Search results for tag #security
RE: https://mastodon.bsd.cafe/@grahamperrin/116344993053121523
@Dendrobatus_Azureus if you're willing to risk ire in The FreeBSD Forums, you might add a couple of links in <https://forums.freebsd.org/threads/102251/>:
1. <https://www.reddit.com/r/freebsd/comments/1sapr8a/claude_gained_a_root_shell_in_8_hours_by_creating/>
2. <https://www.reddit.com/r/freebsd/comments/1sbzf3q/freebsds_position_on_the_use_of_aigenerated_code/>
Respectively:
1. Claude Gained a Root Shell in 8 Hours by Creating an Exploit for the FreeBSD Kernel
2. FreeBSD's position on the use of AI-generated code?
The first of the two has a pinned comment with links out to the Fediverse, and back to The FreeBSD Forums.
If not links to Reddit, you might find at least one non-Reddit link that readers should find of interest. My personal favourite is the Nicholas Carlini presentation below.
#FreeBSD #Forums #security #infosec #cybersecurity #AI #Claude #research #kernel #vulnerability
Nicholas Carlini - Black-hat LLMs | [un]prompted 2026
<https://www.youtube.com/watch?v=1sd26pWhfmg> (3rd March)
― essential viewing for anyone with an interest in cybersecurity or infosec.
@dch thanks for the encouragement.
A few more links in the comment that's pinned under <https://redd.it/1sapr8a>, but Carlini's half-hour presentation is a must.
"IRGC says Iranian forces destroy two US C-130 aircraft and two Black Hawk helicopters
We reported earlier that Iranian media said a C-130 aircraft was destroyed during a US operation to rescue a crew member from a downed F-15 fighter jet."
#Russia #India #China #USA #Economy #Finance #Technology #Security #News #Iran #Israel #War #EU #NATO #Oil #Nuclear #Weapons
OpenBSD 7.8 // IKED // ERRATA 027
Date: April 4, 2026
Name: 027_iked.patch
Description: In iked(8) add stricter checks to avoid out-of-bounds read, NULL pointer dereference, and keep the state machine consistent.
Link: https://cdn.openbsd.org/pub/OpenBSD/patches/7.8/common/027_iked.patch.sig
while you chat happily without interruptions, this is what happens in the arcanechat.me servers! oh no!!! 😱 does anyone has a spare umbrella? ☔
#ArcaneChat #privacy #decentralization #security #humor #meme #joke #selfhosting #sysadmin #server #opensource #autonomy #digitalindependence #sovereignty
While the world watches Iran, NATO is quietly completing a fundamental transformation of its eastern flank. Poland, Lithuania, Latvia, and Estonia are becoming the Alliance's most fortified frontier since the Cold War.
The strategic shift began after 2022. NATO moved from forward basing—small battalion groups as a political signal—to genuine combat readiness. Forces sufficient not merely for delay but for full-scale deterrence.
Poland leads with East Shield, a 700-kilometer network of fortifications, engineering barriers, and surveillance systems along the Russian and Belarusian borders. Budget: $2.5 billion. Timeline: 2025-2028. In April 2026, German engineering units began supporting construction. This is the first peacetime Bundeswehr deployment to Poland in this format. The symbolism is striking: the country that started World War II by invading Poland is now physically building its defensive network.
Lithuania hosts the first permanently deployed foreign brigade in its history. A full German brigade, approximately 2,000 troops, integrated with local forces. This is not rotational. These are known names, known families—people whose deaths would be immediate consequences of any aggression.
Latvia hosts a Canadian brigade of 2,200 personnel, the largest Canadian contingent outside North America since World War II. Estonia hosts a British battle group with Challenger 2 tanks and support units.
The most vulnerable point remains the Suwalki corridor: 104 kilometers of border between Poland and Lithuania separating Belarus from Kaliningrad. In a hypothetical conflict, this is where Russia could attempt to cut off the Baltic states from the rest of NATO by land. Fortifying this corridor has become a priority for 2025-2027.
This transformation is one of the least covered but most important geopolitical developments of 2026. For Ukraine, for European security, and for the future of deterrence, it matters directly.
https://newsgroup.site/nato-eastern-flank-baltic-poland-defense-2026/
#NATO #EasternFlank #Poland #Lithuania #Latvia #Estonia #Deterrence #SuwalkiCorridor #Security
“Privacy. That’s iPhone.” — and Other Things That Need an Asterisk
Apple isn’t lying about privacy. They’re just very careful about what they don’t say out loud. The Google deal. iCloud’s 5GB trap. The Meta silence. What “we keep your data safe” actually means.
None of it required a lie. That’s kind of the whole point.
https://blog.ppb1701.com/privacy-thats-iphone-and-other-things-that-need-an-asterisk
#apple #privacy #bigtech #userhostile #blog #icloud #security
The maintainer of Axios has come forward on how they got phised by NK in the Supply-chain attack.
Many people said "hurr duurr, look at the link! how on earth you gonna fell for that?!", ignoring the setup:
- Pretend to be a legitimate tech founder
- A look like real Slack Workspace
When you got a false sense of legitimacy, they can toy you on whatever they wanted you to do.
#cybersecurity #infosec #security #axios #supplychainattack
Alt...
Statement from axios maintainer on how they got phised by NK threat actor
@nielsa no, that's not what I'm telling you.
I prefer to believe that most people will be thoughtful.
"… a huge number of bugs. I have so many bugs in the Linux kernel that I can't report because I haven't validated them yet. I'm not going to make some open source developer validate bugs that I haven't checked yet. I'm not going to send them potential slop … I now have … several hundred crashes that they haven't seen because I haven't had time to check them. We need to find a way to fix this …"
– Nicholas Carlini
#Linux #FreeBSD #security #cybersecurity #infosec #AI #LLMs
Alt...
Screenshot: a frame from https://www.youtube.com/watch?v=1sd26pWhfmg
Nicholas Carlini - Black-hat LLMs | [un]prompted 2026
<https://www.youtube.com/watch?v=1sd26pWhfmg> (3rd March)
― essential viewing for anyone with an interest in cybersecurity or infosec.
@dch thanks for the encouragement.
