Young detainee forced to wear makeshift spit hood, report finds
An incident at a Tasmanian youth detention centre where a detainee had an improvised spit hood put over his head while being transported by a contracted security company, has been criticised for being “entirely incompatible” with human rights. ⌘ Read more
Rural university campus confirmed as site of ‘open-security’ prison work camp
The Northern Territory government has signed a deal to build a new “open-security” prison work camp at Charles Darwin University’s Katherine campus, with the facility expected to house at least 130 prisoners. ⌘ Read more
Threats against Victorian judges, magistrates by sovereign citizens double
A report tabled in state parliament has recommended judicial officers be paid an allowance to increase their personal security. ⌘ Read more
Ex-Flight Centre employee jailed for stealing $40,000 from Canberra branch
A 39-year-old man has been jailed for two years after stealing cash from a secure drawer at Flight Centre in Canberra at least seven times, and then mountinga campaign of dishonesty” to delay sentencing. ⌘ Read more
Perth Bears confirm first two signings for inaugural NRL season
The NRL’s Perth expansion team secures the signature of former Bulldogs halfback Toby Sexton and England international Harry Newman for their inaugural season in 2027. ⌘ Read more
India Orders Mobile Phones Preloaded With Government App To Ensure Cyber Safety
An anonymous reader shares a report: India’s telecoms ministry has privately asked all smartphone makers to preload all new devices with a state-owned cyber security app, a government order showed, a move set to spark a tussle with Apple, which typically dislikes such directives.
[…] The November 28 order, seen … ⌘ Read more
‘Crime Rings Enlist Hackers To Hijack Trucks’
It’s “a complex mix of internet access and physical execution,” says the chief informance security officer at Cequence Security.
Long-time Slashdot reader schwit1 summarizes this article from The Wall Street Journal:
By breaking into carriers’ online systems, cyber-powered criminals are making off with truckloads of electronics, beverages and other goods In the most recent tactics id … ⌘ Read more
Sensitive parliament communications handed to contractor without security clearance
A contractor that was the victim of a Russia-linked hack did not have the necessary security clearance when it received thousands of sensitive communications between politicians and parliamentary staff, in a mistake the department has now conceded. ⌘ Read more
Social media ban leaves children vulnerable to phishing scams, experts say
As the social media ban comes into effect, experts are worried children and families will be left vulnerable to age verification scams. Here’s why. ⌘ Read more
SEC Must Not Let Crypto Companies ‘Bypass’ Rules, Stock Exchanges Say
The Securities and Exchange Commission’s possible plan to grant crypto companies relief from regulation to sell “tokenised” stocks risks harming investors, a group of stock exchanges said in a letter to the U.S. regulator this week. From a report: Several crypto companies plan to sell crypto tokens linked to listed equities to retail investors … ⌘ Read more
Israel launches new military operation in northern West Bank
Israeli security forces have launched what the military described as a counter-terrorism operation in the northern West Bank, which Palestinians said was targeting the city of Tubas. ⌘ Read more
Police union warns Labor ‘austerity’ drive would undermine security
An apparent request across the public service to find and suspend low priority spending would undermine security if applied to the AFP, according to its union. ⌘ Read more
Newly formed Queensland company secures 1,000 coal mining jobs
A newly formed Queensland company has taken over a majority shareholding in a Bowen Basin coal mine, securing 1,000 jobs. ⌘ Read more
X.Org Server 21.1.21 Released To Fix Several Regressions
For those continuing to make use of the X.Org Server, a new point release is now available in the 21.1 series. While most often X.Org Server stable releases these days are driven by shipping new security fixes, the X.Org Server 21.1.21 release is to fix several regressions introduced for various functional issues… ⌘ Read more
Signal Private Messenger Rolls Out Secure Backups for iPhone
Encrypted messaging platform Signal now offers secure backups on iPhone, letting users save and restore messages if they lose access to their device.
