The mysterious inetpub folder is actually a crucial part of a Windows security fix
Remember the odd inetpub folder that seemingly randomly appeared on people’s root drives after installing a Windows 11 update? Everybody assumed it was something left over from an update script, and that the folder was safe to remove. Well, it turns out that’s not the case, as the empty folder is actually a crucial part of a security fix for a serious vulnerability. I … ⌘ Read more
Windows Recall failed the moose test, and nobody will ever forget it
Ars Technica took a look at how the current version of Windows Recall works, including the improvements Microsoft made since the initial security nightmare of a rollout, and concludes: Recall continues to demand an extraordinary level of trust that Microsoft hasn’t earned. However secure and private it is—and, again, the version people will actually get is much better than the version that caused … ⌘ Read more
These Kubernetes mistakes will make you an easy target for hackers
Kubernetes is exceedingly powerful for orchestrating containerized applications at scale. But without proper monitoring and observability—especially in self-managed infrastructure—it can quickly become a security disaster waiting to happen. This is not due to inherent flaws in… ⌘ Read more
Thanks again to our outgoing sponsor: Nova Custom
We’d like to thank our outgoing sponsor, Nova Custom, for sponsoring OSNews! Nova Custom, based in The Netherlands, makes laptops focused on privacy, customisation, and freedom. Nova Custom laptops ship with either Linux, Windows, or no operating system, and they’re uniquely certified for Qubes OS (the V54 model will be certified soon), the ultra-secure and private operating system. On top of that, Nova Custom laptops come with Dasha … ⌘ Read more
“A handbag belonging to the homeland security secretary Kristi Noem containing her passport, department security badge and $3,000 in cash was stolen on Sunday night at a restaurant in Washington, the department confirmed.”
I Clicked a Random Button in Google Slides — Then Google Paid Me $2,240
The strange trick that exposed a hidden security flaw (and how you can find bugs like this too).
[Continue reading on InfoSec Write-ups »](https://in … ⌘ Read more
** CVSS 10.0 Critical Vulnerability in Erlang/OTP’s SSH: Unauthenticated Remote Code Execution Risk**
A critical security vulnerability (CVE-2025–32433) with a CVSS … ⌘ Read more
ActiveX disabled by default in Microsoft 365
ActiveX is a powerful technology that enables rich interactions within Microsoft 365 applications, but its deep access to system resources also increases security risks. Starting this month, the Windows versions of Microsoft Word, Microsoft Excel, Microsoft PowerPoint, and Microsoft Visio will have a new default configuration for ActiveX controls: Disable all controls without notification. ↫ Zaeem Patel at the Microsoft 365 Insider Blog Be ho … ⌘ Read more
Hacking and Securing Docker Containers: A Deep Dive into Common Vulnerabilities and Test Cases
Disclaimer: This document is for educational purposes only. Exploiti … ⌘ Read more
A threat model for opposing authoritarianism
A decade ago, I published a book on privacy “Dragnet Nation: A Quest for Privacy, Security, and Freedom in a World of Relentless Surveillance.” In the book, and since then, in articles and speeches, I have been dispensing advice to people on how to protect their privacy. But my advice did not envision the moment we are in – where the government would collaborate with a tech CEO to strip-mine all of our data from government databases and use i … ⌘ Read more
iOS 18.4.1 Update Released with CarPlay Fix & Security Patches
Apple has released iOS 18.4.1 update for iPhone, along with iPadOS 18.4.1 for iPad. The software updates include a few bug fixes and important security patches, making them recommended to update. Additionally, iOS 18.4.1 includes a bug fix for a particular issue with CarPlay not connecting properly in some situations. If you have been experiencing … [Read More](https://osxdaily.com/2025/04/16/ios-18-4-1-up … ⌘ Read more
MacOS Sequoia 15.4.1 Update Released with Bug & Security Fixes
Apple has released MacOS Sequoia 15.4.1 as a software update for Mac users running the Sequoia operating system. The update focuses exclusively on security updates and bug fixes, and contains no new features. Separately, Apple also released iOS 18.4.1 for iPhone, iPadOS 18.4.1 for iPad, and updates to tvOS, watchOS, and visionOS, and those updates … [Read More](https://osxdaily.com/2025/04/16/macos-sequoia-15- … ⌘ Read more
ProcessOne: ejabberd 25.04
Just a few weeks after previous release, ejabberd 25.04 is published with an important security fix, several bug fixes and a new API command.
