Search results for tag #opensource
![[?]](https://social.gamefan.net/system/accounts/avatars/116/450/677/342/166/464/original/4de7a562f86cf564.png)
Nvidia raises RTX Pro 6000 Blackwell GPU pricing to $13,250 — 55% increase over MSRP in a year's time
Nvidia now sells the RTX Pro 6000 Blackwell graphics cards for $13,250, while partner offerings start at $11,359.99.
#Tech #Technology #TechNews #AI #Gadgets #Software #Cybersecurity #Apple #Google #Microsoft #Startup #OpenSource #TomsHardware [Tom's Hardware]
My first 24 hours with Siri AI on the Mac
I turned off Siri on the Mac years ago and never looked back. Similarly, I found Apple Intelligence so fruitless I never engage with it. But the new Siri AI coming to macOS 27 Golden Gate has at least got me slightly re…
https://www.theverge.com/tech/949502/apple-macos-27-golden-gate-siri-ai-apple-intelligence
#Tech #Technology #TechNews #AI #Gadgets #Software #Cybersecurity #Apple #Google #Microsoft #Startup #OpenSource #TheVerge [The Verge]
Amazon’s Fire TV Stick 4K Select drops to $17.99 in Prime Day runup
The budget 4K stick is 55% off as Amazon ramps up its early deals ahead of the main event.
https://www.androidauthority.com/fire-tv-stick-4k-select-deal-3676462/
#Tech #Technology #TechNews #AI #Gadgets #Software #Cybersecurity #Apple #Google #Microsoft #Startup #OpenSource #AndroidAuthority [Android Authority]
Ukraine used ten AI-controlled ‘Terminator’ drones to kill Russian soldiers two years ago, marking first autonomous killings o…
A watershed moment occurred on the battlefields of Ukraine in 2024 when 10 fully autonomous AI-controlled quadcopter drones were sent to the front lines against Russia with ‘Terminator Mode’ engaged.
#Tech #Technology #TechNews #AI #Gadgets #Software #Cybersecurity #Apple #Google #Microsoft #Startup #OpenSource #TomsHardware [Tom's Hardware]
My yard is dying, so I made an app for that
When I returned to my computer five minutes after giving Gemini a lengthy prompt, I had two things: a functional app in a preview window, and a message about a bug. "~ Channel is unrecoverably broken and will be dispose…
#Tech #Technology #TechNews #AI #Gadgets #Software #Cybersecurity #Apple #Google #Microsoft #Startup #OpenSource #TheVerge [The Verge]
Anthropic cuts off Fable 5 and Mythos 5 access following government order
On Friday evening, the government ordered Anthropic to block access to Fable 5 and Mythos 5 for all foreign nations, both inside and outside the US, due to national security concerns. That order included employees of An…
#Tech #Technology #TechNews #AI #Gadgets #Software #Cybersecurity #Apple #Google #Microsoft #Startup #OpenSource #TheVerge [The Verge]
Echo Isle is a pint-sized adventure inspired by classic Zelda
Echo Isle is heavily inspired by The Legend of Zelda, and it's not afraid to show it: The retro graphics bear a striking resemblance to Link's Awakening, the main character wears a blue tunic and wields a sword, and he …
https://www.theverge.com/games/947136/echo-isle-review-pc
#Tech #Technology #TechNews #AI #Gadgets #Software #Cybersecurity #Apple #Google #Microsoft #Startup #OpenSource #TheVerge [The Verge]
![[?]](https://files.mastodon.social/accounts/avatars/115/549/012/287/792/827/original/ab1e55d3c51af752.png)
Like clockwork, the same kind of article comes back. "The best Linux for beginners." "The top 5 easy distros." Always recycled clickbait from sites that never booted half the distros they list. So which Linux should you actually start with?
Apple’s new AI photo editing tools mostly work, for better and worse
iPhone owners are getting real, native AI photo editing for the first time. The most popular camera in the world just got its first set of serious AI photo editing features, and I don't think any of us are ready. As far…
https://www.theverge.com/tech/949360/apple-ai-photo-edit-reframe-extend-clean-up-hands-on
#Tech #Technology #TechNews #AI #Gadgets #Software #Cybersecurity #Apple #Google #Microsoft #Startup #OpenSource #TheVerge [The Verge]
A better way to manage all your screenshots
Hi, friends! Welcome to Installer No. 132, your guide to the best and Verge-iest stuff in the world. (If you're new here, welcome, happy soccer, and also you can read all the old editions at the Installer homepage.) Thi…
https://www.theverge.com/tech/949465/pool-screenshots-app-disclosure-day-installer
#Tech #Technology #TechNews #AI #Gadgets #Software #Cybersecurity #Apple #Google #Microsoft #Startup #OpenSource #TheVerge [The Verge]
I always keep 3 devices connected to a power station - here's why
Using a portable power station to its full potential is ideal for getting your money's worth and enjoying uninterrupted power.
https://www.zdnet.com/article/3-things-i-keep-permanently-connected-to-a-power-station-and-why/
#Tech #Technology #TechNews #AI #Gadgets #Software #Cybersecurity #Apple #Google #Microsoft #Startup #OpenSource #ZDNet [ZDNet]
The Anker SOLIX S2000 power station is an essential home backup beast
It can outlast any outage I have encountered.
https://www.androidauthority.com/anker-solix-s2000-review-3672761/
#Tech #Technology #TechNews #AI #Gadgets #Software #Cybersecurity #Apple #Google #Microsoft #Startup #OpenSource #AndroidAuthority [Android Authority]
![[?]](data:image/png;base64, iVBORw0KGgoAAAANSUhEUgAAAEAAAABAAQAAAACCEkxzAAAAUUlEQVQoz43R0QkAMQwCUDdw/y3dwEvsvzlL4X1IoQkAisKmwfAFT3RgJHbQezpSRoXEqeqCL9BJBf7h3QbOCCxV5EVWMEMwG7K1/WODtlvxAYTtEsDU9F34AAAAAElFTkSuQmCC)
📚 New Resource Available
If you're building applications that integrate with Mastodon, understanding authentication, media uploads, server differences, and API rate limits is essential.
Our latest guide walks through the entire integration process with practical examples and recommendations based on real-world implementation experience.
Read it here:
https://example.com/developer/mastodon-api-guide
![[?]](https://media.bsd.cafe/bsdmmedia01/accounts/avatars/110/896/104/742/825/185/original/3ea0586dd0f0f5b9.png)
Did anyone attend OSFS last month?
https://05f5.com/ – Open Source Founders Summit
― The conference about building financially successful and sustainable open source companies.
Yugabyte bets on open-source memory infrastructure for AI agents
<https://www.forkable.io/p/yugabyte-bets-on-open-source-memory> (Paul Sawers, 2026-05-12)
"… I check in with Karthik Ranganathan, CEO and co-founder of Yugabyte, an open-source database company now pushing into AI infrastructure with the launch of Meko, a new “memory layer” for AI agents.
Meko reflects how infrastructure companies are reassessing their role in the agentic AI stack. As agents take on longer-running tasks across multiple systems, the problems companies keep hitting — shared context and coordination — are ones distributed systems engineers would recognise immediately.
"Agents are working from inconsistent views of what's true right now," Ranganathan told me. "This is because there is no way to enforce a shared truth." …"
The best VPN routers of 2026: Expert tested and reviewed
Our guide lists the top routers on the market that provide VPN coverage throughout your entire home. We've ranked them based on speed, security, and reliability.
https://www.zdnet.com/article/best-vpn-router/
#Tech #Technology #TechNews #AI #Gadgets #Software #Cybersecurity #Apple #Google #Microsoft #Startup #OpenSource #ZDNet [ZDNet]
![[?]](https://files.social.openrightsgroup.org/system/accounts/avatars/109/382/359/215/932/523/original/ea34e4d5bb2b649c.png)
The UK's digital infrastructure is a strategic asset.
But being dependent on US tech firms is a critical weakness.
Our systems can be hit with sanctions, our economy is damaged and our tech policy curbed.
Tell your MP we need Digital Sovereignty by 16 June ➡️ https://action.openrightsgroup.org/tell-your-mp-end-big-tech-rip/?mtm_campaign=big-tech-rip-off&mtm_source=mastodon
#BigTechRipOff #digitalsovereignty #techsovereignty #bigtech #opensource #palantir #ukpolitics #ukpol
Alt...
What are the risks of digital dependency?
National security – The US has tech powers of sanction which can be used to stop a US company from supplying services.
Economic – The UK government exposes itself to vendor lock-in when contracting for proprietary software, resulting in inflated costs and the extraction of value from the UK economy.
Tech policy capture – Big Tech has used its outsized power and resources to control markets, limit innovation, curb regulation and lobby Government.
As a longtime Android privacy nerd, here are 6 privacy apps I actually regret installing
Most of these apps aren't necessarily bad, they just didn't fit in with what I was looking for.
https://www.androidauthority.com/android-privacy-apps-i-regret-3671250/
#Tech #Technology #TechNews #AI #Gadgets #Software #Cybersecurity #Apple #Google #Microsoft #Startup #OpenSource #AndroidAuthority [Android Authority]
I usually avoid on-ear headphones, but Marshall has me seriously reconsidering
Marshall revamped its midrange headphones with stellar comfort, repairability, and a marathon battery life.
https://www.zdnet.com/article/marshall-milton-anc-review/
#Tech #Technology #TechNews #AI #Gadgets #Software #Cybersecurity #Apple #Google #Microsoft #Startup #OpenSource #ZDNet [ZDNet]
![[?]](https://f2.tchncs.de/accounts/avatars/110/731/202/337/228/524/original/9600221ae355d8fe.png)
Es wird wieder fleißig in vielen Reparaturcafés repariert und es gibt auch einige Termine für den Umstieg auf Linux! Schaut gerne mal, wann bei euch die nächsten Termine sind.
Ein Reparaturcafé ist eine gute Anlaufstelle um unabhängig Expertise zu euren defekten Geräten zu bekommen.
Heute, morgen und die nächste Woche in
#München #Mannheim #Bocholt #Papenburg #Emden #Esslingen #Heidelberg #Berlin #Landau #Starnberg #Hanau #Ludwigshafen #Erding #Hamburg #Essen #Hannover #Oldenburg #Darmstadt #Aachen #Stuttgart #Köln ... und viele mehr
Termine
https://www.reparatur-initiativen.de/termine
#Österreich
https://www.repaircafes.at/
#Schweiz
https://www.repair-cafe.ch/reparieren/
Auf #Linux umsteigen
https://endof10.org/de/places/
Digitale Unabhängigkeit: #diday am 5. Juli
https://di.day/de
#opensource #repair #reparatur
Alt...
Termine nächster Reparatur Cafés und deren Orte.
![[?]](https://hessen.social/system/accounts/avatars/116/688/077/193/049/678/original/a2761055ef2d9444.png)
So, nachem ich anfangs mit meinem privaten Mastodon Konto Werbung für unsere Gruppe gemacht habe gibt es nun auch das offizielle Linux User-Group Offenbach Mastodon Konto.
Also nochmal für alle die aus Offenbach oder dem Umkreis kommen - seit 12.04.2026 gibt es nun eine Linux User-Group direkt in Offenbach.
Alt...
Auf dem Flyer stehen Infos zur Linux User-Group Offenbach.
Phone battery draining fast? Malware is one of 8 possible factors - how to tell for sure
No battery lasts forever. But it's often in your power to extend its life. Here's our checklist for identifying the causes of battery degradation - and how to fix each one.
