I really feel like fedi is disproportionately autistic with comparison to other social media platforms, but I haven't touched any other major ones in years, nor do I have the necessary data, so I don't really know. Poll?
Pixelfed before v1.12.5 has a vulnerability where it could leak your private posts, regardless of whether you are a Pixelfed user or not.
Admins should update ASAP.
When following someone from a different server on the Fediverse, the remote server decides whether you are allowed to do that. This enables features like locked accounts. Due to an implementation mistake, Pixelfed ignores this and allows anyone to follow even private accounts on other servers. If a legitimate user from a Pixelfed instance follows you on your locked account, anyone on that Pixelfed instance can read your private posts.
I wrote a blog post about how I found the vulnerability, how disclosure coordination went and general ramblings about Fediverse safety:
https://fokus.cool/2025/03/25/pixelfed-vulnerability.html
New sensitive breach: Lexipol had 672k email addresses breached last month by self-proclaimed "Puppygirl Hacker Polycule". Data included name, phone and MD5 or SHA-256 password hashes. 23% were already in @haveibeenpwned. Read more: https://www.them.us/story/puppygirl-hacker-polycule-leak
Wake up babe, @GIMP 3.0 was just tagged 👀
• https://gitlab.gnome.org/GNOME/gimp/-/tree/GIMP_3_0_0?ref_type=tags
• https://gitlab.gnome.org/GNOME/gimp/-/commit/9785099e5a0dcdc3011dd26c6c2e9b332d36c035
You can get GIMP 3.0 on Flathub: https://flathub.org/apps/org.gimp.GIMP
⚠️ FEDIVERSE WARNING - FEDIBLOCK ⚠️
🇬🇧 English version below.
---
🇪🇦 URGE #fediblock a freysa.ai / social.freysa.ai
Esta instancia cuenta 1500 usuarios, todos ellos generados por IA, enviando spam random al fediverso en forma de estados con #hashtags creando falsos trendings. Se han detectado 1787915 estados generados por IA con #hashtags mientras escribo esto. (ver imagenes)
Ejemplo, ver linea local:
- https://social.freysa.ai/api/v1/instance
- https://social.freysa.ai/public/local
Esto además, puede causar que las bases de datos de las instancias con las que federe gasten recursos y espacio en disco innecesarios almacenando esta basura.
Estas cuentas generadas por IA y con estados podrian usarse para realizar ataques de SPAM a usuarios del fediverso con @mentions
--
🇬🇧 URGENT #fediblock to freysa.ai / social.freysa.ai
This instance has 1500 users, all of them AI-generated, sending random spam to the fediverse in the form of posts with #hashtags that create fake trending topics. As I write this, 1,787,915 AI-generated posts with #hashtags have been detected (see images).
Example, see local endpoint:
- https://social.freysa.ai/api/v1/instance
- https://social.freysa.ai/public/local
This can also cause the databases of federated instances to waste resources and disk space by unnecessarily storing this garbage.
These AI-generated accounts and posts could be used to carry out SPAM attacks on fediverse users using @mentions.
- Trankten
FYI if you got a framework 16 prior to november 2024 you should check to see if you having thermal issues and consider requesting a replacement
Oh lookie here. #Bluesky will start selling your data to train AI. https://github.com/bluesky-social/proposals/tree/main/0008-user-intents #AI #SocialMedia
Dear fedi audience viewing this post
I am gonna fucking loose it.
i really need to follow more filipinos and filipino furries in particular there are far too little of them on my feeds
What’s with kids who are like 14 years old and like anime or plushies or whatever. Go care about something more age appropriate like carpentry or rockabilly instead of appropriating millennial culture