Security updates for Friday
Security updates have been issued by AlmaLinux (.NET 8.0, .NET 9.0, cockpit, firefox, flatpak, httpd, kernel, and kernel-rt), Debian (kernel, kitty, lemonldap-ng, nagios4, python-flask-httpauth, and roundcube), Fedora (CImg, gmic, haveged, jpegxl, kernel, libpng, mapserver, mingw-qt6-qtsvg, openbao, perl-Sereal, perl-Sereal-Decoder, perl-Sereal-Encoder, and podofo), Mageia (bind, graphicsmagick, microcode, nginx, packages, perl-Catalyst-Plugin-Authentication, perl-HTTP-Daemon, perl-IO-Compr … ⌘ Read more
Fed up with vibe coders, dev sneaks data-nuking prompt injection into their code
Article URL: https://arstechnica.com/security/2026/05/fed-up-with-vibe-coders-dev-sneaks-data-nuking-prompt-injection-into-their-code/
Comments URL: https://news.ycombinator.com/item?id=48319968
… ⌘ Read more
Energy Minister Simeon Brown opposes Meridian’s Pūkaki storage bid
Energy Minister Simeon Brown has made a late intervention opposing Meridian Energy’s fast-track application to use more water from Lake Pūkaki, warning the proposal in its current form could weaken the electricity system’s dry-year security while gas supply declines and wider market reforms remain unresolved.
The intervention puts the Government directly at odds with Meridian over one of the co … ⌘ Read more
IBM, Red Hat Commit $5 Billion To Secure Open Source Supply Chains
IBM and Red Hat are committing $5 billion to a new initiative called “Project Lightwell,” which aims to secure open-source software supply chains with AI-assisted vulnerability discovery, triage, patch validation, and upstream maintenance. Longtime Slashdot reader wiggles shares a press release from IBM: IBM and Red Hat today announced Project … ⌘ Read more
Chinese regulators investigate Auckland’s Tiger Brokers in offshore clampdown
Chinese regulators have launched a probe into Auckland-based Tiger Brokers over alleged illegal cross-border business activities as part of a wider clampdown on offshore trading platforms allegedly helping investors sidestep Beijing’s capital controls.
The China Securities Regulatory Commission (CSRC) announced on Friday it was cracking down on several offshore bro … ⌘ Read more
DOJ Charges Google Employee With $1.2 Million Polymarket Bet On Search Term
An anonymous reader quotes a report from CNBC: Federal prosecutors charged a Google employee with fraud on Wednesday, alleging that he made $1.2 million off of bets using insider information on Polymarket. Prosecutors claim that Michele Spagnuolo, a staff information security engineer at Google, used confidential information to … ⌘ Read more
Arm Announces Metis: Agentic AI Security Framework
Arm today announced the open-sourcing of Metis, an agentic AI security framework that delivers context AI-powered security analysis in looking out for software vulnerabilities… ⌘ Read more
IBM’s “Project Lightwell”
IBM has sent out a\
press release touting a claimed $5 billion investment into an
operation called Project Lightwell:
Project Lightwell will establish a trusted enterprise clearinghouse
combined with a global force of engineers to identify and fix
vulnerabilities at scale. The clearinghouse will serve as a
security coordination layer, using advanced AI capabilities to
val … ⌘ Read more
Security updates for Thursday
Security updates have been issued by AlmaLinux (firefox, gdk-pixbuf2, glibc, gnutls, kernel, libexif, mysql8.4, postgresql16, postgresql18, python3.14, ruby:3.3, and ruby:4.0), Debian (krb5, roundcube, starlette, unbound, and varnish), Fedora (kernel, nginx, nginx-mod-brotli, nginx-mod-fancyindex, nginx-mod-headers-more, nginx-mod-js-challenge, nginx-mod-modsecurity, nginx-mod-naxsi, nginx-mod-vts, perl-Imager, poppler, python-uv-build, rrdtool, rust-astral-tokio-tar, rust-astral_async_http … ⌘ Read more
Perfect Randomness Realized For the First Time
ETH Zurich researchers say they have generated certified “perfect randomness” for the first time by using a quantum Bell-test setup with two entangled superconducting chips connected by a 30-meter cooled link. “In the long term, this work could play a similar role in digital security as atomic clocks do for timekeeping: a physically certified source of randomness that other syst … ⌘ Read more
[$] LWN.net Weekly Edition for May 28, 2026
Inside this week’s LWN.net Weekly Edition:
Front: Dirk and Linus talk; BPF and GCC; private memory modes; BPF page-cache policies; major page faults; LLM kernel review; tiered-memory support; transparent huge pages; page mappings; Model Openness Tool.
