Murena /e/ OS 4.0: Android fork facilitates Google services switch

The French company Murena has released the Google-free Android fork /e/ OS 4.0.

https://www.heise.de/en/news/Murena-e-OS-4-0-Android-fork-facilitates-Google-services-switch-11329998.html?wt_mc=sm.red.ho.mastodon.mastodon.md_beitraege.md_beitraege&utm_source=mastodon

#Android #Datenschutz #Fairphone #Google #IT #Linux #Migration #Mobiles #OpenSource #news

Are Facebook and Instagram down? What to know about the Meta outage

Even Messenger and WhatsApp appear to be impacted on Friday morning.

https://www.zdnet.com/article/is-facebook-instagram-messenger-whatsapp-down/

#Tech #Technology #TechNews #AI #Gadgets #Software #Cybersecurity #Apple #Google #Microsoft #Startup #OpenSource #ZDNet [ZDNet]

This single router antenna adjustment improved my internet speed more than I expected

Getting the best Wi-Fi performance requires strategic antenna positioning, proper router placement, and a bit of trial and error. Here's my advice.

https://www.zdnet.com/article/adjusting-router-antenna-fix-wi-fi-problems/

#Tech #Technology #TechNews #AI #Gadgets #Software #Cybersecurity #Apple #Google #Microsoft #Startup #OpenSource #ZDNet [ZDNet]

I've received some questions about my algorithm experiments. First off, I'm building this mainly for myself, since I often don't have time to scroll through posts chronologically and just want the best and most important bits from my social media. It's opt-in and currently only an experiment in my fork.

How the "For you" ranked feed on mementomori.social actually works:

First, the ground rules. Again, "For you" is opt-in on our instance. If you never touch the toggle, your home feed stays exactly as it is: chronological, complete, and untouched. Nothing below applies to you. We never turn it on without your consent, and every setting is stored and controlled by you.

Where the posts come from. The feed ranks the newest ~800 posts and boosts from people you follow. If you also enable "Include posts from people you don't follow," trending posts on the instance get mixed in, roughly one in every four slots, and your scrolling can continue through the trending pool once your own feed runs out.

How a post is scored. Every post receives one score made of four parts multiplied together:

1. Engagement: boosts count 3x, replies 2x, favourites 1x.

For posts from other instances, we use counts from their home instance so federation doesn't undercount them.

2. Your affinity to the author: how often you've favourited, boosted, or replied to that person in the last 30 days.

It's logarithmic, the 5th interaction matters much more than the 50th, so no one can dominate your feed just because you liked them a lot once.

3. Time decay: a post loses half its score every 6 hours. Old posts fade no matter how popular they are.

4. A touch of randomness (±10%) so the order isn't fixed.

Freshness. Every post shown to you goes to the back of the line for 2 days. That's why refreshing gives you new posts instead of showing the same viral hit again and again, and why "Load more" always digs deeper instead of repeating.

Housekeeping rules: boosts show the original post. Your own posts and boosts never appear. Private mentions never appear. Brand-new posts wait 15 minutes before entering so they have a bit of time to gather reactions first.

What it does NOT do: There's no tracking beyond one thing: a list of post IDs already shown to you, which auto-deletes after 2 days. No reading your posts, no content analysis, no machine learning, and no profile built about you.

The weights above are the entire model, and your instance admin can adjust every number. Hopefully, if this project matures, you'll be able to adjust every weight yourself.

Code for the curious:
https://github.com/mementomori-social/mastodon/pull/4

#OpenSource #FYP #MementoMoriSocial #Algorithm

Siri is good now??

You'd be forgiven for thinking this day would never come. Siri has spent a decade and half somewhere between "sort of useful at a few things" and "utterly disastrous, why did I even try, can it honestly not even set a t…

https://www.theverge.com/podcast/949079/siri-ai-good-vergecast

#Tech #Technology #TechNews #AI #Gadgets #Software #Cybersecurity #Apple #Google #Microsoft #Startup #OpenSource #TheVerge [The Verge]

Anyone use VSCode? I built an extension that served a purpose for me and decided to share it!

#vscode #emoji #OpenSource

Everyone says they want to share wearable data with doctors — but almost nobody is doing it

We're all tracking our health data and keeping it completely to ourselves.

https://www.androidauthority.com/wearable-data-not-shared-with-doctors-3677183/

#Tech #Technology #TechNews #AI #Gadgets #Software #Cybersecurity #Apple #Google #Microsoft #Startup #OpenSource #AndroidAuthority [Android Authority]

Proxmox Mail Gateway 9.1 erleichtert Kampf gegen Spam und verschlüsselt Backups

Das neue Proxmox Mail Gateway will mehr Komfort beim Mail-Handling bieten und die Möglichkeit, ihre Backups zu verschlüsseln.

https://www.heise.de/news/Proxmox-Mail-Gateway-9-1-erleichtert-Kampf-gegen-Spam-und-verschluesselt-Backups-11330653.html?wt_mc=sm.red.ho.mastodon.mastodon.md_beitraege.md_beitraege&utm_source=mastodon

#Datenschutz #EMail #IT #Linux #OpenSource #PostgreSQL #Spam #Verschlüsselung #news

I held the Trump phone

Where's the Trump phone? We're going to keep talking about it every week. We've reached out, as usual, to ask about the Trump phone's whereabouts. We don't have the phones we preordered yet, but this week included an un…

https://www.theverge.com/tech/948464/trump-phone-t1-hands-on

#Tech #Technology #TechNews #AI #Gadgets #Software #Cybersecurity #Apple #Google #Microsoft #Startup #OpenSource #TheVerge [The Verge]

https://www.ebay.de/itm/117245434230

#ebay #ubuntu_phone #ubuntu #tab #ubuntu_mobile #linux #lenovotab @ubports@mastodon.social

RT @Kimi_Moonshot: 🌘 Kimi-K2.7-Code, unser neuestes Coding-Modell, ist jetzt veröffentlicht und quelloffen verfügbar!

mehr auf Arint.info

#AIRelease #CodeModel #DeveloperTools #KimiAI #MachineLearning #OpenSource #arint_info

https://x.com/Kimi_Moonshot/status/2065377579130142937#m

FediSuite - Fediverse Management Platform

Open-source platform for social media management and analytics

If you manage several Fediverse accounts, you're constantly juggling browser tabs, losing track of which input field belongs to which platform, and at some point you no longer know what you've already posted. #FediSuite brings everything together in one place.

Connect accounts from 19(+) #Fediverse platforms: #Mastodon, #Pixelfed, #Misskey, #Friendica, #PeerTube, #Loops, #Wordpress, #Vernissage and more. The app detects your instance type automatically, loads the correct character limit and media rules straight from your instance, and sets up the composer accordingly. No manual configuration needed.

The analytics go way beyond plain follower counts: daily engagement charts, follower growth, your best posting times as a heatmap, hashtag performance, and a tips engine that evaluates your actual data and gives you concrete suggestions based on your own numbers.

Schedule posts down to the minute in your own time zone. Background workers handle publishing reliably, with resume handling for rate limits and atomic delivery.

FediSuite is free and #OpenSource under the GPL-3.0. Anyone can host their own FediSuite #instance and get it added to the official list automatically.

If you find a bug, especially in the #SelfHosting setup, feel free to report it. The project is being actively developed, and real-world bug reports are among the most valuable contributions right now. The CONTRIBUTING.md explains how it works.

The project lives on donations. Donations guarantee and make it possible for FediSuite to keep going and keep being developed. To support FediSuite, click the yellow button on the website.

More info: https://www.fedisuite.com

Summer Upgrade Week

The sun is out, the sky is clear. It’s time to get outside and disconnect — from work, at least. This summer, we’re looking at all the ways to upgrade our free time indoors and out, from smart lights for the backyard to…

https://www.theverge.com/tech/942658/summer-upgrade-week-2026

#Tech #Technology #TechNews #AI #Gadgets #Software #Cybersecurity #Apple #Google #Microsoft #Startup #OpenSource #TheVerge [The Verge]

@AutisticInnovator I'm sorry to hear about all the difficulties! I hope you succeed despite all those nasty people.

I've had a lot of bots on my websites, and I set up Anubis on most of them. Anubis was a pain to configure (took a lot of tinkering to understand how it all worked)! But I'm grateful that is was #OpenSource

Attack wave on Arch Linux: hundreds of package descriptions with malware in AUR

Arch Linux defends itself against a wave of attacks that have massively contaminated package descriptions in the unofficial Arch User Repository with malware.

https://www.heise.de/en/news/Attack-wave-on-Arch-Linux-hundreds-of-package-descriptions-with-malware-in-AUR-11330290.html?wt_mc=sm.red.ho.mastodon.mastodon.md_beitraege.md_beitraege&utm_source=mastodon

#ArchLinux #IT #Linux #Malware #OpenSource #Security #news

Security Advisory: CVE-2025-52290 - NULL Pointer Dereference in FFmpeg H.264 Reorder Frame Handling

Processing a crafted media file with `ffmpeg` can trigger a segmentation fault in `avpriv_h264_has_num_reorder_frames()`, causing a denial of service.

Summary:
FFmpeg can crash while demuxing a malformed MPEG/MP4 input that causes H.264 data to be handled through a mismatched AAC `AVCodecContext`. In the observed crash path, the demuxing code reaches `has_decode_delay_been_guessed()` and calls `avpriv_h264_has_num_reorder_frames()` with an invalid or uninitialized H.264 parameter-set state. The function then dereferences `ps.sps` without sufficient validation and triggers a `SEGV` read in `libavcodec/h264dec.c:64`.

The issue is reproducible with the provided PoC media file and was observed in both a standard build and an AddressSanitizer build.

CWE:
CWE-476 - NULL Pointer Dereference

Affected Component:
```
libavcodec/h264dec.c:64
Function: avpriv_h264_has_num_reorder_frames()

libavformat/demux.c:757
Function: has_decode_delay_been_guessed()
```

Affected Product:
FFmpeg / ffmpeg command-line media processing tool.

Affected Version:
The issue was reproduced on FFmpeg version `N-119856-gbe46370941` and commit:
```
be46370941405fb04402d96373a53e2a1846f3ac
```
The local environment notes also reference a tested FFmpeg commit:
```
52441bd4cd0e85bf007473bd2eada2b2083aacf5
```

Attack Conditions:
An attacker supplies a specially crafted media file to a workflow that invokes FFmpeg on attacker-controlled input. This can be a local batch/transcoding workflow, or a network-facing media-processing service that accepts uploads and processes them with FFmpeg.

The crash can be reproduced with:

```
./ffmpeg -i ./1_poc.mp4 -f null
```

No elevated privileges are required. User interaction depends on the deployment model: interactive use requires a user to process the malicious file, while automated upload/transcoding services may trigger the crash without direct user interaction.

Impact:
The observed impact is denial of service due to abnormal process termination. AddressSanitizer reports a `SEGV` caused by a read memory access in:

```
avpriv_h264_has_num_reorder_frames libavcodec/h264dec.c:64:17
```

The prepared materials at the CVE request also note the potential impact on code execution, however, I have not demonstrated any control flow hacking or an exploit to execute working code.

