Multiple security issues have been found in the Mozilla Firefox web
browser, which could potentially result in the execution of arbitrary
code, cross-site scripting, spoofing or information disclosure.
thunderbird-115.16.1-1.fc39
Update to 115.16.1
https://www.thunderbird.net/en-US/thunderbird/115.16.1esr/releasenotes/
The LiteSpeed Cache vulnerability allows administrator-level access, risking security for over 6 million WordPress sites
krb5-1.21.3-3.fc41
Security:
CVE-2024-3596: Fix for BlastRADIUS vulnerability in libkrad (support for Message-Authenticator attribute)
Marvin attack: Removal of the “RSA” method for PKINIT
Fix of miscellaneous mistakes in the code
Enhancement:
Rework of TCP request timeout (disabled by default, global timeout setting added)
krb5-1.21.3-2.fc40
Security:
CVE-2024-3596: Fix for BlastRADIUS vulnerability in libkrad (support for Message-Authenticator attribute)
Marvin attack: Removal of the “RSA” method for PKINIT
Fix of miscellaneous mistakes in the code
Enhancement:
Rework of TCP request timeout (disabled by default, global timeout setting added)
krb5-1.21.3-2.fc39
Security:
CVE-2024-3596: Fix for BlastRADIUS vulnerability in libkrad (support for Message-Authenticator attribute)
Marvin attack: Removal of the “RSA” method for PKINIT
Fix of miscellaneous mistakes in the code
Enhancement:
Rework of TCP request timeout (disabled by default, global timeout setting added)
The new FakeCall variant uses advanced vishing tactics, featuring Bluetooth for device monitoring
In a major security update, Apple has fixed dozens of bugs and vulnerabilities across its operating systems and services
Excellent read. One example:
Consider the case of basic public key cryptography, in which a person’s public and private key are created together in a single operation. These two keys are entangled, not with quantum physics, but with math.
When I create a virtual machine server in the Amazon cloud, I am prompted for an RSA public key that will be used to control access to the machine. Typically, I create the public and private keypair on my laptop and upload the public key to Amazon, which bakes my public key into the server’s administrator account. My laptop and that remove server are thus entangled, in that the only way to log into the server is using the key on my laptop. And because that administrator account can do anything to that serverread the sensitivity data, hack the web server to install malware on people who visit its web pages, or anything else I might care to dothe private key on my laptop represents a security risk for that server.
Here’s why it’s impossible to evaluate a server and know if it is secure: as long that private key exists on my laptop, that server has a vulnerability. But if I delete that private key, the vulnerability goes away. By deleting the data, I have removed a security risk from the server and its security has increased. This is true entanglement! And it is spooky: not a single bit has changed on the server, yet it is more secure.
Read it all.
CISA’s 2025-2026 International Strategic Plan aims to strengthen external partnerships to reduce risks to critical infrastructure relied on in the US