A few more links in the comment that's pinned under <https://redd.it/1sapr8a>, but Carlini's half-hour presentation is a must.
varias personas en #Cuba reportan que de repente no tienen acceso a su #WhatsApp
no se para que la gente sobre todo los cubanos usan WhatsApp, los de WhatsApp se la pasan secuestrandote el chat y bloqueandote acceso hasta que actualices y cosas asi, de la nada, y ahora esto, de repente pierdes acceso total a todos tus chats y mensajes mandados de la noche a la mañana
porque una cosa es que no te deje mandar mensajes más y no se conecte más y otra que completamente te tome la lista de chats y mensajes y no te deje leerlos, no se dan cuenta que no tienen control alguno sobre sus propios mensajes??? mientras tanto en Delta Chat tú eres el dueño de tu información y nadie puede privarte de acceso a tus mensajes, puedes irte a vivir offline a una cueva y vas a poder seguir leyendo tus mensajes
tus mensajes viven en tu bolsillo, no en "la nube" de un monopolio mal intencionado
#DeltaChat #decentralization #decentralized #privacy #autonomy #digitalindependence #opensource #security #sovereignty #soveranía #independecia #independenciadigital #privacidad #autonomia #softwarelibre #descentralizacion
For real, many people asked me for their smaller and mid-sized environments, how to handle remote syslog of their nodes. I had some ideas (some of you may have already found my Rust interpretation of this) but I think having this included in #PegaProx as a centralized management interface makes more sense.
So, PegaProx comes with an own syslog server (ipv4/ipv6, udp/tcp, encrypted/unencrypted support) and is wired to the interface within the resources tab. Providing a quick overview of all your logs and filter options. The next thing is wiring it to the notification system of PegaProx, allowing automated alerting. Might be nice to quickly identify when the quorum got lost - all built-in into PegaProx!
#easter #development #coding #python #opensource #foss #pve #proxmox #proxmoxve #virtualization #vmware #alternatives #free #logging #security #gyptazy #proxmoxdatacenter #homelab #enterprise
Alt...
A syslog integration (server & frontend audit) for PegaProx for Proxmox based clusters
Ich hab eine Frage an alle, die politsche Arbeit machen:
Wurde dir schon ein Signal-Account gelöscht, ohne dass du eine "Sicherheits-SMS" bekommen hast?
Die Frage ist ernst gemeint.
Betrifft es dich? Bitte melde dich.
Gerne teilen, das ist nicht unwichtig.
A question to all doing political work:
Have you lost a signal account without havin received some "security SMS"?
No joke. Are u affected? Please contact me.
Please spread, this is important.
#chatkontrolle #sms #security #klartext #telefonnummer #signal #bigbrother
Wszystko udokumentowane w repozytorium z aktualnymi plikami, dumpami z baz i OSINTem infrastruktury botnetu!
https://git.craftknight.com/dawid/wp-compromise-march-2026-botnet-campaign.git/
WireGuard vs. OpenVPN: Für mich ist WireGuard der klare Sieger. Simpler Config, blitzschnell, moderner Crypto-Stack. Heute einen Site-to-Site-Tunnel in unter 5 Minuten laufen gehabt – inkl. QR-Code-Scan für Mobile. OpenVPN-Nutzer: Zeit zum Wechseln! Docs sind Gold wert. #VPN #Linux #Security #DevOps
Ostatnio moje wszystkie strony są codziennie skanowane i poustawiałem gdzie się da fail2ban i blacklisty na IP.
Jeśli zarządzasz #wordpress - warto przeczytać i dodać do blacklist odpowiednie domeny.
Pozgłaszałem jeszcze gdzie trzeba, żeby zdjąć domeny i kanał na telegramie.
Supporting a DV family with groceries this week. We're at $25/$200 if you'd like to support. Please RT for reach. 🙂🥰
C: $Lockdownyourlife
V: lockdownyourlife
https://www.ko-fi.com/lockdownyourlife
#MutualAid #MutualAidRequest #community #security #safety #privacy
Quantum security keeps improving. Science News reports that scientists have used photon entanglement to demonstrate 'quantum position verification' for the first time.
https://www.sciencenews.org/article/quantum-physics-location-security
It means an information recipient can know the actual location of the information sender. Thus, we may ultimately be able to dox all the spammers and scammers! 👹 🍄
![[?]](data:image/png;base64, iVBORw0KGgoAAAANSUhEUgAAAEAAAABAAQAAAACCEkxzAAAAV0lEQVQoz43RwQ3AMAwCQDZg/y3ZgNqo3+JaedwDOUQBQFHYaTB8wTM6sGl2cMPu+DFzn+ZcgN7wF7ZVihXkfSlWIVzIA6dbQzaygllpNuTXZmmFNlvxADX1+o0cUPMbAAAAAElFTkSuQmCC)
Internet Privacy Law and Practice – The Conversation
Recently The Conversation hosted Anne Toomey McKenna, Guy Kawasaki and Florian Schaub for a discussion of Internet privacy. This was a great overview of where Internet privacy law now stands (it is not good) as well as suggestions on how to improve your privacy. You can watch a recording of the session here:
https://www.youtube.com/watch?v=PPUPyj8Ltc0
If you have an interest in privacy you can follow these folks on social media. I find their commentary helpful.
You will also enjoy Guy Kawasaki’s cheerleading about the Signal application. I think it is fair to say that he is a fan of Signal’s privacy.
Fun fact: Does the name Guy Kawasaki ring a bell? Yes, he’s THAT Guy Kawasaki from the early days of Apple. We were both at Apple computer in the 80’s. I was an IT contractor working at the Bandley Drive IT building and Guy was the one who developed the Apple Evangelist program. Our paths did not cross but I definitely remember when the Apple internal communication group started promoting open positions for “Apple Evangelists.” We were all scratching our heads wondering what an Apple Evangelist was. Now we know that it was one of the very successful Apple marketing campaigns.
One thing I do share with Guy is a deep respect for the security and privacy of the Signal application. I’ve written free guides about Signal available here:
Guy has written an electronic book about Signal entitled “Everybody has Something to Hide.” It is available on Amazon as a Kindle book for about $1.00. You can get it here:
🦋 📍 @nodejs.org drops bug bounty rewards after external funding dries up.
A real hit to its security incentives → https://socket.dev/blog/node-js-drops-bug-bounty-rewards-funding-dries-up #nodejs #javascript
For those already familiar with PH4NTXM-LITE — and for those just discovering it:
PH4NTXM-LITE is our open-source, community-driven environment for exploring system identity, behavior, and live execution.
We’ve just shipped a major behavioral architecture upgrade:
This release is not iterative — it redefines how LITE behaves under observation.
• Introduced coherent system persona with cross-layer alignment (dmidecode, sysfs, kernel-exposed identity)
• Transitioned from volatile identity to session-stable profiles (eliminating high-frequency randomness and inconsistencies)
• Reworked network stack → persona-driven TCP/IP tuning, deterministic jitter, and bounded variability
• Enabled subtle runtime dynamics (timing skew, scheduler micro-drift, low-amplitude behavioral variance)
• Introduced bounded entropy model → controlled, explainable deviation instead of uncontrolled mutation
• Introduced ghost surface → minimal, plausible virtual interface/topology hints without synthetic noise
• Established cross-subsystem coherence (identity, network, timing, and surface behavior now aligned)
Architectural shift:
From stochastic mutation → constrained, low-noise behavioral realism.
