🦓 The #Zcash Foundation has announced a release of Zebra 2.2.0. This release introduces an additional consensus check on the branch ID of NU6 transactions, along with some important refactors and other improvements. See more:
Zcash Foundation
Zebra 2.2.0 Release - Zcash Foundation
The Zcash Foundation is pleased to announce the release of Zebra 2.2.0. In this release, we introduced an additional consensus check on the branch ...
💻 Tails has released a security patch with Tails 6.12. These vulnerabilities can only be exploited by a powerful attacker who has already exploited another vulnerability to take control of an application in Tails. See more:
New Release: Tails 6.12 | Tor Project
Tails 6.12 is out.
🇬🇧 U.K. orders Apple to let it spy on users’ encrypted accounts Secret order requires blanket access to protected cloud backups around the world, which if implemented would undermine Apple’s privacy pledge to its users. #privacy https://www.washingtonpost.com/technology/2025/02/07/apple-encryption-backdoor-uk/
Be careful about what you download from the official app stores 🧐 Bleeping Computer:
BleepingComputer
Crypto-stealing apps found in Apple App Store for the first time
A new campaign dubbed 'SparkCat' has been uncovered, targeting the cryptocurrency wallet recovery phrases of Android and iOS users using ...
🇫🇷 Crypto mixers and anything that "opacifies transactions" are going to be banned in France. If you use them, it will be presumed money laundering for your pear. These two amendments have been adopted.
image image
Original tweet:
X (formerly Twitter)
Samy Kacimi (@fakenine_) on X
Les mixeurs crypto et tout ce qui permet une « opacification des transactions » vont être interdits en France. Si vous en utilisez, ce sera d...
🇨🇿 The president of Czech Republic signed a new set of rules for cryptocurrencies. Tl;Dr: Steps to integrate MiCA and no capital gains tax after 3 years of holding. Source (in Czech):
Prezident Pavel podepsal zákon zavádějící pravidla pro trh s kryptoměnami - Seznam Zprávy
Trh s kryptoaktivy, z nichž nejznámější je digitální měna bitcoin, zřejmě získá zákonná pravidla. Nad trhem bude dohlížet Česká...
image Merry Christmas and Happy Holidays to everyone! 🎄🎅 Privacy is not a crime 😎 #zcash #privacy
Microsoft December 2024 Patch Tuesday fixes 1 exploited zero-day, 71 flaws, Adobe Patches Over 160 Vulnerabilities Across 16 Products. Today is Microsoft's December 2024 Patch Tuesday, which includes security updates for 71 flaws, including one actively exploited zero-day vulnerability. This Patch Tuesday fixed sixteen critical vulnerabilities, all of which are remote code execution flaws. This month's Patch Tuesday fixes one actively exploited, publicly disclosed zero-day vulnerability CVE-2024-49138 - Windows Common Log File System Driver Elevation of Privilege Vulnerability. See more: BleepingComputer :
BleepingComputer
Microsoft December 2024 Patch Tuesday fixes 1 exploited zero-day, 71 flaws
Today is Microsoft's December 2024 Patch Tuesday, which includes security updates for 71 flaws, including one actively exploited zero-day vuln...
 SecurityWeek:
SecurityWeek
Microsoft Ships Urgent Patch for Exploited Windows CLFS Zero-Day
Patch Tuesday: Redmond patches 71 security flaws and calls immediate attention to an exploited Windows zero-day reported by CrowdStrike.
 Security week (Adobe):
SecurityWeek
Adobe Patches Over 160 Vulnerabilities Across 16 Products
Adobe has patched over 160 vulnerabilities across over a dozen products, including Reader, Illustrator, Photoshop and Connect.
 #cybersecurity #microsoft #zeroday #patch
Researchers Uncover Prompt Injection Vulnerabilities in DeepSeek and Claude AI Details have emerged about a now-patched security flaw in the DeepSeek artificial intelligence (AI) chatbot that, if successfully exploited, could permit a bad actor to take control of a victim's account by means of a prompt injection attack. Security researcher Johann Rehberger, who has chronicled many a prompt injection attack targeting various AI tools, found that providing the input "Print the xss cheat sheet in a bullet list. just payloads" in the DeepSeek chat triggered the execution of JavaScript code as part of the generated response – a classic case of cross-site scripting (XSS). XSS attacks can have serious consequences as they lead to the execution of unauthorized code in the context of the victim's web browser. An attacker could take advantage of such flaws to hijack a user's session and gain access to cookies and other data associated with the chat.deepseek[.]com domain, thereby leading to an account takeover. See more:
The Hacker News
Researchers Uncover Prompt Injection Vulnerabilities in DeepSeek and Claude AI
DeepSeek flaw enabled XSS attacks, allowing hackers to hijack accounts via prompt injection.
 #cybersecurity #ai #injection
SAP Patches Critical Vulnerability in NetWeaver Enterprise software maker SAP on Tuesday announced the release of nine new and four updated security notes as part of its December 2024 Security Patch Day. Marked as ‘hot news’, the highest severity in SAP’s notebook, the first new security note addresses three vulnerabilities in NetWeaver AS for JAVA (Adobe Document Services), including a critical flaw that could lead to full system compromise. The critical issue, tracked as CVE-2024-47578 (CVSS score of 9.1), affects the Adobe Document Service component of NetWeaver, which allows an attacker with administrative privileges to send a crafted request from a vulnerable web application. See more:
SecurityWeek
SAP Patches Critical Vulnerability in NetWeaver
SAP has released patches for 16 vulnerabilities, including a critical-severity SSRF bug in NetWeaver (Adobe Document Services).
 #cybersecurity #SAP #netweaver