References

- Issue/(+ primary email-report): https://github.com/sigdevel/pocs/blob/main/res/FFmpeg/ffmpeg/1/1_libavcodec_h264dec.c.64_17.md
- PoC: https://github.com/sigdevel/pocs/blob/main/res/FFmpeg/ffmpeg/1/1_poc.mp4

Credits
Alexander A. Shvedov (@sigdevel)

#fuzzing #infosec #security #aflplusplus #revers #cybersecurity #bugbounty #vulnerability #opensource #linux #cve #advisory #media #ffmpeg

Security Advisory: CVE-2025-55648 - Heap Buffer Overflow in GPAC MP4Box Opus Packet Parser

Processing a crafted MP4 file containing corrupted Opus sample-size data with `MP4Box` can trigger a heap buffer overflow in `gf_opus_parse_packet_header()`, causing a crash and potential memory corruption impact.

Summary:
The `gf_opus_parse_packet_header()` function in `media_tools/av_parsers.c` does not sufficiently validate the input buffer length before parsing Opus packet headers. When MP4Box processes a crafted MP4 file with corrupted sample-size (`stsz`) data, the parser reads beyond the bounds of a heap-allocated sample buffer.
AddressSanitizer reports a `heap-buffer-overflow` at `media_tools/av_parsers.c:11297`, with a `READ of size 1` 1242 bytes past a 32-byte heap region allocated by `Media_GetSample()`.

CWE:
CWE-122 - Heap-based Buffer Overflow

Affected Component:
```
media_tools/av_parsers.c:11297
Function: gf_opus_parse_packet_header()
```

Affected Product:
MP4Box (GPAC Multimedia Open Source Project)

Affected Version:
MP4Box versions 2.4 and earlier are affected according to the prepared CVE/MITRE data. The issue was reproduced on a GPAC build at commit:
```
61bbfd2e89553373ba3449b8ec05b5f098d732a5
```

Attack Conditions:
An attacker supplies a crafted MP4 file containing corrupted Opus sample-size (`stsz`) data. The issue can be reproduced locally with:
```
./MP4Box 12_poc.mp4 -dxml
```
No elevated privileges are required. The CVE text describes the attack as network/context-dependent because attacker-controlled media may be processed by MP4Box in automated workflows; manual processing also triggers the issue.

Impact:
The immediate observed impact is Denial of Service due to process termination. Because the bug reads beyond a heap allocation, information disclosure may be possible. The local MITRE data also notes potential arbitrary code execution risk, though the observed ASAN trace is an out-of-bounds read.

Fix / mitigation status:
The local CVE/MITRE data references GPAC fix commit:
```
cea49f684dbc4d53ecd6c76a9623838802a68d88
```

Users should update to a GPAC build containing this commit or later. The affected Opus parser should validate sample buffer length and `stsz`-derived packet sizes before reading packet header fields.

References:
- Issue: https://github.com/gpac/gpac/issues/3190
- PoC: https://github.com/sigdevel/pocs/blob/main/res/gpac/MP4Box/12/12_poc.mp4
- Fix: https://github.com/gpac/gpac/commit/cea49f684dbc4d53ecd6c76a9623838802a68d88

Credit:
@sigdevel (Alexander A. Shvedov)

#fuzzing #infosec #security #aflplusplus #revers #cybersecurity #bugbounty #vulnerability #opensource #linux #cve #advisory #media #gpac

Security Advisory: CVE-2025-55642 - Divide by Zero in GPAC MP4Box AVI Demuxer

Processing a crafted AVI-like media file with `MP4Box` can trigger a division by zero in `avidmx_process()`, causing a floating-point exception and Denial of Service.

Summary:
The `avidmx_process()` function in `filters/dmx_avi.c` does not sufficiently validate frame-count metadata before using it as a divisor during bitrate computation. When MP4Box processes a specially crafted input with invalid AVI frame metadata, such as a `0/256` frame declaration, the DASH processing path attempts to compute bitrate from the bitstream and divides by zero.
AddressSanitizer reports an `FPE` at `filters/dmx_avi.c:639`.

CWE:
CWE-369 - Divide by Zero

Affected Component:
```
filters/dmx_avi.c:639
Function: avidmx_process()
```

Affected Product:
MP4Box (GPAC Multimedia Open Source Project)

Affected Version:
GPAC MP4Box v2.4 is affected according to the CVE request data. The issue was reproduced on a GPAC build at commit:
```
f87b30611380e4dcd03cd4dd9ac553c0ec336826
```

Builds before the fix commit `cea49f684dbc4d53ecd6c76a9623838802a68d88` should be considered affected if they contain the vulnerable AVI demuxer bitrate computation path.

Attack Conditions:
An attacker supplies a crafted AVI-like media file with invalid frame metadata. The issue is triggered while processing the file through MP4Box DASH segmentation, for example with a `-dash` command using `14_poc.mp4`.
No elevated privileges are required. User interaction is required when the victim manually processes the malicious media file, or an automated workflow invokes MP4Box on attacker-controlled input.

Impact:
The immediate observed impact is Denial of Service due to an uncaught floating-point exception and process termination. No evidence of arbitrary code execution was observed.

Fix / mitigation status:
The issue was fixed in GPAC commit:
```
cea49f684dbc4d53ecd6c76a9623838802a68d88
```
Users should update to a GPAC build containing this commit or later. The affected code should validate `num_frames` and related AVI metadata before using frame counts in bitrate calculations.

References:
- Issue: https://github.com/gpac/gpac/issues/3196
- PoC: https://github.com/sigdevel/pocs/blob/main/res/gpac/MP4Box/14/14_poc.mp4
- Fix: https://github.com/gpac/gpac/commit/cea49f684dbc4d53ecd6c76a9623838802a68d88

Credit:
@sigdevel (Alexander A. Shvedov)

#fuzzing #infosec #security #aflplusplus #revers #cybersecurity #bugbounty #vulnerability #opensource #linux #cve #advisory #media #gpac

Security Advisory: CVE-2025-55644 - Use-After-Free in GPAC MP4Box

Processing a crafted MP4 file with invalid BIFS GlobalQuantizer commands causes gf_node_get_tag() to access a freed 192-byte QuantizationParameter node at scenegraph/base_scenegraph.c:1263, resulting in a heap use-after-free and crash.

Summary:
During MPEG-4 BIFS scene decoding, BM_ParseGlobalQuantizer() in bifs/memory_decoder.c first calls gf_node_unregister() at line 176 to release a QuantizationParameter node, freeing the 192-byte heap region. Without clearing the stale pointer, the function then calls gf_node_get_tag() on the same address at line 181, performing a READ of 8 bytes at offset 0 into the freed region. A crafted MP4 containing invalid GlobalQuantizer BIFS commands, corrupted ODF descriptors, and malformed box types (PEC1808, fre) reliably triggers this free-then-use sequence through the -svg dump path.

CWE:
CWE-416 - Use After Free

Affected Component:
```
scenegraph/base_scenegraph.c:1263
```

Affected Product:
MP4Box (GPAC Multimedia Open Source Project)

Affected Version:
MP4Box 2.4 and earlier; tested at commit f5b7cdc63a7f3269040778c5431a8f6c310bc9f3

Attack Conditions:
An attacker supplies a locally accessible crafted MP4 file embedding invalid BIFS scene data. The victim runs MP4Box -svg on the file to trigger BIFS scene parsing. No elevated privileges are required.

Impact:
The use-after-free causes a fatal crash (Denial of Service). Use-after-free vulnerabilities can allow attackers to control freed heap memory contents and potentially redirect execution flow; code execution cannot be excluded.

Fix / mitigation status:
The issue was fixed in GPAC commit:
```
63eccc33d4a2b731ebb31581ff5673a2c0b13ad4
```
Users should update to a GPAC build containing this commit or later.

References:
- Issue: https://github.com/gpac/gpac/issues/3246
- PoC: https://github.com/sigdevel/pocs/blob/main/res/gpac/MP4Box/20/20_poc.mp4
- Fix: https://github.com/gpac/gpac/commit/63eccc33d4a2b731ebb31581ff5673a2c0b13ad4

Credit:
@sigdevel (Alexander A. Shvedov)

#fuzzing #infosec #security #afl #revers #cybersecurity #bugbounty #vulnerability #opensource #linux #cve #advisory #media #gpac

Security Advisory: CVE-2025-55652 - Heap Buffer Overflow in GPAC MP4Box VP Configuration Handling

Processing a crafted MP4 file with malformed VP codec configuration data can trigger a heap buffer overflow in `gf_isom_vp_config_new()`, causing a crash and potential memory corruption.

Summary:
The `gf_isom_vp_config_new()` function in `isomedia/avc_ext.c` does not sufficiently validate buffer boundaries when creating VP codec configuration boxes. A crafted MP4 file with malformed VP codec data, including unknown box types such as `D0ncv` in `stsd`, can cause MP4Box to allocate an undersized box structure and then write VP/NALU configuration data beyond the allocation.

CWE:
CWE-122 - Heap-based Buffer Overflow

Affected Component:
```
isomedia/avc_ext.c:1962
Function: gf_isom_vp_config_new()
```

Affected Product:
MP4Box (GPAC Multimedia Open Source Project)

Affected Version:
MP4Box versions 2.4 and earlier are affected according to the prepared CVE/MITRE data. The issue was reproduced on a GPAC build at commit:
```
74fecde32cd477ab097f3e6db55a32b259f3313d
```
Builds before the fix commit `ad3b541b4f38c8f0ef67544509598f8207ea1207` should be considered affected if they contain the vulnerable VP configuration allocation/write path.

Attack Conditions:
An attacker supplies a crafted MP4 file containing malformed VP codec configuration data. The issue can be reproduced locally with:
```
./MP4Box -dash 10000 ./18_poc.mp4
```
No elevated privileges are required. User interaction is required when the victim manually processes the malicious MP4 file, or an automated media workflow invokes MP4Box on attacker-controlled input.

Impact:
The immediate observed impact is Denial of Service due to process termination. Because the vulnerability is an out-of-bounds heap write, memory corruption and potential arbitrary code execution cannot be ruled out.

Fix / mitigation status:
The issue was fixed in GPAC commit:
```
ad3b541b4f38c8f0ef67544509598f8207ea1207
```

References:
- CVE: https://www.cve.org/CVERecord?id=CVE-2025-55652
- Issue: https://github.com/gpac/gpac/issues/3242
- PoC: https://github.com/sigdevel/pocs/blob/main/res/gpac/MP4Box/18/18_poc.mp4
- Fix: https://github.com/gpac/gpac/commit/ad3b541b4f38c8f0ef67544509598f8207ea1207

Credit:
@sigdevel (Alexander A. Shvedov)

#fuzzing #infosec #security #afl #revers #cybersecurity #bugbounty #vulnerability #opensource #linux #cve #advisory #media #gpac

Security Advisory: CVE-2025-55643 - NULL Pointer Dereference in GPAC MP4Box TrackWriter Handling

Processing a crafted MP4 file during DASH segmentation can trigger a NULL pointer dereference in MP4Box TrackWriter handling, causing a Denial of Service.

Summary:
The DASH fragmentation path in `filters/mux_isom.c` does not sufficiently validate a `TrackWriter` pointer before accessing its members. A crafted MP4 file with malformed metadata boxes can cause the PID-to-track setup to fail, leaving the `TrackWriter` pointer NULL. The muxer then performs member access through the NULL pointer.

CWE:
CWE-476 - NULL Pointer Dereference

Affected Component:
```
filters/mux_isom.c:6621
Function/path: TrackWriter handling during fragmented MP4 muxing
```

Affected Product:
MP4Box (GPAC Multimedia Open Source Project)

Affected Version:
MP4Box versions 2.4 and earlier are affected according to the prepared CVE data. The issue was reproduced on a GPAC build at commit:
```
74fecde32cd477ab097f3e6db55a32b259f3313d
```
Builds before the fix commit `ad3b541b4f38c8f0ef67544509598f8207ea1207` should be considered affected if they contain the vulnerable TrackWriter handling path.