#Tech #Technology #TechNews #AI #Gadgets #Software #Cybersecurity #Apple #Google #Microsoft #Startup #OpenSource #ZDNet [ZDNet]
![[?]](https://pxscdn.com/cache/avatars/1917/avatar_ia7xkd6.jpg){kind=avatar}
#bizzfed #linux #opensource #nobigtech
https://www.bizzfed.de/feed
We’ve cut Google enough slack for poor Pixel updates. Now it’s time to hold it accountable
Pixel updates have been a mess, and it needs to stop!
https://www.androidauthority.com/google-poor-pixel-updates-accountability-3661496/
#Tech #Technology #TechNews #AI #Gadgets #Software #Cybersecurity #Apple #Google #Microsoft #Startup #OpenSource #AndroidAuthority [Android Authority]
macOS 27 Golden Gate includes these changes that Tahoe critics will appreciate
macOS 26 Tahoe made some polarizing design choices that evoked strong responses from critics. While the new design in macOS 27 Golden Gate is still all about Liquid Glass, Apple’s new Mac operating system corrects a lot…
#Tech #Technology #TechNews #AI #Gadgets #Software #Cybersecurity #Apple #Google #Microsoft #Startup #OpenSource #9to5Mac [9to5Mac]
Apple TV just dropped trailers for two upcoming returning shows
Apple TV kicked off its best summer lineup ever last week with thriller series Cape Fear, and today the streamer released trailers for two returning shows coming soon.
https://9to5mac.com/2026/06/09/apple-tv-just-dropped-trailers-for-two-upcoming-returning-shows/
#Tech #Technology #TechNews #AI #Gadgets #Software #Cybersecurity #Apple #Google #Microsoft #Startup #OpenSource #9to5Mac [9to5Mac]
![[?]](https://media.infosec.exchange/infosec.exchange/accounts/avatars/116/392/396/162/876/923/original/118cd3a17bd3317e.png)
Volla Community Days 2026: Europe’s Bet on Independence from Big Tech
While most of the world operates within the Google and Apple ecosystems, a small group of European companies is building an alternative. This year’s…
https://vsx.global/volla-community-days-2026-europes-bet-on-independence-from-big-tech/
![[?]](https://m-cdn.flipboard.social/accounts/avatars/116/714/592/927/309/514/original/63c18d83531199a3.jpg)
Technology moves fast, but continuous learning remains the most valuable skill. Stay curious, keep building, and share what you learn along the way.
#Technology #AI #OpenSource #Programming #Learning #Innovation
iOS 27 adds unique new setting to personalize your iPhone’s Lock Screen
iOS 27 adds a brand new Siri, new features in CarPlay and Apple Wallet, and more—including a unique clock setting to personalize your iPhone’s Lock Screen even more.
#Tech #Technology #TechNews #AI #Gadgets #Software #Cybersecurity #Apple #Google #Microsoft #Startup #OpenSource #9to5Mac [9to5Mac]
![[?]](https://s3.eu-central-2.wasabisys.com/mastodonworld/accounts/avatars/116/738/507/649/809/724/original/08a7319cc909a1ff.jpeg)
Guerre de l'open source et polémiques, tout ce qu'il faut savoir sur le lancement d'Euro Office par NextCloud
Je trouve ça triste que les équipes des projets open source en viennent se comporter comme les sociétés qui représentent le monde du propriétaire. Mais il est vrai que les parts de marché sont difficiles à acquérir et à conserver pour l’open.
Top watchOS 27 features that will enhance your Apple Watch
While watchOS 27 didn’t get much stage time during WWDC 2026, the next Apple Watch software update still packs some great new features. Here’s everything new coming to Apple Watch this fall so far.
https://9to5mac.com/2026/06/09/top-watchos-27-features-that-will-enhance-your-apple-watch/
#Tech #Technology #TechNews #AI #Gadgets #Software #Cybersecurity #Apple #Google #Microsoft #Startup #OpenSource #9to5Mac [9to5Mac]
Nomad debuts limited edition Stand One in color-matching Stellar Orange
The Cosmic Orange iPhone 17 Pro has been my favorite color variation in years. I love how the color just pops. I even recently wrote about my Cosmic Orange-themed everyday carry. The Cosmic Orange color-matching continu…
#Tech #Technology #TechNews #AI #Gadgets #Software #Cybersecurity #Apple #Google #Microsoft #Startup #OpenSource #9to5Mac [9to5Mac]
How to See Which Mac Apps Will Stop Working After macOS Golden Gate
Apple is phasing out support for Rosetta 2, which is a feature that allows Intel-based apps to run on Apple silicon Macs. Rosetta is going to stop working for most apps in macOS 28, and when that happens, apps that use …
https://www.macrumors.com/2026/06/12/macos-golden-gate-rosetta-support/
#Tech #Technology #TechNews #AI #Gadgets #Software #Cybersecurity #Apple #Google #Microsoft #Startup #OpenSource #MacRumors [MacRumors]
![[?]](https://social-heise-de.s3.de.io.cloud.ovh.net/accounts/avatars/109/722/110/464/209/207/original/8c6b0cc3354d3bc1.png)
Drei freie Office-Suiten gegen Microsoft 365 – und ihre Technik im Vergleich
Drei freie Office-Suiten fürs Web, drei völlig verschiedene Architekturen. Was Euro-Office, Collabora Online und die LibreOffice-Pläne technisch unterscheidet.
#DigitaleSouveränität #IT #LibreOffice #Microsoft #OfficeSuite #OpenSource #news
![[?]](https://social-heise-de.s3.de.io.cloud.ovh.net/accounts/avatars/112/881/119/160/228/266/original/baf7ad72ec92f728.jpg)
Three free office suites vs. Microsoft 365 – technology comparison
Three free web office suites, three architectures. What Euro-Office, Collabora Online, and LibreOffice plans differentiate technically.
#DigitaleSouveränität #IT #LibreOffice #Microsoft #OfficeSuite #OpenSource #news
Notion Is Migrating to SwiftUI, Apple Confirms at WWDC
Apple this week confirmed that Notion is migrating its user interface to SwiftUI, citing the app's desire for greater performance and UI consistency than its existing web-based stack can deliver. Notion is a productivit…
https://www.macrumors.com/2026/06/12/notion-is-migrating-to-swiftui/
#Tech #Technology #TechNews #AI #Gadgets #Software #Cybersecurity #Apple #Google #Microsoft #Startup #OpenSource #MacRumors [MacRumors]
Apple to Release These 15 New Products Later This Year
Apple's annual WWDC developers conference is drawing to a close, but there is still a lot to look forward to in the second half of the year. Apple is expected to release at least 15 more products later this year. Now th…
https://www.macrumors.com/2026/06/12/15-new-apple-products-rumored/
#Tech #Technology #TechNews #AI #Gadgets #Software #Cybersecurity #Apple #Google #Microsoft #Startup #OpenSource #MacRumors [MacRumors]
Record AirPods Price Drops and a Rare Switch 2 Sale: This Week's Top Tech Deals
Multiple AirPods models hit record low prices this week, including the AirPods Pro 3 and AirPods Max 2. We're tracking these great discounts alongside an ultra rare discount on a new Switch 2 on Woot, plus a Summer sale…
https://www.macrumors.com/2026/06/12/best-apple-deals-of-the-week-6-12-26/
#Tech #Technology #TechNews #AI #Gadgets #Software #Cybersecurity #Apple #Google #Microsoft #Startup #OpenSource #MacRumors [MacRumors]
iOS 27 Adds Landscape Mode to More Apple Apps Ahead of 'iPhone Ultra'
iOS 27 enables landscape mode in more of Apple's built-in iPhone apps, including Apple Music, Podcasts, Fitness, Health, Reminders, Home, Shortcuts, Apple Watch, Find My, Weather, Voice Memos, Apple TV Remote, and other…
https://www.macrumors.com/2026/06/12/ios-27-landscape-mode-apps/
#Tech #Technology #TechNews #AI #Gadgets #Software #Cybersecurity #Apple #Google #Microsoft #Startup #OpenSource #MacRumors [MacRumors]
Apple Cut Frequencies in WWDC Keynote to Prevent Siri Activations
Apple appears to have modified the audio of this week's WWDC 2026 keynote video whenever "Siri" was mentioned, apparently in an effort to prevent viewers' nearby devices from waking inadvertently during the presentation…
https://www.macrumors.com/2026/06/12/apple-cut-frequencies-to-prevent-siri-activations/
#Tech #Technology #TechNews #AI #Gadgets #Software #Cybersecurity #Apple #Google #Microsoft #Startup #OpenSource #MacRumors [MacRumors]
watchOS 27 Improves Apple Watch Performance in Seven Ways
Apple's software updates previewed during WWDC 2026 this week have followed a distinct pattern: introduce a handful of key new features, while maintaining a focus on refining the underlying platform architecture. watchO…
https://www.macrumors.com/2026/06/12/watchos-27-improves-apple-watch-performance/
#Tech #Technology #TechNews #AI #Gadgets #Software #Cybersecurity #Apple #Google #Microsoft #Startup #OpenSource #MacRumors [MacRumors]
iOS 27: All the New Health and Fitness Features
Apple was rumored to be working on an AI health service, but it was scrapped well before the iOS 27 beta came out. It could resurface in the future, but for now, there are a handful of health and fitness changes in the …
https://www.macrumors.com/guide/ios-27-health-app/
#Tech #Technology #TechNews #AI #Gadgets #Software #Cybersecurity #Apple #Google #Microsoft #Startup #OpenSource #MacRumors [MacRumors]
Apple's Craig Federighi: Siri Won't Be Your AI Girlfriend
Apple software engineering chief Craig Federighi and marketing chief Greg Joswiak sat down for an interview with Mostly Human after during WWDC, discussing the iOS 27 Siri changes, Apple's take on AI, new child safety p…
https://www.macrumors.com/2026/06/11/apple-siri-ai-interview/
#Tech #Technology #TechNews #AI #Gadgets #Software #Cybersecurity #Apple #Google #Microsoft #Startup #OpenSource #MacRumors [MacRumors]
Valve just imported 13 tons of VR headsets in one day
On June 10th, the German container ship Posen docked in Los Angeles after a two-week voyage from Shanghai. As Valve watcher Brad Lynch notes, it was almost certainly carrying the first mass production shipments of the S…
#Tech #Technology #TechNews #AI #Gadgets #Software #Cybersecurity #Apple #Google #Microsoft #Startup #OpenSource #TheVerge [The Verge]
What's New in the iOS 27 Photos App
The Photos app is one of a handful of apps that Apple paid extra attention to in iOS 27. It has multiple improvements to performance, and several quality-of-life upgrades. There are also new AI photo editing tools that …
https://www.macrumors.com/guide/ios-27-photos-app/
#Tech #Technology #TechNews #AI #Gadgets #Software #Cybersecurity #Apple #Google #Microsoft #Startup #OpenSource #MacRumors [MacRumors]
![[?]](https://files.mastodon.social/accounts/avatars/114/626/460/535/570/593/original/5a60224ddf2ccbcb.jpg)
Every code generation LLM model available will at some point suggest insecure code as a part of “code completion”. Should this behavior be considered a vulnerability?
#security #opensource #programming
https://sethmlarson.dev/are-insecure-code-completions-a-vulnerability
Nvidia preps to sell its Vera CPUs into China as its GPU sales stay frozen — customers encouraged to place orders for CPU shipments as early as August
Nvidia has told Chinese clients that its Arm-based Vera server CPUs could be available as soon as August.
