XMPP Interop Testing: Putting NTA 7532 to the Test (Literally)
You might have seen the XMPP Standards Foundation’s open letter to NEN about NTA 7532, the Dutch effort to standardise secure healthcare chat. It’s a good read, and, as it happens, right up our street.
If you’re building a chat system that has to actually talk to someone else’s chat system (and keep doctors happy while doing it), you’ll kno … ⌘ Read more
Python Software Foundation has bigger spine than big tech
Back in January 2025, the Python Software Foundation applied for a $1.5 million grant from the US government’s National Science Foundation, under the Safety, Security, and Privacy of Open Source Ecosystems program, to address structural vulnerabilities in Python and PyPI. After a lot of paperwork, their application was approved, but upon receiving the contractual agreement, the Python Software Foundation decided to b … ⌘ Read more
Ignite Realtime Blog: Helping Dutch Healthcare Speak the Same Language with XMPP
Helping Dutch Healthcare Speak the Same Language with XMPPThe XMPP Standards Foundation (XSF) has put out a call to action: it’s time for the community to help make secure, interoperable chat a reality - especially in healthcare. Here at Ignite Realtime, we’re excited to support this effort. Our projects, … ⌘ Read more
The XMPP Standards Foundation: Towards Secure and Interoperable Healthcare Chat
Supporting the development of the Dutch NTA 7532 standard with lessons from international practice
The XMPP Standards Foundation (XSF) is an independent, non-profit organization that promotes and advances open standards for real-time communication and collaboration. The XSF oversees the development of extensions to the Extensible Messaging and Presence Protocol (XMPP) and fost … ⌘ Read more
Panic as breached details of 183m accounts, including Gmail, emerge
The news isn’t nearly as bad as some online would have you believe, but it’s always a good idea to check your security. ⌘ Read more
How to Connect MCP Servers to Claude Desktop with Docker MCP Toolkit
What if you could turn Claude from a conversational assistant into a development partner that actually does things—safely, securely, and without touching your local machine? If you’ve been exploring Claude Desktop and wondering how to connect it with real developer tools, Docker MCP Toolkit is the missing piece you’ve been looking for. Here’s the reality:… ⌘ Read more
Zelensky Hails ‘Historic’ Gripen Deal as Ukraine Secures 150 Fighter Jets Starting in 2026 ⌘ Read more
Connecting distributed Kubernetes with Cilium and SD-WAN: Building an intelligent network fabric
Learn how Kubernetes-native traffic management and SD-WAN integration can deliver consistent security, observability, and performance across distributed clusters. The challenge of distributed Kubernetes networking Modern businesses are rapidly adopting distributed architectures to meet growing demands for… ⌘ Read more
Check Your Mac Security Update Status with SilentKnight
Basically every Mac user is familiar with the process of updating MacOS system software to install updates for their operating system, which typically arrive as point releases (like 15.6) or major version releases (like 26). But did you know that MacOS will also periodically install security updates and anti-malware updates to Gatekeeper, MRT, and Xprotect? … [Read More](https://osxdaily.com/2025/10/24/check-your-mac-secur … ⌘ Read more
How to find, install, and manage MCP servers with the GitHub MCP Registry
Learn how to bring structure and security to your AI ecosystem with the GitHub MCP Registry, the single source of truth for managing and governing MCP servers.
The post How to find, install, and manage MCP servers with the GitHub MCP Registry appeared first on … ⌘ Read more
Docker + E2B: Building the Future of Trusted AI
Trusted Software Starts Here The era of agents is here. Some teams are experimenting, others are just getting started, and a few are already running agents in production. But one challenge stands out: trust. Trust that your agents will act securely. Over 20 million developers already rely on Docker to build and ship software safely… ⌘ Read more
Top security researcher shares their bug bounty process
For this year’s Cybersecurity Awareness Month, the GitHub Bug Bounty team is excited to put the spotlight on a talented security researcher—@dev-bio!
The post Top security researcher shares their bug bounty process appeared first on The GitHub Blog. ⌘ Read more
Der ganze Vorgang ist archetypisch für die seit Jahrzehnten völlig ohne Not stattfindende politische Selbstverzwergung Europas.
A comment on heise about the recent AWS outage.
(Too bad there’s no good translation for the great word “Selbstverzwergung”.)
I’m paraphrasing: Europe (and other regions) depend on US IT services, a lot, without an actual need. We saw AWS, Google, and Microsoft build large datacenters and then we thought “welp, shit, nothing we can do about that, guess we’ll just be an AWS customer from now on.” Nobody really went ahead and built German/European alternatives. And now we completely depend on the US for lots of our stuff.
The article even claims that there’s now a shortage of sysadmins in the EU? I’m not so sure. But I’d welcome it, makes my job more secure. 🤣
Hosting services, datacenters, software, everything, it’s all US stuff. Why do we accept this, why not build alternatives …
↳
In-reply-to
»
That was a very non-fun day at work.
