Debugging the AMD GPU
Although Robert F. Kennedy gets the credit for popularizing it, George Bernard Shaw said: “Some men see things as they are and say, ‘Why?’ I dream of things that never …read more Continue reading Debugging the AMD GPU
OpenAI Rolls Out New ChatGPT Images
OpenAI has issued a major update to ChatGPT image generation that’s powered by its latest flagship image generation model.
The post OpenAI Rolls Out New ChatGPT Images appeared first on Thurrott.com.
Continue reading OpenAI Rolls Out New ChatGPT Images
Racks of AI Chips Are Too Damn Heavy
The weight of AI server racks has reached a point where legacy data centers cannot accommodate them even with significant retrofitting efforts, The Verge reports. Chris Brown, chief technical officer at Uptime Institute, said most retrofitting attempts… Continue reading Racks of AI Chips Are Too Damn Heavy
SantaStealer stuffs credentials, crypto wallets into a brand new bag
All I want for Christmas … is all of your data A new, modular infostealer called SantaStealer, advertised on Telegram with a basic tier priced at $175 per month, promises to make criminals’ Christmas dreams come true. It boasts that it can run “fully u… Continue reading SantaStealer stuffs credentials, crypto wallets into a brand new bag
US Threatens Penalties Against European Tech Firms Amid Regulatory Fight
U.S. officials excoriated the European Union for discriminating against American technology companies and threatened to penalize European tech companies in return, in a social media post on Tuesday. From a report: The pronouncement appeared to signal a… Continue reading US Threatens Penalties Against European Tech Firms Amid Regulatory Fight
VU#651499: Siemens Gridscale X Prepay username enumeration and account lock bypass vulnerability
Overview
Vulnerabilities have been identified in Siemens Gridscale X Prepay that allows unauthenticated username enumeration and enables an attacker to bypass account lock functionality. These issues may permit unauthorized access or prolonged access to protected resources, even after an account has been administratively locked.
Description
Siemens Gridscale X Prepay is a scalable energy management solution for utilities, integrating smart meters and customer payment options. The related vulnerabilities increase the risk of unauthorized actions, data exposure, or misuse of sensitive organizational resources.
CVE-2025-40806 Unauthenticated username enumeration. An attacker may determine the validity of usernames by a response code, allowing the attacker to determine whether a username is valid before authentication occurs. This exposure can facilitate targeted attacks by allowing an adversary to identify valid accounts before attempting further compromise.
CVE-2025-40807 Account lock bypass. An attacker can bypass the intended account lock protection by replaying or modifying previously captured valid responses. The issue appears related to session tokens that remain valid after logout or after an administrative account lock. Because these tokens do not expire immediately, an attacker with access to previously captured network responses can continue access the system despite the account being locked. This scenario is particularly concerning when the attacker is a former employee, insider, or anyone with prior authenticated access who may have retained network captured data or sessions artifacts.
Impact
The complete impact of this vulnerability is not yet known.
Solution
Siemens has released a new version of the Gridscale X Prepay and for version 4.2.1 and below, it is recommended to install the provided security update using the appropriates tools and procedures supplied with the product. Before deployment, all updates should be validated, and installed under the supervision of personnel with approved access within the target environment.
As a general security practice, Siemens also advises protecting network access with suitable controls such as firewalls, network segmentation, and VPNs. Systems should be configured in accordance with Siemens’ operational guidelines to ensure that the devices operate within a secure IT environment.
Acknowledgements
Thank you to the reporter, Kira The Raven Security. This document was written by Michael Bragg.
Mozilla Has a New CEO
Mozilla announced today that the former lead of Firefox, Anthony Enzor-DeMeo, is its new CEO.
The post Mozilla Has a New CEO appeared first on Thurrott.com.
Continue reading Mozilla Has a New CEO
5 reasons to update your iPhone to iOS 26.2 – including security patches
The latest update squashes security bugs and beefs up apps like AirDrop and Reminders. Don’t forget to update your iPad, Mac, Apple Watch, and Apple TV, too. Continue reading 5 reasons to update your iPhone to iOS 26.2 – including security patches
Texas Sues TV Makers For Taking Screenshots of What People Watch
mprindle writes: The Texas Attorney General sued five major television manufacturers, accusing them of illegally collecting their users’ data by secretly recording what they watch using Automated Content Recognition (ACR) technology.
The lawsuits tar… Continue reading Texas Sues TV Makers For Taking Screenshots of What People Watch
Keebin’ with Kristina: the One with the Curious Keyboards
I love first builds! They say so much about a person, because you see what’s paramount to them in a keyboard. You can almost feel their frustration at other keyboards …read more Continue reading Keebin’ with Kristina: the One with the Curious Keyboards