#Tech #Technology #TechNews #AI #Gadgets #Software #Cybersecurity #Apple #Google #Microsoft #Startup #OpenSource #TomsHardware [Tom's Hardware]
Amazon Prime Day
Amazon Prime Day
https://www.tomshardware.com/tag/prime-day
#Tech #Technology #TechNews #AI #Gadgets #Software #Cybersecurity #Apple #Google #Microsoft #Startup #OpenSource #TomsHardware [Tom's Hardware]
![[?]](https://cdn.masto.host/mastodonart/accounts/avatars/111/676/341/074/924/781/original/6e61463f7538154f.jpg)
A quick opensource update - "minion" - my command line
journal software - now supports MacOS.
Thanks to a fix from the first contributor to the rebooted version on CodeBerg! Thank you!
Watching sports at home? I'd change these 4 soundbar settings for the most optimal audio
Some of your favorite soundbar settings for music and movies aren't compatible with live sports broadcasts.
https://www.zdnet.com/article/soundbar-settings-sports-tips/
#Tech #Technology #TechNews #AI #Gadgets #Software #Cybersecurity #Apple #Google #Microsoft #Startup #OpenSource #ZDNet [ZDNet]
Radeon RX 9070 XT finally appears in Steam Hardware Survey — RDNA 4 flagship surprisingly lands just behind RTX 5080
AMD’s Radeon RX 9070 XT graphics card has finally penetrated the Steam Survey video card results table, going straight in at position 25.
#Tech #Technology #TechNews #AI #Gadgets #Software #Cybersecurity #Apple #Google #Microsoft #Startup #OpenSource #TomsHardware [Tom's Hardware]
Nvidia's high-speed AI data center storage servers break cover, touting 2.9 petabytes of storage and extreme PCIe 6.0 performance — Wiwynn shows off SC…
Wiwynn is among the first to demonstrate Nvidia SCADA server that promises to offer AI systems petabytes of ultra-fast storage thanks to GPU-accelerated storage acceleration.
#Tech #Technology #TechNews #AI #Gadgets #Software #Cybersecurity #Apple #Google #Microsoft #Startup #OpenSource #TomsHardware [Tom's Hardware]
![[?]](https://autistics-life.s3.bhs.io.cloud.ovh.net/accounts/avatars/114/613/151/536/635/497/original/c49d9783b68a9905.jpg)
@autistics
Announcement: #Voxelibre multiplayer casual game tomorrow (Sat) for 4 hours in the late afternoon to evening (North America). That's in about 24 hours from now.
Voxelibre is a free and #OpenSource #Minecraft clone. More details here: https://docs.autis.toque.im/
Damage has been turned off. People with #Autism, #ADHD or #AuDHD are invited.
Republican lawmakers urge federal agency to block imports of infringing TSMC chips as patent ruling nears — five asserted U.S. patents come from United Microelectronics Corporation
Four Republican members of Congress have urged the U.S. ITC to block imports of foreign-made chips found to infringe U.S. patents
#Tech #Technology #TechNews #AI #Gadgets #Software #Cybersecurity #Apple #Google #Microsoft #Startup #OpenSource #TomsHardware [Tom's Hardware]
Save $300 on Gigabyte's Gaming A16 gaming laptop at Walmart — Budget RTX 5060 -powered 16-inch laptop is now only $1,199
Save $300 on Gigabyte's Gaming A16 gaming laptop at Walmart. Budget RTX 5060 -powered 16-inch laptop is now only $1,199.
#Tech #Technology #TechNews #AI #Gadgets #Software #Cybersecurity #Apple #Google #Microsoft #Startup #OpenSource #TomsHardware [Tom's Hardware]
![[?]](https://files.layer8.space/accounts/avatars/107/412/903/453/710/006/original/861518e8488066a9.png)
Running my own BizzFed instance - a federated, algorithm-free alternative to LinkedIn built on ActivityPub.
🔧 What I added to my fork:
SMTP relay (no Resend dependency)
Account migration wizard (Move activity)
Fixed language switcher (de/en/fr/es)
Fully translated feed UI
Instance: https://bizzfed.haxxors.com
Code: https://git.buechner.me/nbuechner/bizzfed
Thanks to René Hamdorf for the solid original BizzFed foundation!
Save a massive $751 on this RTX 5070 Ti gaming PC with a 9800X3D right now — liquid-cooled, 4K-ready Skytech rig with 32GB DDR5 and a 2TB SSD is now just $2,249
Save $750 on this Skytech gaming PC for gaming at 1440p and 4K, featuring a 9800X3D, RTX 5070 Ti, 32GB DDR5, and a 2 TB SSD.
#Tech #Technology #TechNews #AI #Gadgets #Software #Cybersecurity #Apple #Google #Microsoft #Startup #OpenSource #TomsHardware [Tom's Hardware]
![[?]](https://stockage.framapiaf.org/framapiaf/accounts/avatars/000/009/747/original/708c4b20f7138b45.jpg)
Started a big one for @silex today
▶️ leaving GitHub for code hosting and CI/CD
First step: flattening our meta-repo architecture (git submodules) into a single monorepo, so we migrate one repo to Codeberg or @ow2 's gitlab
This work is funded by @nlnet 🇪🇺 and built in public: I'll toot the journey, the good and the ugly
If you are a Silex user, is it clear to you why GitHub is a problem for libre software?
Several police officers arrested for using controversial Flock AI license plate reader system to stalk romantic partners, says report — investig…
Tens of officers have been fired, and some even arrested, for abuse of the Flock license plate reader system used by police departments throughout the US, according to a new report.
#Tech #Technology #TechNews #AI #Gadgets #Software #Cybersecurity #Apple #Google #Microsoft #Startup #OpenSource #TomsHardware [Tom's Hardware]
Murena /e/ OS 4.0: Android fork facilitates Google services switch
The French company Murena has released the Google-free Android fork /e/ OS 4.0.
#Android #Datenschutz #Fairphone #Google #IT #Linux #Migration #Mobiles #OpenSource #news
Are Facebook and Instagram down? What to know about the Meta outage
Even Messenger and WhatsApp appear to be impacted on Friday morning.
https://www.zdnet.com/article/is-facebook-instagram-messenger-whatsapp-down/
#Tech #Technology #TechNews #AI #Gadgets #Software #Cybersecurity #Apple #Google #Microsoft #Startup #OpenSource #ZDNet [ZDNet]
This single router antenna adjustment improved my internet speed more than I expected
Getting the best Wi-Fi performance requires strategic antenna positioning, proper router placement, and a bit of trial and error. Here's my advice.
https://www.zdnet.com/article/adjusting-router-antenna-fix-wi-fi-problems/
#Tech #Technology #TechNews #AI #Gadgets #Software #Cybersecurity #Apple #Google #Microsoft #Startup #OpenSource #ZDNet [ZDNet]
![[?]](https://media.mementomori.social/accounts/avatars/109/293/050/593/156/468/original/149d4fe6c4f85509.png)
I've received some questions about my algorithm experiments. First off, I'm building this mainly for myself, since I often don't have time to scroll through posts chronologically and just want the best and most important bits from my social media. It's opt-in and currently only an experiment in my fork.
How the "For you" ranked feed on mementomori.social actually works:
First, the ground rules. Again, "For you" is opt-in on our instance. If you never touch the toggle, your home feed stays exactly as it is: chronological, complete, and untouched. Nothing below applies to you. We never turn it on without your consent, and every setting is stored and controlled by you.
Where the posts come from. The feed ranks the newest ~800 posts and boosts from people you follow. If you also enable "Include posts from people you don't follow," trending posts on the instance get mixed in, roughly one in every four slots, and your scrolling can continue through the trending pool once your own feed runs out.
How a post is scored. Every post receives one score made of four parts multiplied together:
1. Engagement: boosts count 3x, replies 2x, favourites 1x.
For posts from other instances, we use counts from their home instance so federation doesn't undercount them.
2. Your affinity to the author: how often you've favourited, boosted, or replied to that person in the last 30 days.
It's logarithmic, the 5th interaction matters much more than the 50th, so no one can dominate your feed just because you liked them a lot once.
3. Time decay: a post loses half its score every 6 hours. Old posts fade no matter how popular they are.
4. A touch of randomness (±10%) so the order isn't fixed.
Freshness. Every post shown to you goes to the back of the line for 2 days. That's why refreshing gives you new posts instead of showing the same viral hit again and again, and why "Load more" always digs deeper instead of repeating.
Housekeeping rules: boosts show the original post. Your own posts and boosts never appear. Private mentions never appear. Brand-new posts wait 15 minutes before entering so they have a bit of time to gather reactions first.
What it does NOT do: There's no tracking beyond one thing: a list of post IDs already shown to you, which auto-deletes after 2 days. No reading your posts, no content analysis, no machine learning, and no profile built about you.
The weights above are the entire model, and your instance admin can adjust every number. Hopefully, if this project matures, you'll be able to adjust every weight yourself.
Code for the curious:
https://github.com/mementomori-social/mastodon/pull/4
Siri is good now??
You'd be forgiven for thinking this day would never come. Siri has spent a decade and half somewhere between "sort of useful at a few things" and "utterly disastrous, why did I even try, can it honestly not even set a t…
https://www.theverge.com/podcast/949079/siri-ai-good-vergecast
#Tech #Technology #TechNews #AI #Gadgets #Software #Cybersecurity #Apple #Google #Microsoft #Startup #OpenSource #TheVerge [The Verge]
![[?]](https://media.infosec.exchange/infosec.exchange/accounts/avatars/114/614/907/486/620/795/original/f2706694126a7cd8.png)
Everyone says they want to share wearable data with doctors — but almost nobody is doing it
We're all tracking our health data and keeping it completely to ourselves.
https://www.androidauthority.com/wearable-data-not-shared-with-doctors-3677183/
#Tech #Technology #TechNews #AI #Gadgets #Software #Cybersecurity #Apple #Google #Microsoft #Startup #OpenSource #AndroidAuthority [Android Authority]
Proxmox Mail Gateway 9.1 erleichtert Kampf gegen Spam und verschlüsselt Backups
Das neue Proxmox Mail Gateway will mehr Komfort beim Mail-Handling bieten und die Möglichkeit, ihre Backups zu verschlüsseln.
#Datenschutz #EMail #IT #Linux #OpenSource #PostgreSQL #Spam #Verschlüsselung #news
I held the Trump phone
Where's the Trump phone? We're going to keep talking about it every week. We've reached out, as usual, to ask about the Trump phone's whereabouts. We don't have the phones we preordered yet, but this week included an un…
https://www.theverge.com/tech/948464/trump-phone-t1-hands-on
#Tech #Technology #TechNews #AI #Gadgets #Software #Cybersecurity #Apple #Google #Microsoft #Startup #OpenSource #TheVerge [The Verge]
![[?]](https://minio.libranet.de/misskey-de/msky/cebe55ee-cda4-47df-bf34-a4f53dfdc4bd.png)
https://www.ebay.de/itm/117245434230
#ebay #ubuntu_phone #ubuntu #tab #ubuntu_mobile #linux #lenovotab @ubports@mastodon.social
![[?]](https://arint.info/system/accounts/avatars/116/093/043/699/009/736/original/117efb477be63b2c.png)
RT @Kimi_Moonshot: 🌘 Kimi-K2.7-Code, unser neuestes Coding-Modell, ist jetzt veröffentlicht und quelloffen verfügbar!
mehr auf Arint.info
#AIRelease #CodeModel #DeveloperTools #KimiAI #MachineLearning #OpenSource #arint_info
![[?]](https://lsbt.me/system/accounts/avatars/109/279/957/800/373/022/original/2d78270719f9925b.jpg)
FediSuite - Fediverse Management Platform
Open-source platform for social media management and analytics
If you manage several Fediverse accounts, you're constantly juggling browser tabs, losing track of which input field belongs to which platform, and at some point you no longer know what you've already posted. #FediSuite brings everything together in one place.
