Forwarded from The Tor Project
PSA: Older Tor Browsers (13.5.11) Breaking, Update Now!
The expiration, happening on March 14 2025, of a root certificate used by Mozilla for add-ons verification on Firefox 115.12 and below, can suddenly disable extensions, including the built-in NoScript, and cause functionality such as the Security Slider to break on Tor Browser versions older than 13.5.11 legacy.
We hope the vast majority of Tor Browser users are already up-to-date with the latest available version for their OS, currently 14.0.7 stable or 13.5.13 legacy, which also provide the newest security fixes.
The few who are not yet, should update immediately from the Tor Browser download page in order to prevent the aforementioned functionality breakage and other security risks.
https://telegra.ph/Older-Tor-Browsers-Breaking-Update-Now-03-13
The expiration, happening on March 14 2025, of a root certificate used by Mozilla for add-ons verification on Firefox 115.12 and below, can suddenly disable extensions, including the built-in NoScript, and cause functionality such as the Security Slider to break on Tor Browser versions older than 13.5.11 legacy.
We hope the vast majority of Tor Browser users are already up-to-date with the latest available version for their OS, currently 14.0.7 stable or 13.5.13 legacy, which also provide the newest security fixes.
The few who are not yet, should update immediately from the Tor Browser download page in order to prevent the aforementioned functionality breakage and other security risks.
https://telegra.ph/Older-Tor-Browsers-Breaking-Update-Now-03-13
Telegraph
Older Tor Browsers Breaking, Update Now!
The expiration, happening on March 14 2025, of a root certificate used by Mozilla for add-ons verification on Firefox 115.12 and below, can suddenly disable extensions, including the built-in NoScript, and cause functionality such as the Security Slider to…
👍13❤11🔥5💩1
Researchers at the Citizen Lab and Princeton evaluated the network security of Android apps & found that a large portion of popular Chinese apps use broken proprietary network protocols instead of TLS.
Read the paper here
https://www.computer.org/csdl/proceedings-article/sp/2025/223600d916/26hiVQjbZqE
@kalilinux
Read the paper here
https://www.computer.org/csdl/proceedings-article/sp/2025/223600d916/26hiVQjbZqE
@kalilinux
👍10❤4🤔3🔥1
The FreeBSD laptop team noted in one of their recent monthly status updates:
@kalilinux
For FreeBSD 15.0, our goal is to extend the FreeBSD installer to offer a minimal KDE-based desktop as an install option. The initial concept is a low-interaction installation process that, upon completion, brings the user directly to a KDE graphical login screen.
We are currently evaluating the required pkg dependencies to automatically select appropriate graphics drivers.
@kalilinux
GitHub
proj-laptop/monthly-updates/2025-06.md at main · FreeBSDFoundation/proj-laptop
The FreeBSD Foundation's Laptop Support and Usability Improvements project aims to deliver a package of improved or new FreeBSD functionality that, together, will ensure that it runs well “...
👏8🔥3
In a supply chain attack, attackers have injected #malware into #NPM packages with over 2.6 billion weekly downloads after compromising a maintainer's account in a #phishing attack.
The #malicious code only impacts individuals accessing the compromised applications over the #web, monitoring for #cryptocurrency addresses and transactions that are then redirected to attacker-controlled wallet addresses. This causes the transaction to be hijacked by the attackers rather than being sent to the intended address.
The author has been notified and is actively working with the NPM #security team to resolve the issue. The malicious #code has already been removed from most of the affected packages, and the situation is being remediated.
However, it is crucial to audit your projects, as compromised versions may still be present in your dependencies or lockfiles
[read more]
@kalilinux
The #malicious code only impacts individuals accessing the compromised applications over the #web, monitoring for #cryptocurrency addresses and transactions that are then redirected to attacker-controlled wallet addresses. This causes the transaction to be hijacked by the attackers rather than being sent to the intended address.
The author has been notified and is actively working with the NPM #security team to resolve the issue. The malicious #code has already been removed from most of the affected packages, and the situation is being remediated.
