Unlimited access to Docker Hardened Images: Because security should be affordable, always
Every organization we speak with shares the same goal: to deliver software that is secure and free of CVEs. Near-zero CVEs is the ideal state. But achieving that ideal is harder than it sounds, because paradoxes exist at every step. Developers patch quickly, yet new CVEs appear faster than fixes can ship. Organizations standardize on… ⌘ Read more
KubeCon + CloudNativeCon North America 2025 Co-Located Event Deep Dive: Open Source SecurityCon
Open Source SecurityCon has always been about bringing people together to strengthen trust in open source. From its beginnings within TAG Security to its growth as a standalone conference, and now returning to KubeCon + CloudNativeCon… ⌘ Read more
Docker at AI Engineer Paris: Build and Secure AI Agents with Docker
Last week, Docker was thrilled to be part of the inaugural AI Engineer Paris, a spectacular European debut that brought together an extraordinary lineup of speakers and companies. The conference, organized by the Koyeb team, made one thing clear: the days of simply sprinkling ‘AI dust’ on applications are over. Meaningful results demand rigorous engineering,… ⌘ Read more
Wheat diversity discovery could provide an urgently-needed solution to global food security
Wheat has a very large and complex genome. Researchers have found that different varieties can use their genes in different ways. By studying RNA—the molecules that carry out instructions from DNA—researchers can see which genes are active and when. By mapping this gene activity for the first time, researchers are able to accelerate international wheat breeding programs, developing new varieties of … ⌘ Read more
Australia’s new food security strategy: What’s on the table, and what’s missing?
In 2023, a parliamentary inquiry into food security was held in Australia. This involves the government asking for public and expert advice on key issues to make better decisions. ⌘ Read more
Potential issues in curl found using AI assisted tools
https://joshua.hu/llm-engineer-review-sast-security-ai-tools…
https://joshua.hu/files/AI_SAST_PRESENTATION.pdf
Comments URL: https://news.ycombinator.com/item?id=45449348
Points: 527
# Comments: 169 ⌘ Read more
iOS 18.7.1 & iPadOS 18.7.1 Updates Released with Security Patch
Apple has released iOS 18.7.1 for iPhone and ipadOS 18.7.1 for iPad. The small software updates include security patches, and are offered as alternatives to iPhone and iPad users who either don’t want to install iOS 26 onto their device yet, or cannot for compatibility reasons. No new features or major changes are expected in … Read More ⌘ Read more
MacOS Sequoia 15.7.1 & MacOS Sonoma 14.8.1 Updates Released with Security Fixes
Apple has released MacOS Sequoia 15.7.1 and MacOS Sonoma 14.8.1 as security patch releases for Mac users who are not yet running the Tahoe operating system, of which MacOS Tahoe 26.0.1 was just released. The updates are focused on security patches and do not include any other changes or features for the Sequoia or Sonoma … [Read More](https://osxdaily.com/2025/09/30/macos- … ⌘ Read more
MacOS Tahoe 26.0.1 Update Released to Fix Mac Studio Installation Bug
Apple has issued MacOS Tahoe 26.0.1 as a software update for Tahoe users. The update focuses primarly on resolving an issue for Mac Studio owners who were not able to install the initial MacOS Tahoe 26 release onto the M3 Ultra version of the Studio. Apparently other bug fixes and security improvements are included as … [Read More](https://osxdaily.com/2025/09/29/macos-tahoe-26-0-1-update-releas … ⌘ Read more
Expanding Docker Hardened Images: Secure Helm Charts for Deployments
Development teams are under growing pressure to secure their software supply chains. Teams need trusted images, streamlined deployments, and compliance-ready tooling from partners they can rely on long term. Our customers have made it clear that they’re not just looking for one-off vendors. They’re looking for true security partners across development and deployment. That’s why… ⌘ Read more
CodeQL zero to hero part 5: Debugging queries
Learn to debug and fix your CodeQL queries.
The post CodeQL zero to hero part 5: Debugging queries appeared first on The GitHub Blog. ⌘ Read more
Docker MCP Toolkit: MCP Servers That Just Work
Today, we want to highlight Docker MCP Toolkit, a free feature in Docker Desktop that gives you access to more than 200 MCP servers. It’s the easiest and most secure way to run MCP servers locally for your AI agents and workflows. The MCP toolkit allows you to isolate MCP servers in containers, securely configure… ⌘ Read more
Kicking off Cybersecurity Awareness Month 2025: Researcher spotlights and enhanced incentives
For this year’s Cybersecurity Awareness Month, GitHub’s Bug Bounty team is excited to offer some additional incentives to security researchers!