Connect accounts from 19(+) #Fediverse platforms: #Mastodon, #Pixelfed, #Misskey, #Friendica, #PeerTube, #Loops, #Wordpress, #Vernissage and more. The app detects your instance type automatically, loads the correct character limit and media rules straight from your instance, and sets up the composer accordingly. No manual configuration needed.
The analytics go way beyond plain follower counts: daily engagement charts, follower growth, your best posting times as a heatmap, hashtag performance, and a tips engine that evaluates your actual data and gives you concrete suggestions based on your own numbers.
Schedule posts down to the minute in your own time zone. Background workers handle publishing reliably, with resume handling for rate limits and atomic delivery.
FediSuite is free and #OpenSource under the GPL-3.0. Anyone can host their own FediSuite #instance and get it added to the official list automatically.
If you find a bug, especially in the #SelfHosting setup, feel free to report it. The project is being actively developed, and real-world bug reports are among the most valuable contributions right now. The CONTRIBUTING.md explains how it works.
The project lives on donations. Donations guarantee and make it possible for FediSuite to keep going and keep being developed. To support FediSuite, click the yellow button on the website.
More info: https://www.fedisuite.com
Summer Upgrade Week
The sun is out, the sky is clear. It’s time to get outside and disconnect — from work, at least. This summer, we’re looking at all the ways to upgrade our free time indoors and out, from smart lights for the backyard to…
https://www.theverge.com/tech/942658/summer-upgrade-week-2026
#Tech #Technology #TechNews #AI #Gadgets #Software #Cybersecurity #Apple #Google #Microsoft #Startup #OpenSource #TheVerge [The Verge]
![[?]](https://wiseowl.club/fileserver/01JFFAHP31XQ9DXGWR4M2QXFSP/attachment/original/01KJ14VMTQJVC6C32KE0PRJCQY.jpeg)
@AutisticInnovator I'm sorry to hear about all the difficulties! I hope you succeed despite all those nasty people.
I've had a lot of bots on my websites, and I set up Anubis on most of them. Anubis was a pain to configure (took a lot of tinkering to understand how it all worked)! But I'm grateful that is was #OpenSource
Attack wave on Arch Linux: hundreds of package descriptions with malware in AUR
Arch Linux defends itself against a wave of attacks that have massively contaminated package descriptions in the unofficial Arch User Repository with malware.
![[?]](https://media.infosec.exchange/infosec.exchange/accounts/avatars/114/227/755/996/640/989/original/d6c1c5fbb389d991.png)
Security Advisory: CVE-2025-52290 - NULL Pointer Dereference in FFmpeg H.264 Reorder Frame Handling
Processing a crafted media file with `ffmpeg` can trigger a segmentation fault in `avpriv_h264_has_num_reorder_frames()`, causing a denial of service.
Summary:
FFmpeg can crash while demuxing a malformed MPEG/MP4 input that causes H.264 data to be handled through a mismatched AAC `AVCodecContext`. In the observed crash path, the demuxing code reaches `has_decode_delay_been_guessed()` and calls `avpriv_h264_has_num_reorder_frames()` with an invalid or uninitialized H.264 parameter-set state. The function then dereferences `ps.sps` without sufficient validation and triggers a `SEGV` read in `libavcodec/h264dec.c:64`.
The issue is reproducible with the provided PoC media file and was observed in both a standard build and an AddressSanitizer build.
CWE:
CWE-476 - NULL Pointer Dereference
Affected Component:
```
libavcodec/h264dec.c:64
Function: avpriv_h264_has_num_reorder_frames()
libavformat/demux.c:757
Function: has_decode_delay_been_guessed()
```
Affected Product:
FFmpeg / ffmpeg command-line media processing tool.
Affected Version:
The issue was reproduced on FFmpeg version `N-119856-gbe46370941` and commit:
```
be46370941405fb04402d96373a53e2a1846f3ac
```
The local environment notes also reference a tested FFmpeg commit:
```
52441bd4cd0e85bf007473bd2eada2b2083aacf5
```
Attack Conditions:
An attacker supplies a specially crafted media file to a workflow that invokes FFmpeg on attacker-controlled input. This can be a local batch/transcoding workflow, or a network-facing media-processing service that accepts uploads and processes them with FFmpeg.
The crash can be reproduced with:
```
./ffmpeg -i ./1_poc.mp4 -f null
```
No elevated privileges are required. User interaction depends on the deployment model: interactive use requires a user to process the malicious file, while automated upload/transcoding services may trigger the crash without direct user interaction.
Impact:
The observed impact is denial of service due to abnormal process termination. AddressSanitizer reports a `SEGV` caused by a read memory access in:
```
avpriv_h264_has_num_reorder_frames libavcodec/h264dec.c:64:17
```
The prepared materials at the CVE request also note the potential impact on code execution, however, I have not demonstrated any control flow hacking or an exploit to execute working code.
References
- Issue/(+ primary email-report): https://github.com/sigdevel/pocs/blob/main/res/FFmpeg/ffmpeg/1/1_libavcodec_h264dec.c.64_17.md
- PoC: https://github.com/sigdevel/pocs/blob/main/res/FFmpeg/ffmpeg/1/1_poc.mp4
Credits
Alexander A. Shvedov (@sigdevel)
#fuzzing #infosec #security #aflplusplus #revers #cybersecurity #bugbounty #vulnerability #opensource #linux #cve #advisory #media #ffmpeg
Security Advisory: CVE-2025-55648 - Heap Buffer Overflow in GPAC MP4Box Opus Packet Parser
Processing a crafted MP4 file containing corrupted Opus sample-size data with `MP4Box` can trigger a heap buffer overflow in `gf_opus_parse_packet_header()`, causing a crash and potential memory corruption impact.
Summary:
The `gf_opus_parse_packet_header()` function in `media_tools/av_parsers.c` does not sufficiently validate the input buffer length before parsing Opus packet headers. When MP4Box processes a crafted MP4 file with corrupted sample-size (`stsz`) data, the parser reads beyond the bounds of a heap-allocated sample buffer.
AddressSanitizer reports a `heap-buffer-overflow` at `media_tools/av_parsers.c:11297`, with a `READ of size 1` 1242 bytes past a 32-byte heap region allocated by `Media_GetSample()`.
CWE:
CWE-122 - Heap-based Buffer Overflow
Affected Component:
```
media_tools/av_parsers.c:11297
Function: gf_opus_parse_packet_header()
```
Affected Product:
MP4Box (GPAC Multimedia Open Source Project)
Affected Version:
MP4Box versions 2.4 and earlier are affected according to the prepared CVE/MITRE data. The issue was reproduced on a GPAC build at commit:
```
61bbfd2e89553373ba3449b8ec05b5f098d732a5
```
Attack Conditions:
An attacker supplies a crafted MP4 file containing corrupted Opus sample-size (`stsz`) data. The issue can be reproduced locally with:
```
./MP4Box 12_poc.mp4 -dxml
```
No elevated privileges are required. The CVE text describes the attack as network/context-dependent because attacker-controlled media may be processed by MP4Box in automated workflows; manual processing also triggers the issue.
Impact:
The immediate observed impact is Denial of Service due to process termination. Because the bug reads beyond a heap allocation, information disclosure may be possible. The local MITRE data also notes potential arbitrary code execution risk, though the observed ASAN trace is an out-of-bounds read.
Fix / mitigation status:
The local CVE/MITRE data references GPAC fix commit:
```
cea49f684dbc4d53ecd6c76a9623838802a68d88
```
Users should update to a GPAC build containing this commit or later. The affected Opus parser should validate sample buffer length and `stsz`-derived packet sizes before reading packet header fields.
References:
- Issue: https://github.com/gpac/gpac/issues/3190
- PoC: https://github.com/sigdevel/pocs/blob/main/res/gpac/MP4Box/12/12_poc.mp4
- Fix: https://github.com/gpac/gpac/commit/cea49f684dbc4d53ecd6c76a9623838802a68d88
Credit:
@sigdevel (Alexander A. Shvedov)
#fuzzing #infosec #security #aflplusplus #revers #cybersecurity #bugbounty #vulnerability #opensource #linux #cve #advisory #media #gpac
Security Advisory: CVE-2025-55642 - Divide by Zero in GPAC MP4Box AVI Demuxer
Processing a crafted AVI-like media file with `MP4Box` can trigger a division by zero in `avidmx_process()`, causing a floating-point exception and Denial of Service.
Summary:
The `avidmx_process()` function in `filters/dmx_avi.c` does not sufficiently validate frame-count metadata before using it as a divisor during bitrate computation. When MP4Box processes a specially crafted input with invalid AVI frame metadata, such as a `0/256` frame declaration, the DASH processing path attempts to compute bitrate from the bitstream and divides by zero.
AddressSanitizer reports an `FPE` at `filters/dmx_avi.c:639`.
CWE:
CWE-369 - Divide by Zero
Affected Component:
```
filters/dmx_avi.c:639
Function: avidmx_process()
```
Affected Product:
MP4Box (GPAC Multimedia Open Source Project)
Affected Version:
GPAC MP4Box v2.4 is affected according to the CVE request data. The issue was reproduced on a GPAC build at commit:
```
f87b30611380e4dcd03cd4dd9ac553c0ec336826
```
Builds before the fix commit `cea49f684dbc4d53ecd6c76a9623838802a68d88` should be considered affected if they contain the vulnerable AVI demuxer bitrate computation path.
Attack Conditions:
An attacker supplies a crafted AVI-like media file with invalid frame metadata. The issue is triggered while processing the file through MP4Box DASH segmentation, for example with a `-dash` command using `14_poc.mp4`.
No elevated privileges are required. User interaction is required when the victim manually processes the malicious media file, or an automated workflow invokes MP4Box on attacker-controlled input.
Impact:
The immediate observed impact is Denial of Service due to an uncaught floating-point exception and process termination. No evidence of arbitrary code execution was observed.
Fix / mitigation status:
The issue was fixed in GPAC commit:
```
cea49f684dbc4d53ecd6c76a9623838802a68d88
```
Users should update to a GPAC build containing this commit or later. The affected code should validate `num_frames` and related AVI metadata before using frame counts in bitrate calculations.
References:
- Issue: https://github.com/gpac/gpac/issues/3196
- PoC: https://github.com/sigdevel/pocs/blob/main/res/gpac/MP4Box/14/14_poc.mp4
- Fix: https://github.com/gpac/gpac/commit/cea49f684dbc4d53ecd6c76a9623838802a68d88
Credit:
@sigdevel (Alexander A. Shvedov)
#fuzzing #infosec #security #aflplusplus #revers #cybersecurity #bugbounty #vulnerability #opensource #linux #cve #advisory #media #gpac
Security Advisory: CVE-2025-55644 - Use-After-Free in GPAC MP4Box
Processing a crafted MP4 file with invalid BIFS GlobalQuantizer commands causes gf_node_get_tag() to access a freed 192-byte QuantizationParameter node at scenegraph/base_scenegraph.c:1263, resulting in a heap use-after-free and crash.