There are free and paid versions of Signal’s secure backups. The free version lets users store up to 100MB of text messages, including photos, videos, and files from … ⌘ Read more
NATO Taps Google For Air-Gapped Sovereign Cloud
NATO has hired Google to provide “air-gapped” sovereign cloud services and AI in “completely disconnected, highly secure environments.” From a report: The Chocolate Factory will support the military alliance’s Joint Analysis, Training, and Education Centre (JATEC) in a move designed to improve its digital infrastructure and strengthen its data governance. NATO was formed in 1949 … ⌘ Read more
Cryptologist DJB Criticizes Push to Finalize Non-Hybrid Security for Post-Quantum Cryptography
In October cryptologist/CS professor Daniel J. Bernstein alleged that America’s National Security
Agency (and its UK counterpart GCHQ) were attempting to influence NIST to adopt weaker post-quantum cryptography
standards without a “hybrid” approach that would’ve also included pre-quantum EC … ⌘ Read more
Microsoft and GitHub Preview New Tool That Identifies, Prioritizes, and Fixes Vulnerabilities With AI
“Security, development, and AI now move as one,” says Microsoft’s director of cloud/AI security
product marketing.
Microsoft and GitHub “have launched a native integration between Microsoft Defender for Cloud and GitHub Advanced Security that aims to address what one e … ⌘ Read more
SEC Dismisses Case Against SolarWinds, Top Security Officer
The SEC has officially dismissed its high-profile case against SolarWinds and its CISO that was tied to a Russia-linked cyberattack involving the software company. Reuters reports: The landmark case, which SEC brought in late 2023, rattled the cybersecurity community and later faced scrutiny from a judge who dismissed many of the charges. The SEC had said So … ⌘ Read more
Sovereign Tech Fund Hiring A New Leader For Driving Open-Source Funding
Germany’s Sovereign Tech Fund / Sovereign Tech Agency has been a godsend the past few years for the open-source community. This funding from the German government has led to significant funding for dozens of prominent open-source infrastructure projects to provide more resources for enhancing security, enabling new features, and more. As the Sovereign Tech Fund prepares for the next phase of growth, they are hiring a new head to lead the efforts.. … ⌘ Read more
Report: Low-Cost iPhone, iPad, MacBook Coming Early 2026
Apple is planning to release new entry-level models across its iPhone, iPad, and Mac categories early next year, with an all-new affordable MacBook the most notable addition to the lineup.
According to a new research report by Jeff Pu of GF Securities seen by MacRumors, Apple will launch the iPhone 17e – its second iteration of the “e” line … ⌘ Read more
You Can Finally AirDrop Files Between Android and iPhone, Starting with Pixel 10
Android’s Quick Share file transfer service can now work with Apple’s AirDrop, allowing users to send files between iPhones and Android devices. Google has started rolling out the feature to its Pixel 10 family of smartphones. The cross-platform compatibility includes security protections that the company says indepen … ⌘ Read more
The Growing Problem With China’s Unreliable Numbers
Chinese economist Gao Shanwen told a Washington panel in December that China’s real GDP growth might be around 2% rather than the official figure near 5%. By January, Gao was no longer chief economist at SDIC Securities and went silent for almost a year.
As FT points out in a long piece, China does not publish quarterly GDP breakdowns showing consumption, investment and net exp … ⌘ Read more
Why I joined Docker: security at the center of the software supply chain
Mark Lechner, Docker’s CISO, shares his vision for a future where Docker not only powers the software supply chain, but actively safeguards it. Cybersecurity has reached a turning point. The most significant threats no longer exploit isolated systems; they move through the connections between them. The modern attack surface includes every dependency, every container, and… ⌘ Read more
Netgear Accused by Rival of China Smear To Fan Security Fear
An anonymous reader shares a report: California-based TP-Link says it may take a sales hit of more than $1 billion because of erroneous reports that the networking company’s technology has been “infiltrated” by Beijing. In a lawsuit, TP-Link claims its competitor, Netgear, orchestrated a smear by planting false claims with journalists and internet influen … ⌘ Read more
Gen Z Officially Worse At Passwords Than 80-Year-Olds
A NordPass analysis found that Gen Z is actually worse at password security than older generations, with “12345” topping their list while “123456” dominates among everyone else. The Register reports: And while there were a few more “skibidis” among the Zoomer dataset compared to those who came before them, the trends were largely similar. Variants on the “123456” were a … ⌘ Read more
To everyone previously asking, what my (and other developers) endless complaining about Google, to both every EU body, with a form on their website and every relevant team at Google accomplished…
WE FUCKING WON!!!