PH4NTXM-LITE now models a consistent, observable system identity with realistic behavior under analysis.
This significantly improves:
• fingerprinting studies
• detection surface evaluation
• identity leakage research
The goal is no longer to “mutate” the system —
but to simulate one that makes sense.
PH4NTXM-LITE is fully open-source.
Explore it. Break it. Test assumptions.
Push it beyond what it was designed for.
This is a system meant to be studied — not just used.
#ph4ntxm #linux #debian #os #live #privacy #security #opsec #infosec #research #tech #technology
NATO is a defensive alliance to protect members from foreign attack. Trump is threatening to pull out because European allies won't help him wage an unlawful war against a country that never attacked NATO.
This is precisely why Europe cannot keep outsourcing its security to Washington. We have the plan for genuine European defence autonomy. Read more about it here:
https://volteuropa.org/news/building-a-european-army-in-3-steps-its-naive-to-be-against
#NATO #Trump #Army #EUpol #Europe #EU #defence #defense #security
Alt...
A political graphic for the pan-European party Volt, set against a split background of vibrant red on the left and deep purple on the right. The Volt logo appears in the top right corner in white. The image juxtaposes two news articles to argue for a unified European military.
On the left, a news clipping from The Telegraph features a photo of Donald Trump speaking with a hand raised. The headline reads: "Trump interview: I am strongly considering pulling out of Nato." Below it, the subtext says: "Exclusive: US president tells The Telegraph alliance is a ‘paper tiger’ and claims UK does not even have a navy." The article is by Connor Stringer, Washington Correspondent, dated 01 April 2026.
Overlapping this on the right is a screenshot from the Volt website. The headline reads: "Building a European Army in three steps: it's naïve to be against!" A disclaimer below states: "This piece explains Volt's vision for the integration of our armed forces. For our broader position on the future of European Defence, such as the defence industry, please read here." The date is February 18, 2026. At the bottom, a portion of a camouflage-patterned European Union flag is visible.
At the base of the graphic, a light blue button with a link icon contains the text: "read our 3-step plan." The vibe is urgent, framing European military integration as a necessary response to shifting American foreign policy.
I know this is heresy, and I'm not a security researcher, but given the relatively low bar to categorize a CVE as high or critical* and the proliferation of supply chain attacks, I'm starting to wonder if the risks of staying constantly up to date are greater than the risks of letting packages get obsolete.
Thoughts?
*More than half the CVEs I see don't apply to the most mainstream use cases.
Here's a fun post for pro- and anti-AI infosec people alike - guess who is going to have to "fix" AI? If you're thinking "not me" well, think again.
https://www.markloveless.net/blog/2026/4/2/the-uncomfortable-effects-of-ai
Every time any of #LinkedIn’s one billion users visits Linkedin[.]com, hidden code searches their computer for installed software, collects data, and transmits it to #Microsoft ’s servers and to third-party companies, including an American-Israeli #cybersecurity firm. #privacy #cyber #security
RE: https://infosec.exchange/@malick/116335760238491682
AI Just Hacked One Of The World's Most Secure Operating Systems – Forbes
Also <https://gnu.gl/@wtfismyip/116325256164232617> @wtfismyip
#FreeBSD #security #AI #Claude
AodeRelay boosted#Anthropics #Claude hat völlig autonom einen Root-Exploit für #FreeBSD gebaut. In exakt vier Stunden. Wir reden hier nicht von einem simplen "Schreib mir ein #Python-Skript"-Prompt, sondern von echtem, iterativem #hacking Das Modell hat die #Schwachstelle im Netzwerk-Login gefunden, sich selbständig ein Lab hochgezogen, den #Payload smart in mehrere Pakete gesplittet und den eigenen Code knallhart gedebuggt, wenn der erste Versuch gecrasht ist.
Der ganze Bericht unter
Alt...
Anthropics Claude hat völlig autonom einen Root-Exploit für FreeBSD gebaut
🔐 Security Track Spotlight:
Join Hala Ali & Andrew Case at #PyConUS 2026 for "Post-Incident Runtime SBOM Generation from #Python Memory" and learn how to generate SBOMs from memory to uncover hidden dependencies and reduce false positives. #security
https://us.pycon.org/2026/schedule/presentation/104/
WhatsApp-Malware-Kampagne installiert Backdoors
Microsoft warnt vor einer Malware-Kampagne, die über WhatsApp-Nachrichten bösartige Software ausliefert und Systeme kompromittiert.
PSF Security developers have published incident reports on the LiteLLM & Telnyx #supplychain attacks. Read what happened, who's affected, and what developers & maintainers can do to prepare and protect themselves from future incidents. #security #python
https://blog.pypi.org/posts/2026-04-02-incident-report-litellm-telnyx-supply-chain-attack/
in all honesty, this advice should be used not just by MEPs, but by everyone travelling to China or even as a transit. Hong Kong's recent change in national security law that demands giving up passwords to your devices & accounts only proves that. https://www.politico.eu/article/eu-lawmakers-china-visit-cybersecurity-risks/
moreover, feels like in a current world buying a second phone for travelling will be a necessity. not just to authoritarian countries, but overall.
#Privacy #Security #Surveillance #China #HongKong #Europe #EU #TechPolicy
LinkedIn Is Illegally Searching Your Computer
#tech #technology #BigTech #IT #enshittification #microslop #microsoft #LinkedIn #social #media #SocialMedia #data #security #safety #InfoSec #internet #web
if you like this, I'm aiming to provide at least one #foss project with an app icon every week.
honoured to have gained around 40 supporters in my first jobless month! ❤️
your sponsorship will help me keep this up. :)
https://mastodon.social/@hbons/116166139945148680
#linux #gnome #app #icon #design #security
AodeRelay boostedhey everyone,
you may have guessed reading between the lines, but I lost my job in the recent tech layoffs…
also burnt out and realised I need to go back to working on stuff I care about.
I hope to gather enough small monthly sponsors to at least cover the bills, so I can:
- 🖥️ create beautiful apps for #Linux / #GNOME
- ✏️ provide free #design support to #OpenSource projects
if you like my work, please consider $1/month to make this possible?
thank you. :)
Bericht: Cyberkriminelle stehlen Quellcode von Cisco und dessen Kunden
Nach der Supply-Chain-Attacke auf LiteLLM konnten Angreifer auf interne Cisco-Daten zugreifen, heißt es. Sourcecode von Cisco und Kunden wurde wohl gestohlen.
#AmazonWebServices #Cisco #Cybersecurity #GitHub #IT #KünstlicheIntelligenz #OpenSource #Security #news
OS-level age checks in California and Apple shift verification from apps to devices, classifying users and sharing age signals across services 🔐.