The post [Kicking off Cybersecurity Awareness Month 2025: Researcher spotlights and enhanced incentives](https://github.blog/security/vulnerability-research/kicking-off-cybersecurity-aware … ⌘ Read more
Oh man, if the EU actually rolled out this horribd idea called ChatControl that actually threatens the security and privacy of secure e2e encrypted messaging like Signal™, fuck me, I’m out 🤦♂️ I’ll just rage quit the IT industry and become a luddite. I’m out.
Another win for the Digital Markets Act: Microsoft gives truly free access to additional year of Windows 10 updates to EU users
A few months ago, Microsoft finally blinked and provided a way for Windows 10 users to gain “free” access to the Windows 10 Extended Security Update program. For regular users to gain access to this program, their options are to either pay around $30, pay 1000 Microsoft points, or … ⌘ Read more
↳
In-reply-to
»
@itsericwoodward any news about this? I am, at the very least, curious!
⤋ Read More
@bender@twtxt.net Thanks for asking!
So, I’ve been working on 2 main twtxt-related projects.
The first is small Node / express application that serves up a twtxt file while allowing its owner to add twts to it (or edit it outright), and I’ve been testing it on my site since the night I made that post. It’s still very much an MVP, and I’ve been intermittently adding features, improving security, and streamlining the code, with an eye to release it after I get an MVP done of project #2 (the reader).
But that’s where I’ve been struggling. The idea seems simple enough - another Node / express app (this one with a Vite-powered front-end) that reads a public twtxt file, parses the “follow” list, grabs (and parses) those twtxt files, and then creates a river of twts out of the result. The pieces work fine in seclusion (and with dummy data), but I keep running into weird issues when reading real-live twtxt files, so some twts come through, while others get lost in the ether. I’ll figure it out eventually, but for now, I’ve been spending far more time than I anticipated just trying to get it to work end-to-end.
On top of it, the 2 projects wound up turning into 4 (so far), as I’ve been spinning out little libraries to use across both apps (like https://jsr.io/@itsericwoodward/fluent-dom-esm, and a forthcoming twtxt helper library).
In the end, I’m hoping to have project 1 (the editor) into beta by the end of October, and project 2 (the reader) into beta sometime after that, but we’ll see.
I hope this has satisfied your curiosity, but if you’d like to know more, please reach out!
MCP Horror Stories: The Drive-By Localhost Breach
This is Part 4 of our MCP Horror Stories series, where we examine real-world security incidents that expose the devastating vulnerabilities in AI infrastructure and demonstrate how Docker MCP Gateway provides enterprise-grade protection against sophisticated attack vectors. The Model Context Protocol (MCP) has transformed how developers integrate AI agents with their development environments. Tools like… ⌘ Read more
Our plan for a more secure npm supply chain
Addressing a surge in package registry attacks, GitHub is strengthening npm’s security with stricter authentication, granular tokens, and enhanced trusted publishing to restore trust in the open source ecosystem.
The post Our plan for a more secure npm supply chain appeared first on The GitHub Blog. ⌘ Read more
Gartner positions GitHub as a Leader in the 2025 Magic Quadrant for AI Code Assistants for the second year in a row
Our commitment is to empower every developer and stay true to our north star by building an open, secure, and AI-powered platform that defines the future of software development.
The post [Gartner positions GitHub as a Leader in the 2025 Magic Quadrant for AI Code Assistants for the second yea … ⌘ Read more
Kaidan: Kaidan 0.13.0: Multi-Account Support and Secure Password Storage
Kaidan 0.13.0 is out now!
And it comes with a bunch of shiny new features.
Most of the work has been … ⌘ Read more
Ignite Realtime Blog: Openfire 5.0.2 release!
The IgniteRealtime community is happy to announce a new release of its open source, real-time communications server server Openfire! Version 5.0.2 brings a number of stability improvements and bug fixes.
