Stéphane Karges

25-Year-Old Vulnerability in cURL Used by 30 Billion Devices Finally Patched Source: https://t.co/U1eqeAcK9G A critical security flaw lurking in curl for over 25 years has been patched, as part of a record-breaking security release that fixed 18 CVEs, the most ever issued in a single curl version. The vulnerability, CVE-2026-8932, was first shipped in curl version 7.7 on March 22, 2001, making it the oldest curl security issue ever reported. curl is not just a command-line tool; it is foundational infrastructure. Running on more than 30 billion devices, it powers data transfers across operating systems, containers, CI/CD pipelines, package managers, SDKs, and automotive systems. The wave of discoveries began on May 11, 2026, when curl founder and lead developer Daniel Stenberg announced that Anthropic's Mythos AI model had identified a single CVE in curl. #cybersecuritynews

⚠️⚠️ CVE-2026-20896 (CVSS 9.8): Gitea Docker images default REVERSE_PROXY_TRUSTED_PROXIES=* — with reverse-proxy auth on, any IP can impersonate any user via X-WEBAUTH-USER. 🔗FOFA Link: https://t.co/w2rhVF9HFa 🎯244.5K+ Results are found on https://t.co/HSOBZfCA2r in the past year. FOFA Query: app="Gitea" 🔖Refer: https://t.co/64ZP4hKcuj #OSINT #FOFA #CyberSecurity #Vulnerability

PostgreSQL 19 is getting graph queries. With SQL/PGQ, you can query relationships directly in SQL: → social networks → recommendations → fraud detection → dependency graphs Postgres is not just a relational database anymore. It’s becoming the database for everything. https://t.co/glzueH8NYf

你家衣柜里那台吃灰的旧笔记本，其实是台被你白白浪费的私有云。 电池废了，处理器慢了，你舍不得扔，就让它在抽屉里躺着。但说真的，它能把你每个月交的那堆订阅费全省下来。 算笔账你就清醒了：Netflix、Google、Dropbox、1Password，加起来每月 42 刀，一年 504 刀。你花这钱，只是在租那些本该属于你的东西。 给你安利个东西，CasaOS。免费开源，一行命令，30 分钟，旧电脑直接变服务器，手机、电视、公司电脑随时随地连。装好之后内置商店里挑 App，点一下就装上： 1️⃣ Jellyfin 替 Netflix，你的电影剧集随便串流 2️⃣ Immich 替 Google Photos，人脸识别加搜索都有 3️⃣ Nextcloud 替 Dropbox，多设备同步文件 4️⃣ Vaultwarden 替 1Password，密码密钥自己管 5️⃣ 还有 Syncthing、Home Assistant、AdGuard，同步、智能家居、全屋去广告全包了 以前搭家庭服务器，装 Linux、学 Docker、写配置、修 Bug，能折腾你一整个周末。CasaOS 把这些活全干了，零代码免配置，看图标点就完事。 GitHub 34116 个星，Apache 2.0，永久免费。小团队 2021 年 9 月开始做的，树莓派、Intel NUC、旧笔记本都支持，能装超过 10 万个 Docker 应用。 最戳我的一句：你抽屉里那台被遗忘的旧笔记本，性能比 2008 年扛大多数网站的服务器还强。买个新树莓派要 50 刀，你这台成本是 0，现成的。 一行命令，三十分钟，一年省 500 刀。 你的文件、照片、电影、家，全攥回自己手里。衣柜里那台破电脑，转头就成了你的私人数据中心。 🔗 https://t.co/aoYfZHrIS5

🔴🚨 France Travail : plus d'un million de personnes potentiellement concernées par une fuite chez AKAOLIFE, éditeur de logiciels RH Encore des données potentiellement sensibles de Français qui se retrouvent dans la nature. Les cybercriminels affirment également détenir plus de 14 millions de lignes de données ainsi que près de 60 Go d'archives SQL, issues de plusieurs applications utilisées dans l'écosystème de France Travail. Les cybercriminels à l'origine de la publication revendiquent notamment la possession de : 👉 966 816 dossiers RH ; 👉 1 003 047 dossiers de mobilité professionnelle ; 👉 38 138 dossiers liés au suivi de santé au travail ; 👉 3 747 dossiers relatifs à des situations de handicap ; 👉 Près de 60 Go de sauvegardes SQL réparties sur 39 bases de données ; 👉 Plus de 10 000 fichiers sources applicatifs.

🚨🇫🇷 https://t.co/E9zh32r4fS dataset allegedly leaked https://t.co/E9zh32r4fS is the official website of France’s Ordre National des Pédicures-Podologues, the regulatory body overseeing the podiatry profession. A forum user claims to have leaked an https://t.co/E9zh32r4fS dataset containing 8,048 records, allegedly from June 2026. Alleged exposed data includes: • Names • Gender • Addresses • Postal codes • Cities • RPPS identifiers • Detail IDs / URLs • Telephone tokens • Search city fields Details: • Target: https://t.co/E9zh32r4fS • Country: France • Sector: Healthcare / Professional regulator • Claimed volume: 8,048 records • Relevance: June 2026 Claim is unverified. Impacted professionals should monitor for phishing, impersonation, and misuse of exposed directory or contact-related data.

🚨 CVE-2026-48908 (CVSS 10.0) A critical flaw in Joomla's SP Page Builder can enable unauthenticated file upload and potential RCE: ▪️Versions 1.0.0–6.6.1 affected ▪️Active exploitation reported ▪️Patched in 6.6.2 Censys observed 194,793 web properties loading the component. Full advisory: https://t.co/X1aNhUOGcG #CensysARC #CVE202648908