⤋ Read More
@prologic@twtxt.net That sounds horrible. 😅 I wouldn’t want to own such a car. (My plan is not to buy a new car after my current one finally broke down entirely.)
@lyse@lyse.isobeef.org First time I heard about eCall. I don’t think I like this. 🫤 Feels like another attempt at going for complete surveillance. Yes, yes, it’s about “security”/“safety” … it always is.
Research shows that land can’t buy security for young Kenyans
An anthropologist from The University of Manchester has uncovered the hidden struggles of young men on the edges of Nairobi, who inherit land but lack the means to turn it into the financial security they desperately need. ⌘ Read more
Silicon Labs SixG301 Series 3 SoCs Target Zigbee, Matter, and Thread Development
Silicon Labs has announced general availability of its new Series 3 platform, debuting with the SiMG301 and SiBG301 wireless SoCs. Built on a 22 nm process, the Series 3 family targets compute-intensive IoT applications that require higher security, integrated connectivity, and support for modern 2.4 GHz wireless protocols. Series 3 introduces a multi-core architecture that […] ⌘ Read more
Applying RBAC to databases on Kubernetes: Practical, real-world examples
Introduction Role-Based Access Control (RBAC) is one of the most important security features in any cloud native platform. It determines who can do what inside the Kubernetes Cluster, helping teams give the right access to the… ⌘ Read more
Inside the breach that broke the internet: The untold story of Log4Shell
Log4Shell proved that open source security isn’t guaranteed and isn’t just a code problem. It’s about supporting, enabling, and empowering the people behind the projects that build our digital infrastructure.
The post [Inside the breach that broke the internet: The untold story of Log4Shell](https://github.blog/open-source/inside-the-breach-that-broke-the-internet-the-untold-story-of-log4she … ⌘ Read more
Zelenskyy urges allies not to appease Russia after failing to secure US missiles ⌘ Read more
️ Spring Boot API Security Like a Pro: Rate Limiting, Replay Protection & Signature Validation…
Learn how to secure your Spring Boot APIs using rate lim … ⌘ Read more
Salesforce defends security practices after Qantas hack
Hackers used AI-powered voice phishing to trick employees into granting database access. ⌘ Read more
How I Mastered Blind SQL Injection With One Simple Method
Transforming my web security skills by learning to listen to a silent database
[Continue reading on InfoSec Write-ups »](https://infosecwriteups.com/how-i-mastered-blind-sql-injection-w … ⌘ Read more
Docker Hardened Images: crafted by humans, protected by AI
At Docker, we are building our hardened images to exacting standards. That means carefully crafting by hand, because humans are still the best security architects. That said, we understand the value of AI and deploy it as an extra set of eyes at critical junctures in our Docker Hardened Image (DHI) build process. With this… ⌘ Read more
** Encrypt & Decrypt Database Fields in Spring Boot Like a Pro (2025 Secure Guide)**
“Your database backup just leaked. Is your data still safe?”
[Continue reading on InfoSec Write-ups »](https://infos … ⌘ Read more
** SecurityFilterChain Explained: The Secret Sauce Behind Spring Security**
Spring Security has evolved — the old WebSecurityConfigurerAdapter is gone, and the new SecurityFilterChain is now the backbone of Spring…
… ⌘ Read more
100% Transparency and Five Pillars
How to Do Hardened Images (and Container Security) Right Container security is understandably a hot topic these days, with more and more workloads running atop this mainstay of the cloud native landscape. While I might be biased because I work at Docker, it is safe to say that containers are the dominant form factor for… ⌘ Read more
Hamas security forces kill 32 members of Gaza ‘gang’, official says ⌘ Read more
Modern iOS Security Features – A Deep Dive into SPTM, TXM, and Exclaves
The XNU kernel is the basis of Apple’s operating systems. Although labeled as a hybrid kernel, it is found to generally operate in a monolithic manner by defining a single privileged trust zone in which all system functionality resides. This has security implications, as a kernel compromise has immediate and significant effects on the entire system. Over the past few years, Apple has taken steps towards a more compartmentalized kernel architecture and a more micr … ⌘ Read more
LineageOS 23 released
The LineageOS project has released version 23 of their AOSP-based Android variant. LineageOS 23 is based on the initial release of Android 16 – so not the QPR1 release that came later – because Google has not made the source code for that release available yet. Like other, similar projects, LineageOS also suffers from Google’s recent further lockdown of Android; not only do they not have access to Android 16 QPR1’s source code, they also can’t follow along with the latest security patche … ⌘ Read more
States could be held accountable for private security actions
Governments which employ private military companies, such as Wagner and Africa Corps, can be held liable for any human rights violations committed by these firms, research from Edith Cowan University (ECU) has highlighted. ⌘ Read more
Physics Insight
⌘ Read more
Physics Insight
⌘ Read more
DebDroid - Debian on Android (v1.1)
Hello guys! I’m happy to share DebDroid, a free and open-source project that aims to bring a real Debian environment to Android devices. It is not Termux-based, nor a simple proot-based wrapper, but a real, near-native chroot environment running on top of the Android kernel.