Centralized OS identity APIs can entrench platform control and expose sensitive data, impacting privacy, shared-device access and open ecosystems 🌐
🔗 https://proton.me/blog/age-verification-operating-system
#TechNews #Privacy #AgeVerification #Apple #Regulation #DigitalID #FOSS #OpenSource #Security #Data #Freedom #Internet #Policy #Surveillance #Tech #OS #California
There is a bunch of buzz along the lines of "Apple FINALLY backports DarkSword related fixes to 18.x and will release this on April 1".
Based on publicly available information this is incorrect.
What Apple has actually done broadened the device models that are eligible to upgrade to iOS/iPadOS 18.
Per Google [1] every vuln in the DarkSword kit except for CVE-2026-20700 had already been patched in iOS 18 as of 18.7.3 which was released on Dec 12, 2025.
Per Apple [2], CVE-2026-20700 is not included in 18.7.7 which was released today.
Apple has placed an easy to miss note at the top of the release notes:
"We enabled the availability of iOS 18.7.7 for more devices on April 1, 2026, so users with Automatic Updates turned on can automatically receive important security protections from web attacks called Darksword. The fixes associated with the Darksword exploit first shipped in 2025."
Unfortunately I don't see an indication of which devices are newly eligible to upgrade to iOS/iPadOS 18.
References:
Google DarkSword writeup - https://cloud.google.com/blog/topics/threat-intelligence/darksword-ios-exploit-chain
Apple iOS/iPadOS 18.7.7 release notes:
https://support.apple.com/en-us/126793
Over the next few days, we’ll be shifting focus to PH4NTXM-LITE — our FOSS project for the community.
We’re preparing a major upgrade to its engine, aiming to make it more powerful, more flexible, and better aligned with what the open-source community actually needs.
PH4NTXM remains a core project, but it’s time to ensure PH4NTXM-LITE gets the attention and evolution it deserves.
Stay tuned — this one’s going to be interesting.
#ph4ntxm #linux #debian #os #live #privacy #security #opsec #infosec #research #tech #technology
Please join us in welcoming **Matei Buzdea** as the newest intern at Doyensec! 🎉 They’re the latest in a long line of talented interns who’ve helped strengthen our team and we’re excited to see what they’ll accomplish. Welcome aboard, Matei! 🔐
#appsec #doyensec #security #internship
https://www.youtube.com/watch?v=adCMNAVBGSQ
Age Verification is beyond Epstein 2.0.
"You are basically laying out your children on a silver platter in the name of protecting them."
"Once these OS-level age verification laws take hold, we're about 3 months from a real-time GPS-located database of verified children for creeps, politicians, and rich Ep-style people to use."#AgeVerification #EpsteinClass #4thAmendment #Privacy #Security #Constitution #CivilRights #Children
TLS and SSH rely on Certificate Authorities (CAs) for authentication, but they also present a vector for Man in the Middle attacks. What if you could set up your own CA to reduce your exposure?
➡️ https://fedoramagazine.org/make-a-private-ca-with-step-ca/
FBI warns against using Chinese mobile apps due to privacy risks. That's hilarious for the FBI to say that 🤣
Just pushed a new layer into PH4NTXM: Ghost Net Stack 👻
This module dynamically mutates the network surface per session — spawning ephemeral interfaces, randomized bridges, and persona-aligned MAC identities.
No persistence. No predictable topology. No stable fingerprint.
Each boot ≠ the previous one.
Each persona ≠ the same network behavior.
From dummy links to veth pairs and ghost bridges, the system simulates believable, noisy environments instead of clean, forensic-friendly ones.
Goal: break assumptions.
Effect: blur host identity at the network layer.
PH4NTXM is not just an OS.
It's a moving target.
#ph4ntxm #linux #debian #os #live #privacy #security #opsec #infosec #research #tech #technology
PH4NTXM — Persona Update:
Identity synthesis is now fully chained.
Every layer aligned.
Everything coherent.
[linux • windows • android]
You become someone else.
• vendor / family / SKU coherence
• MAC / hostname / machine-id alignment
• deterministic core + controlled jitter
• full DMI shadowing
• cross-layer consistency
No mismatches.
No anomalies.
Everything looks real.
[lonewolf mode]
Tor-only.
You become no one.
• no vendor identity
• no fingerprint shaping
• entropy-driven host / MAC / IDs
• zero persona persistence
With an active guard:
• nftables ruleset enforcement loop
• ruleset integrity hashing
• automatic restore on drift
• conntrack purge on violation
No leaks.
No fallback.
No second chances.
Blend in perfectly
or disappear completely.
#ph4ntxm #linux #debian #os #live #privacy #security #opsec #infosec #research #tech #technology
Fascinating and f'ing terrifying.
"RuView: See through walls with WiFi + Ai
Perceive the world through signals. No cameras. No wearables. No Internet. Just physics.
WiFi DensePose turns commodity WiFi signals into real-time human pose estimation, vital sign monitoring, and presence detection -- all without a single pixel of video."
North Korean hackers blamed for hijacking popular Axios open source project to spread malware
Hackers are increasingly targeting developers of popular open source projects in an effort to mass-hack anyone who relies on the compromised code
#northkorea #axios #opensource #malware #security #cybersecurity #hackers #hacking
If you are attending #RSAC this year, Alex Pinto and I are presenting session CLS-W09 "The Impact of Security Usability Challenges in Cloud Environments".
We will present research that reviews 500+ organizations and 5,000+ distinct #cloud environments that demonstrate how the available secure configuration options are being used and reveals how usability, standardization choices in UI / #UX can shape #security outcomes.
Learn more and register now at https://path.rsaconference.com/flow/rsac/us26/FullAgenda/page/catalog/session/1755192044047001WRoa
🚨 CVE-2026-1579 (CRITICAL): PX4 Autopilot v1.16.0 SITL allows unauthenticated MAVLink commands — attackers can gain shell access if message signing is disabled. Enable MAVLink 2.0 signing now! https://radar.offseq.com/threat/cve-2026-1579-cwe-306-in-px4-autopilot-77f763f3 #OffSeq #CVE20261579 #DroneSec #Security
Alt...
Critical threat: CVE-2026-1579: CWE-306 in PX4 Autopilot
🔐 10 Layers Deep: How StepSecurity Stops TeamPCP's Trivy Supply Chain Attack on GitHub Actions
This is what a #WitchHunt actually looks like
Exclusive: US “counterterror” officials plan #antifa summit, sources say
The #Trump admin is organizing an international summit focused on countering the #LeftWing movement antifa & other groups, 3 sources familiar with the matter said, an effort that highlights the shift in the US government's counterterrorism priorities over the past year.