“While security is crucial, we’ve also heard from developers and power users who have a higher risk tolerance and want the ability to download unverified apps.”
-source
I was also able to work with my new webhost, to bring back “🐕.fr.to” - everyones favorite vanity redirect domain, for my site, Googles changes to SSL warnings in Chrome, killed at the beginning of this year.
The lesson: I NEED TO COMPLAIN MORE
Kgateway v2.1 is released!
Kgateway is an open source implementation of the Kubernetes Gateway API that unifies ingress, API gateway, service mesh, and AI gateway capabilities in a singular modular control plane. Built for performance and flexibility, it secures and… ⌘ Read more
A Simple WhatsApp Security Flaw Exposed 3.5 Billion Phone Numbers
Researchers at the University of Vienna extracted phone numbers for 3.5 billion WhatsApp users by systematically checking every possible number through the messaging service’s contact discovery feature. The technique yielded profile photos for 57% of those accounts and profile text for 29 percent. The researchers checked roughly 100 million numbe … ⌘ Read more
Valar Atomics Says It’s the First Nuclear Startup To Achieve Criticality
An anonymous reader quotes a report from Wired: Startup Valar Atomics said on Monday that it achieved criticality – an essential nuclear milestone – with the help of one of the country’s top nuclear laboratories. The El Segundo, California-based startup, which last week announced it had secured a $130 million funding round wi … ⌘ Read more
Google Is Collecting Troves of Data From Downgraded Nest Thermostats
Even after disabling remote control and officially ending support for early Nest Learning Thermostats, Google is still receiving detailed sensor and activity data from these devices, including temperature changes, motion, and ambient light. The Verge reports: After digging into the backend, security researcher Cody Kociemba found that the … ⌘ Read more
Microsoft Mitigated the Largest Cloud DDoS Ever Recorded, 15.7 Tbps
An anonymous reader quotes a report from Security Affairs: On October 24, 2025, Azure DDoS Protection detected and mitigated a massive multi-vector attack peaking at 15.72 Tbps and 3.64 billion pps, the largest cloud DDoS ever recorded, aimed at a single Australian endpoint. Azure’s global protection network filtered the traffic, keeping servic … ⌘ Read more
Why Hotel-Room Cancellations Disappeared
Hotel cancellation policies have transformed over the past seven years. Travelers once could cancel reservations up until the day before check-in without penalty. That flexibility has largely vanished.
The shift began around 2018 when third-party travel-booking sites deployed “cancel-rebook” strategies, the Atlantic writes. These platforms would monitor hotel rates after securing initial reservati … ⌘ Read more
Microsoft Executives Discuss How AI Will Change Windows, Programming – and Society
“Windows is evolving into an agentic OS,” Microsoft’s president of Windows Pavan Davuluri posted on X.com, “connecting devices, cloud, and AI to unlock intelligent productivity and secure work anywhere.”
But former Uber software engineer and engineering manager Gergely Orosz was unimpressed. “Can’t see any re … ⌘ Read more
Rust in Android: More Memory Safety, Fewer Revisions, Fewer Rollbacks, Shorter Reviews
Android’s security team published a blog post this week about their experience using Rust. Its title? “Move fast and fix things.”