Release Highlights:
If you are upgrading from a previous version, there are no change … ⌘ Read more
CVE program faces swift end after DHS fails to renew contract
Article URL: https://www.csoonline.com/article/3963190/cve-program-faces-swift-end-after-dhs-fails-to-renew-contract-leaving-security-flaw-tracking-in-limbo.html
Comments URL: [https://news.ycombinator.com/ite … ⌘ Read more
How to Get SSL Certificate Info in Safari on Mac
The latest versions of Safari for Mac have changed how a person might find SSL certificate information for a particular website, something that is commonly needed in web development, information security, and developmental web work in general. While in prior versions of Safari you could simply click on the little padlock icon next to the … Read More ⌘ Read more
How to Get SSL Certificate Info in Safari on Mac
The latest versions of Safari for Mac have changed how a person might find SSL certificate information for a particular website, something that is commonly needed in web development, information security, and developmental web work in general. While in prior versions of Safari you could simply click on the little padlock icon next to the … Read More ⌘ Read more
Whistleblower details how DOGE may have taken sensitive NLRB data
Article URL: https://www.npr.org/2025/04/15/nx-s1-5355896/doge-nlrb-elon-musk-spacex-security
Comments URL: https://news.ycombinator.com/item?id=43691142
Points: 503
# Comments: 242 ⌘ Read more
** OWASP Top 10 for LLMs in 2025: Security Test Cases You Must Know**
As Large Language Models (LLMs) continue to integrate into critical systems, securing them has become a top priority. In 2025, OWASP…
[Continue reading on I … ⌘ Read more
@andros@twtxt.andros.dev Ahh I see 👌
@prologic@twtxt.net Yes, it is a security hole. All dm-echo messages are readable. I intend it to be a debugging tool. Maybe I can include a warning message. If many of you see that it is a serious problem, I can remove the links.
**(#zwr3hiq) @andros@andros Ahh I see 👌
@prologic@prologic Yes, it is a security hole. All dm-echo messages are readable. I inten …**
@andros @twtxt.andros.dev Ahh I see 👌@prologic @twtxt.net Yes, it is a security hole. All dm-echo messages are readable. I intend it to be a debugging tool. Maybe I can include a warning message. If many of you see that it is a serious problem, I can remove the links. ⌘ Read more
Five Critical Shifts for Cloud Native at a Crossroads
As enterprises run ever-more-complex workloads on Kubernetes, they’re facing a new set of challenges: how to ensure security requirements are met, budgets are deployed efficiently and operational complexity is, well, not as complex. Many are finding… ⌘ Read more
GitHub for Beginners: Security best practices with GitHub Copilot
Learn how to leverage GitHub Copilot to make your code more secure.
The post GitHub for Beginners: Security best practices with GitHub Copilot appeared first on The GitHub Blog. ⌘ Read more
A Complete Guide to Securing Secrets in AWS Lambda
Learn how to securely manage secrets in AWS Lambda using environment variables, KMS encryption, Secrets Manager, and more.
[Continue reading on InfoSec Write-ups »](https://infosecwriteups.com/a-c … ⌘ Read more
Fast Flux: The DNS Botnet Technique Alarming National Security Agencies ⌘ Read more
Think You’re Safe? Here’s How Hackers Actually Break Into Your Accounts in 2025
How secure are you really when even two-factor authentication isn’t enough anymore?
[Continue reading on InfoSec Write-ups … ⌘ Read more
Chris Krebs, Government Censorship, the EFF, and Panicking Leftist Programmers
President Trump is taking action against the former head of CISA (Cybersecurity & Infrastructure Security Agency) for censoring Americans. ⌘ Read more
Renesas RZ/V2N Evaluation Kit for Real-Time Embedded Vision Applications
Renesas Electronics has introduced the RZ/V2N Evaluation Kit, a platform for developing embedded systems with on-device AI. Built around the RZ/V2N microprocessor, it combines an AI accelerator, image signal processor, and security features for vision-based edge applications. The evaluation platform includes two boards: the RTK0EF0186C02000BJ main board and the RTK0EF0168B00000BJ expansion board. Th … ⌘ Read more
There’s one way you can make your super more secure
Super funds are attractive targets for hackers, and recent attacks on funds have put the sector’s security practices under the microscope. ⌘ Read more
Windows Recall returns, and its companion feature does not keep data on-device
Remember Windows Recall, the Windows feature that would take a screenshot of your desktop every three seconds, stored them in a database, and then let you search through them at later dates? The feature has been hobbled by implementation problems, security issues, and privacy troubles, and has been released in preview and pulled since its original unveiling. Well, it’s back in … ⌘ Read more
Dino: Dino 0.5 Release
Dino is a secure and open-source messaging application.