#AntiFascism #resist #law #security #fascism #FarRight #authoritarianism #tyranny
https://www.reuters.com/world/us/us-counterterror-officials-plan-antifa-summit-sources-say-2026-03-31/?utm_source=braze&utm_medium=notifications&utm_campaign=2025_engagement
The conference, tentatively planned for June or July, will convene officials from various nations to discuss strategies for battling #antifa & encourage “intelligence” sharing, said the sources…
#Trump has portrayed antifa as a severe threat to the #US.
Counterterrorism experts argue it does NOT EXIST as an organized entity, though people claiming affinity to antifa have been involved in armed attacks in the US.
#AntiFascism #resist #law #security #fascism #FarRight #authoritarianism #tyranny
Among the ofcls organizing the event is Under Secretary of State for Arms Control & International Security Thomas DiNanno, said 2 sources.
In response to requests for comment, spox for the White House & State Dept both described #antifa as a major #security concern for the #Trump admin.
#AntiFascism #resist #law #fascism #FarRight #authoritarianism #tyranny
"The anarchists, Marxists, & violent extremists of antifa have waged a terror campaign in the United States & across the Western world for decades, carrying out bombings, beatings, shootings, & riots in service of their extreme agenda," said Tommy Pigott, the State Dept's principal deputy propagandist.
#AntiFascism #antifa #dissent #resist #law #security #Trump #fascism #FarRight #authoritarianism #tyranny #propaganda
Opposing #ICE Might Save the Country. It Could Also Ruin Your Life
For months, lone vibe coder Rafael Concepcion has obsessively built tools to counter the federal #immigration crackdown—pivoting as he’s been outmatched. He’s also lost his job and become a target.
#privacy #security #vibecoding
https://www.wired.com/story/opposing-ice-might-save-the-country-could-also-ruin-your-life/
How #ThomsonReuters Powers #ICE and #Palantir
Thomson Reuters, the media company which is also a #databroker , has long provided underlying personal data for #Immigration and #Customs #Enforcement (ICE) tools, according to documents obtained by 404 Media and sources. There are also indications its data is now part of the Palantir system ICE uses to find which neighborhoods to target.
#privacy #security #surveillance
https://www.404media.co/how-thomson-reuters-powers-ice-and-palantir/
World Backup Day: Einrichten und machen
Am 31. März jedes Jahres findet der World Backup Day statt. Er ist eine Erinnerung daran, dass Verlust mehr schmerzt als die Sicherung.
Running your own identity provider is all fun and games until you're debugging OIDC token flows at 2 AM.
If you want to deploy Keycloak 26 the right way - with proper network isolation, no plaintext passwords, and systemd-native declarative configs. I just published a new deep-dive.
We're ditching compose files and building a production-ready, daemonless stack using Podman Quadlets and systemd.
Read the full guide here: https://blog.hofstede.it/keycloak-26-on-podman-with-quadlets-identity-management-the-systemd-way/
#Linux #Podman #Keycloak #systemd #DevOps #Containers #SelfHosted #RHEL #Security
Anonymisierendes Linux Tails 7.6 wechselt den Passwort-Manager
Die Entwickler setzen im anonymisierenden Linux Tails 7.6 auf einen einfacheren Passwort-Manager und verbessern die Verbindung.
#Anonymität #IT #Linux #LinuxDistribution #OpenSource #Security #Updates #news
Please help with testing a new
#Thunderbird #Security feature: Unobtrusive Signatures, a novel mechanism for digitally signing email, currently implemented for #OpenPGP.
It avoids the unexpected signature attachments that are shown by non-supporting email clients for emails that used the traditional signing format, and that were frequently confusing recipients. With this new mechanism, it should be fine to sign all emails.
More details here:
https://thunderbird.topicbox.com/groups/planning/Tfd5f9c444ef3d06c-M6cac45a5459adb7e58a7ac79/call-for-testing-openpgp-unobtrusive-signatures
Should #socialmedia apps be banned for children? - CSMonitor.com
But in the shire town of Murwillumbah, just a kangaroo hop from the Gold Coast on #Australia ’s eastern edge, Mr. Kakanis’ students had shrugged off the social media ban. Only three teens out of 25 had any of their accounts disabled. Two were on #Snapchat and the other was on #Instagram.
#ageverification #privacy #security
https://www.csmonitor.com/World/Asia-Pacific/2026/0327/social-media-ban-children
----------------
🧭 AI Security
This report documents a critical command injection vulnerability in OpenAI Codex that enabled theft of GitHub User Access Tokens via the ChatGPT Codex Connector. The discovery was credited to BeyondTrust Phantom Labs and disclosed to OpenAI on December 16, 2025. OpenAI issued a hotfix on December 23, 2025, followed by additional fixes for branch shell escape (January 22, 2026) and further shell-escape hardening and reduced GitHub token access (January 30, 2026). The vulnerability was classified as Critical (Priority 1) on February 5, 2026, with permission granted for public disclosure.
Technical narrative
• The ChatGPT Codex Connector uses short-lived, scoped OAuth 2.0 access tokens to act on behalf of consenting users. With broad default scopes, the application can access repositories, workflows, actions, branches, and private organizational resources when authorized inside an organization.
• In the Codex Web portal, user prompts that target repositories and branches create “cloud task” POST requests carrying environment identifiers, branch, and prompt text. On backend execution, Codex spins up containerized environments that run setup scripts, install dependencies, and may execute code derived from prompts.
• Environments support custom setup scripts, environment variables, and secrets, and by default allow outbound internet access during setup via an HTTP/HTTPS proxy. The command injection allowed an attacker to achieve shell escape within these containers, access environment-scoped secrets, and exfiltrate GitHub tokens.
Attack chain (reported)
🎣 Initial Access — crafted prompts or repository inputs processed by Codex allowed injection into backend task handling.
===================
⚙️ Execution — containerized environment executed injected commands during setup or runtime.
📤 Exfiltration — obtained short-lived OAuth tokens were transmitted out via network proxy pathways.
Observed fixes and timeline
• 2025-12-23: Hotfix for command injection.
• 2026-01-22: Fix for GitHub branch shell escape.
• 2026-01-30: Additional shell escape hardening and limits on GitHub token access.
This account focuses on the concrete findings: vulnerable task handling in Codex, container shell escape leading to token theft, the privileged default scopes of the GitHub integration, and the sequence of fixes applied by OpenAI. #OpenAI #Codex #GitHub #OAuth #Security
🔗 Source: https://www.beyondtrust.com/blog/entry/openai-codex-command-injection-vulnerability-github-token
Running #OpenBSD 7.8 DNS:
Firewall: #pf with auto-fed tables (IPS-style), spambot-tarpitting & service rate limits.
Mail: #smtpd (Multi-domain, RFC8461/MTA-STS) + #rspamd (DKIM) + #dovecot (IMAPS-only).
Spam-Defense: #spamd with auto-SPF-walk (no more greylisting issues).