Attack Conditions:
An attacker supplies a crafted MP4 file containing malformed metadata boxes, including malformed `mvcC` / `stsz` data. The issue can be reproduced locally with:
```
./MP4Box -dash 10000 ./17_poc.mp4
```
No elevated privileges are required. User interaction is required when the victim manually processes the malicious MP4 file, or an automated media workflow invokes MP4Box on attacker-controlled input.

Impact:
The immediate observed impact is Denial of Service due to process termination. No evidence of arbitrary code execution was observed.

Fix / mitigation status:
The issue was fixed in GPAC commit:
```
ad3b541b4f38c8f0ef67544509598f8207ea1207
```
Users should update to a GPAC build containing this commit or later. The affected muxing path should validate `TrackWriter` before member access and fail cleanly when track initialization fails.

References:
- Issue: https://github.com/gpac/gpac/issues/3240
- PoC: https://github.com/sigdevel/pocs/blob/main/res/gpac/MP4Box/17/17_poc.mp4
- Fix: https://github.com/gpac/gpac/commit/ad3b541b4f38c8f0ef67544509598f8207ea1207

Credit
@sigdevel (Alexander A. Shvedov)

#fuzzing #infosec #security #afl #revers #cybersecurity #bugbounty #vulnerability #opensource #linux #cve #advisory #media #gpac

Angriffswelle auf Arch Linux: Hunderte Paketbeschreibungen mit Malware im AUR

Arch Linux wehrt sich gegen eine Angriffswelle, die massenweise Paketbeschreibungen im inoffiziellen Arch User Repository mit Malware verseucht hat.

https://www.heise.de/news/Angriffswelle-auf-Arch-Linux-Hunderte-Paketbeschreibungen-mit-Malware-im-AUR-11330029.html?wt_mc=sm.red.ho.mastodon.mastodon.md_beitraege.md_beitraege&utm_source=mastodon

#ArchLinux #IT #Linux #Malware #OpenSource #Security #news

Security Advisory: CVE-2025-55641 - NULL Pointer Dereference in GPAC MP4Box Sample Info Copy

Processing a crafted MP4 file with corrupted Sample Auxiliary Information metadata can trigger a NULL pointer dereference in `gf_isom_copy_sample_info()`, causing a Denial of Service and potential memory corruption impact.

Summary:
The `gf_isom_copy_sample_info()` function in `isomedia/isom_write.c` does not sufficiently validate pointers after handling invalid Sample Auxiliary Information (SAI) metadata. A crafted MP4 file can provide corrupted SAI values, such as an invalid `sai_samples` count, causing memory allocation or merge handling to fail. The import path later attempts to copy sample information from a NULL pointer.

AddressSanitizer reports a `SEGV` caused by a `READ` memory access at address `0x000000000000`, with the crash occurring at `isomedia/isom_write.c:8164`.

CWE:
CWE-476 - NULL Pointer Dereference

Affected Component:
```
isomedia/isom_write.c:8164
Function: gf_isom_copy_sample_info()
```

Affected Product:
MP4Box (GPAC Multimedia Open Source Project)

Affected Version:
MP4Box versions 2.4 and earlier are affected according to the prepared CVE/MITRE data. The issue was reproduced on a GPAC build at commit:
```
f87b30611380e4dcd03cd4dd9ac553c0ec336826
```

Attack Conditions:
An attacker supplies a crafted MP4 file containing corrupted SAI metadata. The issue can be reproduced locally with:
```
./MP4Box -add 13_poc.mp4 -new /dev/null -split-size 500
```
No elevated privileges are required. User interaction is required when the victim manually processes the malicious MP4 file, or an automated media workflow invokes MP4Box on attacker-controlled input.

Impact:
The immediate observed impact is Denial of Service due to process termination. The local CVE/MITRE data also marks potential code execution impact; the observed ASAN trace is a NULL pointer read.

Fix / mitigation status:
The issue was fixed in GPAC commit:
```
e38d24b7e3cbdc24e70f0437bf390ac3f2080b52
```
Users should update to a GPAC build containing this commit or later. The affected code should validate SAI metadata, allocation results, and sample-info pointers before copying sample information.

References:
- CVE: https://www.cve.org/CVERecord?id=CVE-2025-55641
- Issue: https://github.com/gpac/gpac/issues/3195
- PoC: https://github.com/sigdevel/pocs/blob/main/res/gpac/MP4Box/13/13_poc.mp4
- Fix: https://github.com/gpac/gpac/commit/e38d24b7e3cbdc24e70f0437bf390ac3f2080b52

Credit:
@sigdevel (Alexander A. Shvedov)

#fuzzing #infosec #security #afl #revers #cybersecurity #bugbounty #vulnerability #opensource #linux #cve #advisory #media #gpac

Security Advisory: CVE-2025-55649 - NULL Pointer Dereference in GPAC MP4Box ESD Mapping

Processing a crafted MP4 file with corrupted Elementary Stream Descriptor data can trigger a NULL pointer dereference in `gf_media_map_esd()`, causing a Denial of Service.

Summary:
The `gf_media_map_esd()` function in `media_tools/isom_tools.c` does not verify that `esd->URLString` is non-NULL before passing it to `strlen()`. When MP4Box processes a crafted MP4 file containing corrupted ESD data during fragmentation setup, `URLString` can be NULL and the process crashes while reading from address `0x000000000000`.

AddressSanitizer reports a `SEGV` in `strlen()`, with the GPAC call site at `media_tools/isom_tools.c:1359`.

CWE:
CWE-476 - NULL Pointer Dereference

Affected Component:
```
media_tools/isom_tools.c:1359
Function: gf_media_map_esd()
```

Affected Product:
MP4Box (GPAC Multimedia Open Source Project)

Affected Version:
MP4Box versions 2.4 and earlier are affected according to the prepared CVE/MITRE data. The issue was reproduced on a GPAC build at commit:
```
09e7063ed0a13b4cee9a180a56dcc21e9f9ade07
```

Attack Conditions:
An attacker supplies a crafted MP4 file containing corrupted ESD data. The issue can be reproduced locally with:
```
./MP4Box -frag 1500 11_poc.mp4
```
No elevated privileges are required. User interaction is required when the victim manually processes the malicious MP4 file, or an automated workflow invokes MP4Box on attacker-controlled media.

Impact:
The immediate observed impact is Denial of Service due to process termination. The crash is a NULL pointer dereference on the zero page; no evidence of arbitrary code execution was observed.

Fix / mitigation status:
The local CVE/MITRE data references GPAC fix commit:
```
10c16d54659b1b82dd49573dfeacfa9a5627a115
```
Users should update to a GPAC build containing this commit or later. The affected code should validate `esd`, `esd->URLString`, and related ESD fields before string operations.

References:
- Issue: https://github.com/gpac/gpac/issues/3183
- PoC: https://github.com/sigdevel/pocs/blob/main/res/gpac/MP4Box/11/11_poc.mp4
- Fix: https://github.com/gpac/gpac/commit/10c16d54659b1b82dd49573dfeacfa9a5627a115

Credit:
@sigdevel (Alexander A. Shvedov)

#fuzzing #infosec #security #afl #revers #cybersecurity #bugbounty #vulnerability #opensource #linux #cve #advisory #media #gpac

You can now beat ChatGPT Codex rate limits, if you have friends

OpenAI launches a new (temporary) referral system that rewards you and a friend with bankable rate limit resets.

https://www.androidauthority.com/openai-chatgpt-codex-rate-limit-resets-referral-program-3677035/

#Tech #Technology #TechNews #AI #Gadgets #Software #Cybersecurity #Apple #Google #Microsoft #Startup #OpenSource #AndroidAuthority [Android Authority]

Homebrew 6.0 sichert Paketquellen ab

Homebrew 6.0 ist da: Externe Paketquellen müssen sich künftig als vertrauenswürdig erweisen. Dazu gibt es eine Linux-Sandbox und eine schnellere Standard-API.

https://www.heise.de/news/Homebrew-6-0-sichert-Paketquellen-ab-11329886.html?wt_mc=sm.red.ho.mastodon.mastodon.md_beitraege.md_beitraege&utm_source=mastodon

#IT #Linux #macOS #OpenSource #Security #Softwareentwicklung #news

Murena /e/ OS 4.0: Android-Fork soll Umstieg von Google-Diensten erleichtern

Das französische Unternehmen Murena hat den Google-freien Android-Fork /e/ OS 4.0 veröffentlicht.

https://www.heise.de/news/Murena-e-OS-4-0-Android-Fork-soll-Umstieg-von-Google-Diensten-erleichtern-11329806.html?wt_mc=sm.red.ho.mastodon.mastodon.md_beitraege.md_beitraege&utm_source=mastodon

#Android #Datenschutz #Fairphone #Google #IT #Linux #Migration #Mobiles #OpenSource #news

Spotify’s hated disco ball icon is finally gone for good

Spotify's latest iOS update quietly ended a month of disco-themed misery.

https://www.androidauthority.com/spotify-disco-ball-icon-gone-3677022/

#Tech #Technology #TechNews #AI #Gadgets #Software #Cybersecurity #Apple #Google #Microsoft #Startup #OpenSource #AndroidAuthority [Android Authority]

Aus dem Linux-Magazin 07/2026 (geschrieben von @veit und mir):

Wie LLM-Agenten Open-Source-Projekte gefährden

https://www.linux-magazin.de/ausgaben/2026/07/gefahr-durch-llms/

#Linux #LLM #opensource

AAPL Stock Slides Following WWDC, But Analysts Broadly Raise Targets

Apple shares have lost roughly $25 per share this week following the company's WWDC 2026 keynote, though a wave of upward analyst price target revisions suggests Wall Street's longer-term view of Apple remains construct…

https://www.macrumors.com/2026/06/11/aapl-stock-slides-following-wwdc/

#Tech #Technology #TechNews #AI #Gadgets #Software #Cybersecurity #Apple #Google #Microsoft #Startup #OpenSource #MacRumors [MacRumors]

Apple Agrees to Let Jon Prosser Formally Contest iOS 26 Leak Lawsuit

Apple and leaker Jon Prosser have jointly asked a federal court to set aside the default judgment entered against him last October, with Prosser agreeing to hand over documents he had thus far failed to fully produce. A…

https://www.macrumors.com/2026/06/11/apple-agrees-to-let-jon-prosser-contest-lawsuit/

#Tech #Technology #TechNews #AI #Gadgets #Software #Cybersecurity #Apple #Google #Microsoft #Startup #OpenSource #MacRumors [MacRumors]

Siri won’t be your AI girlfriend

‘Listen, that's not what I'm here for, right?' | Image: Apple Our early testing has already shown that Siri AI knows when to shut up, and that's very much by design. In an interview with Mostly Human, Craig Federighi sa…

https://www.theverge.com/tech/948890/siri-wont-be-your-ai-girlfriend

#Tech #Technology #TechNews #AI #Gadgets #Software #Cybersecurity #Apple #Google #Microsoft #Startup #OpenSource #TheVerge [The Verge]

Telegram’s Wear OS app makes a comeback, now with full chats, voice notes, and more

Telegram finally fits on your wrist properly.

https://www.androidauthority.com/telegram-wear-os-return-3677006/

#Tech #Technology #TechNews #AI #Gadgets #Software #Cybersecurity #Apple #Google #Microsoft #Startup #OpenSource #AndroidAuthority [Android Authority]