Notably, it addresses a recently identified security vulnerability, identifies as CVE-2025-59154. The issue allows for potential identity spoofing via unsafe Common Nam … ⌘ Read more
Erlang Solutions: MongooseIM 6.4: Simplified and Unified
MongooseIM is a scalable and efficient instant messaging server. With the latest release 6.4.0, it has become more powerful yet easier to use and maintain. Thanks to the internal unification of listeners and connection handling, the configuration is easier and more intuitive, while numerous new options are supported.
New features include support for TLS 1.3 with optional channel binding for improved security, single round-trip authent … ⌘ Read more
Erlang Solutions: Supporting the BEAM Community with Free CI/CD Security Audits
At Erlang Solutions, our support for the BEAM community is long-standing and built into everything we do. From contributing to open-source tools and sponsoring events to improving security and shaping ecosystem standards, we’re proud to play an active role in helping the BEAM ecosystem grow and thrive.
One way we’re putting that support into action is by offering free CI/CD-based security … ⌘ Read more
XMPP Interop Testing: MOAR TESTS!
Ever heard of XMPP Interop Testing? It’s this cool project that helps make sure different XMPP servers can all work
together smoothly. Our XMPP Interop Testing project provides a suite of automated tests that can be integrated into
CI/CD pipelines to verify the compliance and interoperability of XMPP server implementations.
Late last year, we reported that we had secured funding graciously provided by NLnet that allowed
us to massively build out t … ⌘ Read more
In 1996, they came up with the X11 “SECURITY” extension:
https://www.reddit.com/r/linux/comments/4w548u/what_is_up_with_the_x11_security_extension/
This is what could have (eventually) solved the security issues that we’re currently seeing with X11. Those issues are cited as one of the reasons for switching to Wayland.
That extension never took off. The person on reddit wonders why – I think it’s simple: Containers and sandboxes weren’t a thing in 1996. It hardly mattered if X11 was “insecure”. If you could run an X11 client, you probably already had access to the machine and could just do all kinds of other nasty things.
Today, sandboxing is a thing. Today, this matters.
I’ve heard so many times that “X11 is beyond fixable, it’s hopeless.” I don’t believe that. I believe that these problems are solveable with X11 and some devs have said “yeah, we could have kept working on it”. It’s that people don’t want to do it:
Why not extend the X server?
Because for the first time we have a realistic chance of not having to do that.
https://wayland.freedesktop.org/faq.html
I’m not in a position to judge the devs. Maybe the X.Org code really is so bad that you want to run away, screaming in horror. I don’t know.
But all this was a choice. I don’t buy the argument that we never would have gotten rid of things like core fonts.
All the toolkits and programs had to be ported to Wayland. A huge, still unfinished effort. If that was an acceptable thing to do, then it would have been acceptable to make an “X12” that keeps all the good things about X11, remains compatible where feasible, eliminates the problems, and requires some clients to be adjusted. (You could have still made “X11X12” like “XWayland” for actual legacy programs.)
↳
In-reply-to
»
Xfce does one thing very right: It stores its settings in plain-text XML files. This allows me to easily read, track, and maybe even distribute these settings to other machines.
⤋ Read More
Look at that, a mate just told me: What if YAML had even more security issues!? YAMLScript! https://yamlscript.org/doc/cheat/
Ignite Realtime Blog: Empowering Digital Sovereignty with Openfire: A Secure and Customizable Communication Platform
In today’s interconnected world, digital sovereignty has become increasingly important for individuals and organizations seeking to maintain control over their data, infrastructure, and technologies. Openfire, an open-source, real-time collaboration (RTC) server that uses the XMPP (Extensible Messaging and Presence … ⌘ Read more
↳
In-reply-to
»
I did a “lecture”/“workshop” about this at work today. 16-bit DOS, real mode. 💾 Pretty cool and the audience (devs and sysadmins) seemed quite interested. 🥳
⤋ Read More
They’re all talks, not real hands-on trainings like you did.
I love listening to good, well-structured talks. Problem is, not everybody is a good speaker and many screw it up. 🥴 I’m certainly not a great speaker, which is why I gravitate more towards “workshops”, in the hopes that people ask questions and discussions arise. Doesn’t always work out. 🤣 At the very least, I almost always have some other person connect to the projector/beamer/screenshare and then they do the stuff – this avoids me being wwwwaaaaaaaaayyyy too fast.
