>>107332478
kinda old news but still interesting. from https://attackerkb.com/topics/zClpINmLCh/cve-2025-58034/rapid7-analysis :
>On November 18, 2025, Fortinet published an advisory for CVE-2025-58034. This vulnerability is an authenticated command injection vulnerability affecting FortiWeb. Both Fortinet and CISA have indicated that CVE-2025-58034 has been exploited in-the-wild.

>Of note is the recent disclosure of another FortiWeb vulnerability, CVE-2025-64446. That vulnerability is an authentication bypass, allowing a remote unauthenticated attacker to create a new local administrator account on a target FortiWeb instance. There is no direct connection between the authentication bypass vulnerability, CVE-2025-64446, and the authenticated command injection, CVE-2025-58034, in any vendor guidance.

>However several things stand out. The timeline for both vulnerabilities being disclosed is only days apart. Both vulnerabilities were patched by the vendor in prior product updates and with no disclosure at the time of patching. There is an obvious utility of chaining an authentication bypass to an authenticated command injection. Given all of these things, it seems highly likely these two vulnerabilities comprise an exploit chain for unauthenticated remote code execution against vulnerable FortiWeb devices.

basically, they analyzed/bindiff'd a local privesc that allows attackers to get root from the console lmao

>>107333403
>Fortinet
who da fuck still using this shit till today?
not my problem and never was

>>107334103
idk man, but remember shit like this when they tell you
>b-but chinese devices are a threat to our national security!

Reposting the updated Data Broker Removal Links:
https://pastebin.com/YDP7yihg
https://pastebin.com/raw/YDP7yihg

>>107334686
Thank you, anon!

=== /sec/ News:
>US banks scramble to assess data theft after hackers breach financial tech firm
https://techcrunch.com/2025/11/24/us-banks-scramble-to-assess-data-theft-after-hackers-breach-financial-tech-firm/
>Several U.S. banking giants and mortgage lenders are reportedly scrambling to assess how much of their customers' data was stolen during a cyberattack on a New York financial technology company earlier this month. SitusAMC, which provides technology for over a thousand commercial and real estate financiers, confirmed in a statement over the weekend that it had identified a data breach on November 12. The company said that unspecified hackers had stolen corporate data associated with its banking customers' relationship with SitusAMC, as well as "accounting records and legal agreements" during the cyberattack.

Good news, there's hope for everyone in this thread.
https://www.youtube.com/watch?v=RpXPYigzaiU

There's no dumb questions general so I'll post this here.
Bridging the gap between privacy/security and ease of use has taken a toll on me as I adopted the nomad lifestyle for a while. Keep in mind I am a normie when reading my gripes.

>Mint kept shitting the bed with peripherals, public wifi
>password manager refused to work for a while and I hadn't set up 2FA (yes, I migrated now)
>always using private mode and logging out slowed down everything i did

I'll probably install two browsers, one private for 4chan youtube and torrenting, the other where everything will always be logged on, passwords remembered, etc, if I ever have to travel for a while.
How does /g/ do it?

Updated Firefox Zero user.js
https://pastebin.com/uxDLZbwP
https://pastebin.com/raw/uxDLZbwP

Did everyone leave for the holidays? The general isn't normally *this* dead...

File: 1764210731228185.jpg (153 KB, 1080x1255)

153 KB JPG

How did this guy get caught? This isn't facebook / social media

Remember to install security updates in a timely manner, not just on your PC but also on your smartphone and other devices such as your modem/router:
>A Mirai-based botnet named ShadowV2 emerged during last October's widespread AWS outage, infecting IoT devices across industries and continents
>it propagated via several vulnerabilities affecting devices from multiple vendors, including DD-WRT (CVE-2009-2765), D-Link (CVE-2020-25506, CVE-2022-37055, CVE-2024-10914, CVE-2024-10915), DigiEver (CVE-2023-52163), TBK (CVE-2024-3721), and TP-Link (CVE-2024-53375)
https://www.theregister.com/2025/11/26/miraibased_botnet_shadowv2/

>>107343954
>reddit isn't social media
kek

>>107334648
>chinese devices are a threat
I would leak my data to chinks rather than jews

>>107334648
>chinese devices are a threat to our national security
Yes

>>107346635
I think the ideal situation would be where everything you do on your computing devices is secure, and not being spied upon by anybody.

>>107342775
We have had a couple of events where people have left. One sites people moved to closed down and I think many returned here. there was also a more recent exodus.

I found a pretty important piece of security equipment somewhere in my organization to have been configured with default credentials. There does not seem to be any anonymous tip service operated by the IT people. What is the best way to go about reporting this, if at all?

>>107349758
Make a cock.li account and email your head of ITS.

man, this general is dead... no attempt seems to be able to save it
RIP /sec/

>>107348243
>>chinese devices are a threat to our national security
>Yes
your mom is a threat to her local mcdnalds, faggot

>>107351012
If you want to donate all of your personal data to the Chinese Communist Party then go ahead. To put it in other words: if you want to be a moron, go ahead

>>107351587
>he says while posting to a website that uses glowflare, from a smartphone that helps the NSA track every movement and logs every single of his activities

File: oresamada.jpg (81 KB, 708x531)

81 KB JPG

what is the best VPN service

>>107352961
Mullvad

File: chink in armor.jpg (49 KB, 599x800)

49 KB JPG

>>107353011
thank you

About time...
https://www.phoronix.com/news/Firefox-147-XDG-Base-Directory