Touchscreen MacBook '100% Confirmed,' Says Reputable Leaker

Apple's first touchscreen MacBook is now "100% confirmed," according to the prolific Chinese leaker known as Instant Digital, who appears to have insider information from sources in the supply chain. The leaker made the…

https://www.macrumors.com/2026/06/11/touchscreen-macbook-confirmed-leaker/

#Tech #Technology #TechNews #AI #Gadgets #Software #Cybersecurity #Apple #Google #Microsoft #Startup #OpenSource #MacRumors [MacRumors]

The End of uBlock Origin in Chrome: What's Really Changing and What to Do About It

In early June 2026, it was confirmed that Chrome was also losing its last technical capabilities that had kept…

https://vsx.global/the-end-of-ublock-origin-in-chrome-whats-actually-changing-and-what-to-do-about-it/

#infosec #privacy #opensource #digitalsovereignty

Asahi Linux warns against upgrading to macOS 27 “Golden Gate”

Users of Asahi Linux should not update to the beta version of macOS 27 “Golden Gate,” the project currently warns.

https://www.heise.de/en/news/Asahi-Linux-warns-against-upgrading-to-macOS-27-Golden-Gate-11329685.html?wt_mc=sm.red.ho.mastodon.mastodon.md_beitraege.md_beitraege&utm_source=mastodon

#IT #Linux #OpenSource #LinuxDistribution #macOS #news

Asahi Linux warnt vor Upgrade auf macOS 27 „Golden Gate“

Nutzer von Asahi Linux sollen nicht auf die Beta-Version macOS 27 „Golden Gate“ aktualisieren, warnt das Projekt aktuell.

https://www.heise.de/news/Asahi-Linux-warnt-vor-Upgrade-auf-macOS-27-Golden-Gate-11329636.html?wt_mc=sm.red.ho.mastodon.mastodon.md_beitraege.md_beitraege&utm_source=mastodon

#IT #Linux #OpenSource #LinuxDistribution #macOS #news

The Galaxy Z Fold 7 is finally getting the S26’s Galaxy AI features

Samsung's foldable phones are now getting S26-exclusive Galaxy AI features.

https://www.androidauthority.com/galaxy-z-fold-7-one-ui-update-ai-features-3676999/

#Tech #Technology #TechNews #AI #Gadgets #Software #Cybersecurity #Apple #Google #Microsoft #Startup #OpenSource #AndroidAuthority [Android Authority]

WWDC 2026 Keynote Marked a Major Departure From Previous Years

Apple's WWDC 2026 keynote broke from a longstanding format tradition, abandoning the platform-by-platform structure that has defined the annual developer conference for years in favor of a theme-driven presentation. Pre…

https://www.macrumors.com/2026/06/11/wwdc-2026-keynote-major-departure/

#Tech #Technology #TechNews #AI #Gadgets #Software #Cybersecurity #Apple #Google #Microsoft #Startup #OpenSource #MacRumors [MacRumors]

Apple Maps to Get These 10 New Features in iOS 27

Apple Maps is getting a range of new features in iOS 27, headlined by an upgraded Flyover experience that uses AI to improve the realism and detail of its aerial imagery. Flyover is a longstanding feature of ‌Apple Maps…

https://www.macrumors.com/2026/06/11/apple-maps-to-get-these-10-new-features-in-ios-27/

#Tech #Technology #TechNews #AI #Gadgets #Software #Cybersecurity #Apple #Google #Microsoft #Startup #OpenSource #MacRumors [MacRumors]

OpenAI bans China-linked ChatGPT accounts that amplified US data center electricity price backlash — used AI-generated cartoons to st…

OpenAI says it has banned two clusters of ChatGPT accounts it believes are operating from China, and that used its models for covert influence campaigns targeting U.S. tech and policy debates.

https://www.tomshardware.com/tech-industry/artificial-intelligence/openai-bans-china-linked-chatgpt-accounts-that-amplified-us-data-center-electricity-price-backlash

#Tech #Technology #TechNews #AI #Gadgets #Software #Cybersecurity #Apple #Google #Microsoft #Startup #OpenSource #TomsHardware [Tom's Hardware]

@delta Thanks for making a consistent client experience on all platforms. The #iPadOs client is great, and this despite the #Apple ecosystem being quite an awkward fit to #OpenSource projects.

Memory famine compels GPU vendors to re-release 2020 graphics cards — GeForce RTX 3060 and GeForce RTX 3050 return to Asian market

Graphics card manufacturer Manli adds new GeForce RTX 3060 and GeForce RTX 3050 SKUs to its portfolio.

https://www.tomshardware.com/pc-components/gpus/memory-famine-compels-gpu-vendors-to-re-release-2020-graphics-cards-geforce-rtx-3060-and-geforce-rtx-3050-return-to-asian-market

#Tech #Technology #TechNews #AI #Gadgets #Software #Cybersecurity #Apple #Google #Microsoft #Startup #OpenSource #TomsHardware [Tom's Hardware]

RT @RyanLeeMiniMax: Hallo zusammen — unsere Hochleistungs-MSA-Kernbibliothek ist jetzt Open-Source. Die M3-Gewichte werden voraussichtlich diesen Freitag veröffentlicht. Vielen Dank für eure Geduld! Github: https://github.com/MiniMax-AI/MSA Paper: https://github.com/MiniMax-AI/MSA/blob/main/docs/MiniMaxSparseAttention.pdf

mehr auf Arint.info

#AI #DeepLearning #MachineLearning #MiniMax #MSA #OpenSource #arint_info

https://x.com/RyanLeeMiniMax/status/2065010795625562486#m

After spat with Chinese gov't, Meta cuts AI Manus off from its internal systems and is 'sunsetting' platform, report claims — Beijing-ordered breakup of $2 billion AI deal begins

Meta has finished separating its operations from Manus, the Chinese-founded agentic AI startup it acquired for roughly $2 billion in December.

https://www.tomshardware.com/tech-industry/artificial-intelligence/meta-cuts-manus-off-from-its-internal-systems-as-china-ordered-breakup-of-2-billion-ai-deal-begins

#Tech #Technology #TechNews #AI #Gadgets #Software #Cybersecurity #Apple #Google #Microsoft #Startup #OpenSource #TomsHardware [Tom's Hardware]

Watching the World Cup online is easier with these VPN deals — deals for watching the FIFA World Cup 2026

A choice of VPN subscriptions to cover you over the FIFA World Cup 2026 and beyond. Stay safe online for less.

https://www.tomshardware.com/software/vpn/watching-the-world-cup-online-shouldnt-risk-your-precious-data-or-cost-you-the-earth-save-money-on-these-vpn-deals-now

#Tech #Technology #TechNews #AI #Gadgets #Software #Cybersecurity #Apple #Google #Microsoft #Startup #OpenSource #TomsHardware [Tom's Hardware]

Massive 8TB SD cards are set to ship 'shortly' after a two-year delay — mind-blowing storage at possibly bank-breaking prices

Notebookcheck reports that 8TB SD cards will soon hit the retail market, although an exact launch date and pricing remain a mystery.

https://www.tomshardware.com/pc-components/microsd-cards/8tb-sd-cards-are-set-to-ship-shortly-after-a-two-year-delay-mind-blowing-storage-at-possibly-bank-breaking-prices

#Tech #Technology #TechNews #AI #Gadgets #Software #Cybersecurity #Apple #Google #Microsoft #Startup #OpenSource #TomsHardware [Tom's Hardware]

Louis Rossmann is suing Samsung after firm offers $330 refund for defective SSD while selling the drives on Amazon for $949 — spat over 4TB 990 Pro SSD is headed to court

Right to Repair activist Louis Rossman threatens to sue Samsung after the SSD maker failed to replace his dead 990 Pro 4TB SSD under warranty.

https://www.tomshardware.com/pc-components/ssds/louis-rossman-threatens-to-take-samsung-to-court-over-dead-4tb-990-pro-ssd-after-ssd-maker-failed-to-replace-the-drive-under-warranty

#Tech #Technology #TechNews #AI #Gadgets #Software #Cybersecurity #Apple #Google #Microsoft #Startup #OpenSource #TomsHardware [Tom's Hardware]

Deezer Launches AI Music Detector for Apple Music, Spotify, and More

French music platform Deezer has launched a free online tool that can detect AI-generated tracks in Apple Music playlists, as well as playlists created on other streaming platforms. "No other company has followed our le…

https://www.macrumors.com/2026/06/11/deezer-launches-ai-music-detector/

#Tech #Technology #TechNews #AI #Gadgets #Software #Cybersecurity #Apple #Google #Microsoft #Startup #OpenSource #MacRumors [MacRumors]

10 useful smart home gadgets that make life so much easier (and are affordable)

After testing hundreds of smart home devices, I rounded up the best options to get started with your smart home without breaking the bank.

https://www.zdnet.com/article/smart-home-on-a-budget-2026/

#Tech #Technology #TechNews #AI #Gadgets #Software #Cybersecurity #Apple #Google #Microsoft #Startup #OpenSource #ZDNet [ZDNet]

Episode 1 in a series by Swissinfo.

"Switzerland wants digital sovereignty, but can it really distance itself from Big Tech? Two Swissinfo journalists tried cutting ties with US tech giants. Here’s what happened."

https://www.swissinfo.ch/eng/swiss-ai/can-switzerland-live-without-big-tech-we-put-it-to-the-test/91437762

#digitalsovereignty #bigtech #opensource #switzerland

CVE-2025-55650 - Heap Use-After-Free in GPAC MP4Box SVG Node Handling

Summary
Processing a crafted MP4 file with `MP4Box -svg` can trigger a heap use-after-free in `gf_svg_node_del()`, causing a crash and possible memory corruption.

The `gf_svg_node_del()` function in `scenegraph/svg_types.c` does not ensure that freed SVG node memory is not accessed again during scene graph cleanup. When MP4Box parses a crafted MP4 file through the MPEG-4 LASeR/SVG scene dump path, an SVG node is freed and then dereferenced again.

AddressSanitizer reports a heap-use-after-free at `scenegraph/svg_types.c:107`, with a `READ of size 8` from a 24-byte heap region that was previously freed in `gf_svg_node_del()` at `scenegraph/svg_types.c:126` and allocated by `gf_svg_create_node()` at `scenegraph/svg_types.c:65`.

Affected Component
`scenegraph/svg_types.c:107`

Function: `gf_svg_node_del()`

Affected Product
MP4Box (GPAC Multimedia Open Source Project)

Affected Version
GPAC MP4Box v2.4.

The issue was reproduced on a GPAC build at commit `46be5f928660530d5332cd2f1d177208737558ef`.

Attack Conditions
An attacker supplies a crafted MP4 file that reaches the SVG/LASeR scene parsing path. The issue can be reproduced with:

```
./MP4Box -svg 10_poc.mp4
```

No elevated privileges are required. User interaction is required when a victim manually processes the malicious MP4 file; automated workflows that invoke MP4Box on attacker-controlled media may also trigger the issue.

Impact
The observed impact is denial of service due to process termination. Because the vulnerability is a heap use-after-free, memory corruption and potential arbitrary code execution cannot be ruled out.

CWE
CWE-416 - Use After Free

Fix
The issue was fixed in GPAC commit `6be6f62e2a079ebccf3a9e57c27787fd16e645de`.

Users should update to a GPAC build containing this commit or later. The affected scene graph cleanup code should prevent use of freed SVG nodes and ensure node lifetime and registration state are handled consistently during scene reset and deletion.