We are usually drowned in stress and tight deadlines, hence events like today are super rare … We used to do it more often until ~10 years ago.
Once a year the security guys organize a really great hacking event, though.
Oh dear, I’d love to participate in that. 🤯 That sounds like a lot of fun. (Why don’t we do this?!)
Great article from Tailscale about how security policies we’ve often seen in many large complex organizations that we all love to hate don’t actually provide the security that we assumed.
MacOS 26 is the final Intel version, sucks to be a 2023 Intel Mac Pro owner
macOS Tahoe is the final software update that Intel-based Macs will get, as Apple works to phase them out following its transition to Apple silicon. During its Platforms State of the Union event, Apple said that Intel Macs won’t get macOS 27, coming next year, though there could still be updates that add security fixes. ↫ Juli Clover at MacRumors Not particularly surprising, but def … ⌘ Read more
ToolHive Tutorial: Securely Deploy and Manage MCP Servers ⌘ Read more
Rethinking the guest network to improve my home network security ⌘ Read more
Understanding Misconfiguration Exploits: A Beginner’s Guide to Offensive Security Thinking.
Misconfigurations are among the most common — and most dangerous — vulnerabiliti … ⌘ Read more
From Classic SOC to Autonomous SOC: The Future of Cyber Defense
Modernize your SOC into an Autonomous Security Operations (ASO) model. what it means, why it matters, and how to prepare your team.
[Continue reading on InfoS … ⌘ Read more
Securing Kubernetes Traffic with Calico Ingress Gateway
Kubernetes, Envoy, GatewayAPI, cert-manager, CNI, Calico If you’ve managed traffic in Kubernetes, you’ve likely navigated the world of Ingress controllers. For years, Ingress has been the standard way of getting our HTTP/S services exposed. But let’s… ⌘ Read more
A Step-by-Step Plan to Secure Web Backends with XAMPP (Part 1/3)
Installing and Configuring XAMPP
[Continue reading on InfoSec Write-ups »](https://infosecwriteups.com/a-step-by-step-plan-to-secure-web-backends-with-xampp-p … ⌘ Read more
Morse Micro and Gateworks Launch Wi-Fi HaLow Solution for Industrial Connectivity
Morse Micro and Gateworks Corporation have partnered to bring Wi-Fi HaLow (IEEE 802.11ah) to industrial environments. In collaboration with Silex Technology, they offer a hardware and software ecosystem for long-range, low-power, and secure wireless networking across manufacturing, energy, and transportation sectors. Wi-Fi HaLow operates in the sub-GHz frequency band, offering a co … ⌘ Read more
How Hackers Help NASA Stay Secure: Inside the NASA VDP ⌘ Read more
** Cookie Attributes — More Than Just Name & Value**
Understanding the Security & Scope Behind Every Cookie
[Continue reading on InfoSec Write-ups »](https://infosecwriteups.com/cookie-attributes-more-than-just-name-value-a95591be6fba?source=rss—-7b722bfd1b8d—4 … ⌘ Read more
Cybersecurity Interview Questions For Freshers ⌘ Read more
Palestine: Hamas security services must stop targeting protesters in reprisal and respect freedom of peaceful assembly in Gaza ⌘ Read more
Hack the model: Build AI security skills with the GitHub Secure Code Game
Dive into the novel security challenges AI introduces with the open source game that over 10,000 developers have used to sharpen their skills.
The post Hack the model: Build AI security skills with the GitHub Secure Code Game appeared first on The GitHub Blog. ⌘ Read more
DNS rebinding attacks explained: The lookup is coming from inside the house!
DNS rebinding attack without CORS against local network web applications. Explore the topic further and see how it can be used to exploit vulnerabilities in the real-world.
The post [DNS rebinding attacks explained: The lookup is coming from inside the house!](https://github.blog/security/application-security/dns-rebinding-attacks-explained-the-lookup-is-coming-from- … ⌘ Read more
Ukraine’s Security Service head sums up results of operation to destroy Russian strategic jets ⌘ Read more
Tools and datasets to support, sustain, and secure critical digital infrastructure
Comments ⌘ Read more
Ukraine launches major drone attack on Russian bombers, security official says | Ukraine ⌘ Read more
Ukrainian Security Service charges captured Russian soldier with executing POWs ⌘ Read more