allows a remote, unauthenticated attacker to execute any command on your computer. The vulnerability is activated when you visit a malicious website or link.

cve.org/CVERecord?id=CVE-2025-

---

#news #software #gnu #emacs #security #hacking #terminal #linux #cve #opensource #freesoftware

---

Mitigation: uninstall/update immediately.

Computerworld: US Government sued after mass emails to federal workforce allegedly sent from insecure server

"...Musk appointees allegedly plugged their own email server into OPM network, breaking data security rules. ... The suit was filed after OPM sent two test emails to an estimated 2.3 million federal employees in a way that, the suit alleges, broke the E-Government Act of 2002 and was inherently insecure. Those rules require that a Privacy Impact Assessment (PIA) be carried out first.... The OPM did not immediately respond to questions sent to the hr@opm.gov email address."

computerworld.com/article/3812 #cybersecurity #email #insecure #hacking #Musk #Politics #USpol

Computerworld · US Government sued after mass emails to federal workforce allegedly sent from insecure serverBy John E. Dunn

(1/2) In another life I wrote about data breaches. Surprisingly hacks usually resulted from basic attack patterns. Often just credential abuse. Effectively knowledge asymmetry + exploitation of trust.

Once I noticed this, I saw the pattern everywhere. Companies finding ways to sell harmful products. The wealthy using clout to avoid legal consequences. Building systems resistant to trust violations is hard. Thinking about this has become a bit of an obsession.

"Hackers leaked thousands of files from Lexipol, a Texas-based company that develops policy manuals, training bulletins, and consulting services for first responders... The data, a sample of which was given to the Daily Dot by a group referring to itself as “the puppygirl hacker polycule,” includes approximately 8,543 files related to training, procedural, and policy manuals, as well as customer records that contain names, usernames, agency names, hashed passwords, physical addresses, email addresses, and phone numbers.

As noted by the Texas Law Review, “although there are other private, nonprofit, and government entities that draft police policies, Lexipol is now a dominant force in police policymaking across the country.”

Lexipol has also been criticized for its resistance to police reform. The company’s manuals often exclude reform proposals such as requiring de-escalation and prohibitions on chokeholds.

Founded by two former police officers-turned-lawyers in 2003, Lexipol has increased its customer base significantly over the years. The company has also caught the attention of civil liberties groups that have accused Lexipol of helping violent officers evade justice by crafting policies that provide broad discretion in use-of-force situations."

dailydot.com/debug/lexipol-dat

The Daily Dot · EXCLUSIVE: Hackers leak cop manuals for departments nationwide after breaching major providerCritics accuse the company of wielding outsized private influence on public policing.
Continued thread

"That is both because of the risk that the new policy presents of the disclosure of sensitive & confidential information & the heightened risk that the systems in question will be more vulnerable than before to #hacking," Engelmayer wrote.

His order bars access from being granted to #Treasury Dept payment & data systems by #political appointees, special government employees [#SGE] & government employees detailed from an agency outside the Treasury Dept.
#law #Cybersecurity #InfoSec #Musk #Trump