Summary:
During MPEG-4 BIFS scene decoding, BM_ParseGlobalQuantizer() in bifs/memory_decoder.c first calls gf_node_unregister() at line 176 to release a QuantizationParameter node, freeing the 192-byte heap region. Without clearing the stale pointer, the function then calls gf_node_get_tag() on the same address at line 181, performing a READ of 8 bytes at offset 0 into the freed region. A crafted MP4 containing invalid GlobalQuantizer BIFS commands, corrupted ODF descriptors, and malformed box types (PEC1808, fre) reliably triggers this free-then-use sequence through the -svg dump path.
CWE:
CWE-416 - Use After Free
Affected Component:
```
scenegraph/base_scenegraph.c:1263
```
Affected Product:
MP4Box (GPAC Multimedia Open Source Project)
Affected Version:
MP4Box 2.4 and earlier; tested at commit f5b7cdc63a7f3269040778c5431a8f6c310bc9f3
Attack Conditions:
An attacker supplies a locally accessible crafted MP4 file embedding invalid BIFS scene data. The victim runs MP4Box -svg on the file to trigger BIFS scene parsing. No elevated privileges are required.
Impact:
The use-after-free causes a fatal crash (Denial of Service). Use-after-free vulnerabilities can allow attackers to control freed heap memory contents and potentially redirect execution flow; code execution cannot be excluded.
Fix / mitigation status:
The issue was fixed in GPAC commit:
```
63eccc33d4a2b731ebb31581ff5673a2c0b13ad4
```
Users should update to a GPAC build containing this commit or later.
References:
- Issue: https://github.com/gpac/gpac/issues/3246
- PoC: https://github.com/sigdevel/pocs/blob/main/res/gpac/MP4Box/20/20_poc.mp4
- Fix: https://github.com/gpac/gpac/commit/63eccc33d4a2b731ebb31581ff5673a2c0b13ad4
Credit:
@sigdevel (Alexander A. Shvedov)
#fuzzing #infosec #security #afl #revers #cybersecurity #bugbounty #vulnerability #opensource #linux #cve #advisory #media #gpac
Security Advisory: CVE-2025-55652 - Heap Buffer Overflow in GPAC MP4Box VP Configuration Handling
Processing a crafted MP4 file with malformed VP codec configuration data can trigger a heap buffer overflow in `gf_isom_vp_config_new()`, causing a crash and potential memory corruption.
Summary:
The `gf_isom_vp_config_new()` function in `isomedia/avc_ext.c` does not sufficiently validate buffer boundaries when creating VP codec configuration boxes. A crafted MP4 file with malformed VP codec data, including unknown box types such as `D0ncv` in `stsd`, can cause MP4Box to allocate an undersized box structure and then write VP/NALU configuration data beyond the allocation.
CWE:
CWE-122 - Heap-based Buffer Overflow
Affected Component:
```
isomedia/avc_ext.c:1962
Function: gf_isom_vp_config_new()
```
Affected Product:
MP4Box (GPAC Multimedia Open Source Project)
Affected Version:
MP4Box versions 2.4 and earlier are affected according to the prepared CVE/MITRE data. The issue was reproduced on a GPAC build at commit:
```
74fecde32cd477ab097f3e6db55a32b259f3313d
```
Builds before the fix commit `ad3b541b4f38c8f0ef67544509598f8207ea1207` should be considered affected if they contain the vulnerable VP configuration allocation/write path.
Attack Conditions:
An attacker supplies a crafted MP4 file containing malformed VP codec configuration data. The issue can be reproduced locally with:
```
./MP4Box -dash 10000 ./18_poc.mp4
```
No elevated privileges are required. User interaction is required when the victim manually processes the malicious MP4 file, or an automated media workflow invokes MP4Box on attacker-controlled input.
Impact:
The immediate observed impact is Denial of Service due to process termination. Because the vulnerability is an out-of-bounds heap write, memory corruption and potential arbitrary code execution cannot be ruled out.
Fix / mitigation status:
The issue was fixed in GPAC commit:
```
ad3b541b4f38c8f0ef67544509598f8207ea1207
```
References:
- CVE: https://www.cve.org/CVERecord?id=CVE-2025-55652
- Issue: https://github.com/gpac/gpac/issues/3242
- PoC: https://github.com/sigdevel/pocs/blob/main/res/gpac/MP4Box/18/18_poc.mp4
- Fix: https://github.com/gpac/gpac/commit/ad3b541b4f38c8f0ef67544509598f8207ea1207
Credit:
@sigdevel (Alexander A. Shvedov)
#fuzzing #infosec #security #afl #revers #cybersecurity #bugbounty #vulnerability #opensource #linux #cve #advisory #media #gpac
Security Advisory: CVE-2025-55643 - NULL Pointer Dereference in GPAC MP4Box TrackWriter Handling
Processing a crafted MP4 file during DASH segmentation can trigger a NULL pointer dereference in MP4Box TrackWriter handling, causing a Denial of Service.
Summary:
The DASH fragmentation path in `filters/mux_isom.c` does not sufficiently validate a `TrackWriter` pointer before accessing its members. A crafted MP4 file with malformed metadata boxes can cause the PID-to-track setup to fail, leaving the `TrackWriter` pointer NULL. The muxer then performs member access through the NULL pointer.
CWE:
CWE-476 - NULL Pointer Dereference
Affected Component:
```
filters/mux_isom.c:6621
Function/path: TrackWriter handling during fragmented MP4 muxing
```
Affected Product:
MP4Box (GPAC Multimedia Open Source Project)
Affected Version:
MP4Box versions 2.4 and earlier are affected according to the prepared CVE data. The issue was reproduced on a GPAC build at commit:
```
74fecde32cd477ab097f3e6db55a32b259f3313d
```
Builds before the fix commit `ad3b541b4f38c8f0ef67544509598f8207ea1207` should be considered affected if they contain the vulnerable TrackWriter handling path.
Attack Conditions:
An attacker supplies a crafted MP4 file containing malformed metadata boxes, including malformed `mvcC` / `stsz` data. The issue can be reproduced locally with:
```
./MP4Box -dash 10000 ./17_poc.mp4
```
No elevated privileges are required. User interaction is required when the victim manually processes the malicious MP4 file, or an automated media workflow invokes MP4Box on attacker-controlled input.
Impact:
The immediate observed impact is Denial of Service due to process termination. No evidence of arbitrary code execution was observed.
Fix / mitigation status:
The issue was fixed in GPAC commit:
```
ad3b541b4f38c8f0ef67544509598f8207ea1207
```
Users should update to a GPAC build containing this commit or later. The affected muxing path should validate `TrackWriter` before member access and fail cleanly when track initialization fails.
References:
- Issue: https://github.com/gpac/gpac/issues/3240
- PoC: https://github.com/sigdevel/pocs/blob/main/res/gpac/MP4Box/17/17_poc.mp4
- Fix: https://github.com/gpac/gpac/commit/ad3b541b4f38c8f0ef67544509598f8207ea1207
Credit
@sigdevel (Alexander A. Shvedov)
#fuzzing #infosec #security #afl #revers #cybersecurity #bugbounty #vulnerability #opensource #linux #cve #advisory #media #gpac
![[?]](https://social-heise-de.s3.de.io.cloud.ovh.net/accounts/avatars/109/722/135/333/484/268/original/4c7e67433f6e2701.png)
Angriffswelle auf Arch Linux: Hunderte Paketbeschreibungen mit Malware im AUR
Arch Linux wehrt sich gegen eine Angriffswelle, die massenweise Paketbeschreibungen im inoffiziellen Arch User Repository mit Malware verseucht hat.
Security Advisory: CVE-2025-55641 - NULL Pointer Dereference in GPAC MP4Box Sample Info Copy
Processing a crafted MP4 file with corrupted Sample Auxiliary Information metadata can trigger a NULL pointer dereference in `gf_isom_copy_sample_info()`, causing a Denial of Service and potential memory corruption impact.
Summary:
The `gf_isom_copy_sample_info()` function in `isomedia/isom_write.c` does not sufficiently validate pointers after handling invalid Sample Auxiliary Information (SAI) metadata. A crafted MP4 file can provide corrupted SAI values, such as an invalid `sai_samples` count, causing memory allocation or merge handling to fail. The import path later attempts to copy sample information from a NULL pointer.
AddressSanitizer reports a `SEGV` caused by a `READ` memory access at address `0x000000000000`, with the crash occurring at `isomedia/isom_write.c:8164`.
CWE:
CWE-476 - NULL Pointer Dereference
Affected Component:
```
isomedia/isom_write.c:8164
Function: gf_isom_copy_sample_info()
```
Affected Product:
MP4Box (GPAC Multimedia Open Source Project)
Affected Version:
MP4Box versions 2.4 and earlier are affected according to the prepared CVE/MITRE data. The issue was reproduced on a GPAC build at commit:
```
f87b30611380e4dcd03cd4dd9ac553c0ec336826
```
Attack Conditions:
An attacker supplies a crafted MP4 file containing corrupted SAI metadata. The issue can be reproduced locally with:
```
./MP4Box -add 13_poc.mp4 -new /dev/null -split-size 500
```
No elevated privileges are required. User interaction is required when the victim manually processes the malicious MP4 file, or an automated media workflow invokes MP4Box on attacker-controlled input.
Impact:
The immediate observed impact is Denial of Service due to process termination. The local CVE/MITRE data also marks potential code execution impact; the observed ASAN trace is a NULL pointer read.
Fix / mitigation status:
The issue was fixed in GPAC commit:
```
e38d24b7e3cbdc24e70f0437bf390ac3f2080b52
```
Users should update to a GPAC build containing this commit or later. The affected code should validate SAI metadata, allocation results, and sample-info pointers before copying sample information.
References:
- CVE: https://www.cve.org/CVERecord?id=CVE-2025-55641
- Issue: https://github.com/gpac/gpac/issues/3195
- PoC: https://github.com/sigdevel/pocs/blob/main/res/gpac/MP4Box/13/13_poc.mp4
- Fix: https://github.com/gpac/gpac/commit/e38d24b7e3cbdc24e70f0437bf390ac3f2080b52
Credit:
@sigdevel (Alexander A. Shvedov)
#fuzzing #infosec #security #afl #revers #cybersecurity #bugbounty #vulnerability #opensource #linux #cve #advisory #media #gpac
Security Advisory: CVE-2025-55649 - NULL Pointer Dereference in GPAC MP4Box ESD Mapping
Processing a crafted MP4 file with corrupted Elementary Stream Descriptor data can trigger a NULL pointer dereference in `gf_media_map_esd()`, causing a Denial of Service.
Summary:
The `gf_media_map_esd()` function in `media_tools/isom_tools.c` does not verify that `esd->URLString` is non-NULL before passing it to `strlen()`. When MP4Box processes a crafted MP4 file containing corrupted ESD data during fragmentation setup, `URLString` can be NULL and the process crashes while reading from address `0x000000000000`.
AddressSanitizer reports a `SEGV` in `strlen()`, with the GPAC call site at `media_tools/isom_tools.c:1359`.