References
- Issue: https://github.com/gpac/gpac/issues/3162
- PoC: https://github.com/sigdevel/pocs/blob/main/res/gpac/MP4Box/10/10_poc.mp4
- Fix: https://github.com/gpac/gpac/commit/6be6f62e2a079ebccf3a9e57c27787fd16e645de

Credits
@sigdevel (Alexander A. Shvedov)

#fuzzing #infosec #security #afl #revers #cybersecurity #bugbounty #vulnerability #opensource #linux #cve #advisory #media #gpac

CVE-2025-55661 - Heap Buffer Overflow in GPAC MP4Box Opus Header Parser

Summary:
Processing a crafted MP4 file containing malformed Opus audio packets with MP4Box can trigger a heap buffer overflow in `gf_opus_parse_packet_header()`, causing a crash and possible information disclosure from an out-of-bounds heap read.

The `gf_opus_parse_packet_header()` function in `media_tools/av_parsers.c` does not sufficiently validate the input buffer size before reading Opus packet header fields. When MP4Box parses crafted Opus audio packet data, the parser reads one byte beyond the end of a heap-allocated sample buffer.

AddressSanitizer reports a heap-buffer-overflow at `media_tools/av_parsers.c:11326`, with a `READ of size 1` immediately after a 3-byte heap region allocated by `Media_GetSample()`.

Affected Component:
`media_tools/av_parsers.c:11326`

Function: `gf_opus_parse_packet_header()`

Affected Product:
MP4Box (GPAC Multimedia Open Source Project)

Affected Version:
GPAC MP4Box v2.4
The issue was reproduced on a GPAC build at commit `ff8249a407685d00ceb5f4d2a798b9cad195140e`.

Attack Conditions:
An attacker supplies a crafted MP4 file containing malformed Opus audio packet data, such as an invalid TOC code 3 length. The issue can be reproduced with:
```
./MP4Box 9_poc.mp4 -dxml -out /dev/null
```
No elevated privileges are required. The attack is context-dependent because attacker-controlled media may be processed by MP4Box in automated workflows; manual processing also triggers the issue.

Impact:
The observed impact is denial of service due to process termination. Because the bug reads beyond a heap allocation, adjacent heap memory disclosure may also be possible.

CWE:
CWE-122 - Heap-based Buffer Overflow

Fix:
The issue was fixed in GPAC commit `d523e7190ccdcf2c13a698080f4f30dc933bd34c`.

Users should update to a GPAC build containing this commit or later. The affected Opus parser should validate the sample buffer length before reading TOC and packet header fields.

References:
- Issue: https://github.com/gpac/gpac/issues/3160
- PoC: https://github.com/sigdevel/pocs/blob/main/res/gpac/MP4Box/9/9_poc.mp4
- Fix: https://github.com/gpac/gpac/commit/d523e7190ccdcf2c13a698080f4f30dc933bd34c

Credits:
@sigdevel (Alexander A. Shvedov)

#fuzzing #infosec #security #afl #revers #cybersecurity #bugbounty #vulnerability #opensource #linux #cve #advisory #media #gpac

Security Advisory: CVE-2025-55663 - NULL Pointer Dereference in GPAC MP4Box Track Descriptor Handling

Summary:
Processing a crafted MP4 file containing an unsupported box type with `MP4Box` can trigger a NULL or invalid pointer dereference in `Track_SetStreamDescriptor()`, causing a Denial of Service.

The `Track_SetStreamDescriptor()` function in `isomedia/track.c` mishandles sample entry pointers when importing malformed MP4 files containing an unknown `svcC` box inside an `av01` parent box. The unsupported box path can leave the relevant sample entry pointer uninitialized or invalid, and the import/update path later dereferences it.

AddressSanitizer reports a `SEGV` caused by a `READ` memory access at `isomedia/track.c:1677`.

CWE:
CWE-476 - NULL Pointer Dereference

Affected Component:
```
isomedia/track.c:1677
Function: Track_SetStreamDescriptor()
```

Affected Product:
MP4Box (GPAC Multimedia Open Source Project)

Affected Version:
MP4Box versions 2.4 and earlier are affected according to the prepared CVE/MITRE data. The issue was reproduced on a GPAC build at commit:
```
15a4ac2dff38cdbb8b43e7c84fb1595ee80d81ac
```

Attack Conditions:
An attacker supplies a crafted MP4 file containing an unsupported `svcC` box inside an `av01` parent box. The issue can be reproduced locally with:
```
./MP4Box -add 8_poc.mp4 -new /dev/null -ab 1024
```
No elevated privileges are required. User interaction is required when the victim manually processes the malicious MP4 file, or an automated workflow invokes MP4Box on attacker-controlled media.

Impact:
The immediate observed impact is Denial of Service due to process termination. The local MITRE data notes potential code execution risk; the observed trace shows an invalid read and segmentation fault.

Fix:
The issue was fixed in GPAC commit:
```
78c2c9be29a41b38eca2c53d280442088a71dab9
```

Users should update to a GPAC build containing this commit or later. The affected code should validate sample entry pointers and unsupported box handling before changing stream descriptors or importing media configuration.

References
- Issue: https://github.com/gpac/gpac/issues/3143
- PoC: https://github.com/sigdevel/pocs/blob/main/res/gpac/MP4Box/8/8_poc.mp4
- Fix: https://github.com/gpac/gpac/commit/78c2c9be29a41b38eca2c53d280442088a71dab9

Credits
Alexander A. Shvedov (@sigdevel)

#fuzzing #infosec #security #afl #revers #cybersecurity #bugbounty #vulnerability #opensource #linux #cve #advisory #media #gpac

Security Advisory: CVE-2025-55660 - Stack-based Buffer Overflow in GPAC MP4Box Opus Parser

Summary:
Processing a crafted MP4 file containing malformed Opus audio packets with `MP4Box` can trigger a stack-based buffer overflow in `gf_opus_read_length()`, causing a crash and potential memory corruption.

The `gf_opus_read_length()` function in `media_tools/av_parsers.c` does not sufficiently validate Opus packet sizes before writing packet length information. When MP4Box parses a crafted MP4 file containing malformed non-self-delimited Opus packet data, the parser can write two bytes beyond the bounds of a stack object used by the Opus inspection path.

AddressSanitizer reports a `stack-buffer-overflow` at `media_tools/av_parsers.c:11140`, with a `WRITE of size 2` overflowing the `pckh` stack object in `gf_inspect_dump_opus_internal()`.

CWE:
CWE-121 - Stack-based Buffer Overflow

Affected Component:
```
media_tools/av_parsers.c:11140
Function: gf_opus_read_length()
```

Affected Product:
MP4Box (GPAC Multimedia Open Source Project)

Affected Version:
MP4Box versions 2.4 and earlier are affected according to the prepared CVE/MITRE data. The issue was reproduced on a GPAC build at commit:
```
ff8249a407685d00ceb5f4d2a798b9cad195140e
```

Attack Conditions:
An attacker supplies a crafted MP4 file containing malformed Opus audio packets, such as a non-self-delimited Opus packet with an invalid odd length. The issue can be reproduced locally with:
```
./MP4Box -add 7_poc.mp4 -dxml -out /dev/null
```
No elevated privileges are required. User interaction is required when the victim manually processes the malicious MP4 file, or an automated workflow invokes MP4Box on attacker-controlled media.

Impact:
The immediate observed impact is Denial of Service due to process termination. Because the vulnerability is a stack-based buffer overflow with attacker-controlled media input, memory corruption and potential arbitrary code execution cannot be ruled out.

Fix:
The issue was fixed in GPAC commit:
```
d523e7190ccdcf2c13a698080f4f30dc933bd34c
```

Users should update to a GPAC build containing this commit or later. The affected Opus parsing code should validate packet sizes and frame-length constraints before writing length fields into packet header structures.

References:
- Issue: https://github.com/gpac/gpac/issues/3161
- PoC: https://github.com/sigdevel/pocs/blob/main/res/gpac/MP4Box/7/7_poc.mp4
- Fix: https://github.com/gpac/gpac/commit/d523e7190ccdcf2c13a698080f4f30dc933bd34c

Credits:
Alexander A. Shvedov (@sigdevel)

#fuzzing #infosec #security #afl #revers #cybersecurity #bugbounty #vulnerability #opensource #linux #cve #advisory #media #gpac

Euro-Office 1.0 arrives to open-source infighting: 'Compatibility is not sovereignty'

The new cloud-based, open-source alternative to Microsoft 365 and Google Workspace is here, as LibreOffice backers lambast its reliance on Microsoft document formats.

https://www.zdnet.com/article/euro-office-is-here-libreoffice-supporters-arent-happy/

#Tech #Technology #TechNews #AI #Gadgets #Software #Cybersecurity #Apple #Google #Microsoft #Startup #OpenSource #ZDNet [ZDNet]

Amazon’s Echo Hub gets a customizable new look and Ring’s AI features

Amazon's rolling out a free software update for Echo Hub devices that gives the home screen a much-needed update to the interface it launched with in 2024. It had already added Alex Plus AI support, but the new interfac…

https://www.theverge.com/tech/948814/amazon-echo-hub-homescreen-redesign

#Tech #Technology #TechNews #AI #Gadgets #Software #Cybersecurity #Apple #Google #Microsoft #Startup #OpenSource #TheVerge [The Verge]

Security Advisory: CVE-2025-70102 - NULL Pointer Dereference in dhcpcd parse_option

Summary
A crafted dhcpcd configuration input can trigger undefined behavior in the configuration parser by causing `parse_option()` to access a member through a NULL `struct dhcp_opt` pointer.

The issue is located in `src/if-options.c` in `parse_option()`. During parsing of malformed or unexpected option data, the lookup/parsing path can leave the local DHCP option pointer unset. The affected code then assumes the option pointer is valid and accesses embedded option metadata through it, which results in a NULL pointer member access at `src/if-options.c:1886`.

CWE:
CWE-758 - Reliance on Undefined, Unspecified, or Implementation-Defined Behavior

Affected Component:
```
src/if-options.c:1886
Function: parse_option()
```

Affected Product:
dhcpcd

Affected Version:
The issue was reproduced against dhcpcd commit:
```
2de751b3691642151a4fdc49e444d6b4dc364e98
```

Attack Conditions:
An attacker must cause dhcpcd to process a crafted configuration input that reaches the vulnerable option parsing path. The issue was reproduced in an instrumented fuzzing build of the dhcpcd configuration reader.

Impact:
The vulnerability causes undefined behavior and process termination under the sanitizer build, resulting in Denial of Service. No evidence of arbitrary code execution was observed in the local crash data.

Fix:
The issue was fixed in dhcpcd commit:
```
117742d755b591764036dd4218f314f748a3d2b7
```
The fix ensures that the pointed-to local DHCP option entry is non-NULL before it is dereferenced. Users should update to a dhcpcd build containing this commit or later.

References
- Issue: https://github.com/NetworkConfiguration/dhcpcd/issues/567
- Fix: https://github.com/NetworkConfiguration/dhcpcd/commit/117742d755b591764036dd4218f314f748a3d2b7
- PoC: https://github.com/sigdevel/pocs/blob/main/res/dhcpcd/1/if-options_c_1886/if-options_c_1886

Credits
Alexander A. Shvedov (@sigdevel)

#fuzzing #infosec #security #afl #revers #cybersecurity #bugbounty #vulnerability #opensource #linux #cve #advisory #dhcp #net #dhcpcd

Security Advisory: CVE-2025-55657 - NULL Pointer Dereference in GPAC MP4Box VVC Configuration Writer

Processing a crafted MP4 file containing malformed or unsupported VVC configuration data with `MP4Box` can trigger a NULL pointer dereference in `gf_odf_vvc_cfg_write_bs()`, causing a Denial of Service.

