BIT-DISCOURSE-2026-31869 Discourse: Composer mentions endpoint leaks hidden group membership through PM `allowed_names` check

Discourse is an open-source discussion platform. Prior to versions 2026.3.0, 2026.2.1, and 2026.1.2, the ComposerControllermentions endpoint reveals hidden group membership to any authenticated user who can message the group. By supplying allowednames referencing a hidden-membership group and...

Transcript Franking for Encrypted Messaging

Message franking is an indispensable abuse mitigation tool for end-to-end encrypted E2EE messaging platforms. With it, users who receive harmful content can securely report that content to platform moderators. However, while real-world deployments of reporting require the disclosure of multiple...

CVE-2024-47130

The goTenna Pro App allows unauthenticated attackers to remotely update the local public keys used for P2P and group messages. It is advised to update your app to the current release for enhanced encryption protocols...

goTenna Pro 访问控制错误漏洞

The goTenna Pro is a series of devices from goTenna that can create networks for off-grid communications and situational awareness. An access control error vulnerability exists in goTenna Pro. An unauthenticated attacker could exploit this vulnerability to remotely update local public keys used f...

CVE-2022-1753

A vulnerability, which was classified as critical, was found in WoWonder. Affected is the file /requests.php which is responsible to handle group messages. The manipulation of the argument groupid allows posting messages in other groups. It is possible to launch the attack remotely but it might...

Cryptocurrency Pump and Dump Scams

Really interesting research: "An examination of the cryptocurrency pump and dump ecosystem": Abstract: The surge of interest in cryptocurrencies has been accompanied by a proliferation of fraud. This paper examines pump and dump schemes. The recent explosion of nearly 2,000 cryptocurrencies in an...

WhatsApp Downplays Damage of a Group Invite Bug

Research that claims WhatsApp’s group messaging feature can be compromised by an attacker is being called into question by WhatsApp and the developer of the underlying messaging technology. Last week, a team of researchers from Germany’s Ruhr University Bochum released an academic paper outlining...

Signal 2.0 — Free iPhone App for Encrypted Calls and Texts

An open source software group, Open Whisper Systems, has announced the release of Signal 2.0 — the second version of its free and open source messaging application for iPhone and iPad users. Signal app is specifically designed to make secure and easy-to-use encrypted voice calling. But that’s wha...

Huddles and Muddles

Google+’s new Huddle function is a group messaging platform that allows Google+ friends who have the G+ application to communicate en masse – Twitter-like. Beware, though: there’s a fine line between huddling and spamming. For one thing, starting a Huddle will send a text message to all your...