Looks like the US Government are going to lose control of CVE. https://www.thecvefoundation.org/

Hackers, educators, tinkerers:
The 2025 Hacker Initiative grant cycle is open. We're funding individuals and groups who are:
🔹 Advancing hacker culture
🔹 Promoting digital rights
🔹 Educating the public

If you're building tools, sharing knowledge, or shaking things up apply here 👉 https://hackerinitiative.org/apply-now/

Signal boost appreciated.

A quick reminder that discounted registration rates for for the #LangSec workshop end tomorrow, April 14, at 11:59 pm PDT, and the conference hotel block rates end shortly after. Details at https://langsec.org/spw25/important-dates.html
We hope to see you all in San Francisco on May 15, 2025!

Recon CFP ends in less than 2 weeks on April 28. Prices for the training and conference increase on May 1st. Register now to save with early bird price. We have already announced a few talks and workshops, and more videos from last year have been released. https://recon.cx/ #reverseengineering #cybersecurity #offensivesecurity #hardwarehacking @hackingump1 @mr_phrazer @nicolodev @sinsinology @hunterbr72 @clearbluejar @phlaul @oryair1999 @hookgab @thequeenofelf @so11deo6loria @i0n1c @pedrib1337 @malachijonesphd @pat_ventuzelo @kb_intel @pinkflawd @reverse_tactics @onlytheduck @t0nvi @drch40s @brunopujos @mhoste1 @andreyknvl @texplained_re @jsmnsr @pulsoid @specterdev @richinseattle @yarden_shafir @aionescu @hackerschoice @sinsinology @sergeybratus @specterops @oryair1999 @phlaul @trailofbits @hexrayssa @nostarch @hexnomad @netspooky

#CVE-2025-21419 2025-Feb Windows Setup Files Cleanup Windows Setup Files Cleanup Elevation of Privilege

#ghidriff uncovering arbitrary delete vulnerabilities 👀 🔍

Patch introduced new function DeleteFileEx_MSRC. Not your typical function name... 🧐

A patch diffing 🧵...

Regardless of what happens with CVE/NVD, the PSF will continue publishing advisories for CPython through our OSV database and to the security-announce@python.org mailing list.

Please subscribe to those data sources to guarantee delivery of vulnerability data about CPython.

https://github.com/psf/advisory-database

Must-read report from NPR, showing once again that DOGE is a massive threat to the cyber/national security of the United States:

"In the first days of March, a team of advisers from President Trump's new Department of Government Efficiency initiative arrived at the Southeast Washington, D.C., headquarters of the National Labor Relations Board.

The small, independent federal agency investigates and adjudicates complaints about unfair labor practices. It stores reams of potentially sensitive data, from confidential information about employees who want to form unions to proprietary business information.

The DOGE employees, who are effectively led by White House adviser and billionaire tech CEO Elon Musk, appeared to have their sights set on accessing the NLRB's internal systems. They've said their unit's overall mission is to review agency data for compliance with the new administration's policies and to cut costs and maximize efficiency."

"But according to an official whistleblower disclosure shared with Congress and other federal overseers that was obtained by NPR, subsequent interviews with the whistleblower and records of internal communications, technical staff members were alarmed about what DOGE engineers did when they were granted access, particularly when those staffers noticed a spike in data leaving the agency. It's possible that the data included sensitive information on unions, ongoing legal cases and corporate secrets — data that four labor law experts tell NPR should almost never leave the NLRB and that has nothing to do with making the government more efficient or cutting spending."

"Meanwhile, according to the disclosure and records of internal communications, members of the DOGE team asked that their activities not be logged on the system and then appeared to try to cover their tracks behind them, turning off monitoring tools and manually deleting records of their access — evasive behavior that several cybersecurity experts interviewed by NPR compared to what criminal or state-sponsored hackers might do."

"The employees grew concerned that the NLRB's confidential data could be exposed, particularly after they started detecting suspicious log-in attempts from an IP address in Russia, according to the disclosure. Eventually, the disclosure continued, the IT department launched a formal review of what it deemed a serious, ongoing security breach or potentially illegal removal of personally identifiable information. The whistleblower believes that the suspicious activity warrants further investigation by agencies with more resources, like the Cybersecurity and Infrastructure Security Agency or the FBI."

https://www.npr.org/2025/04/15/nx-s1-5355896/doge-nlrb-elon-musk-spacex-security

BREAKING.

From a reliable source. MITRE support for the CVE program is due to expire tomorrow. The attached letter was sent out to CVE Board Members.

In an unprecedented move, the Japan Fair Trade Commission has issued a cease-and-desist order against Google for violating the country's anti-monopoly law by forcing manufacturers to preinstall the company’s apps on their Android smartphones. https://www.japantimes.co.jp/business/2025/04/15/companies/google-anti-monopoly-law/

4chan infighting reaches epic levels, kind of a big deal: https://www.404media.co/4chan-is-down-following-what-looks-to-be-a-major-hack-spurred-by-meme-war/?ref=weekly-roundup-newsletter

NEW: The notorious image board 4chan has been hacked.

Site has been intermittently down for hours, and hackers have published screenshots of site's backend, alleged source code, and list of moderators and "janitors."

One janitor told us they are "confident" data is "all real."

https://techcrunch.com/2025/04/15/notorious-image-board-4chan-hacked-and-internal-data-leaked/

My message to Ursula von der Leyen in The Guardian this morning: EU race to rearm is pointless if hostile foreign powers can still use online algorithms to boost authoritarians to power across Europe. Europe’s new “Democracy Shield” should immediately shut them down.
https://www.theguardian.com/commentisfree/2025/apr/15/us-europe-military-spending-trump-ireland