CWE:
CWE-476 - NULL Pointer Dereference
Affected Component:
```
media_tools/isom_tools.c:1359
Function: gf_media_map_esd()
```
Affected Product:
MP4Box (GPAC Multimedia Open Source Project)
Affected Version:
MP4Box versions 2.4 and earlier are affected according to the prepared CVE/MITRE data. The issue was reproduced on a GPAC build at commit:
```
09e7063ed0a13b4cee9a180a56dcc21e9f9ade07
```
Attack Conditions:
An attacker supplies a crafted MP4 file containing corrupted ESD data. The issue can be reproduced locally with:
```
./MP4Box -frag 1500 11_poc.mp4
```
No elevated privileges are required. User interaction is required when the victim manually processes the malicious MP4 file, or an automated workflow invokes MP4Box on attacker-controlled media.
Impact:
The immediate observed impact is Denial of Service due to process termination. The crash is a NULL pointer dereference on the zero page; no evidence of arbitrary code execution was observed.
Fix / mitigation status:
The local CVE/MITRE data references GPAC fix commit:
```
10c16d54659b1b82dd49573dfeacfa9a5627a115
```
Users should update to a GPAC build containing this commit or later. The affected code should validate `esd`, `esd->URLString`, and related ESD fields before string operations.
References:
- Issue: https://github.com/gpac/gpac/issues/3183
- PoC: https://github.com/sigdevel/pocs/blob/main/res/gpac/MP4Box/11/11_poc.mp4
- Fix: https://github.com/gpac/gpac/commit/10c16d54659b1b82dd49573dfeacfa9a5627a115
Credit:
@sigdevel (Alexander A. Shvedov)
#fuzzing #infosec #security #afl #revers #cybersecurity #bugbounty #vulnerability #opensource #linux #cve #advisory #media #gpac
You can now beat ChatGPT Codex rate limits, if you have friends
OpenAI launches a new (temporary) referral system that rewards you and a friend with bankable rate limit resets.
https://www.androidauthority.com/openai-chatgpt-codex-rate-limit-resets-referral-program-3677035/
#Tech #Technology #TechNews #AI #Gadgets #Software #Cybersecurity #Apple #Google #Microsoft #Startup #OpenSource #AndroidAuthority [Android Authority]
Homebrew 6.0 sichert Paketquellen ab
Homebrew 6.0 ist da: Externe Paketquellen müssen sich künftig als vertrauenswürdig erweisen. Dazu gibt es eine Linux-Sandbox und eine schnellere Standard-API.
#IT #Linux #macOS #OpenSource #Security #Softwareentwicklung #news
Mein Desktop unter Fedora 44 Gnome 50.2 die Nutzung von Linux und Open Source Software mit entsprechenden Messengern und Mail Anwendungen und ohne Google / Microsoft / Apple und mit KI dann wenn ich sie haben möchte ist und bleibt einfach eine bessere und auch Nachhaltigerer und vor allem Selbst bestimmender Umgang mit Informationstechnologie.
Bild Bearbeitung ist mit den zur Verfügung stehen Tools unter Linux gar kein Problem funzt viel schneller als unter Windows
#darktable #gimp #shotwell
#DailyDesktop
#ShareYourDesktop
#UnixPorn
#mywork
#duisburg
#fedora44 #gnulinux #Linux #mydesktop #opensource #fedora #libreoffice #fairphone4 #murenacloud #evolution #digitaleselbstbestimmung #onlyoffice #digitaleselbstverteidigung #digitalenachhaltigkeit #signal #telegram #Verschlüsselung #openpgp #rkhunter #lynis #firewall
Alt...
Zu sehen ist mein Fedora Linux Desktop mit einem von mir in Düssseldorf Angermund Aufgenommen Bild von Kornblumen und Magarieten am wegesrand vor einem Kornfeld was noch grün ist.
![[?]](https://social-heise-de.s3.de.io.cloud.ovh.net/accounts/avatars/109/720/732/052/060/290/original/663188955d7f0401.png)
Murena /e/ OS 4.0: Android-Fork soll Umstieg von Google-Diensten erleichtern
Das französische Unternehmen Murena hat den Google-freien Android-Fork /e/ OS 4.0 veröffentlicht.
#Android #Datenschutz #Fairphone #Google #IT #Linux #Migration #Mobiles #OpenSource #news
Spotify’s hated disco ball icon is finally gone for good
Spotify's latest iOS update quietly ended a month of disco-themed misery.
https://www.androidauthority.com/spotify-disco-ball-icon-gone-3677022/
#Tech #Technology #TechNews #AI #Gadgets #Software #Cybersecurity #Apple #Google #Microsoft #Startup #OpenSource #AndroidAuthority [Android Authority]
![[?]](https://files.mastodon.social/accounts/avatars/111/685/046/419/146/552/original/3b74d5830c326914.png)
Aus dem Linux-Magazin 07/2026 (geschrieben von @veit und mir):
Wie LLM-Agenten Open-Source-Projekte gefährden
https://www.linux-magazin.de/ausgaben/2026/07/gefahr-durch-llms/
Danke an das Murena Team auch e/os auf dem Fairphone sieht in Version 4.0 ganz Schick aus.
#linux #opensource #murena #digitaleselbstbestimmung #nobigtech
AAPL Stock Slides Following WWDC, But Analysts Broadly Raise Targets
Apple shares have lost roughly $25 per share this week following the company's WWDC 2026 keynote, though a wave of upward analyst price target revisions suggests Wall Street's longer-term view of Apple remains construct…
https://www.macrumors.com/2026/06/11/aapl-stock-slides-following-wwdc/
#Tech #Technology #TechNews #AI #Gadgets #Software #Cybersecurity #Apple #Google #Microsoft #Startup #OpenSource #MacRumors [MacRumors]
Apple Agrees to Let Jon Prosser Formally Contest iOS 26 Leak Lawsuit
Apple and leaker Jon Prosser have jointly asked a federal court to set aside the default judgment entered against him last October, with Prosser agreeing to hand over documents he had thus far failed to fully produce. A…
https://www.macrumors.com/2026/06/11/apple-agrees-to-let-jon-prosser-contest-lawsuit/
#Tech #Technology #TechNews #AI #Gadgets #Software #Cybersecurity #Apple #Google #Microsoft #Startup #OpenSource #MacRumors [MacRumors]
Siri won’t be your AI girlfriend
‘Listen, that's not what I'm here for, right?' | Image: Apple Our early testing has already shown that Siri AI knows when to shut up, and that's very much by design. In an interview with Mostly Human, Craig Federighi sa…
https://www.theverge.com/tech/948890/siri-wont-be-your-ai-girlfriend
#Tech #Technology #TechNews #AI #Gadgets #Software #Cybersecurity #Apple #Google #Microsoft #Startup #OpenSource #TheVerge [The Verge]
Telegram’s Wear OS app makes a comeback, now with full chats, voice notes, and more
Telegram finally fits on your wrist properly.
https://www.androidauthority.com/telegram-wear-os-return-3677006/
#Tech #Technology #TechNews #AI #Gadgets #Software #Cybersecurity #Apple #Google #Microsoft #Startup #OpenSource #AndroidAuthority [Android Authority]
Touchscreen MacBook '100% Confirmed,' Says Reputable Leaker
Apple's first touchscreen MacBook is now "100% confirmed," according to the prolific Chinese leaker known as Instant Digital, who appears to have insider information from sources in the supply chain. The leaker made the…
https://www.macrumors.com/2026/06/11/touchscreen-macbook-confirmed-leaker/
#Tech #Technology #TechNews #AI #Gadgets #Software #Cybersecurity #Apple #Google #Microsoft #Startup #OpenSource #MacRumors [MacRumors]
The End of uBlock Origin in Chrome: What's Really Changing and What to Do About It
In early June 2026, it was confirmed that Chrome was also losing its last technical capabilities that had kept…
Asahi Linux warns against upgrading to macOS 27 “Golden Gate”
Users of Asahi Linux should not update to the beta version of macOS 27 “Golden Gate,” the project currently warns.
Asahi Linux warnt vor Upgrade auf macOS 27 „Golden Gate“
Nutzer von Asahi Linux sollen nicht auf die Beta-Version macOS 27 „Golden Gate“ aktualisieren, warnt das Projekt aktuell.
The Galaxy Z Fold 7 is finally getting the S26’s Galaxy AI features
Samsung's foldable phones are now getting S26-exclusive Galaxy AI features.
https://www.androidauthority.com/galaxy-z-fold-7-one-ui-update-ai-features-3676999/
#Tech #Technology #TechNews #AI #Gadgets #Software #Cybersecurity #Apple #Google #Microsoft #Startup #OpenSource #AndroidAuthority [Android Authority]
WWDC 2026 Keynote Marked a Major Departure From Previous Years
Apple's WWDC 2026 keynote broke from a longstanding format tradition, abandoning the platform-by-platform structure that has defined the annual developer conference for years in favor of a theme-driven presentation. Pre…
https://www.macrumors.com/2026/06/11/wwdc-2026-keynote-major-departure/
#Tech #Technology #TechNews #AI #Gadgets #Software #Cybersecurity #Apple #Google #Microsoft #Startup #OpenSource #MacRumors [MacRumors]
Apple Maps to Get These 10 New Features in iOS 27
Apple Maps is getting a range of new features in iOS 27, headlined by an upgraded Flyover experience that uses AI to improve the realism and detail of its aerial imagery. Flyover is a longstanding feature of Apple Maps…
https://www.macrumors.com/2026/06/11/apple-maps-to-get-these-10-new-features-in-ios-27/
#Tech #Technology #TechNews #AI #Gadgets #Software #Cybersecurity #Apple #Google #Microsoft #Startup #OpenSource #MacRumors [MacRumors]
OpenAI bans China-linked ChatGPT accounts that amplified US data center electricity price backlash — used AI-generated cartoons to st…
OpenAI says it has banned two clusters of ChatGPT accounts it believes are operating from China, and that used its models for covert influence campaigns targeting U.S. tech and policy debates.
#Tech #Technology #TechNews #AI #Gadgets #Software #Cybersecurity #Apple #Google #Microsoft #Startup #OpenSource #TomsHardware [Tom's Hardware]
@delta Thanks for making a consistent client experience on all platforms. The #iPadOs client is great, and this despite the #Apple ecosystem being quite an awkward fit to #OpenSource projects.
Memory famine compels GPU vendors to re-release 2020 graphics cards — GeForce RTX 3060 and GeForce RTX 3050 return to Asian market
Graphics card manufacturer Manli adds new GeForce RTX 3060 and GeForce RTX 3050 SKUs to its portfolio.
#Tech #Technology #TechNews #AI #Gadgets #Software #Cybersecurity #Apple #Google #Microsoft #Startup #OpenSource #TomsHardware [Tom's Hardware]
RT @RyanLeeMiniMax: Hallo zusammen — unsere Hochleistungs-MSA-Kernbibliothek ist jetzt Open-Source. Die M3-Gewichte werden voraussichtlich diesen Freitag veröffentlicht. Vielen Dank für eure Geduld! Github: https://github.com/MiniMax-AI/MSA Paper: https://github.com/MiniMax-AI/MSA/blob/main/docs/MiniMaxSparseAttention.pdf
mehr auf Arint.info
#AI #DeepLearning #MachineLearning #MiniMax #MSA #OpenSource #arint_info
After spat with Chinese gov't, Meta cuts AI Manus off from its internal systems and is 'sunsetting' platform, report claims — Beijing-ordered breakup of $2 billion AI deal begins
Meta has finished separating its operations from Manus, the Chinese-founded agentic AI startup it acquired for roughly $2 billion in December.
