Apparently AMD's AutoUpdate downloads the updates over HTTP and executes them without any validation (presumably as SYSTEM user). AMD was notified of the vulnerability but according to them "attack requiring physical access to victim's computer/device, man in the middle or compromised user accounts" are out of scope.

Madness.

source: web.archive.org/web/2026020615…

#vulnerability #infosec #cybersecurity

Notepad++'s update servers have been compromised by Chinese hackers and all users had been exposed to malware. The developer estimated the overall compromise period spanned from June through December 2, 2025.
Users should update to version 8.9.1 (or superior) immediately.

Source: notepad-plus-plus.org/news/hij…

#security #vulnerability #windows #text #editor #notepad #foss #freesoftware #software

With the extension of the CVE record format in GCVE, we added the related vulnerabilities for the "recent" telnetd. Very nifty for analyst. The edit functionality in vulnerability-lookup supports the BCP-05 extensions including relationships.

Thanks to @claudex for digging

#gcve #vulnerability #vulnerabilityManagement #cve #telnet #cybersecurity

🔗 vulnerability.circl.lu/vuln/gc…

@gcve

New IP leak discovered in Telegram: the built-in proxy exposes your real IP using a single-click flaw!

When you click on a "tg://proxy" link, Telegram starts a connection while ignoring your proxy settings. This exposes your real public IP address, leaking your identity online.

The malicious link appears as a nickname, but will steal your real IP address as soon as the user profile is shown. Android and iOS are both affected. Currently the only solution is using a VPN. Telegram has declared that it will only add a warning popup.

Details: dig.watch/updates/telegram-ip-…

Discovered by: Saurabh
Reported by: 0x6rss and GangExposed RU.

#telegram #security #vulnerability #android #ios #software #opensource #foss #cloud #im #chat #proxy #vpn