Peter Girnus

Justi autem in perpetuum vivent et apud Dominum est merces eorum — Wisdom 5:16

"It is evening in the soul... when the light of this world fades and a man is indrawn and rests" — Meister Eckhart, Sermon 38

🚨Patch up your Kubernetes installs.

⚠️ Affected @kubernetesio versions:
< v1.11.0
v1.11.0 - 1.11.4
v1.12.0

🦠Vulnerabilities 
CVE-2025-1974
CVE-2025-1097 
CVE-2025-1098 
CVE-2025-24514
CVE-2025-24513

Rare urgent advisory from @Meta 🚨⚠️ CVE-2025-27363: FreeType flaw risks millions. Remote code execution possible on major platforms. Patch urged as exploitation rises. Severity: 8.2/10. Affects versions pre-2.13.3. Update now! 

RIP $TSLA... 💥🚗📉

Snack makers are shifting away from artificial colors in processed foods. PepsiCo's new Simply Ruffles product uses natural ingredients like tomato powder. This change aligns with a trend following the FDA's ban on Red No. 3 due to health concerns.

The iPhone 16e: the priciest budget phone! 💸 It boasts a solid display, performance, and battery life but ditches fun features like MagSafe and Dynamic Island. 🏖️ Apple’s strategy? Hike prices while streamlining production. Great for profits📱😬 @arstechnica

Medusa Ransomware Claims 40+ Victims in 2025 Symantec found that Medusa has listed almost 400 victims on its data leaks site since early 2023, demanding ransom payments as high as $15m

🚨Medusa #ransomware claims 40+ victims in 2025, including a US healthcare org hit in Jan. @Symantec reports nearly 400 victims since 2023, with ransom demands up to $15M. True victim count likely higher. From @InfosecurityMag 👉

🚨Akira ransomware gang used an unsecured webcam to deploy a Linux encryptor, bypassing EDR and encrypting network shares via SMB 🤯. Highlights need for broader device monitoring beyond Windows endpoints. From @BleepinComputer

Ethereum private key stealer on PyPI downloaded over 1,000 times A malicious Python Package Index (PyPI)  package named "set-utils" has been stealing Ethereum private keys through intercepted wallet creation functions and exfiltrating them via the Polygon blockchain.

🚨@BleepinComputer: @Ethereum key stealer hits PyPI as "set-utils", downloaded 1K+ times! @billtoulas
 warns blockchain devs to stay vigilant. #crypto

🚨 Akira ransomware exploited an unsecured webcam (yes this is an initial security vector and one reason why #Pwn2Own has IoT cameras as a target category) to encrypt a network, bypassing EDR. @BleepinComputer reports rapid attack from initial access to encryption in hours. 🤯 #Ransomware

Microsoft says malvertising campaign impacted 1 million PCs ​Microsoft has taken down an undisclosed number of GitHub repositories used in a massive malvertising campaign that impacted almost one million devices worldwide.

@Microsoft takes down massive malvertising campaign hit ~1M PCs via GitHub repos. Malware stole system data & dropped payloads. Tracked as Storm-0408.💽🛡️ via @BleepingComputer

Jenkins Security Advisory 2025-03-05 Jenkins – an open source automation server which enables developers around the world to reliably build, test, and deploy their software

@jenkinsci releases Jenkins Security Advisory 2025-03-05

🩹SMR-MAR-2025: @SamsungMobile releases patches for flagship model phones 📱 make sure to apply the latest patch in order to secure your @Samsung devices.

https://security.samsungmobile.com/securityUpdate.smsb?year=2025&month=03

Over 37,000 VMware ESXi servers are vulnerable to a critical flaw (CVE-2025-22224) that is being actively exploited, prompting urgent updates and mitigation efforts from affected organizations. From @BleepinComputer @billtoulas

A sophisticated cyber-intrusion campaign 🥷 has been reported, targeting various Japanese sectors 🇯🇵🎯 by exploiting a remote code execution flaw to gain access, deploying Cobalt Strike 🦠for persistent control, while engaging in credential theft and lateral movement

🚨@BleepinComputer: BadBox malware 🦠 disrupted on 500K Android devices! @billtoulas reports.

Exclusive: Nvidia and Broadcom testing chips on Intel manufacturing process, sources say Chip designers Nvidia and Broadcom are running manufacturing tests with Intel , two sources familiar with the matter told Reuters, demonstrating early confidence in the struggling company's advanced production techniques.

🔬🚀@NVIDIA & @Broadcom are testing chips with @Intel's 18A process, showing confidence in Intel's manufacturing comeback. Details from @Reuters 👉

So many security advisories going out! 🤯 Including VMWare, HUAWEI, Paragon, and Mozilla. Here is what the vulnerability landscape looks like. Lots of Injection and Memory Corruption issues across all of these advisories.

Microsoft unveils finalized EU Data Boundary Some may have second thoughts about going all-in with an American vendor, no matter where their data is stored

Microsoft finalizes EU Data Boundary, keeping EU customer data local per regulations. Some still wary of US vendor ties. @TheRegister reports. 🔒🇪🇺

Polish space agency confirms cyberattack Officials vow to uncover who was behind it

Polish Space Agency (@POLSA_GOV_PL) hit by cyberattack, systems secured. Officials probe culprits amid tensions with Moscow. @TheRegister reports. 🚀🔒

Hackers exploit ClickFix to deploy NetSupport RAT via fake CAPTCHAs, tricking users into running malicious PowerShell. @TheHackersNews 🐀🚨💻 https://thehackernews.com/2025/03/hackers-use-clickfix-trick-to-deploy.html