Web: #relayd (TLS-Terminator, HSTS, CSP) + #httpd (NIP-05, Autoconfig, security.txt).
Performance: Lightweight "Fail2Ban" via 1-liner shell script (No Python crap!).#Nostr Relay in Rust building... #SelfHosted #SysAdmin #Security #Privacy
Looks like there's a bit more info on the zero-click Telegram RCE and holy shit this looks bad:
> This vulnerability allows an attacker to execute arbitrary code on a victim's device simply by sending a specially crafted animated sticker or media file. No user interaction is required
> A Telegram spokesperson denied the vulnerability's existence, claiming the research was incorrect.
I teach cybersecurity. And I genuinely don't know what to tell my students after this one. Federal reviewers spent years trying to get basic encryption documentation from Microsoft for its GCC High government cloud. They couldn't get it. One reviewer called the system a "pile of spaghetti pies," with data traveling from point A to point B the way you'd get from Chicago to New York: a bus to St. Louis, a ferry to Pittsburgh, and a flight to Newark. Each leg is a potential hijacking. They knew this. They said this out loud in writing. Then they approved it anyway in December 2024, because too many agencies were already using it. 🔐 That's not a security review. That's a hostage negotiation. Two things in this story should make every CISO and CIO uncomfortable:
🧩 Microsoft built its federal cloud on top of decades of legacy code that it apparently can't fully document itself
👮 "Digital escorts" often ex-military with minimal software engineering backgrounds are the firewall between Chinese engineers working on the system and classified U.S. networks 🤦🏻♂️
The scariest line in the whole ProPublica investigation isn't the "pile of shit" quote. It's this: FedRAMP determined that refusing authorization wasn't feasible because agencies were already using the product. Read that again. The security review process reached a conclusion based on sunk cost, not risk. Ex Post Facto Fallacy
If that logic holds, the compliance framework is just documentation theater. And right now, CISA is being hollowed out, so there are fewer people left to even run the theater.
https://arstechnica.com/information-technology/2026/03/federal-cyber-experts-called-microsofts-cloud-a-pile-of-shit-approved-it-anyway/
#Cybersecurity #Microsoft #FedRAMP #Leadership #RiskManagement #security #privacy #cloud #infosec
Keep in contact with colleagues without having to give your phone number
With #ArcaneChat you can also keep separated profiles, one for family and more intimate friends and other for people you don't have so close relation with
#privacy #security #family #friends #autonomy #chatapp #opensource #digitalindependence #autonomy #european #europe
Alt...
ArcaneChat: Welcome to private chatting
A little concerned about this text. I don't recall ever sharing my phone number and sure as heck didn't sign up with anyone for the event I attended today.
Just a fishing scam playing the odds or should I be paranoid?
Note that the domain in the text is not .org which appears to be legit but .us which appears to be scammy.
Be careful who you share your information with.
#Boston #NoKings #Security #Scam
Alt...
screenshot of a text from 771 208 3071 which reads
You marched, now finish it! Sign the No Kings Act petition to stop Trump's power grab before it's too late. Add your name: forwardblue.us/l/vDCJZX
⚠️ CRITICAL: CVE-2026-4851 affects CASIANO GRID::Machine (≤0.127). Malicious remote hosts can trigger client-side RCE via unsafe eval() deserialization. Only connect to trusted hosts & review code paths. Details: https://radar.offseq.com/threat/cve-2026-4851-cwe-502-deserialization-of-untrusted-4ee6eb90 #OffSeq #CVE20264851 #Perl #Security
Alt...
Critical threat: CVE-2026-4851: CWE-502 Deserialization of Untrusted Data in CASIANO GRID::Machine
🔥🧱 Once you've configured a Master Key on a Palo Alto firewall it's very important to change it before it expires.
https://thedxt.ca/2026/03/palo-alto-change-master-key-with-ha-active-passive/
#panos #PaloAlto #PaloAltoNetworks #Firewall #security #HA #Encryption
⚪️ Remote Debugging Mastery: Building a Toolkit for Kernel and Malware Analysis
🗨️ You might need to debug programs running inside a virtual machine when you’re writing a kernel component, a driver, or doing malware analysis. There are several tools that let you do this. Getting them configured correctly the first time isn’t always easy, so let’s walk through what they are and …
🖥️ PH4NTXM OS — System Overview
For those following the project, you can now take a look at the system UI, GitHub now includes media material, so you can see how the system looks:
🔗 https://github.com/PH4NTXMOFFICIAL/PH4NTXM/tree/main/docs/images/system
Desktop, menu, and terminal — keeping things minimal, controlled, and consistent.
#ph4ntxm #linux #debian #os #live #privacy #security #opsec #infosec #research #tech #technology
if you are looking for a messenger to use with the kids, take a look at #ArcaneChat
no SIM card needed, no phone number required for registration, easy setup, just set a name
kids can NOT be discovered by strangers
No public groups or channels, kids can NOT discover inappropriate content
just the family chat
#kidsonlinesafety #onlinesafetyforkids #kids #family #chat #messenger #privacy #security
Der Vortrag von @sizeofvoid zu den Grundsätzen und (#Security-)Prinzipien von #OpenBSD auf den #CLT2026 war ganz hervorragend. 👍
Selbst ohne BSD-Kenntnisse gut verständlich! Klare Guck-Empfehlung, gerade in Zeiten von AI-Slop und Security-Desastern, die inzwischen teilweise wie Naturkatastrophen behandelt werden.
🐺 Lonewolf Mode: When the wire stops making sense.
Ran the same system, same environment… different execution mode.
The Network Forensics (p0f) verdict?
→ OS: ???
→ dist: 0
→ params: none
No guess. No fallback. Just… unknown.
Same hardware. Same stack. Same connectivity.
But this time, the network behavior doesn’t line up with anything in its signature database.
Not legacy. Not modern. Not even “generic”.
Just something it can’t classify.
On the wire, we’re no longer a system—
we’re an anomaly.
PH4NTXM OS — sometimes you’re a fossil… sometimes you’re a ghost.
#ph4ntxm #linux #debian #os #live #privacy #security #opsec #infosec #research #tech #technology
🦖 Retro-Stealth: Making 2025 feel like 1999.
p0f is the gold standard for passive fingerprinting—identifying a host's OS, uptime, and link type without ever sending a single packet.
Just ran a simple curl request in PH4NTXM’s Linux Mode.
The Network Forensics (p0f) verdict?
→ OS: Linux 2.2.x–3.x
→ Profile: “generic fuzzy”
→ Uptime: ~11 days (on a 2-minute fresh boot)
Apparently, to the wire, we’re a legacy Linux box that’s been quietly humming for days.
Reality?
Modern hardware. Fresh RAM-only boot.
