Ed Monserrate

🛑 [New] 9-Year-Old Linux Kernel Bug = Local Root on Default Debian, Ubuntu & Fedora. https://t.co/eluZfH76j8 CVE-2026-46333 (ssh-keysign-pwn) lets any unprivileged user steal /etc/shadow + SSH host keys and run commands as root. 🔸 Public PoC available 🔸 Patch your kernel NOW 🔸 Quick temp fix - sysctl kernel.yama.ptrace_scope=2

We are investigating unauthorized access to GitHub’s internal repositories. While we currently have no evidence of impact to customer information stored outside of GitHub’s internal repositories (such as our customers’ enterprises, organizations, and repositories), we are closely monitoring our infrastructure for follow-on activity.

⚠️ Microsoft Edge Stores All Saved Passwords in Cleartext Process Memory at Launch Source: https://t.co/ROEbnQ9syu Microsoft Edge decrypts every stored password into process memory the moment the browser launches and keeps them there as cleartext, regardless of whether the user ever visits those sites. A researcher who systematically tested every major Chromium-based browser for credential memory handling behavior. Edge was the only browser that exhibited this behavior, loading the entire password vault into plaintext process memory at startup and retaining it for the duration of the session. In a published proof-of-concept video accompanying the disclosure, a compromised administrator account was used to successfully extract stored credentials. #cybersecuritynews

Bitwarden identified and contained a malicious package briefly distributed through the npm delivery path for the Bitwarden CLI in connection with the broader Checkmarx supply chain incident. No user vault data or production systems were compromised or at-risk. Additional details and updates are available here: https://t.co/9xRzNxmCOS

🔑25 Vulnerabilities in Cloud Password Managers Allow Unauthorized Access and Modifications Source: https://t.co/Rs3dMe48zf 25 critical vulnerabilities in three leading cloud-based password managers: Bitwarden, LastPass, and Dashlane enable a malicious server to bypass zero-knowledge encryption claims, allowing unauthorized access, modification, and recovery of users' stored passwords and vault data. Bitwarden, LastPass, and Dashlane collectively serve over 60 million users and hold significant market share. The analysis targets their client-server interactions under a fully malicious server threat model, where servers deviate arbitrarily from protocols. #cybersecuritynews #passwordmanagers