Summary:
The `gf_odf_vvc_cfg_write_bs()` function in `odf/descriptors.c` does not validate that the pointer to VVC configuration NAL unit data is non-NULL before using it. When MP4Box processes a crafted MP4 file containing an unsupported `vvc16` box inside the `stsd` parent box, the VVC configuration write path can receive a NULL configuration pointer and dereference it.

AddressSanitizer reports a `SEGV` caused by a `READ` memory access at address `0x000000000000`, with the crash occurring at `odf/descriptors.c:1267`.

CWE:
CWE-476 - NULL Pointer Dereference

Affected Component:
```
odf/descriptors.c:1267
Function: gf_odf_vvc_cfg_write_bs()
```

Affected Product:
MP4Box (GPAC Multimedia Open Source Project)

Affected Version:
MP4Box versions 2.4 and earlier are affected according to the prepared CVE/MITRE data. The issue was reproduced on a GPAC build at commit:

```
ff8249a407685d00ceb5f4d2a798b9cad195140e
```

Builds before the fix commit `34495b9db132be2adb6edd2ab7a28e5f8d5cd2e5` should be considered affected if they contain the vulnerable VVC configuration write path.

Attack Conditions:
An attacker supplies a crafted MP4 file containing malformed VVC configuration data, including an unsupported `vvc16` sample description box. The issue can be reproduced locally with:

```
./MP4Box -add 6_poc.mp4 -new ./test -split-size 500
```

No elevated privileges are required. User interaction is required when the victim manually processes the malicious MP4 file, or an automated workflow invokes MP4Box on attacker-controlled media.

Impact:
The immediate observed impact is Denial of Service due to process termination. The crash is a NULL pointer dereference on the zero page; no evidence of arbitrary code execution was observed.

Fix / mitigation status:
The issue was fixed in GPAC commit:

```
34495b9db132be2adb6edd2ab7a28e5f8d5cd2e5
```

Users should update to a GPAC build containing this commit or later. The affected code should validate VVC configuration pointers and reject malformed or unsupported VVC sample description data before writing VVC configuration records.

References:

- Issue: https://github.com/gpac/gpac/issues/3157
- PoC: https://github.com/sigdevel/pocs/blob/main/res/gpac/MP4Box/6/6_poc.mp4
- Fix: https://github.com/gpac/gpac/commit/34495b9db132be2adb6edd2ab7a28e5f8d5cd2e5

Credit
@sigdevel

#fuzzing #infosec #security #afl #revers #cybersecurity #bugbounty #vulnerability #opensource #linux #cve #advisory #media #gpac

Everyone who uses Linux today had a moment where something clicked after way too long.
What's one thing you wish someone had told you when you were starting out?

Drop it in the comments! Someone reading this probably needs exactly what you're about to share.

#RockyLinux #Linux #OpenSource #LearnLinux #SysAdmin #Community

Buying a school laptop? 4 things I'd consider first (and my top 10 picks)

Your laptop can make or break or time in college, so you want to make sure you get the right one. Here's what to consider.

https://www.zdnet.com/article/how-to-pick-a-laptop-for-college/

#Tech #Technology #TechNews #AI #Gadgets #Software #Cybersecurity #Apple #Google #Microsoft #Startup #OpenSource #ZDNet [ZDNet]

We just shipped some new features of our own to mementomori.social! 🎉

New:
- "For you" feed (experimental). Open your home column settings and switch on "Ranked order" to try an algorithmic feed: posts ranked by engagement and by who you interact with, fresh content on every refresh, and you'll rarely see the same post twice. Flip on "Include posts from people you don't follow" to discover new accounts beyond your follows. See someone interesting there? Tap the + on their avatar to follow them.
- PageUp and PageDown scroll the page normally again (thanks @anotherdream for the feedback on this one!)
- The navigation is a bit tidier: Collections and Followed hashtags now live under "More".

The For you feed is fully opt-in. Your home feed stays exactly as it was unless you turn it on. Feedback very welcome!

Fork source and PR drafts available: https://github.com/mementomori-social/mastodon/tree/mementomods-2026-06-07

Full feature list: https://help.mementomori.social/mementomori.social/instance-features

#MementoMoriSocial #MastoAdmin #Mastodon #OpenSource

Holy shit, my "For You" feed experiment is working in production!

Draft: https://github.com/mementomori-social/mastodon/pull/4

#MementoMoriSocial #Mastodon #OpenSource #BuildInPublic

Alt...

A screenshot of "For you" feed

Roborock’s Q10 S5 Plus robovac is over half off, matching its best price to date

Roborock’s Q10 S5 Plus comes with a self-emptying dock and is under $300. | Image: Roborock Even at full price, the Roborock Q10 S5 Plus offers impressive value, boasting features typically reserved for pricier robovac …

https://www.theverge.com/gadgets/948529/roborock-q10-s5-plus-robot-vacuum-mop-deal-sale

#Tech #Technology #TechNews #AI #Gadgets #Software #Cybersecurity #Apple #Google #Microsoft #Startup #OpenSource #TheVerge [The Verge]

Quick fact: if you've ever streamed content on Netflix, used a PlayStation, or sent a packet through a Juniper router, you've touched FreeBSD.

Learn more about how FreeBSD is used today: https://freebsdfoundation.org/end-user-stories/

#FreeBSD #OpenSource #Infrastructure #FreeBSDDay #SysAdmin

Price hikes are coming for another big Android brand

Huawei's feeling the memory crunch.

https://www.androidauthority.com/huawei-price-hikes-3676860/

#Tech #Technology #TechNews #AI #Gadgets #Software #Cybersecurity #Apple #Google #Microsoft #Startup #OpenSource #AndroidAuthority [Android Authority]

Amazon’s data centers used 2.5 billion gallons of water last year

Just after Seattle enacted a one-year data center moratorium that some of Amazon's own employees pushed for, Amazon shared how much water its data centers use, reportedly for the first time. With concerns about water co…

https://www.theverge.com/tech/948534/amazon-data-centers-water-use

#Tech #Technology #TechNews #AI #Gadgets #Software #Cybersecurity #Apple #Google #Microsoft #Startup #OpenSource #TheVerge [The Verge]

New.

Check Point: From SQLi to RCE – Exploiting LangGraph’s Checkpointer https://research.checkpoint.com/2026/from-sqli-to-rce-exploiting-langgraphs-checkpointer/ #opensource #vulnerability #infosec #threatresearch

Is Apple TV the new HBO?

This is Lowpass by Janko Roettgers, a newsletter on the ever-evolving intersection of tech and entertainment, syndicated just for The Verge subscribers once a week. Severance. Pachinko. Silo. Ted Lasso. Over the past co…

https://www.theverge.com/column/948295/apple-tv-new-hbo

#Tech #Technology #TechNews #AI #Gadgets #Software #Cybersecurity #Apple #Google #Microsoft #Startup #OpenSource #TheVerge [The Verge]

My latest blog post: Peter de Jong Attractors

https://mikecoats.com/peter-de-jong/

Last week I published a new web toy, a Peter de Jong attractor visualiser. Written in plain JavaScript and rendering to a canvas, it comes with a small amount of interactivity to alter the coefficients and see the visualisation change.

#code #javascript #openSource #software

Die #OSADL GV ist soeben gestartet.

Kann ich allen Firmen empfehlen, welche Hilfe bzgl. FOSS (Compliance, rechtliche Fragen, uvm.) benötigen. Alleine die rechtlichen Auskünfte, die FAQ und die Lizenzkompatibilitätsmatrix sind Gold wert - auf jeden Fall aber die (min) 8000 €.

#OpenSource #Linux #CRA #Genossenschaft

After the latest NotebookLM update, I’m rethinking how much I trust AI

My trust issues caught me trusting AI.

https://www.androidauthority.com/notebooklm-may-2026-update-hands-on-ai-trust-3674146/

#Tech #Technology #TechNews #AI #Gadgets #Software #Cybersecurity #Apple #Google #Microsoft #Startup #OpenSource #AndroidAuthority [Android Authority]

How to fix Ripped Off Britain?

🔴 BOOT: Palantir and Big Tech grifters.

🟢 TOOT: Digital Sovereignty and open source.

Tell your MP to stop forking out to a handful of US companies that over-charge and under-deliver. Invest in open source and put the UK in charge instead.

Act now to back an amendment in the Cybersecurity Bill ➡️ https://action.openrightsgroup.org/tell-your-mp-end-big-tech-rip/?mtm_campaign=big-tech-rip-off&mtm_source=mastodon

#digitalsovereignty #techsovereignty #bigtech #opensource #palantir #ukpolitics #ukpol

Alt...

Text: End the Big Tech Rip-Off. Write to your MP. Image: Monochrome photo of Peter Thiel, co-founder of Palantir, with Kier Starmer peeking over his shoulder on top of a pink, blue and yellow patterned background in vertical panels.

Europa hat jetzt sein eigenes Office – und das ist auch noch Open Source! 🚀

Zum Artikel: https://heise.de/-11320254?wt_mc=sm.red.ho.mastodon.mastodon.md_beitraege.md_beitraege&utm_source=mastodon

#eurooffice #opensource #nextcloud #weboffice #digitalesouveränität

Alt...

Auf dem Bild ist das Logo von Euro-Office zu sehen. Im Bild steht: "Open-Source-Office aus Europa: Erste stabile Version von Euro-Office ist verfügbar" darunter steht: "Die quelloffene Office-Suite von Nextcloud, Ionos und Partnern bietet kollaboratives Arbeiten ohne Abhängigkeit von US-amerikanischen Tech-Konzernen."

Slurm-web v7.0.0 is out 🚀

Slurm-web is the open source web interface for Slurm, helping HPC users and admins monitor jobs, nodes, partitions and cluster activity from the browser.

This major release brings SSO with OpenID Connect, Docker/Podman containers, Kubernetes and Slinky-ready deployments, UI branding, job history, filtering, user visibility controls, and Slurm 26.05 support.

More on: https://rackslab.io/en/blog/slurm-web-v7.0.0/

#Slurm #HPC #AI #Containers #DevOps #OpenSource

SoftMaker Office 2026 ist in der öffentlichen Beta. Für Linux gibts echte Fortschritte: nativer Dateidialog auch ohne GNOME, dynamische Arrays in PlanMaker, Markdown in TextMaker. Was weiterhin fehlt: die automatische Dark-Mode-Erkennung, trotz freedesktop.org-Standard seit 2021.

Den ganzen Artikel liest du hier:

https://rueegger.me/softmaker-office-2026-beta-linux/

#Linux #SoftMaker #OpenSource

Valve updated Proton Experimental on June 10th to bring more bug fixes for running Windows games on Linux / SteamOS systems.
https://www.gamingonlinux.com/2026/06/proton-experimental-gets-fixes-for-path-of-exile-1-2-guild-wars-2-call-of-duty-2003-exanima-and-more/

#Steam #OpenSource #Valve #Proton #Misc

Many people still believe that Proxmox Backup Server is only meant for Proxmox VE environments and can only be used to back up virtual machines and containers. The reality is that the Proxmox Backup Client has been available for quite some time, allowing dedicated servers and desktop systems to benefit from the same centralized backup infrastructure.

The challenge? The client is powerful, but not necessarily the most user friendly tool for everyone.

That is where OneSystems GmbH (https://www.onesystems.ch) steps in with their #opensource project BackupPilot. It provides a modern and intuitive graphical interface that makes connecting Linux desktop systems to #ProxmoxBackupServer simple and accessible for everyone.