However, it is crucial to audit your projects, as compromised versions may still be present in your dependencies or lockfiles
[read more]
@kalilinux
😱11🤯5❤3🤔2
Media is too big
VIEW IN TELEGRAM
Some nerds got ChatGPT to leak your private email data 💀💀
All you need? The victim's email address. ⛓️💥🚩📧
And with just the victim's email, they managed to exfiltrate all the victim's private information.
https://x.com/Eito_Miyamura/status/1966541235306237985
@kalilinux
All you need? The victim's email address. ⛓️💥🚩📧
And with just the victim's email, they managed to exfiltrate all the victim's private information.
https://x.com/Eito_Miyamura/status/1966541235306237985
@kalilinux
🤯7😱5❤3😁2⚡1👍1
China’s Great Firewall suffers its biggest leak ever as 500GB of source code and docs spill online — censorship tool has been sold to different countries. the company not only provides services to governments in places like Xinjiang, Jiangsu, and Fujian, but also exports censorship and surveillance technology to countries such as Myanmar, Pakistan, Ethiopia, Kazakhstan, and other unidentified country under the “Belt and Road” framework.
Contained in the leak are what appear to be full build systems for deep packet inspection platforms, as well as code modules that reference the identification and throttling of specific circumvention tools.
https://gfw.report/blog/geedge_and_mesa_leak/en/
@kalilinux
Contained in the leak are what appear to be full build systems for deep packet inspection platforms, as well as code modules that reference the identification and throttling of specific circumvention tools.
https://gfw.report/blog/geedge_and_mesa_leak/en/
@kalilinux
GFW Report
Geedge & MESA Leak: Analyzing the Great Firewall’s Largest Document Leak
The Great Firewall of China (GFW) experienced the largest leak of internal documents in its history on Thursday September 11, 2025. Over 500 GB of source code, work logs, and internal communication records were leaked, revealing details of the GFW's research…
😨6❤3👍2
🚨 #CHATCONTROL FAILS AGAIN 🚨
AGAINST (9):
🇦🇹 Austria · 🇧🇪 Belgium · 🇨🇿 Czechia · 🇫🇮 Finland · 🇩🇪 Germany · 🇱🇺 Luxembourg · 🇳🇱 Netherlands · 🇵🇱 Poland · 🇸🇰 Slovakia
🔴 IN FAVOR (14):
🇧🇬 Bulgaria · 🇭🇷 Croatia · 🇨🇾 Cyprus · 🇩🇰 Denmark · 🇫🇷 France · 🇭🇺 Hungary · 🇮🇪 Ireland · 🇮🇹 Italy · 🇱🇻 Latvia · 🇱🇹 Lithuania · 🇲🇹 Malta · 🇵🇹 Portugal · 🇪🇸 Spain · 🇸🇪 Sweden
UNDECIDED (4):
🇪🇪 Estonia · 🇬🇷 Greece · 🇷🇴 Romania · 🇸🇮 Slovenia
👉 The proposal reintroduced by 🇩🇰 Denmark under its EU presidency (July 2025) has failed for the third time
💥 With Germany and Luxembourg joining the opposition, a blocking minority was formed (at least 4 States + 35% of EU population)
📌 Result: no agreement, no vote in October.
Even if Denmark tries again, Europe has once more resisted this absurdity
@kalilinux
AGAINST (9):
🇦🇹 Austria · 🇧🇪 Belgium · 🇨🇿 Czechia · 🇫🇮 Finland · 🇩🇪 Germany · 🇱🇺 Luxembourg · 🇳🇱 Netherlands · 🇵🇱 Poland · 🇸🇰 Slovakia
🔴 IN FAVOR (14):
🇧🇬 Bulgaria · 🇭🇷 Croatia · 🇨🇾 Cyprus · 🇩🇰 Denmark · 🇫🇷 France · 🇭🇺 Hungary · 🇮🇪 Ireland · 🇮🇹 Italy · 🇱🇻 Latvia · 🇱🇹 Lithuania · 🇲🇹 Malta · 🇵🇹 Portugal · 🇪🇸 Spain · 🇸🇪 Sweden
UNDECIDED (4):
🇪🇪 Estonia · 🇬🇷 Greece · 🇷🇴 Romania · 🇸🇮 Slovenia
👉 The proposal reintroduced by 🇩🇰 Denmark under its EU presidency (July 2025) has failed for the third time
💥 With Germany and Luxembourg joining the opposition, a blocking minority was formed (at least 4 States + 35% of EU population)
📌 Result: no agreement, no vote in October.
Even if Denmark tries again, Europe has once more resisted this absurdity
@kalilinux
❤22🔥10
#Discord customer service data breach leaks user info and scanned photo IDs
The #attack has provided the #attacker with access to some of users' personal data. Specifically, data associated with customer support and Discord trust and safety team communications[who would've thought!]. Although the attack was not against Discord’s own servers, but rather those of a third-party providing customer service resources.