#Tech #Technology #TechNews #AI #Gadgets #Software #Cybersecurity #Apple #Google #Microsoft #Startup #OpenSource #TomsHardware [Tom's Hardware]
Watching the World Cup online is easier with these VPN deals — deals for watching the FIFA World Cup 2026
A choice of VPN subscriptions to cover you over the FIFA World Cup 2026 and beyond. Stay safe online for less.
#Tech #Technology #TechNews #AI #Gadgets #Software #Cybersecurity #Apple #Google #Microsoft #Startup #OpenSource #TomsHardware [Tom's Hardware]
Massive 8TB SD cards are set to ship 'shortly' after a two-year delay — mind-blowing storage at possibly bank-breaking prices
Notebookcheck reports that 8TB SD cards will soon hit the retail market, although an exact launch date and pricing remain a mystery.
#Tech #Technology #TechNews #AI #Gadgets #Software #Cybersecurity #Apple #Google #Microsoft #Startup #OpenSource #TomsHardware [Tom's Hardware]
Louis Rossmann is suing Samsung after firm offers $330 refund for defective SSD while selling the drives on Amazon for $949 — spat over 4TB 990 Pro SSD is headed to court
Right to Repair activist Louis Rossman threatens to sue Samsung after the SSD maker failed to replace his dead 990 Pro 4TB SSD under warranty.
#Tech #Technology #TechNews #AI #Gadgets #Software #Cybersecurity #Apple #Google #Microsoft #Startup #OpenSource #TomsHardware [Tom's Hardware]
Deezer Launches AI Music Detector for Apple Music, Spotify, and More
French music platform Deezer has launched a free online tool that can detect AI-generated tracks in Apple Music playlists, as well as playlists created on other streaming platforms. "No other company has followed our le…
https://www.macrumors.com/2026/06/11/deezer-launches-ai-music-detector/
#Tech #Technology #TechNews #AI #Gadgets #Software #Cybersecurity #Apple #Google #Microsoft #Startup #OpenSource #MacRumors [MacRumors]
10 useful smart home gadgets that make life so much easier (and are affordable)
After testing hundreds of smart home devices, I rounded up the best options to get started with your smart home without breaking the bank.
https://www.zdnet.com/article/smart-home-on-a-budget-2026/
#Tech #Technology #TechNews #AI #Gadgets #Software #Cybersecurity #Apple #Google #Microsoft #Startup #OpenSource #ZDNet [ZDNet]
![[?]](https://cdn.fosstodon.org/accounts/avatars/000/110/088/original/4da529e121b6a01d.png)
Episode 1 in a series by Swissinfo.
"Switzerland wants digital sovereignty, but can it really distance itself from Big Tech? Two Swissinfo journalists tried cutting ties with US tech giants. Here’s what happened."
CVE-2025-55650 - Heap Use-After-Free in GPAC MP4Box SVG Node Handling
Summary
Processing a crafted MP4 file with `MP4Box -svg` can trigger a heap use-after-free in `gf_svg_node_del()`, causing a crash and possible memory corruption.
The `gf_svg_node_del()` function in `scenegraph/svg_types.c` does not ensure that freed SVG node memory is not accessed again during scene graph cleanup. When MP4Box parses a crafted MP4 file through the MPEG-4 LASeR/SVG scene dump path, an SVG node is freed and then dereferenced again.
AddressSanitizer reports a heap-use-after-free at `scenegraph/svg_types.c:107`, with a `READ of size 8` from a 24-byte heap region that was previously freed in `gf_svg_node_del()` at `scenegraph/svg_types.c:126` and allocated by `gf_svg_create_node()` at `scenegraph/svg_types.c:65`.
Affected Component
`scenegraph/svg_types.c:107`
Function: `gf_svg_node_del()`
Affected Product
MP4Box (GPAC Multimedia Open Source Project)
Affected Version
GPAC MP4Box v2.4.
The issue was reproduced on a GPAC build at commit `46be5f928660530d5332cd2f1d177208737558ef`.
Attack Conditions
An attacker supplies a crafted MP4 file that reaches the SVG/LASeR scene parsing path. The issue can be reproduced with:
```
./MP4Box -svg 10_poc.mp4
```
No elevated privileges are required. User interaction is required when a victim manually processes the malicious MP4 file; automated workflows that invoke MP4Box on attacker-controlled media may also trigger the issue.
Impact
The observed impact is denial of service due to process termination. Because the vulnerability is a heap use-after-free, memory corruption and potential arbitrary code execution cannot be ruled out.
CWE
CWE-416 - Use After Free
Fix
The issue was fixed in GPAC commit `6be6f62e2a079ebccf3a9e57c27787fd16e645de`.
Users should update to a GPAC build containing this commit or later. The affected scene graph cleanup code should prevent use of freed SVG nodes and ensure node lifetime and registration state are handled consistently during scene reset and deletion.
References
- Issue: https://github.com/gpac/gpac/issues/3162
- PoC: https://github.com/sigdevel/pocs/blob/main/res/gpac/MP4Box/10/10_poc.mp4
- Fix: https://github.com/gpac/gpac/commit/6be6f62e2a079ebccf3a9e57c27787fd16e645de
Credits
@sigdevel (Alexander A. Shvedov)
#fuzzing #infosec #security #afl #revers #cybersecurity #bugbounty #vulnerability #opensource #linux #cve #advisory #media #gpac
CVE-2025-55661 - Heap Buffer Overflow in GPAC MP4Box Opus Header Parser
Summary:
Processing a crafted MP4 file containing malformed Opus audio packets with MP4Box can trigger a heap buffer overflow in `gf_opus_parse_packet_header()`, causing a crash and possible information disclosure from an out-of-bounds heap read.
The `gf_opus_parse_packet_header()` function in `media_tools/av_parsers.c` does not sufficiently validate the input buffer size before reading Opus packet header fields. When MP4Box parses crafted Opus audio packet data, the parser reads one byte beyond the end of a heap-allocated sample buffer.
AddressSanitizer reports a heap-buffer-overflow at `media_tools/av_parsers.c:11326`, with a `READ of size 1` immediately after a 3-byte heap region allocated by `Media_GetSample()`.
Affected Component:
`media_tools/av_parsers.c:11326`
Function: `gf_opus_parse_packet_header()`
Affected Product:
MP4Box (GPAC Multimedia Open Source Project)
Affected Version:
GPAC MP4Box v2.4
The issue was reproduced on a GPAC build at commit `ff8249a407685d00ceb5f4d2a798b9cad195140e`.
Attack Conditions:
An attacker supplies a crafted MP4 file containing malformed Opus audio packet data, such as an invalid TOC code 3 length. The issue can be reproduced with:
```
./MP4Box 9_poc.mp4 -dxml -out /dev/null
```
No elevated privileges are required. The attack is context-dependent because attacker-controlled media may be processed by MP4Box in automated workflows; manual processing also triggers the issue.
Impact:
The observed impact is denial of service due to process termination. Because the bug reads beyond a heap allocation, adjacent heap memory disclosure may also be possible.
CWE:
CWE-122 - Heap-based Buffer Overflow
Fix:
The issue was fixed in GPAC commit `d523e7190ccdcf2c13a698080f4f30dc933bd34c`.
Users should update to a GPAC build containing this commit or later. The affected Opus parser should validate the sample buffer length before reading TOC and packet header fields.
References:
- Issue: https://github.com/gpac/gpac/issues/3160
- PoC: https://github.com/sigdevel/pocs/blob/main/res/gpac/MP4Box/9/9_poc.mp4
- Fix: https://github.com/gpac/gpac/commit/d523e7190ccdcf2c13a698080f4f30dc933bd34c
Credits:
@sigdevel (Alexander A. Shvedov)
#fuzzing #infosec #security #afl #revers #cybersecurity #bugbounty #vulnerability #opensource #linux #cve #advisory #media #gpac
Security Advisory: CVE-2025-55663 - NULL Pointer Dereference in GPAC MP4Box Track Descriptor Handling
Summary:
Processing a crafted MP4 file containing an unsupported box type with `MP4Box` can trigger a NULL or invalid pointer dereference in `Track_SetStreamDescriptor()`, causing a Denial of Service.
The `Track_SetStreamDescriptor()` function in `isomedia/track.c` mishandles sample entry pointers when importing malformed MP4 files containing an unknown `svcC` box inside an `av01` parent box. The unsupported box path can leave the relevant sample entry pointer uninitialized or invalid, and the import/update path later dereferences it.
AddressSanitizer reports a `SEGV` caused by a `READ` memory access at `isomedia/track.c:1677`.
CWE:
CWE-476 - NULL Pointer Dereference
Affected Component:
```
isomedia/track.c:1677
Function: Track_SetStreamDescriptor()
```
Affected Product:
MP4Box (GPAC Multimedia Open Source Project)
Affected Version:
MP4Box versions 2.4 and earlier are affected according to the prepared CVE/MITRE data. The issue was reproduced on a GPAC build at commit:
```
15a4ac2dff38cdbb8b43e7c84fb1595ee80d81ac
```
Attack Conditions:
An attacker supplies a crafted MP4 file containing an unsupported `svcC` box inside an `av01` parent box. The issue can be reproduced locally with:
```
./MP4Box -add 8_poc.mp4 -new /dev/null -ab 1024
```
No elevated privileges are required. User interaction is required when the victim manually processes the malicious MP4 file, or an automated workflow invokes MP4Box on attacker-controlled media.
Impact:
The immediate observed impact is Denial of Service due to process termination. The local MITRE data notes potential code execution risk; the observed trace shows an invalid read and segmentation fault.
Fix:
The issue was fixed in GPAC commit:
```
78c2c9be29a41b38eca2c53d280442088a71dab9
```
Users should update to a GPAC build containing this commit or later. The affected code should validate sample entry pointers and unsupported box handling before changing stream descriptors or importing media configuration.
References
- Issue: https://github.com/gpac/gpac/issues/3143
- PoC: https://github.com/sigdevel/pocs/blob/main/res/gpac/MP4Box/8/8_poc.mp4
- Fix: https://github.com/gpac/gpac/commit/78c2c9be29a41b38eca2c53d280442088a71dab9
Credits
Alexander A. Shvedov (@sigdevel)
#fuzzing #infosec #security #afl #revers #cybersecurity #bugbounty #vulnerability #opensource #linux #cve #advisory #media #gpac
Security Advisory: CVE-2025-55660 - Stack-based Buffer Overflow in GPAC MP4Box Opus Parser
Summary:
Processing a crafted MP4 file containing malformed Opus audio packets with `MP4Box` can trigger a stack-based buffer overflow in `gf_opus_read_length()`, causing a crash and potential memory corruption.
The `gf_opus_read_length()` function in `media_tools/av_parsers.c` does not sufficiently validate Opus packet sizes before writing packet length information. When MP4Box parses a crafted MP4 file containing malformed non-self-delimited Opus packet data, the parser can write two bytes beyond the bounds of a stack object used by the Opus inspection path.
AddressSanitizer reports a `stack-buffer-overflow` at `media_tools/av_parsers.c:11140`, with a `WRITE of size 2` overflowing the `pckh` stack object in `gf_inspect_dump_opus_internal()`.