It uses the XMPP (Jabber) protocol for decentralized communication.
We aim to provide an intuitive and enjoyable user interface.
The 0.5 release improves the user experience around file transfers and includes two completely reworked dialogs.
Improved file sharingThe way file transfers are currently done in the XMPP ecosystem is limited in functionality a … ⌘ Read more
How we’re making security easier for the average developer
Security should be native to your workflow, not a painful separate process.
The post How we’re making security easier for the average developer appeared first on The GitHub Blog. ⌘ Read more
Not updated in 7 years, IIS is still a default part of Windows, apparently
This month’s security updates for Windows 11 create a new empty folder on drive C. It is called “inetpub,” and it does not contain any extra folders or files. Its properties window shows 0 bytes in size and that it was created by the system itself. Neowin checked a bunch of Windows 11 PCs with the April 2025 security updates installed, and all of them had inetpub on drive C. ↫ Taras Bu … ⌘ Read more
How to request a change to a CVE record
Learn how to identify which CVE Numbering Authority is responsible for the record, how to contact them, and what to include with your suggestion.
The post How to request a change to a CVE record appeared first on The GitHub Blog. ⌘ Read more
↳
In-reply-to
»
Sharing A picture of my friend, business partner and roommate Lord Oscar. #ForScience
⤋ Read More
@aelaraji@aelaraji.com has things tight up so securely well, that’s it’s impossible to hotlink. 😅
Kubernetes hardening made easy: Running CIS Benchmarks with kube-bench
In today’s world, where security risks and breaches are growing daily, it is crucial to maintain our applications and infrastructure’s compliance with security standards and that is where CIS benchmarks from CIS (Center for Internet Security)… ⌘ Read more
Found means fixed: Reduce security debt at scale with GitHub security campaigns
Starting today, security campaigns are generally available for all GitHub Advanced Security and GitHub Code Security customers—helping organizations take control of their security debt and manage risk by unlocking collaboration between developers and security teams.
The post [Found means fixed: Reduce security debt at scale with GitHub security campaigns](http … ⌘ Read more
HydraNFC Shield v2 and Sniffer Decoder Expand Capabilities for NFC Development & Analysis
The HydraNFC Shield v2 is a high-performance NFC development platform built around the STMicroelectronics ST25R3916 NFC frontend. Designed for NFC research, development, debugging, and security analysis, it is intended to be used with the HydraBus v1.0, a versatile open-source baseboard that acts as the host interface for HydraNFC and other shield extensions. HydraBus … ⌘ Read more
DFRobot Previews RISC-V-Based FireBeetle 2 with ESP32-P4, Targeting Image and Video Applications
The FireBeetle 2 ESP32-P4 is an upcoming compact development board designed for real-time image processing, video streaming, and wireless communication. It targets HMI applications such as digital photo frames, security systems, home control panels, and smart doorbells. The board is built around the ESP32-P4R32 microcontroller, which features a dual-cor … ⌘ Read more
Localhost dangers: CORS and DNS rebinding
What is CORS and how can a CORS misconfiguration lead to security issues? In this blog post, we’ll describe some common CORS issues as well as how you can find and fix them.