The project is built around a heavily modified version of the Kali Nethunter’s script I’ve developed 3 years ago. This new version (DebDroid) brings greatly improved security, isolation and additional compatibility patch … ⌘ Read more
I noticed Google put out this article: https://android-developers.googleblog.com/2025/09/lets-talk-security-answering-your-top.html it’s very current day Google, but the comments under the YouTube video are pretty on point and I saw a few familiar faces there. There is also, unexpectedly, ways to contact Google.
First a form for “teachers, students, and hobbyists”, that I filled politely, as someone who falls under their hobbyist category. It can be filled both anonymously, or with an e-mail attached, to be contacted by them (I chose the second option).
Also a general feedback and questions form, that I was not as polite in and used to send them the following message:
I have already provided some feedback, in the teacher, student and hobbyists form/questionaire, as well as an open letter I’ve recently sent to the European Commission digital markets act team, as I do believe your proposal might not even be legal, given the fact it puts privacy-focused alternative app stores at risk (https://f-droid.org/cs/2025/09/29/google-developer-registration-decree.html) and it was proposed this early, after Google lost in court to Epic Games, over similar monopoly concerns. Why should we trust Google to be the only authority for all developer signatures, right after the European courts labeled it a gatekeeper?
Assuming this gets passed, despite justified developer backlash and at best questionable legality, can you give us any guarantees, this will not be used to target legal malware-free mods, or user privacy enhancing patchers, like the ones used for applying the ReVanced patches? I have made a few mods myself, but I am in no way associated with the ReVanced team. I just share many peoples concerns, Google Chrome has been conveniently stripped of its manifest v2 support, that made many privacy protecting extensions possible and now you’re conveniently asking for the government IDs, of all the developers, who maintain these kinds of privacy protections (be it patches, or alternative open-source apps) on Android.
Unbelievable Security Hole: JWT Secret in a Series-B Funded Company
It started as a routine penetration test. Little did I know I was about to uncover one of the most basic yet catastrophic security…
[Continue reading on … ⌘ Read more
Venezuela asks UN Security Council for emergency session over US military actions in the Caribbean ⌘ Read more
Ukraine to nominate Trump for Nobel Peace Prize if he secures ceasefire with Russia ⌘ Read more
↳
In-reply-to
»
My open letter, to the European Commission digital markets act team:
⤋ Read More
@movq@www.uninformativ.de I submitted it via the form on their website (https://digital-markets-act.ec.europa.eu/contact-dma-team_en) and got the following response:
Dear citizen,
Thank you for contacting us and sharing your concerns regarding the impact of Google’s plans to introduce a developer verification process on Android. We appreciate that you have chosen to contact us, as we welcome feedback from interested parties.
As you may be aware, the Digital Markets Act (‘DMA’) obliges gatekeepers like Google to effectively allow the distribution of apps on their operating system through third party app stores or the web. At the same time, the DMA also permits Google to introduce strictly necessary and proportionate measures to ensure that third-party software apps or app stores do not endanger the integrity of the hardware or operating system or to enable end users to effectively protect security.
We have taken note of your concerns and, while we cannot comment on ongoing dialogue with gatekeepers, these considerations will form part of our assessment of the justifications for the verification process provided by Google.
Kind regards,
The DMA Team
A TPM-based combined remote attestation method for confidential computing
Problem statement Confidential computing technologies such as Intel TDX and AMD SNP rely on hardware-controlled Roots of Trust (RoT), inherently binding remote attestation to specific CPU vendors. While these solutions offer strong security guarantees, they also… ⌘ Read more
How a top bug bounty researcher got their start in security
For this year’s Cybersecurity Awareness Month, the GitHub Bug Bounty team is excited to feature another spotlight on a talented security researcher — @xiridium!
The post How a top bug bounty researcher got their start in security appeared first on The GitHub Blog. ⌘ Read more
Auditing user activity in pods and nodes with the Security-Profiles-Operator
Kubernetes’ native audit logs are essential for tracking control plane activities, but they fail to capture what happens inside a container or on the host node itself during kubectl debugging sessions. This creates a security and… ⌘ Read more
Zero trust, maximum security
With cyber threats escalating, Australian businesses are trusting no one. Organisations are increasingly discarding traditional security systems — “castle and moat” defences comprised of firewalls and VPNs — in favour of zero trust architecture. ⌘ Read more
Zero trust, maximum security
With cyber threats escalating, Australian businesses are trusting no one. Organisations are increasingly discarding traditional security systems — “castle and moat” defences comprised of firewalls and VPNs — in favour of zero trust architecture. ⌘ Read more