Last year, we wrote about why a memory safety strategy that focuses on vulnerability prevention in new code quickly yields durable and compounding gains. This year we look … ⌘ Read more
Security Researchers Spot 150,000 Function-less npm Packages in Automated ‘Token Farming’ Scheme
An anonymous reader shared this report from The Register:
Yet another supply chain attack has hit the npm registry in what Amazon describes as “one of the largest package flooding incidents in open source registry history” — but with a twist. Instead of injecting credential-steal … ⌘ Read more
Copy-and-Paste Now Exceeds File Transferring as the Top Corporate Data Exfiltration Vector
Slashdot reader spatwei writes: It is now more common for data to leave companies through copying and pasting than through file transfers and uploads, LayerX revealed in its Browser Security Report 2025. This shift is largely due to generative AI (genAI), with 77% of employees pasting data into AI … ⌘ Read more
PSOs to be redeployed from train stations in retail crime crackdown
Security patrols at 120 “low-crime rate” train stations will be scaled back as Protective Services Officers’ target major suburban retail hubs and crime hot spots on the rail network. ⌘ Read more
Amyl and the Sniffers’ free gig shut down over security fears in Melbourne
A free gig by Australian rockers Amyl and the Sniffers has been shut down after security fences at Federation Square “got crushed in”. ⌘ Read more
I am pet sitting for my friend. He security camera isn’t happy ⌘ Read more
JPMorgan Chase Wins Fight With Fintech Firms Over Fees To Access Customer Data
According to CNBC, JPMorgan Chase has secured deals ensuring it will get paid by the fintech firms responsible for nearly all the data requests made by third-party apps connected to customer bank accounts. From the report: The bank has signed updated contracts with the fintech middlemen that make up more than 95% of th … ⌘ Read more
Making the Most of Your Docker Hardened Images Trial – Part 1
First steps: Run your first secure, production-ready image Container base images form the foundation of your application security. When those foundations contain vulnerabilities, every service built on top inherits the same risk. Docker Hardened Images addresses this at the source. These are continuously-maintained, minimal base images designed for security: stripped of unnecessary packages, patched proactively,… ⌘ Read more
Singapore To Trial Tokenized Bills, Bring In Stablecoin Laws
An anonymous reader quotes a report from Reuters: Singapore’s central bank will hold trials to issue tokenized MAS bills next year and bring in laws to regulate stablecoins as it presses forward with plans to build a scalable and secure tokenised financial ecosystem, the bank’s top official said on Thursday. “Tokenization has lifted off the ground. But hav … ⌘ Read more
Hyundai Data Breach May Have Leaked Drivers’ Personal Information
According to Car and Driver, Hyundai has suffered a data breach that leaked the personal data of up to 2.7 million customers. The leak reportedly took place in February from Hyundai AutoEver, the company’s IT affiliate. It includes customer names, driver’s license numbers, and social security numbers. Longtime Slashdot reader sinij writes: Thanks … ⌘ Read more
Germany To Ban Huawei From Future 6G Network in Sovereignty Push
German Chancellor Friedrich Merz said Chinese suppliers such as Huawei will be excluded from the country’s future telecommunication networks on security grounds as he pushes for more digital sovereignty. From a report: “We have decided within the government that everywhere it’s possible we’ll replace components, for example in the 5G network, wit … ⌘ Read more
Google To Allow ‘Experienced Users’ To Install Unverified Android Apps
Google says it will build a new “advanced flow” to allow experienced users to install Android apps from unverified developers, easing up on restrictions it proposed in late August. The company said earlier that Android would block such installations starting next year. The new flow will include clear warnings about security risks but wil … ⌘ Read more
MCP Horror Stories: The WhatsApp Data Exfiltration Attack
This is Part 5 of our MCP Horror Stories series, where we examine real-world security incidents that highlight the critical vulnerabilities threatening AI infrastructure and demonstrate how Docker’s comprehensive AI security platform provides protection against these threats. Model Context Protocol (MCP) promises seamless integration between AI agents and communication platforms like WhatsApp, enabling automated message… ⌘ Read more
Iceland Deems Possible Atlantic Current Collapse A Security Risk
Iceland has formally classified the potential collapse of a major Atlantic Ocean current system a national security threat, warning that a disruption could trigger a modern-day ice age in Northern Europe and destabilize global weather systems. The move elevates the risk across government and enables it to strategize for worst-case scenarios. Reut … ⌘ Read more
Editor’s Note: Security Human Validation
Stephan A. Schwartz, Editor - Schwartzreport
_Stephan: Even though we had several levels of security already installed, SR has been experiencing so many hacking attacks that it was getting difficult to publish it because the attacks kept screwing up the application we use to produce SR. So Beth Alexander, my wonderful web manager of many years, consulted with security specialists, and they told her we needed to add a human verification first … ⌘ Read more
Checkout.com hacked, refuses ransom payment, donates to security labs
Article URL: https://www.checkout.com/blog/protecting-our-merchants-standing-up-to-extortion
Comments URL: https://news.ycombinator.com/item?id=45912698
Points: 503
# Comments: 227 ⌘ Read more