@kalilinux
The #attack has provided the #attacker with access to some of users' personal data. Specifically, data associated with customer support and Discord trust and safety team communications[who would've thought!]. Although the attack was not against Discord’s own servers, but rather those of a third-party providing customer service resources.
@kalilinux
Discord
Update on a Security Incident Involving Third-Party Customer Service | Discord
At Discord, protecting the privacy and security of our users is a top priority. That’s why it’s important to us that we’re transparent with them about events that impact their personal information.
😱7👨💻2❤1
Affinity’s new design platform combines everything into one app and is now FREE for everyone as the editing software is reborn as Affinity Studio!
Canva is now relaunching its Adobe-rivalling Affinity creative suite as a new all-in-one app for photo editing, vector illustration, and page layouts. Unlike Affinity’s previous Designer, Photo, and Publisher software, which were a one-time $70 purchase, Canva’s announcement stresses that the new Affinity app is “free forever” and won’t require a subscription.
https://www.affinity.studio/get-affinity
@kalilinux
Canva is now relaunching its Adobe-rivalling Affinity creative suite as a new all-in-one app for photo editing, vector illustration, and page layouts. Unlike Affinity’s previous Designer, Photo, and Publisher software, which were a one-time $70 purchase, Canva’s announcement stresses that the new Affinity app is “free forever” and won’t require a subscription.
https://www.affinity.studio/get-affinity
@kalilinux
Affinity
Get Affinity | Pro Power with No Strings Attached
See how Affinity makes professional design accessible to everyone. Fully featured, and creative freedom for all.
❤6⚡3🔥2
https://www.theguardian.com/technology/2025/nov/18/cloudflare-outage-causes-error-messages-across-the-internet
@kalilinux
@kalilinux
the Guardian
Cloudflare outage causes error messages across the internet
US company that defends millions of websites against malicious attacks says it believes issue ‘is now resolved’
🔥6❤2
Shai-Hulud malware infects 500 npm packages, leaks secrets on GitHub
https://www.bleepingcomputer.com/news/security/shai-hulud-malware-infects-500-npm-packages-leaks-secrets-on-github
@kalilinux
https://www.bleepingcomputer.com/news/security/shai-hulud-malware-infects-500-npm-packages-leaks-secrets-on-github
@kalilinux
BleepingComputer
Shai-Hulud malware infects 500 npm packages, leaks secrets on GitHub
Hundreds of trojanized versions of well-known packages such as Zapier, ENS Domains, PostHog, and Postman have been planted in the npm registry in a new Shai-Hulud supply-chain campaign.
❤2👍2
CVE-2025-55182 (React) and CVE-2025-66478 (Next.js) are critical unauthenticated RCE vulnerabilities in the React Server Components (RSC) "Flight" protocol.
Default configurations are vulnerable – a standard Next.js app created with create-next-app and built for production can be exploited with no code changes by the developer.
https://www.wiz.io/blog/critical-vulnerability-in-react-cve-2025-55182
@kalilinux
Default configurations are vulnerable – a standard Next.js app created with create-next-app and built for production can be exploited with no code changes by the developer.
https://www.wiz.io/blog/critical-vulnerability-in-react-cve-2025-55182
@kalilinux
wiz.io
React2Shell (CVE-2025-55182): Critical React Vulnerability | Wiz Blog
React2Shell (CVE-2025-55182) is a critical RCE vulnerability in React Server Components. Learn which versions are impacted and how to mitigate.
😱8❤3
EFF is fighting back against tyrants abusing tech by
🔨 Creating tools to protect your digital rights
📸 Pushing back against surveillance regimes
📣 Safeguarding your right to speak your mind online
They just need your support: eff.org/power-up
🔨 Creating tools to protect your digital rights
📸 Pushing back against surveillance regimes
📣 Safeguarding your right to speak your mind online
They just need your support: eff.org/power-up
Electronic Frontier Foundation
Privacy & Free Speech Uphold Democracy
Don't let tyrants co-opt tech. Join EFF today.
❤5
Media is too big
VIEW IN TELEGRAM
LibXML2, Used by Steam, Chromium, Others is Now Abandoned
An open source library used by many of the most well known applications, including VirtualBox, GNOME, Edge, & VLC, has been officially abandoned and is now marked as "unmaintained".
https://gitlab.gnome.org/GNOME/libxml2/-/commit/9c80a89a
@kalilinux
An open source library used by many of the most well known applications, including VirtualBox, GNOME, Edge, & VLC, has been officially abandoned and is now marked as "unmaintained".
https://gitlab.gnome.org/GNOME/libxml2/-/commit/9c80a89a
@kalilinux
🤯9❤1