In my latest blog post, I take a closer look at BackupPilot and how it helps bring centralized backups to the desktop. If it fits from a time perspective, I'll also show a small live demo next to my other PBS and S3 talk at @credativde@mastodon.social's next virtualization gathering. Entry is free, feel free to join!

Blogpost: https://gyptazy.com/blog/backuppilot-a-gui-client-for-proxmox-backup-server/
Git/Source: https://git.onesystems.ch/backuppilot/app
Feedback: https://forum.proxmox.com/threads/erste-testuser-für-backuppilot-gesucht.183740/
Virtualization Gathering: https://www.credativ.de/event/open-source-virtualization-gathering-moenchengladbach/

Alt...

BackupPilot as a GUI Client for Proxmox Backup Server

KWI LIAN & Kyber

Die KI unterstützt.
Der Mensch entscheidet.
Die Infrastruktur dokumentiert.

KWI LIAN verbindet lokale KI-Unterstützung, LibreOffice-Workflows und nachvollziehbare Governance-Daten in einer kontrollierbaren Arbeitsumgebung.

Lokal statt Cloud-Zwang.
Dokumentzustand prüfen und nachweisen.
Serverseitige Shadow-Akte mit Hash, Snapshot und Commit.

#DigitaleSouveränität #OpenSource #LibreOffice #Linux #KI #AIGovernance #GovTech #EUAIAct

Alt...

KWI LIAN & Kyber — lokale KI-Infrastruktur für nachvollziehbare Dokumenten-Workflows. Viele KI-Systeme konzentrieren sich auf die Ausgabe. KWI LIAN konzentriert sich auf den Arbeitszustand dahinter: Wer hat etwas bearbeitet? Auf welchem Gerät? In welchem Vorgang? Welcher Dokumentzustand wurde geprüft? Welche Version wurde freigegeben? Ist der finale Stand später noch nachweisbar? Kyber bringt die KI-Unterstützung direkt in LibreOffice Writer und Calc. LIAN prüft und markiert Zustände. KWI dokumentiert serverseitig Nachweise, Hashes, Snapshots und Commit-Informationen. Das Ziel ist nicht autonome KI. Das Ziel ist kontrollierbare KI-Unterstützung in realen Arbeitsumgebungen. Die KI unterstützt. Der Mensch entscheidet. Die Infrastruktur dokumentiert.

Samsung Heavy Industries recruits Greek shipowner and Supermicro to bring 50MW floating AI data centers to market — can be powered by solid oxide fuel cells running on liquefied natural gas

Besides Samsung Heavy, Japan’s MOL is also building a 73 MW floating data center with Karpowership for a 2027 deployment.

https://www.tomshardware.com/tech-industry/samsung-heavy-industries-recruits-greek-shipowner-and-supermicro-to-bring-50mw-floating-ai-data-centers-to-market

#Tech #Technology #TechNews #AI #Gadgets #Software #Cybersecurity #Apple #Google #Microsoft #Startup #OpenSource #TomsHardware [Tom's Hardware]

iX-Workshop: Linux-Server absichern – effektiv und umfassend

Linux-Server und Netzwerkdienste effektiv und umfassend vor Angriffen schützen – von physischer Sicherheit über Verschlüsselung und 2FA bis hin zu SELinux.

https://www.heise.de/news/iX-Workshop-Linux-Server-absichern-effektiv-und-umfassend-11313841.html?wt_mc=sm.red.ho.mastodon.mastodon.md_beitraege.md_beitraege&utm_source=mastodon

#IdentityManagement #IT #iXWorkshops #OpenSource #Verschlüsselung #news

The parallel between Proton's sponsorship of Vincent Lapierre and Framework's DHH/Omarchy sponsorship is striking.

What separates them is the response: Proton terminated the deal and acknowledged the misstep. Framework doubled down on "software first" neutrality while critics raised legitimate concerns about who they were financially backing.

Different outcomes, same underlying issue, companies claiming ethical stances need to vet partnerships consistently, not just reactively.

#Proton #Framework #Omarchy #DHH #Privacy #FOSS #OpenSource

Overenthusiastic GTA 6 fan claims to be monitoring oxygen levels, acoustic noise from the bushes at Rockstar North HQ — promises trailer 3 launch is imminent based on heightened acti…

Either a dedicated jokester or a deranged fan has been posting advanced surveillance on Reddit in an attempt to predict the next GTA 6 trailer.

https://www.tomshardware.com/video-games/console-gaming/overenthusiastic-gta-6-fan-claims-to-be-monitoring-oxygen-levels-acoustic-noise-from-the-bushes-at-rockstar-north-hq-promises-trailer-3-launch-is-imminent-based-on-heightened-activity

#Tech #Technology #TechNews #AI #Gadgets #Software #Cybersecurity #Apple #Google #Microsoft #Startup #OpenSource #TomsHardware [Tom's Hardware]

YouTube expands its direct messaging feature to more countries, including the US

You can finally share your favorite YouTube videos and Shorts more conveniently.

https://www.androidauthority.com/youtube-direct-messaging-expand-us-3676612/

#Tech #Technology #TechNews #AI #Gadgets #Software #Cybersecurity #Apple #Google #Microsoft #Startup #OpenSource #AndroidAuthority [Android Authority]

Ring’s two-camera outdoor security bundle falls 50% in Amazon’s early sale

This Ring bundle pairs floodlight and spotlight cameras for half the price.

https://www.androidauthority.com/ring-floodlight-cam-plus-bundle-deal-3675992/

#Tech #Technology #TechNews #AI #Gadgets #Software #Cybersecurity #Apple #Google #Microsoft #Startup #OpenSource #AndroidAuthority [Android Authority]

This 5-camera Blink Outdoor 4 bundle just crashed 65% to a record-low price

Five outdoor cameras, one very low price.

https://www.androidauthority.com/blink-outdoor-4-bundle-deal-3675690/

#Tech #Technology #TechNews #AI #Gadgets #Software #Cybersecurity #Apple #Google #Microsoft #Startup #OpenSource #AndroidAuthority [Android Authority]

3 signs someone is stealing your Wi-Fi - and how to kick them off

If you suspect someone may be on your Wi-Fi network without your permission, here's how to find out - and what to do about it.

https://www.zdnet.com/article/signs-someone-is-using-your-wi-fi-how-to-kick-them-off/

#Tech #Technology #TechNews #AI #Gadgets #Software #Cybersecurity #Apple #Google #Microsoft #Startup #OpenSource #ZDNet [ZDNet]

I found a free Android app that makes deleting photos as easy as swiping left

Looking for the most efficient way to clear out photos and videos from your Android phone? It's just a swipe away with an easy-to-use app called Sponge.

https://www.zdnet.com/article/free-android-app-makes-deleting-photos-easy/

#Tech #Technology #TechNews #AI #Gadgets #Software #Cybersecurity #Apple #Google #Microsoft #Startup #OpenSource #ZDNet [ZDNet]

Framework delays its first Laptop 13 Pro shipments by a month

The Framework Laptop 13 Pro is delayed. The new 13-inch Framework flagship was set to launch in June, but shipments from the first batch are now expected in July - and there's still a chance some shipments could slip to…

https://www.theverge.com/gadgets/948044/framework-laptop-13-pro-delay-shipment-july-august

#Tech #Technology #TechNews #AI #Gadgets #Software #Cybersecurity #Apple #Google #Microsoft #Startup #OpenSource #TheVerge [The Verge]

Nearly a million passports and photo IDs were left unprotected on the public internet

Typing a few letters and numbers into my web browser, I find myself gaping at the identity documents of complete strangers. The passport of a young woman from Germany. The passport of a man from Spain with glasses resti…

https://www.theverge.com/tech/947157/passports-data-breach-cannabis-club-systems-nefos-puffpal

#Tech #Technology #TechNews #AI #Gadgets #Software #Cybersecurity #Apple #Google #Microsoft #Startup #OpenSource #TheVerge [The Verge]

Experimenting with an opt-in ranked home timeline ("For you" feed) for Mastodon, just for myself and in my own fork.

Draft: https://github.com/mementomori-social/mastodon/pull/4

#MastoAdmin #Mastodon #MementoMoriSocial #BuildInPublic #OpenSource

It's a bit scary talking to some people these days, who's first (and sometimes only) significant computing experience is a smartphone or closed-ecosystem PC, and not a general purpose PC.

Real Stockholm syndrome stuff: "I'm so impressed by Apple, my 2019 macbook still gets updates! most android phones only get 3-4 years"

Well a general purpose PC gets practically unlimited updates if you install the right thing on it.

#foss #linux #openSource #PC #tech

Kalshi adds required employment verification for some prediction market bets

The CFTC is considering its first regulation for prediction markets, as arrests over "insider trading" on everything from military operations to Google Search data continue to stack up. As CoinDesk reports, a notice of …

https://www.theverge.com/business/948083/kalshi-prediction-markets-insider-trading

#Tech #Technology #TechNews #AI #Gadgets #Software #Cybersecurity #Apple #Google #Microsoft #Startup #OpenSource #TheVerge [The Verge]

God damn. Gnome's "activities" overview remains absolutely genius design. You tap *one* button, and you have access to 95% of what you use on a regular basis. It's sad that other desktop environments don't have this.

#FOSS #FLOSS #OpenSource #Linux #Debian #Gnome

Alt...

A Gnome desktop with "activities" revealed. There is a desktop window slightly shrunken, in the centre of the screen, a series of desktop thumbnails across the top, and a "dash" with frequently used programmes along the bottom. One button reveals your whole computer.

I've tested so many desktop AI tools, but Hermes with Ollama is my new favorite - here's why

Local AI is the way to go, and Hermes with open-source Ollama is my preferred setup right now.

https://www.zdnet.com/article/hermes-ollama-hands-on-desktop-ai-tool/

#Tech #Technology #TechNews #AI #Gadgets #Software #Cybersecurity #Apple #Google #Microsoft #Startup #OpenSource #ZDNet [ZDNet]

The best early Prime Day robot vacuum deals I'd buy now, after testing dozens of them

Amazon Prime Day is right around the corner, and I found the best robot vacuum deals that are actually a great deal.

https://www.zdnet.com/article/best-early-amazon-prime-day-robot-vacuum-deals-2026/

#Tech #Technology #TechNews #AI #Gadgets #Software #Cybersecurity #Apple #Google #Microsoft #Startup #OpenSource #ZDNet [ZDNet]

We never did a proper #introduction, did we? 😲

Hi Fediverse, we're Thunderbird, an #opensource #email client available for free on Linux, Windows, MacOS and now on Android!

You can use Thunderbird for managing an unlimited number of mail accounts, calendars, newsgroup accounts, and RSS feeds. You can also chat using your @matrix account.

💙 LIKES: Open standards, privacy, freedom, customization.

🚫 DISLIKES: Proprietary code.

Nice to meet you 📩

You can just tell the Instagram algorithm what you want now

Instagram is going to let you tweak what its algorithm shows you on your main feed. With the Your Algorithm feature, "you can now see the topics we think you're interested in, and change them, across all the major parts…

https://www.theverge.com/tech/947898/meta-instagram-your-algorithm-main-feed-tell

#Tech #Technology #TechNews #AI #Gadgets #Software #Cybersecurity #Apple #Google #Microsoft #Startup #OpenSource #TheVerge [The Verge]

Android 17 QPR1 Beta 4 is ready to share its latest bug fixes

Hopefully these new builds are almost done sorting out glitches.

https://www.androidauthority.com/android-17-qpr1-beta-4-3676575/

#Tech #Technology #TechNews #AI #Gadgets #Software #Cybersecurity #Apple #Google #Microsoft #Startup #OpenSource #AndroidAuthority [Android Authority]

Re-sharing a small open source project I just finished polishing: PoseViz, my browser-based pose recording data visualizer/player.

https://fietkau.software/poseviz

When I left my previous employer, we discussed what would remain there and what I would take with me. PoseViz is one of our bespoke research tools now in my private custody. I put a bit of effort into making it presentable and fun to play with. Try opening some of the different demo recordings! 🙂

#OpenSource #PoseTracking #threejs

Alt...

