cross-posted from: https://lemmy.world/post/48269853

Telegram faced major connectivity disruptions after researchers reported that Reliance Communications’ AS18101 allegedly announced Telegram’s 91.108.56.0/22 IP prefix, a route normally originated by Telegram’s AS62041. The announcement reportedly spread through FLAG Telecom and reached international peers, causing Telegram traffic in India and parts of the UAE, Europe, and Asia to be misrouted or dropped.

The incident came around the same time as India’s temporary Telegram restriction linked to NEET exam security, but the network-layer impact went far beyond a domestic block. Researchers say the route should have been flagged as RPKI-invalid and filtered, raising fresh concerns about weak BGP security enforcement, poor route filtering, and how a single unauthorized routing announcement can disrupt a major platform across borders.

PSN briefly allowed users to claim single-letter Online IDs like A, B, X, and Z, even though Sony’s public username rules require 3–16 characters. It looks less like a planned feature and more like a validation failure somewhere in PSN’s identity stack, showing why client-side checks are never enough and why all platforms need consistent server-side validation across APIs, account services, and databases.

cross-posted from: https://lemmy.world/post/48197919

A newly disclosed Jenkins vulnerability, tracked as CVE-2026-53435, is now being actively exploited in the wild. The flaw allows an authenticated attacker with relatively low privileges to POST a malicious config.xml file, abuse Jenkins’ deserialization handling, and route requests through Stapler to access sensitive files on the Jenkins controller.

The issue affects Jenkins weekly versions up to 2.567 and LTS versions up to 2.555.2. Successful exploitation can lead to arbitrary file read, user impersonation, Script Console access, and possible exposure of SSH keys, credentials, and internal Jenkins secrets. Administrators are urged to upgrade immediately to Jenkins weekly 2.568 or LTS 2.555.3, review logs for suspicious createView requests, and audit users with View/Configure, Item/Configure, or Agent/Configure permissions.