Just… a different way of speaking on the wire.
Enough for passive fingerprinting to drift—and confidently place us 25 years in the past.
PH4NTXM OS — sometimes modern, sometimes a fossil.
#ph4ntxm #linux #debian #os #live #privacy #security #opsec #infosec #research #tech #technology
Iran hackers claim they accessed FBI Director Kash Patel’s personal account
The message from Handala was accompanied by more than a half dozen photos of Patel and said that it was making available for download emails and other documents from his account.
#USNews #World #Hack #Handala
https://globalnews.ca/news/11749260/kash-patel-iran-hack-account-fbi/
Quick Start Privacy Guide for your Privacy 101 basics. Simple and easy to follow, with checklists to help you take control of your online life, even if the worst happened.
Get it here (it's free)--> https://ko-fi.com/s/7a1e1537bd
#infosec #tech #privacy #safety #security #education #community
Alt...
A stock photo with a hand holding a mobile phone and showing multiple social media platform icons. There is a salmon-hued text colored box with text written on it: Quick start privacy guide
JFC
I see the #Trump admin is supplying “only the best people” for his predecessors’ #security.
A #US #SecretService special agent on former first lady #JillBiden’s security detail accidentally shot their own leg at the Philadelphia International Airport [#PHL] Friday morning, an agency official said.
#Biden #USSS
https://www.cnn.com/2026/03/27/politics/jill-biden-secret-service-shot-gun?cid=ios_app
Interesting links of the week:
Strategy:
* https://www.marisec.ca/reports/the-wrong-fix-why-the-fccs-router-ban-misses-the-real-threat - an alternate view on prioritising the supply chain
* https://cybertoolkit.service.ncsc.gov.uk/ - so you're a small business and you want to improve your posture?
* https://how.complexsystems.fail/ - courtesy of @russss
* https://eepublicdownloads.blob.core.windows.net/public-cdn-container/clean-documents/Publications/2025/iberian-blackout/Final%20Report%20on%20the%20Grid%20Incident%20in%20Spain%20and%20Portugal%20on%2028%20April%202025.pdf - an Iberian oopsie
* https://www.theregister.com/2026/03/20/jlr_bailout_cmc/ - @theregister shares a point of view on bailing out JLR
* https://www.dni.gov/files/ODNI/documents/assessments/ATA-2026-Unclassified-Report.pdf - US intelligence community's annual threat assessment
* https://cyber.gouv.fr/actualites/nis-2-lanssi-poursuit-et-renforce-sa-dynamique-daccompagnement/ - hot new NIS2 action from ANSSI
Threats:
* https://www.microsoft.com/en-us/security/blog/2026/02/26/threat-modeling-ai-applications/ - how does AI affect STRIDE?
* https://united24media.com/latest-news/russian-spy-devices-found-inside-ukrainian-drone-developers-office-17243 - attack of the drones
* https://www.elastic.co/security-labs/illuminating-voidlink - another look at VoidLink
* https://ctrlaltintel.com/threat%20research/FancyBear/ - FancyBear fucks up
* https://netaskari.substack.com/p/chinas-massive-data-leak-of-military - .cn springs a leak
Detection:
* https://rogolabs.net/Talks/BSides-Galway-Open-Source-Intelligence.pdf - my colleague @jgamblin talks open source intelligence
* https://trustedsec.com/blog/building-a-detection-foundation-part-3-powershell-and-script-logging - @trustedsec look at logging PowerShell
* https://righteousit.com/2026/03/27/linux-forensic-scenario/ - @hal_pomeranz sets us a little challenge
Bugs:
* https://labs.watchtowr.com/a-32-year-old-bug-walks-into-a-telnet-server-gnu-inetutils-telnetd-cve-2026-32746/ - this reminds me of when I first showed @ha888t AIX
* https://itm4n.github.io/cve-2026-20817-wersvc-eop/ - when errors go rogue with @itm4n
Exploitation:
* https://dev.to/numbpill3d/showdev-can-playground-a-local-first-can-bus-analysis-tool-4ap6 - @numbpilled shows how you CAN play with busses
* https://agentseal.org/blog/mcp-server-security-findings - hands up if you have a secure MCP?
Hardening:
* https://gist.github.com/arianvp/5f59f1783e3eaf1a2d4cd8e952bb4acf - enclave backed SSH for OS X from @arianvp
Nerd:
* https://www.theguardian.com/culture/2026/mar/24/punk-masks-walkmans-and-choppers-museum-of-youth-culture-to-open-in-london - eras...
* https://www.data.gov.uk/ - UK specific datasets from HMG
* https://www.sambent.com/the-engineer-who-tried-to-put-age-verification-into-linux-5/ - today in Linux daftness
* https://blog.rice.is/post/doom-over-dns/ - everyone's favourite vanity PoC payload comes to DNS
📺 https://peer.adalta.social/w/12JGAC7MYeze3PcB3uzZsu
🔗 [🇩🇪🇺🇸🇫🇷](https://adalta.info/articles/prstn_artificialintelligence_116301248505770571_fr)
🔗 [ℹ️](https://blog.elcomsoft.com/2026/03/arrested-by-an-algorithm/")
Un système de reconnaissance faciale a conduit à une arrestation erronée, déclenchant une cascade de conséquences personnelles catastrophiques.
#cybersecurity #privacy #security #artificialintelligence #release
Freitag: Wikipedia untersagt KI-Artikel, X-Klage wegen Werbeboykott erfolglos
Wiki-Regeln für KI + X-Niederlage im Werbestreit + Zweifel an Glasfaser-Vollausbau + Streit um Glasfaserzugang + Datenleck bei Plug-in + Fluggastrechte-Podcast
#Datenleck #Glasfaser #hoDaily #Internetzugang #Journal #KünstlicheIntelligenz #Provider #Security #Verbraucherschutz #Werbebranche #Wikipedia #X #news
OpenBSD 7.8 // SMTPD // ERRATA 026
Date: March 27, 2026
Name: 026_smtpd.patch
Description: In smtpd(8), an LF character in the username or password could stop proc tables, causing a denial of service.
Link: https://cdn.openbsd.org/pub/OpenBSD/patches/7.8/common/026_smtpd.patch.sig
RE: https://mastodon.social/@FiLiS/116294040063258889
freebsd-update (to apply patches for security) may be unusable with non-patched FreeBSD 14.4-RELEASE.
Unofficial context: <https://bokut.in/freebsd-patch-level-table/#releng/14.4>.
The official erratum provides a workaround: <https://www.freebsd.org/releases/14.4R/errata/#open-issues>.
