More infos about CVE-2026-41651 at:
heise.de/news/Pack2TheR…
English
Mails Nielsen
97 posts
Mails Nielsen
@MailsNielsen
Co-Founder | #CEO of @SolidProof_io Security pro, loves engines: V12, bike, boat. Ex-sysadmin, full-stack dev, now CEO & researcher.
Flensburg, Germany Katılım Temmuz 2011
187 Takip Edilen135 Takipçiler
If you haven't patched today, now would be a good time.
"Pack2TheRoot" in PackageKit lets any local user install system packages without a password - and become root. Affects Debian, Fedora, Ubuntu, Rocky in default config. CVSS 8.8.
Updates have been out since April 22.
English
AI-assisted vuln research is starting to deliver real results. Whether that's good news depends on which side of the disclosure inbox you sit on.
English
One detail worth flagging: Telekom Security found this with Anthropic's Claude Opus. The starting point was odd behavior of pkcon install on a Fedora workstation – a system package installed without ever prompting for a password.
English
For the curious about the mechanics: it's a TOCTOU on transaction->cached_transaction_flags. Three bugs in the code let those flags get rewritten between authorization and execution - classic race window.
Affected versions: PackageKit 1.0.2 through 1.3.4. Fixed in 1.3.5.
English
@SolidProof_io @JurisProtocol @LunaClassicHQ @Lunanauts_Lunc @LunaClassicNet @coingecko Refreshing to see
English
That’s exactly the reason "and the hope" why we actively supported projects that worked to bring more traffic back to the chain.
A great milestone so far, and also a strong validation for us.
@JurisProtocol @LunaClassicHQ @Lunanauts_Lunc @LunaClassicNet @coingecko
CoinGecko@coingecko
Never in a million years would I have imagined this 🤯
English
Good morning web3!
Let's kick this week off with some security updates.
We have just finished the smart contract audit for @BricaCapital 🤝
More news on its way.
Reports are online app.solidproof.io
English
We believe everyone knows that we remain fully neutral our actions and reactions are based solely on facts and real events.
That said, X is currently flooded with @Pumpfun discussions, @a1lon9 got doxxed, and controversy.
It raises an important question:
Did we all really not see it coming?
Did we pretend there was real utility when it was clearly more of a casino-like system?
Did the space (not us, but the majority of Degens) forget its core principles and simply play along?
A reminder we shouldn’t ignore: honesty lasts longest.
It’s time to return to building honest projects with real use cases.
We call the EVM run back!!!!!!!
English
Historic milestone! @krakenfx just became the FIRST crypto firm to gain direct access to the Federal Reserve's core payments system via a master account.
Now on the same rails as thousands of US banks & credit unions. Faster, safer fiat moves for crypto. Integration era begins!
English
@SolidProof_io @Veilonwallet No complex audits, but ones with depth instead. Welcome to the new era of Web3!
English
Not many audits lately, okay let's say not many meme audits.
But more development and utility projects, which is absolutely fine and hopefully brings hope back to the #Web3Culture.
Today we are working on the final report together with the @Veilonwallet team, power on!
English
Mails Nielsen retweetledi
🚨 Microsoft Office Word 0-day Vulnerability Actively Exploited in the Wild
Source: cybersecuritynews.com/microsoft-offi…
A critical zero-day vulnerability in Microsoft Word, tracked as CVE-2026-21514, was disclosed on February 10, 2026, allowing attackers to bypass essential security protections.
CVE-2026-21514 exploits a weakness in how Microsoft Word handles security decisions based on untrusted inputs, categorized as CWE-807.
The vulnerability specifically bypasses Object Linking and Embedding (OLE) mitigations implemented by Microsoft to protect users from malicious COM/OLE controls.
These OLE controls enable documents to embed and interact with external objects. However, improper validation allows attackers to circumvent protective measures.
#cybersecuritynews #vulnerability
English
We’re proud to announce a significant breakthrough in the fight against criminal activity in the Web3 space.
Countless inquiries from the community have driven us to tackle what many thought was impossible legal prosecution of digital thieves.
English
Mails Nielsen retweetledi
Privilege Escalation in Wordpress acf-extended Plugin
tip:
always check the post method endpoint and analyse which parameters are user control then play with them💀
#bugbountytips
English
@SolidProof_io @cryptition_io A possible investor should always look for an independent audit.
English
We are pleased to report that more and more Solana projects are choosing the secure path and deciding to undergo an audit.
A very good example of this: @cryptition_io
The project will also be available on our TrustNet soon.
English
Mails Nielsen retweetledi
Blame CloudFlare for Website Issues
The Cloudflare Error Page Generator (github.com/donlon/cloudfl…) is an open-source tool for creating highly customizable error pages in the style of Cloudflare.
It perfectly mimics Cloudflare’s famous error page designs (such as the 5xx internal server error pages) and can be embedded directly into your website. You can easily generate static HTML files to replace default error pages, allowing you to quickly shift the blame to CloudFlare whenever your site runs into problems.
English
Not to forget, our data specialists are super busy as well!
Welcome, Team @FortunaPro_sol . It's good to see that teams are still focusing on KYCs.
You can see whether they passed or not later on our TrustNet - @SP_TrustNet
English
Mails Nielsen retweetledi