CWE:
CWE-121 - Stack-based Buffer Overflow
Affected Component:
```
media_tools/av_parsers.c:11140
Function: gf_opus_read_length()
```
Affected Product:
MP4Box (GPAC Multimedia Open Source Project)
Affected Version:
MP4Box versions 2.4 and earlier are affected according to the prepared CVE/MITRE data. The issue was reproduced on a GPAC build at commit:
```
ff8249a407685d00ceb5f4d2a798b9cad195140e
```
Attack Conditions:
An attacker supplies a crafted MP4 file containing malformed Opus audio packets, such as a non-self-delimited Opus packet with an invalid odd length. The issue can be reproduced locally with:
```
./MP4Box -add 7_poc.mp4 -dxml -out /dev/null
```
No elevated privileges are required. User interaction is required when the victim manually processes the malicious MP4 file, or an automated workflow invokes MP4Box on attacker-controlled media.
Impact:
The immediate observed impact is Denial of Service due to process termination. Because the vulnerability is a stack-based buffer overflow with attacker-controlled media input, memory corruption and potential arbitrary code execution cannot be ruled out.
Fix:
The issue was fixed in GPAC commit:
```
d523e7190ccdcf2c13a698080f4f30dc933bd34c
```
Users should update to a GPAC build containing this commit or later. The affected Opus parsing code should validate packet sizes and frame-length constraints before writing length fields into packet header structures.
References:
- Issue: https://github.com/gpac/gpac/issues/3161
- PoC: https://github.com/sigdevel/pocs/blob/main/res/gpac/MP4Box/7/7_poc.mp4
- Fix: https://github.com/gpac/gpac/commit/d523e7190ccdcf2c13a698080f4f30dc933bd34c
Credits:
Alexander A. Shvedov (@sigdevel)
#fuzzing #infosec #security #afl #revers #cybersecurity #bugbounty #vulnerability #opensource #linux #cve #advisory #media #gpac
Euro-Office 1.0 arrives to open-source infighting: 'Compatibility is not sovereignty'
The new cloud-based, open-source alternative to Microsoft 365 and Google Workspace is here, as LibreOffice backers lambast its reliance on Microsoft document formats.
https://www.zdnet.com/article/euro-office-is-here-libreoffice-supporters-arent-happy/
#Tech #Technology #TechNews #AI #Gadgets #Software #Cybersecurity #Apple #Google #Microsoft #Startup #OpenSource #ZDNet [ZDNet]
Amazon’s Echo Hub gets a customizable new look and Ring’s AI features
Amazon's rolling out a free software update for Echo Hub devices that gives the home screen a much-needed update to the interface it launched with in 2024. It had already added Alex Plus AI support, but the new interfac…
https://www.theverge.com/tech/948814/amazon-echo-hub-homescreen-redesign
#Tech #Technology #TechNews #AI #Gadgets #Software #Cybersecurity #Apple #Google #Microsoft #Startup #OpenSource #TheVerge [The Verge]
Security Advisory: CVE-2025-70102 - NULL Pointer Dereference in dhcpcd parse_option
Summary
A crafted dhcpcd configuration input can trigger undefined behavior in the configuration parser by causing `parse_option()` to access a member through a NULL `struct dhcp_opt` pointer.
The issue is located in `src/if-options.c` in `parse_option()`. During parsing of malformed or unexpected option data, the lookup/parsing path can leave the local DHCP option pointer unset. The affected code then assumes the option pointer is valid and accesses embedded option metadata through it, which results in a NULL pointer member access at `src/if-options.c:1886`.
CWE:
CWE-758 - Reliance on Undefined, Unspecified, or Implementation-Defined Behavior
Affected Component:
```
src/if-options.c:1886
Function: parse_option()
```
Affected Product:
dhcpcd
Affected Version:
The issue was reproduced against dhcpcd commit:
```
2de751b3691642151a4fdc49e444d6b4dc364e98
```
Attack Conditions:
An attacker must cause dhcpcd to process a crafted configuration input that reaches the vulnerable option parsing path. The issue was reproduced in an instrumented fuzzing build of the dhcpcd configuration reader.
Impact:
The vulnerability causes undefined behavior and process termination under the sanitizer build, resulting in Denial of Service. No evidence of arbitrary code execution was observed in the local crash data.
Fix:
The issue was fixed in dhcpcd commit:
```
117742d755b591764036dd4218f314f748a3d2b7
```
The fix ensures that the pointed-to local DHCP option entry is non-NULL before it is dereferenced. Users should update to a dhcpcd build containing this commit or later.
References
- Issue: https://github.com/NetworkConfiguration/dhcpcd/issues/567
- Fix: https://github.com/NetworkConfiguration/dhcpcd/commit/117742d755b591764036dd4218f314f748a3d2b7
- PoC: https://github.com/sigdevel/pocs/blob/main/res/dhcpcd/1/if-options_c_1886/if-options_c_1886
Credits
Alexander A. Shvedov (@sigdevel)
#fuzzing #infosec #security #afl #revers #cybersecurity #bugbounty #vulnerability #opensource #linux #cve #advisory #dhcp #net #dhcpcd
Security Advisory: CVE-2025-55657 - NULL Pointer Dereference in GPAC MP4Box VVC Configuration Writer
Processing a crafted MP4 file containing malformed or unsupported VVC configuration data with `MP4Box` can trigger a NULL pointer dereference in `gf_odf_vvc_cfg_write_bs()`, causing a Denial of Service.
Summary:
The `gf_odf_vvc_cfg_write_bs()` function in `odf/descriptors.c` does not validate that the pointer to VVC configuration NAL unit data is non-NULL before using it. When MP4Box processes a crafted MP4 file containing an unsupported `vvc16` box inside the `stsd` parent box, the VVC configuration write path can receive a NULL configuration pointer and dereference it.
AddressSanitizer reports a `SEGV` caused by a `READ` memory access at address `0x000000000000`, with the crash occurring at `odf/descriptors.c:1267`.
CWE:
CWE-476 - NULL Pointer Dereference
Affected Component:
```
odf/descriptors.c:1267
Function: gf_odf_vvc_cfg_write_bs()
```
Affected Product:
MP4Box (GPAC Multimedia Open Source Project)
Affected Version:
MP4Box versions 2.4 and earlier are affected according to the prepared CVE/MITRE data. The issue was reproduced on a GPAC build at commit:
```
ff8249a407685d00ceb5f4d2a798b9cad195140e
```
Builds before the fix commit `34495b9db132be2adb6edd2ab7a28e5f8d5cd2e5` should be considered affected if they contain the vulnerable VVC configuration write path.
Attack Conditions:
An attacker supplies a crafted MP4 file containing malformed VVC configuration data, including an unsupported `vvc16` sample description box. The issue can be reproduced locally with:
```
./MP4Box -add 6_poc.mp4 -new ./test -split-size 500
```
No elevated privileges are required. User interaction is required when the victim manually processes the malicious MP4 file, or an automated workflow invokes MP4Box on attacker-controlled media.
Impact:
The immediate observed impact is Denial of Service due to process termination. The crash is a NULL pointer dereference on the zero page; no evidence of arbitrary code execution was observed.
Fix / mitigation status:
The issue was fixed in GPAC commit:
```
34495b9db132be2adb6edd2ab7a28e5f8d5cd2e5
```
Users should update to a GPAC build containing this commit or later. The affected code should validate VVC configuration pointers and reject malformed or unsupported VVC sample description data before writing VVC configuration records.
References:
- Issue: https://github.com/gpac/gpac/issues/3157
- PoC: https://github.com/sigdevel/pocs/blob/main/res/gpac/MP4Box/6/6_poc.mp4
- Fix: https://github.com/gpac/gpac/commit/34495b9db132be2adb6edd2ab7a28e5f8d5cd2e5
Credit
@sigdevel
#fuzzing #infosec #security #afl #revers #cybersecurity #bugbounty #vulnerability #opensource #linux #cve #advisory #media #gpac
![[?]](https://cdn.fosstodon.org/accounts/avatars/108/241/177/240/046/462/original/55de486719b3da80.png)
Everyone who uses Linux today had a moment where something clicked after way too long.
What's one thing you wish someone had told you when you were starting out?
Drop it in the comments! Someone reading this probably needs exactly what you're about to share.
#RockyLinux #Linux #OpenSource #LearnLinux #SysAdmin #Community
Buying a school laptop? 4 things I'd consider first (and my top 10 picks)
Your laptop can make or break or time in college, so you want to make sure you get the right one. Here's what to consider.
https://www.zdnet.com/article/how-to-pick-a-laptop-for-college/
#Tech #Technology #TechNews #AI #Gadgets #Software #Cybersecurity #Apple #Google #Microsoft #Startup #OpenSource #ZDNet [ZDNet]
We just shipped some new features of our own to mementomori.social! 🎉
New:
- "For you" feed (experimental). Open your home column settings and switch on "Ranked order" to try an algorithmic feed: posts ranked by engagement and by who you interact with, fresh content on every refresh, and you'll rarely see the same post twice. Flip on "Include posts from people you don't follow" to discover new accounts beyond your follows. See someone interesting there? Tap the + on their avatar to follow them.
- PageUp and PageDown scroll the page normally again (thanks @anotherdream for the feedback on this one!)
- The navigation is a bit tidier: Collections and Followed hashtags now live under "More".
The For you feed is fully opt-in. Your home feed stays exactly as it was unless you turn it on. Feedback very welcome!
Fork source and PR drafts available: https://github.com/mementomori-social/mastodon/tree/mementomods-2026-06-07
Full feature list: https://help.mementomori.social/mementomori.social/instance-features
Holy shit, my "For You" feed experiment is working in production!
Draft: https://github.com/mementomori-social/mastodon/pull/4
#MementoMoriSocial #Mastodon #OpenSource #BuildInPublic
Alt...
A screenshot of "For you" feed
Roborock’s Q10 S5 Plus robovac is over half off, matching its best price to date
Roborock’s Q10 S5 Plus comes with a self-emptying dock and is under $300. | Image: Roborock Even at full price, the Roborock Q10 S5 Plus offers impressive value, boasting features typically reserved for pricier robovac …
https://www.theverge.com/gadgets/948529/roborock-q10-s5-plus-robot-vacuum-mop-deal-sale
#Tech #Technology #TechNews #AI #Gadgets #Software #Cybersecurity #Apple #Google #Microsoft #Startup #OpenSource #TheVerge [The Verge]
![[?]](https://files.mastodon.social/accounts/avatars/111/228/343/080/661/940/original/c3720e26cb4e4a8b.png)
Quick fact: if you've ever streamed content on Netflix, used a PlayStation, or sent a packet through a Juniper router, you've touched FreeBSD.
Learn more about how FreeBSD is used today: https://freebsdfoundation.org/end-user-stories/
#FreeBSD #OpenSource #Infrastructure #FreeBSDDay #SysAdmin
Price hikes are coming for another big Android brand
Huawei's feeling the memory crunch.
https://www.androidauthority.com/huawei-price-hikes-3676860/
#Tech #Technology #TechNews #AI #Gadgets #Software #Cybersecurity #Apple #Google #Microsoft #Startup #OpenSource #AndroidAuthority [Android Authority]
Amazon’s data centers used 2.5 billion gallons of water last year
Just after Seattle enacted a one-year data center moratorium that some of Amazon's own employees pushed for, Amazon shared how much water its data centers use, reportedly for the first time. With concerns about water co…
https://www.theverge.com/tech/948534/amazon-data-centers-water-use
#Tech #Technology #TechNews #AI #Gadgets #Software #Cybersecurity #Apple #Google #Microsoft #Startup #OpenSource #TheVerge [The Verge]