The post Localhost dangers: CORS and DNS rebinding appeared first on The GitHub Blog. ⌘ Read more
Cloud Native Computing Foundation Member HAProxy Technologies Upgrades to Gold Membership
Strengthening its cloud native commitment with 25 years of open source innovation in application delivery and security London, England – KubeCon + CloudNativeCon Europe – April 2, 2025 – The Cloud Native Computing Foundation® (CNCF®), which… ⌘ Read more
MacOS Sonoma 14.7.5 & MacOS Ventura 13.7.5 Security Updates Released
Apple has released macOS Sonoma 14.7.5 and MacOS Ventura 13.7.5 as security updates for Mac users running Sonoma and Ventura operating systems. These updates are security patch focused and do not include new features that are otherwise available in the latest MacOS Sequoia 15.4 update that was released simultaneously. Separately, you’ll find software updates available … [Read More](https://osxd … ⌘ Read more
iOS 16.7.11, iOS 15.8.4, & iPadOS 17.7.6 Security Updates Released for Older iPhone & iPad
While iOS 18.4 and iPadOS 18.4 updates were just released for modern iPhone and iPad devices, Apple has also released a bevy of software updates for older iPhone and iPad devices. Each of these updates include important security fixes and are therefore recommended for all eligible users and their devices to install. Specifically, you will … [Read Mor … ⌘ Read more
Docker Desktop 4.40: Model Runner to run LLMs locally, more powerful Docker AI Agent, and expanded AI Tools Catalog
In Docker Desktop 4.40, we’re introducing new tools that simplify GenAI app development and support secure, scalable development. ⌘ Read more
GitHub found 39M secret leaks in 2024. Here’s what we’re doing to help
Every minute, GitHub blocks several secrets with push protection—but secret leaks still remain one of the most common causes of security incidents. Learn how GitHub is making it easier to protect yourself from exposed secrets, including today’s launches of standalone Secret Protection, org-wide scanning, and better access for teams of all sizes.
The post [GitHub found 39M secret leaks in 2024. H … ⌘ Read more
CNCF Research Reveals How Cloud Native Technology is Reshaping Global Business and Innovation
New study identifies a shift from security concerns to collaboration and efficiency as the top priority in cloud native adoption, emphasizing the need for seamless teamwork and automation KubeCon + CloudNativeCon Europe, London, UK – April… ⌘ Read more
Cloud Native Computing Foundation Announces Argo CD v3 Update to Enhance Scalability and Security for Kubernetes
Latest release boosts automation, performance, and security for Kubernetes-native GitOps KubeCon + CloudNativeCon Europe, London, UK – April 1, 2025 – The Cloud Native Computing Foundation® (CNCF®), which builds sustainable ecosystems for cloud native software, today… ⌘ Read more
iOS 18.4 Update with Ambient Music, New Emoji, Priority Notifications, Mail Categorization for iPad, Released
Apple has released iOS 18.4 for iPhone, along with iPadOS 18.4 for iPad. These updates include a few new features, as well as bug fixes and security enhancements. iOS 18.4 for iPhone includes new emoji icons, an ambient music generator, a Priority Notifications feature for Apple Intelligence, and various bug fixes and security patches. iPadOS … [Read More](https://osxdaily.com/2025/03/3 … ⌘ Read more
MacOS Sequoia 15.4 Update Released with Mail Categorization, New Emoji
MacOS Sequoia 15.4 has been released for Mac users running the Sequoia operating system. The software update includes some new features and refinements, as well as resolutions to various bugs and security patches. For new features, MacOS Sequoia 15.4 gains the Mail Categorization feature that automatically sorts your email inbox for you that has been … [Read More](https://osxdaily.com/2025/03/31/macos-sequoia-15-4-update-downloa … ⌘ Read more
iOS 18.4 Update with Ambient Music, New Emoji, Priority Notifications, Mail Categorization for iPad, Released
Apple has released iOS 18.4 for iPhone, along with iPadOS 18.4 for iPad. These updates include a few new features, as well as bug fixes and security enhancements. iOS 18.4 for iPhone includes new emoji icons, an ambient music generator, a Priority Notifications feature for Apple Intelligence, and various bug fixes and security patches. iPadOS … [Read More](https://osxdaily.com/2025/03/3 … ⌘ Read more
MacOS Sequoia 15.4 Update Released with Mail Categorization, New Emoji
MacOS Sequoia 15.4 has been released for Mac users running the Sequoia operating system. The software update includes some new features and refinements, as well as resolutions to various bugs and security patches. For new features, MacOS Sequoia 15.4 gains the Mail Categorization feature that automatically sorts your email inbox for you that has been … [Read More](https://osxdaily.com/2025/03/31/macos-sequoia-15-4-update-downloa … ⌘ Read more