My home network observes bedtime with OpenBSD and pf
https://ratfactor.com/openbsd/pf-gateway-bedtime
#HackerNews #OpenBSD #pf #bedtime #homeNetwork #security #techTips
So the last couple weeks have been nuts on keeping up with the news....but here's another that might have slipped under your radar and will effect basically everyone in the US. Your home router has basically been declared a security risk.
https://blog.ppb1701.com/all-this-has-happened-before
#blog #routers #fcc #networking #security #policy #geopolitics #selfhosting #isp #userhostile
Zwei kritische Schadcode-Lücken bedrohen Automatisierungsplattform n8n
Mehrere Softwareschwachstellen bedrohen das KI-gestützte Automatisierungstool n8n. Sicherheitspatches stehen zum Download bereit.
Data breach at fintech giant Figure affects close to a million customers
The data breach that hit blockchain-based lending giant Figure affected nearly a million customers.
The data included customer names, email addresses, dates of birth, physical addresses, and phone numbers.
#Figure #blockchain #cryptocurrency #crypto #fintech #databreach #security #cybersecurity #hackers #hacking #hacked
Vanadium version 147.0.7727.24.0 released:
https://github.com/GrapheneOS/Vanadium/releases/tag/147.0.7727.24.0
See the linked release notes for a summary of the improvements over the previous release and a link to the full changelog.
Forum discussion thread:
https://discuss.grapheneos.org/d/33526-vanadium-version-14707727240-released
Donnerstag: US-Provider ohne Filesharing-Haftung, Finnland-Wahl ohne US-Cloud
US-Gericht pro Provider + Finnlands Cloud-Verzicht + Metas KI-Aufrüsten + Plattformen schuldig an Social-Media-Sucht + LeakBase-Betreiber in Haft + #heiseshow
#AmazonWebServices #Cybercrime #DigitaleSouveränität #Energie #Filesharing #hoDaily #Journal #KünstlicheIntelligenz #MetaPlatforms #OnlineSucht #OpenAI #Security #SocialMedia #Urheberrecht #Windows #news
What?!? #Extortion!
Exclusive: #US links #security guarantees to #Ukraine giving up #Donbas, #Zelensky says
The US is making its offer of security guarantees for a peace deal in Ukraine conditional on Kyiv ceding all of the country's eastern region of Donbas to #Russia, President Volodymyr Zelensky told Reuters in an interview.
#MafiaState #law #InternationalLaw #geopolitics #Europe #NATO #Trump #PutinsPuppet #StandWithUkraine
https://www.reuters.com/business/aerospace-defense/us-links-security-guarantees-ukraine-giving-up-donbas-zelenskiy-says-2026-03-25/?utm_source=braze&utm_medium=notifications&utm_campaign=2025_engagement
Jakoś tak wyszło, że parę lat temu jak odwiedzałem jego farmę oliwek, poprosił mnie o pomoc w odzyskaniu dostępu do strony, którą porzuciła webmasterka - takie odzyskanie hasła z panelu, reset użytkownika i tyle. Przy okazji sam sobie tam admina zostawiłem jakbym miał coś robić w przyszłości, ale szybko znalazł zastępstwo i nowego admina.
#microblog #security #wordpress #ecommerce
1/n
#security
LiteLLM 遭受供应链攻击。
https://github.com/BerriAI/litellm/issues/24512
https://news.ycombinator.com/item?id=47501729
Forwarded from bupt.moe
https://t.me/bupt_moe/2676
I'm not going to name and shame but I'm in the midst of a conversation on this, which is why it's top of mind.
The “DarkSword” exploit can silently hack iPhones on iOS 18 via infected websites, putting hundreds of millions at risk of data theft 📱
#TechNews #Cybersecurity #Privacy #iOS #Apple #Hacking #DataProtection #Infosec #Surveillance #OpenSource #Security #DigitalRights #Tech #Software #Data
Google will add a 24-hour delay and multi-step “advanced flow” to sideload unverified Android apps, aiming to curb malware and social engineering attacks 📱
The change raises concerns about platform openness, developer access, and user freedom as Android adds tighter controls despite keeping sideloading available 🔐
#TechNews #Android #Google #Privacy #Cybersecurity #OpenSource #Security #Apps #Data #Freedom #Antitrust #BigTech #Software #Mobile #DigitalRights
systemd adds an optional “birthDate” field to user records, letting Linux apps access sensitive age data for compliance 📄
Critics warn this creates privacy risks, centralizes sensitive user info, and could be misused if poorly secured, making Linux systems a potential target for data leaks 🔐
🔗 https://itsfoss.com/news/systemd-age-verification/
#TechNews #Linux #Systemd #Privacy #OpenSource #Security #Data #DigitalRights #Compliance #Tech #Software #Freedom #Cybersecurity #Policy #DataProtection #AgeVerification
On the danger of ICE agents at airports, from Shayna Conde, a travel journalist of Black Babes Abroad.
https://blackbabesabroad.substack.com/p/ice-agents-in-us-airports
Pro-Iranian #Nasir #Security is targeting #energy companies in the Gulf
https://securityaffairs.com/189865/cyber-warfare-2/pro-iranian-nasir-security-is-targeting-energy-companies-in-the-gulf.html
#securityaffairs #hacking #Iran
Instead of handing government contracts to predatory Big Tech, the UK should ensure we have control of our digital infrastructure.
Even secure systems are fragile if a foreign company or power can pull the plug.
Sign our petition for a digital sovereignty strategy that priorities UK open source ⬇️
https://you.38degrees.org.uk/petitions/stop-trump-s-kill-switch-secure-our-digital-sovereignty
#DigitalSovereignty #palantir #bigtech #security #ukpolitics #ukpol
The UK’s reliance on US Big Tech is a national security issue ⚠️
But the UK is giving the controversial spyware company Palantir more contracts and more access to our data.
We're increasingly vulnerable to companies that lock us in to proprietary systems, creating dependency not independence.
#DigitalSovereignty #palantir #bigtech #security #ukpolitics #ukpol
RE: https://ec.social-network.europa.eu/@EUCommission/116277689173412114
What an effing joke.
This Cyber Resilience Act (CRA) dumps mandatory cybersecurity requirements on manufacturers using FOSS, while the @EUCommission guts and cancels even its already pathetic, support for FOSS projects.
Add the total pants-down surrender on issues like #chatcontrol, the gutting of citizen safeguards through the changes to #GDPR and #eIDAS 2.0:
An absolute disgrace
Europe champions digital freedom and its open source community.
We have introduced a tailored approach to boost open source development across EU countries and ensure it is safe from cyber threats.
We only apply security rules to software used in commercial activities.
We are also creating open source software stewards to support security with a light-touch regime and no administrative fines.
Find out more 👇
https://link.europa.eu/Jc7hBy
Alt...
The image features the phrase "Be open. Be bold. Be" written in white text centered against a deep blue background. Below the word "Be," there is a circle of twelve golden yellow stars, which is the iconic emblem of the European Union.