#SecurityUpdate for #Fractal! We updated the #Matrix SDK to get the fix for a high severity security issue. 11.2 is out now.
New Kitten & JSDB Releases
Security fix, JSDB 6.0.1.
This is a critical update.
• JSDB¹ versions 6.0.0 and below suffer from potential data corruption/arbitrary code execution as string keys were not being sanitised in the same way string values were² (so this is relevant to you if you’re storing untrusted data as keys in your data structures in JSDB and/or Kitten databases without carrying out any of your own sanitisation at the application level).
• The latest Kitten release uses JSDB version 6.0.1. Your deployment servers will automatically update in the next few hours. On your development machines, please run `kitten update` in your terminal or use the Update feature in Kitten Settings from your browser.
• If you are using Kitten’s Database App Modules³ feature in your apps, you will have installed JSDB manually and you should update your installation to version 6.0.1.
¹ https://codeberg.org/small-tech/jsdb/
² https://codeberg.org/small-tech/jsdb/issues/22
³ https://kitten.small-web.org/reference/#database-app-modules
#Update 4/21/25: Microsoft shared an advisory with customers stating the alerts and account lockouts were caused by the invalidation of user refresh tokens that were mistakenly logged into their systems. #CyberSecurity #securityupdate https://www.bleepingcomputer.com/news/microsoft/widespread-microsoft-entra-lockouts-tied-to-new-security-feature-rollout/
Meta warned Windows users to update the WhatsApp messaging app to the latest version to patch a vulnerability that can let attackers execute malicious code on their devices. #CyberAlerts #securityupdate https://www.bleepingcomputer.com/news/security/whatsapp-flaw-can-let-attackers-run-malicious-code-on-windows-pcs/
Hackers could have owned your AWS servers—easily.
A flaw in Amazon’s SSM Agent let attackers write scripts with root access by gaming plugin IDs (../).
If you haven’t updated—you're still at risk.
#securityupdate #CyberSecurity https://thehackernews.com/2025/04/amazon-ec2-ssm-agent-flaw-patched-after.html
Android users update now
Google has patched 62 vulnerabilities in Android, including two actively exploited zero-days. #securityupdate https://www.malwarebytes.com/blog/news/2025/04/google-fixes-two-actively-exploited-zero-day-vulnerabilities-in-android?utm_campaign=brandsocial&utm_medium=social&utm_source=facebook
Broadcom warned customers today about three VMware zero-days, tagged as exploited in attacks and reported by the Microsoft Threat Intelligence Center.
#SecurityUpDate #CyberSecurity
#VMWARE
https://www.bleepingcomputer.com/news/security/broadcom-fixes-three-vmware-zero-days-exploited-in-attacks/
Kritische X.Org & Xwayland-Sicherheitslücken! Acht Schwachstellen ermöglichen Codeausführung – Ubuntu & RedHat patchen bereits, SUSE & Debian folgen. Jetzt updaten & Systeme schützen! #Linux #SecurityUpdate #XOrg #CyberSecurity
#Microsoft has fixed an issue that caused Entra ID #DNS authentication failures when using the company's Seamless SSO and Microsoft Entra Connect Sync. #securityupdate https://www.bleepingcomputer.com/news/microsoft/microsoft-fixes-entra-id-authentication-issue-caused-by-dns-change/
#OpenSSH has released security updates addressing two vulnerabilities, a man-in-the-middle (MitM) and a denial of service flaw, with one of the flaws introduced over a decade ago. #securityupdate #CyberSecurity
https://www.bleepingcomputer.com/news/security/new-openssh-flaws-expose-ssh-servers-to-mitm-and-dos-attacks/
Microsoft has released the #KB5051974 cumulative update for Windows 10 22H2 and Windows 10 21H2, which automatically installs the new Outlook for Windows app and fixes a memory leak bug. #bug #securityupdate https://www.bleepingcomputer.com/news/microsoft/windows-10-kb5051974-update-force-installs-new-microsoft-outlook-app/
RADIUS protocol vulnerable to new Blast-RADIUS attack
https://stackdiary.com/radius-protocol-vulnerable-to-new-blast-radius-attack/
Attention WordPress Users
WordPress has just released version 6.4.2, packed with critical security patches and enhancements. Updating immediately is key to safeguarding your site against potential vulnerabilities and ensuring a smooth, secure online experience for your visitors. Don't wait—update now and keep your WordPress site fortified! Oh, and don't forget your backups just to be sure!
https://wordpress.org/news/2023/12/wordpress-6-4-2-maintenance-security-release/
Deux mises à jour sont disponibles pour corriger une faille de #sécurité importante 
dans #Chromium qui motorise #Vivaldi 6.4 
(#Desktop et #Android)
Voir https://vivaldi.com/blog/latest/
#MiseÀJour #SecurityUpdate #Browsers
Une mise à jour de #sécurité est disponible pour la version stable 6.4 de #Vivaldi (#Desktop 
) :
https://vivaldi.com/blog/desktop/minor-update-three-6-4/ #MiseÀJour #SecurityUpdate
This week’s news about the "Looney Tunes flaw" highlighted a condition which can allow a local user to access root privileges from the command line. Part of the RL Security team's task is to have mitigation strategies ready for such cases - reporting vulnerabilities and suggesting fixes upstream, and also writing our own extra packages.
This week, the Security SIG has published our extra packages and formalized a wiki: https://rockylinux.org/news/security-sig-update/ #looneytunables #securityupdate #glibc
For @centos #Hyperscale users, we now have a fixed #pmux for CVE-2023-41915 and an upgraded #openmpi and rebuilt #slurm to go with it
https://nvd.nist.gov/vuln/detail/CVE-2023-41915
https://pagure.io/centos-sig-hyperscale/sig/issue/156
Instructions on enabling this if you are interested in trying it out
https://sigs.centos.org/hyperscale/content/repositories/main/
#SecurityUpdate: Critical flaw (CVE-2023-32243) found in "Essential Addons for Elementor", a popular WordPress plugin used by 1M+ sites. If exploited, attackers could hijack accounts. Update to version 5.7.2 now! http://bit.ly/3u9Rg4X #CyberSecurity #WordPress #UpdateNow
I've been using https://newreleases.io/ for about a month now, very nice tool! It is really convenient for keeping a eye on the new releases of software you're using. Give it a try! #securityupdate #newrelease
️
:
