Nova Custom: this week’s sponsor
Nova Custom, based in The Netherlands, makes laptops focused on privacy, customisation, and freedom. Nova Custom laptops ship with either Linux, Windows, or no operating system, and they’re uniquely certified for Qubes OS (the V54 model will be certified soon), the ultra-secure and private operating system. On top of that, Nova Custom laptops come with Dasharo coreboot firmware preinstalled, which is completely open source, instead of a proprietary BIOS. Nova Custom c … ⌘ Read more
Microsoft makes it even harder to use a local account on Windows 11
Do you want to install Windows 11 without internet access or without an online Microsoft Account? It seems Microsoft really doesn’t want you to, as it has removed a very common and popular way of bypassing this requirement. In the release notes for the latest builds from the Dev and Beta channels, the company notes: We’re removing the bypassnro.cmd script from the build to enhance security and use … ⌘ Read more
FBI raids home of prominent computer scientist who has gone incommunicado
Article URL: https://arstechnica.com/security/2025/03/computer-scientist-goes-silent-after-fbi-raid-and-purging-from-university-website/
Comments URL: https://news.ycombinator.com/item?id=43527001
… ⌘ Read more
Cedar: A New Approach to Policy Management for Kubernetes
The challenges organizations face when managing access control and authorization in cloud-native environments continue to grow in complexity. Organizations scaling their Kubernetes deployments, for example, work to balance their security requirements, operational flexibility, and policy manageability…. ⌘ Read more
Istio: The Highest-Performance Solution for Network Security
Ambient mode provides more encrypted throughput than any other project in the Kubernetes ecosystem. Encryption in transit is a baseline requirement for almost all Kubernetes environments today, and forms the foundation of a zero-trust security posture…. ⌘ Read more
Mathieu Pasquet: slixmpp v1.10
This new version does not have many new features, but it has quite a few
breaking changes, which should not impact many people, as well as one important
security fix.
Thanks to everyone who contributed with code, issues, suggestions, and reviews!
SecurityAfter working on TLS stuff, I noticed that we still allowed unencrypted SCRAM to be negociated, which is really not good.
For packagers who only want this security fix, the commit fd66aef38d48b6474654cbe87464d7d416d6a5f3 should app … ⌘ Read more
8 Ways to Empower Engineering Teams to Balance Productivity, Security, and Innovation
Explore how Docker’s suite of products empowers industry leaders and their development teams to innovate faster, stay secure, and deliver impactful results. ⌘ Read more
Building Secure Kubernetes Edge Images with Kairos and k0s
Why combining these CNCF projects simplifies Kubernetes deployment at the edge. Edge computing is rapidly changing the landscape of application deployment, demanding solutions that are lightweight, secure, and easily managed, particularly when it comes to Kubernetes… ⌘ Read more
The seL4 microkernel: an introduction
This whitepaper provides an introduction to and overview of seL4. We explain what seL4 is (and is not) and explore its defining features. We explain what makes seL4 uniquely qualified as the operating-system kernel of choice for security- and safety-critical systems, and generally embedded and cyber-physical systems. In particular, we explain seL4’s assurance story, its security- and safety-relevant features, and its benchmark-setting performance. We also d … ⌘ Read more
A maintainer’s guide to vulnerability disclosure: GitHub tools to make it simple
A step-by-step guide for open source maintainers on how to handle vulnerability reports confidently from the start.
The post A maintainer’s guide to vulnerability disclosure: GitHub tools to make it simple appeared fir … ⌘ Read more
My cunning feline has developed a foolproof technique to circumvent my security attempts. ⌘ Read more
NXP’s FRDM i.MX 91 Board Provides Low-Power Solution for Linux-Based IoT Systems
Following the release of the FRDM i.MX 93 board, NXP has launched the FRDM i.MX 91 development board, a compact platform based on the i.MX 91 applications processor. It is intended for early-stage development and evaluation of industrial and IoT systems that require basic Linux support, integrated connectivity, and hardware-level security. The board features a […] ⌘ Read more
Memory safety for web fonts in Chrome: Google replaces FreeType with Rust-based alternative
There’s no escaping Rust, and the language is leaving its mark everywhere. This time around, Chrome has replaced its use of FreeType with Skrifa, a Rust-based replacement. Skrifa is written in Rust, and created as a replacement for FreeType to make font processing in Chrome secure for all our users. Skifra takes advantage of Rust’s memory safety, and … ⌘ Read more
Kubestronaut in Orbit: Willem Berroubache
Get to know Williem Willem Berroubache is a cloud native and Security Architect based in Paris, France, currently working at Orange. Over the years, he has worked on private cloud security use cases and telco cloud… ⌘ Read more
[ANN] Cypher Stack published FROSTLASS security proofs and Eagen’s divisors review
Links:
n/a ⌘ Read more
Open Policy Agent: Best Practices for a Secure Deployment
Thanks to its performance and adaptability, Open Policy Agent (OPA) is a common choice for managing policy-as-code. Nonetheless, security flaws can develop if OPA is abused or improperly designed, much as with any tool handling important… ⌘ Read more
Building Scalable, Agile, and Secure APIs with Kubernetes and Microservices
The dawn of APIs across the digital ecosystem has fundamentally disrupted standard business models and software development. And enhancing these approaches with intelligent, data-driven, and real-time insights allows your organization to dynamically scale. However traditional monolithic… ⌘ Read more
Beta 4 of iOS 18.4, iPadOS 18.4, MacOS Sequoia 15.4, Available for Testing
Apple has released the fourth beta version of iOS 18.4, MacOS Sequoia 15.4, and iPadOS 18.4, all of which are set to be fairly minor software updates but do include a handful of new features, and will also include the usual round of bug fixes and security enhancements. New features currently being tested in these … [Read More](https://osxdaily.com/2025/03/17/beta-4-of-ios-18-4-ipados-18-4 … ⌘ Read more
Microsoft accidentally cares about its users, releases update that unintentionally deletes Copilot from Windows
It’s rare in this day and age that proprietary operating system vendors like Microsoft and Apple release updates you’re more than happy to install, but considering even a broken clock is right twice a day, we’ve got one for you today. Microsoft released KB5053598 (OS Build 26100.3476) which “addresses security i … ⌘ Read more
CNCF & OpenSSF Announce Open Source SecurityCon 2025
The Cloud Native Computing Foundation (CNCF) and the Open Source Security Foundation (OpenSSF) are thrilled to introduce Open Source SecurityCon 2025—a premier event focused on strengthening cloud-native and open source software security. This one-day conference, set… ⌘ Read more
A more robust raw OpenBSD syscall demo
Ted Unangst published dude, where are your syscalls? on flak yesterday, with a neat demonstration of OpenBSD’s pinsyscall security feature, whereby only pre-registered addresses are allowed to make system calls. Whether it strengthens or weakens security is up for debate, but regardless it’s an interesting, low-level programming challenge. The original demo is fragile for multiple reasons, and requires manually locating and entering addresses for each bu … ⌘ Read more
Sign in as anyone: Bypassing SAML SSO authentication with parser differentials
Critical authentication bypass vulnerabilities (CVE-2025-25291 + CVE-2025-25292) were discovered in ruby-saml up to version 1.17.0. In this blog post, we’ll shed light on how these vulnerabilities that rely on a parser differential were uncovered.
The post [Sign in as anyone: Bypassing SAML SSO authentication with parser differentials](https://github.blog/security/sign-in-as-anyone- … ⌘ Read more
iOS 18.3.2 Update Released with Bug Fixes
Apple has released iOS 18.3.2 for iPhone and ipadOS 18.3.2 for iPad. The updates are focused on security patches and bug fixes, and do not include any new features. Separately, there are updates available for Mac as MacOS Sequoia 15.3.2, Safari 18.3.1 for Ventura and Sonoma, tvOS 18.3.1 for Apple TV, and visionOS 3.2.3 for … Read More ⌘ Read more
MacOS Sequoia 15.3.2 Update Released with Fixes for Bugs & Security Issues
MacOS Sequoia 15.3.2 has been released by Apple for Mac users running the Sequoia operating system. The update includes important bug fixes and security patches, and Apple recommends installing the update on all eligible devices. If your Mac is running macOS Ventura or macOS Sonoma, you will find an update to Safari 18.3.1 available instead … [Read More](https://osxdaily.com/2025/03 … ⌘ Read more
Full exposure: A practical approach to handling sensitive data leaks
Treating exposures as full and complete can help you respond more effectively to focus on what truly matters: securing systems, protecting sensitive data, and maintaining the trust of stakeholders.
The post Full exposure: A practical approach to handling sensitive data leaks appeared first on [The GitHu … ⌘ Read more
Exploring the (discontinued) hybrid Debian GNU/kFreeBSD distribution
For decades, Linux and BSD have stood as two dominant yet fundamentally different branches of the Unix-like operating system world. While Linux distributions, such as Debian, Ubuntu, and Fedora, have grown to dominate the open-source ecosystem, BSD-based systems like FreeBSD, OpenBSD, and NetBSD have remained the preferred choice for those seeking security, performance, and licensing flexibility. … ⌘ Read more
Falcoctl: Artifact Management for Falco
Artifact management is the process of storing, organising, and securing the essential components generated throughout software development. Cloudsmith defines artifacts as the tangible outputs of the development lifecycle, including compiled source code, libraries, executables, and configuration… ⌘ Read more
Microsoft discovers massive malvertising campaign on GitHub
Like the other Chrome skins, Microsoft Edge is also moving to disable Manifest v2 extensions, restricting the effectiveness of ad blockers like uBlock Origin. As an advertising company, Microsoft was obviously never going to do the work to keep Manifest v2 support around in Chrome, so this was inevitable. Blocking ads might be a necessary security practice, but why cry over spilled user data, am I right? Anyway, … ⌘ Read more
Why Infrastructure as Code Needs to be Secure by Default
Infrastructure as Code (IaC) has become the standard for managing cloud infrastructure, but it introduces significant challenges, particularly around security and compliance. Issues such as misconfigurations, secret management, policy enforcement, and auditing can complicate workflows. These… ⌘ Read more
Kubestronaut in Orbit: Gerardo López
Get to know Gerardo Gerardo is a passionate Cloud Native Advocate, Kubernetes expert, and Docker Captain with a strong focus on DevOps, software development, and security. Based in Costa Rica, he has earned several certifications, including… ⌘ Read more
Video: How to run dependency audits with GitHub Copilot
Learn to automate dependency management using GitHub Copilot, GitHub Actions, and Dependabot to eliminate manual checks, improve security, and save time for what really matters.
The post Video: How to run dependency audits with GitHub Copilot appeared first on The GitHub Blog. ⌘ Read more
Not just for developers: How product and security teams can use GitHub Copilot
GitHub Copilot isn’t just for developers! Discover how product managers, security professionals, scrum masters, and more use GitHub Copilot to streamline tasks, automate workflows, and boost productivity across teams.
The post [Not just for developers: How product and security teams can use GitHub Copilot](https://github.blog/ai-and-ml/github-copilot/not-just-for-dev … ⌘ Read more
Observability Trends in 2025 – What’s Driving Change?
Observability has evolved beyond traditional monitoring, integrating AI, automation, and security. Initially, monitoring focused on collecting logs and metrics separately, often leading to silos and limited visibility. The rise of distributed systems and microservices has increased… ⌘ Read more
Torizon and Texas Instruments Collaborate on Cybersecurity Compliance for Embedded Systems
Torizon and Texas Instruments have announced a collaboration aimed at simplifying cybersecurity compliance and development for industrial and medical embedded systems. The partnership integrates Torizon’s software platform with TI’s Arm-based, Linux-capable processors, addressing increasing security requirements such as those outlined in the EU Cyber Resilience Ac … ⌘ Read more
Finding leaked passwords with AI: How we built Copilot secret scanning
Passwords are notoriously difficult to detect with conventional programming approaches. AI can help us find passwords better because it understands context. This blog post will explore the technical challenges we faced with building the feature and the novel and creative ways we solved them.
The post [Finding leaked passwords with AI: How we built Copilot secret scanning](https … ⌘ Read more
Erlang Solutions: Top 5 IoT Business Security Basics
IoT is now a fundamental part of modern business. With more than 17 billion connected devices worldwide, IoT business security is more important than ever. A single breach can expose sensitive data, disrupt operations, and damage a company’s reputation.
To help safeguard your business, we’ll cover five essential IoT security basics: data encryption, strong password policies, regular security audits, employee awareness tr … ⌘ Read more
Kubescape becomes a CNCF incubating project
The CNCF Technical Oversight Committee (TOC) has voted to accept Kubescape as a CNCF incubating project. Kubescape is an open-source Kubernetes security project designed to offer comprehensive security coverage throughout the entire development and deployment lifecycle…. ⌘ Read more
ameriDroid Opens Preorders for VPN Server with WireGuard and DietPi
The VPN Server by ameriDroid is a pre-configured device for secure remote access to home and small office networks. Built on the ODROID-C4, it runs a lightweight Linux-based system with WireGuard for encrypted VPN connections and minimal setup. The device is based on the ODROID-C4, a single-board computer released in early 2020 by Hardkernel, featuring […] ⌘ Read more
spirobel submits CCS proposal to develop Monero Payment Links, Browser Wallet, multisig companion app
spirobel1 has submitted a CCS proposal2 to finish developing the Monero Browser Wallet3, create a self-hostable Stripe Payment Links 4 alternative5 and a multisig companion app, in an effort to make XMR web shopping more convenient and secure:
Currently Monero shoppers have to copy and paste addresses from the t … ⌘ Read more
Announcing the Kubernetes “Shift Down” Security Paper
The CNCF Kubernetes Policy Working group (WG) has just released the Shift Down Security paper to help educate the community about how organizations can leverage cloud native security best practices to address key business risks and… ⌘ Read more
Qualcomm gives OEMs the option of 8 years of Android updates
Starting with Android smartphones running on the Snapdragon 8 Elite Mobile Platform, Qualcomm Technologies now offers device manufacturers the ability to provide support for up to eight consecutive years of Android software and security updates. Smartphones launching on new Snapdragon 8 and 7-series mobile platforms will also be eligible to receive this extended support. ↫ Mike Genewich I mean, good news of cou … ⌘ Read more
Apple pulls data protection tool after UK government security row
Article URL: https://www.bbc.com/news/articles/cgj54eq4vejo
Comments URL: https://news.ycombinator.com/item?id=43128253
Points: 843
# Comments: 651 ⌘ Read more
Cake Labs releases Cake Wallet v4.23.2, Monero.com v1.20.2
Cake Labs1 has released Cake Wallet version 4.23.22 with a Monero Android crash fix, Zano and Ethereum enhancements, Ledger bugfixes and UI improvements:
Changes overviewWe’re excited to announce the latest update, which brings a host of enhancements to improve performance, security, and user experience.3
”`
- Significant improvements to Zano functionality
- Enhanced Ethereum integration with improve … ⌘ Read more”`
OSTIF Announces Linkerd Security Audit Results
The Open Source Technology Improvement Fund (OSTIF) is proud to share the results of our security audit of Linkerd. Linkerd is an open source service mesh for Kubernetes which prioritizes reliability, security, and simplicity. Thanks to… ⌘ Read more
How to manage three top Kubernetes security vulnerabilities
This article explains: Kubernetes and security Across various organizations, Kubernetes is being adopted at lightning rates. It is estimated that 60% of organizations have adopted this technology, and the list of companies planning on transitioning to… ⌘ Read more
Ezurio Veda SL917 Expands Industrial IoT Connectivity with Wi-Fi 6 and Bluetooth LE
The Veda SL917, developed by Ezurio and based on the Silicon Labs SiWx917 chipset, is a low-power wireless module designed for industrial IoT applications. It provides connectivity options, including Wi-Fi 6, Bluetooth Low Energy 5.4, and support for Matter and IP networking, providing secure cloud connectivity and efficient power management. This device supports OFDMA, MU-MIMO … ⌘ Read more
Self-hosting my emails again: A few weeks in
A few weeks ago, I moved back to self-hosting my mail server after using Purelymail for three years. The decision wasn’t about cost – it’s actually more expensive to rent a VPS – but about control, security, and data locality. My mails are now hosted in Europe, giving me more confidence in their privacy, and I can configure everything exactly as I want while ensuring compliance with GDPR. ⌘ Read more
ESP32-S3 IR Thermal Imaging Camera Module with Wi-Fi and Bluetooth Connectivity
Waveshare recently launched the ESP32-S3 IR Thermal Imaging Camera Module which is a wireless infrared thermal imaging device based on the ESP32-S3-WROOM-1 chip. Designed with a compact form factor of 29 × 29mm, this module is intended for applications such as thermal monitoring, security surveillance, and industrial diagnostics. The product page does not mention […] ⌘ Read more
How GitHub uses CodeQL to secure GitHub
How GitHub’s Product Security Engineering team manages our CodeQL implementation at scale and how you can, too.
The post How GitHub uses CodeQL to secure GitHub appeared first on The GitHub Blog. ⌘ Read more
Announcing Ratify v1.4.0 – Revocation Checking with CRL Support, Enhanced Out-of-box Experience, and New Cloud Provider Support
We are thrilled to announce the release of Ratify v1.4.0! This milestone release introduces significant new features that enhance Ratify’s capabilities as a trusted supply chain security tool. As always, we deeply appreciate the contributions from the… ⌘ Read more