A stick figure in a simple 3D environment, with a stylized camera shown in the background of the scene. There is a video player interface at the bottom with a play button, a progress bar, and playback time information.

Having trouble with Strava? Here’s what’s going on

You're not the only one getting errors.

https://www.androidauthority.com/strava-experiencing-outage-3676560/

#Tech #Technology #TechNews #AI #Gadgets #Software #Cybersecurity #Apple #Google #Microsoft #Startup #OpenSource #AndroidAuthority [Android Authority]

Court actually holds Google responsible for everything AI Overviews get wrong

Google's AI Overviews landed it in legal trouble over "scam" claims.

https://www.androidauthority.com/ai-overviews-liability-3676496/

#Tech #Technology #TechNews #AI #Gadgets #Software #Cybersecurity #Apple #Google #Microsoft #Startup #OpenSource #AndroidAuthority [Android Authority]

Microsoft restricts Claude Fable for employees over data retention concerns

Anthropic released Claude Fable, its first Mythos-class AI model, yesterday and it's already causing concerns inside Microsoft. Sources tell me that Microsoft is limiting the use of Claude Fable 5 for employees because …

https://www.theverge.com/report/947575/microsoft-claude-fable-5-restricted-internally

#Tech #Technology #TechNews #AI #Gadgets #Software #Cybersecurity #Apple #Google #Microsoft #Startup #OpenSource #TheVerge [The Verge]

Google will save your Lens photos, Search Live recordings, and Translate audio for AI training

Google is making some changes to how it saves your interactions with Search. In an email sent to users, Google says it will save the images, files, audio, and video you use to search under a new "Search Services History…

https://www.theverge.com/tech/947836/google-search-privacy-settings-images-audio

#Tech #Technology #TechNews #AI #Gadgets #Software #Cybersecurity #Apple #Google #Microsoft #Startup #OpenSource #TheVerge [The Verge]

Boox’s quirky page-turning remote won me over

Tappy is a tiny wireless remote that doesn’t look like one. Following the launch of the surprisingly popular Kobo Remote, Boox has released its own device to ease the burden of reaching for an e-reader’s touchscreen tha…

https://www.theverge.com/tech/943699/slug-boox-tappy-wireless-bluetooth-remote-page-turn-android-ios-hands-on

#Tech #Technology #TechNews #AI #Gadgets #Software #Cybersecurity #Apple #Google #Microsoft #Startup #OpenSource #TheVerge [The Verge]

The 2026 Zeek Project Survey launches June 23. We put together a quick recap of what last year's results actually drove, including the new Contributor Framework and Topic of the Month.

https://zeek.org/2026/06/the-2026-zeek-project-survey-coming-june-23/

#Zeek #OpenSource #NetworkSecurity

The 2026 Zeek Project Survey launches June 23. We put together a quick recap of what last year's results actually drove, including the new Contributor Framework and Topic of the Month.

https://zeek.org/2026/06/the-2026-zeek-project-survey-coming-june-23/

#Zeek #OpenSource #NetworkSecurity

@mgfp_fediprofile
https://hub.vocalcat.com/mgfp_fediprofile

After a few attempts in the past, I finally created a FediProfile. I won't be needing Biolink anymore :D.

1/2

#Fediverse #ActivityPub #Linkinbio #OpenSource #SelfHosting #FediProfile #Federation #Federated #FederatedSocialWeb

onion-relay v2.0.0 is out, and it's been a long road from v0.0.1 ⬇️

ℹ️ What started as "one command to run a relay" is now a hardened, production-tested AIO stack: guard, exit, and bridge (obfs4) in a 16.8 MB image.

What's new in v2.0.0:
🩺 health + status tools now expose build_version & config_source
⚡ healthcheck.sh fails fast on missing/empty torrc
🔒 DirPort now defaults to 0 (disabled) in ENV-generated configs

What the project has grown into since launch:
🔑 Happy Family support (Tor 0.4.9+ FamilyId, 🪦 RIP MyFamily lists)
🧰 6 busybox only diagnostic tools
🌍 Battle-tested across 10+ countries: https://relays.brokenbotnet.com
🔐 35+ security fixes, CVE coverage, weekly automated rebuilds
🐋 Works with Docker CLI, Compose, Cosmos Cloud & Portainer

https://github.com/r3bo0tbx1/tor-guard-relay

If you care about privacy infrastructure:
🥢 Try it out
🐛 Report bugs
💡 Suggest features
⭐ Star it to help others find it

Still maintaining this in my free time, donation info
in the README. And please support @torproject

@eff and @privacyguides too.

Protecting privacy, one relay at a time ✨

#Tor #Privacy #OpenSource #Docker #FOSS #SelfHosting #Infosec

Pixel stuck in a bootloop after installing a recent update? Google finally has a fix

Google has updated guidance on restoring impacted Pixel handsets.

https://www.androidauthority.com/pixel-bootloop-fix-3676410/

#Tech #Technology #TechNews #AI #Gadgets #Software #Cybersecurity #Apple #Google #Microsoft #Startup #OpenSource #AndroidAuthority [Android Authority]

What do you think about #portmaster ?

#firewall #cybersec #cybersecurity #ufw #opensource

Today we released ldns 1.9.1, which contains a security fix for CVE-2026-10846: Insufficient verification that responses belong to a query. Thanks Pablo Ruiz from ‘codecome.ai’ for the report.

Read more in the release post:
https://community.nlnetlabs.nl/t/ldns-1-9-1-released/3403

#DNS #OpenSource

Was macht BizzFed anders als LinkedIn?

✅ Vollständig föderiert – du erreichst uns von jeder Mastodon-Instanz
✅ Kein zentraler Konzern hinter den Daten
✅ Kein Algorithmus, der entscheidet, wen du siehst
✅ Open & dezentral

Business-Netzwerken, wie es sein sollte. Registriert euch und schaut einfach mal rein!

➡️ https://www.bizzfed.de

#BizzFed #Fediverse #LinkedInAlternative #OpenSource #Datenschutz

The Social Reckoning trailer gives us our first look at Jeremy Strong as Zuck

Over 15 years after David Fincher and Aaron Sorkin's The Social Network premiered in theaters, Sony has released the first trailer for The Social Reckoning ahead of its theatrical release on October 9th. The follow-up t…

https://www.theverge.com/entertainment/947682/social-reckoning-trailer-aaron-sorkin-jeremy-strong-allen-white-facebook

#Tech #Technology #TechNews #AI #Gadgets #Software #Cybersecurity #Apple #Google #Microsoft #Startup #OpenSource #TheVerge [The Verge]

Posted yesterday.

This relates to CVE-2026-44182, CVE-2026-44181, and CVE-2026-44180.

Orca: Critical Jupyter Enterprise Gateway Vulnerabilities Enable Full Kubernetes Cluster Takeover https://orca.security/resources/blog/jupyter-enterprise-gateway-vulnerabilities/ #Kubernetes #infosec #vulnerability #opensource

The AirPods Pro 3 are $179, their best-ever price

AirPods Pro 3 | Photo by Amelia Holowaty Krales / The Verge Ahead of Prime Day, the Apple AirPods 3 wireless earbuds have hit their lowest price so far. Originally $249 (though commonly selling somewhere between $200 an…

https://www.theverge.com/gadgets/947719/airpods-pro-3-walmart-deal-sale

#Tech #Technology #TechNews #AI #Gadgets #Software #Cybersecurity #Apple #Google #Microsoft #Startup #OpenSource #TheVerge [The Verge]

From yesterday.

The Register: The Document Foundation accuses newly launched Euro-Office of undermining digital sovereignty by defaulting to Microsoft's OOXML document format https://www.theregister.com/applications/2026/06/09/libreoffice-brands-euro-office-a-de-facto-ally-of-microsofts-lock-in-strategy/5252854 @theregister #digitalsovereignty #Microsoft #opensource

Google Play Services is draining battery life from Galaxy Watches like a vampire

Galaxy Watches are getting their battery life stolen by Google Play Services.

https://www.androidauthority.com/galaxy-watch-play-services-battery-drain-3676373/

#Tech #Technology #TechNews #AI #Gadgets #Software #Cybersecurity #Apple #Google #Microsoft #Startup #OpenSource #AndroidAuthority [Android Authority]

I got a new phone, and I tried out #Deltachat's "I already have a profile" -> "Add as a Second Device" feature (synced profile from old phone to new phone). Synced like blazing full powah!

Chefkiss! 🤌

#OpenSource

Google fixes Pixel Watch glitch causing Play Store to crash

Google swats down frustrating Play Store crash bug on Pixel Watches.

https://www.androidauthority.com/pixel-watch-play-store-crash-fix-3676344/

#Tech #Technology #TechNews #AI #Gadgets #Software #Cybersecurity #Apple #Google #Microsoft #Startup #OpenSource #AndroidAuthority [Android Authority]

If you have ever done investigations, traffic analysis, or any form of content assessment, you've no doubt used cURL

Daniel Stenberg wrote recently about the challenges the cURL team face with limited budget and increasing vulnerability reporting due to LLM use.

https://daniel.haxx.se/blog/2026/05/26/the-pressure/

I read about this crisis and immediately donated at

https://opencollective.com/curl/donate

Please consider donating.

#curl #opensource #llm #vulnerabilityreporting

The excellent Garmin Forerunner 570 just hit a very tempting price ahead of Prime Day

The Forerunner 570 earned high marks in our review, and it’s now $100 cheaper in the Amazon sale.

https://www.androidauthority.com/garmin-forerunner-570-deal-3675700/

#Tech #Technology #TechNews #AI #Gadgets #Software #Cybersecurity #Apple #Google #Microsoft #Startup #OpenSource #AndroidAuthority [Android Authority]

AT&T is offering 24 hours of unlimited internet for $3, even to T-Mobile and Verizon customers

The "Unlimited Day Pass" offers on-demand internet connectivity for your iPad.

https://www.androidauthority.com/att-unlimited-day-pass-ipad-t-mobile-verizon-3675861/

#Tech #Technology #TechNews #AI #Gadgets #Software #Cybersecurity #Apple #Google #Microsoft #Startup #OpenSource #AndroidAuthority [Android Authority]

#DigitalIndependance Day has once again arrived. The 1st Sunday of every month is your opportunity to reflect on past efforts to #DeGoogle or renew your commitment to dump U.S. invasive tech. There are better alternatives, either less invasive or #OpenSource.
This month I researched how I could leave Google Maps behind, and this article reviewing different applications was useful.

#DID #CDNdid

https://www.howtogeek.com/i-tested-6-google-maps-alternatives-this-is-the-one-im-sticking-with/

Roborock’s latest smart mower could be the closest thing to hands-free lawn care yet

Your lawn's new employee never takes weekends off.

https://www.androidauthority.com/roborock-rockneo-lawnmower-launch-3676219/

#Tech #Technology #TechNews #AI #Gadgets #Software #Cybersecurity #Apple #Google #Microsoft #Startup #OpenSource #AndroidAuthority [Android Authority]