Briefs: Stenberg security stress; GTK PDF problems; Morton 2004 keynote; OpenBSD 7.9; Bambu’s AGPLv3 violations; Quotes; …
[Announcements](https://lwn.net/Ar … ⌘ Read more
Google Security Engineer Arrested in Million-Dollar Polymarket Trading Scheme
According to federal prosecutors, Michele Spagnuolo made more than $1 million on the prediction market platform using confidential information about Google Search traffic. ⌘ Read more
Rust Will Save Linux From AI, Says Greg Kroah-Hartman
Linux stable kernel maintainer Greg Kroah-Hartman says Rust can help Linux deal with a flood of AI-discovered security bugs (namely Dirty Frag, Copy Fail, and Fragnesia) by preventing common C mistakes around memory, locking, error handling, and untrusted data at build time rather than during human review. It’s “not a silver bullet” and does not mean rewriting the whol … ⌘ Read more
Security updates for Wednesday
Security updates have been issued by AlmaLinux (bind, buildah, compat-libtiff3, compat-openssl11, containernetworking-plugins, crun, delve, dnsmasq, dovecot, edk2, firefox, freeipmi, gdk-pixbuf2, giflib, git-lfs, glib2, go-fdo-client, go-fdo-server, golang, grafana, grafana-pcp, gstreamer1-plugins-bad-free, gstreamer1-plugins-base, gstreamer1-plugins-good, and gstreamer1-plugins-ugly-free, iputils, jq, kernel, krb5, libcap, LibRaw, libsndfile, libsoup, libsoup3, libssh, libtiff, libvirt, linux-sgx, … ⌘ Read more
Straker updates on ongoing fraud investigation
Straker has provided an update on its ongoing investigation into transaction anomalies involving the bank accounts of its US subsidiary, Straker Translations.
The Auckland translation technology company, Straker, was suspended from trading on the Australian Securities Exchange after discovering suspected fraud at its United States subsidiary involving at least US$1.5 million (NZ$2.5m) and possibly more. ⌘ Read more
Mythos Detected 23,000 Vulnerabilities Across 1,000 OSS Projects
wiredmikey shares a report from SecurityWeek: Anthropic says its Claude Mythos model discovered thousands of severe vulnerabilities across more than 1,000 open source software (OSS) projects. According to the AI giant, Mythos Preview has identified more than 23,000 potential vulnerabilities. Of these, 1,900 have been reviewed by external security f … ⌘ Read more
7 Best Outdoor Security Cameras (2026) After Testing Dozens
These weatherproof outdoor security cams keep a watchful eye on your property while you get on with life. Our list includes battery-powered cameras that need no subscription. ⌘ Read more
Stenberg: The pressure
Curl maintainer Daniel Stenberg writes about\
the stress of keeping up with the current flood of security reports.
This is a never-before seen or experienced pressure on the curl
project and its security team members. An avalanche of high
priority work that trumps all other things in the project that is
primarily mental because we certainly could ignore them all if we
wanted, but we feel a responsibility, we have a conscience and we
are p … ⌘ Read more
Security updates for Tuesday
Security updates have been issued by Debian (postorius and spip), Fedora (bind, bind-dyndb-ldap, linux-firmware, tor, and unbound), Mageia (ffmpeg, nginx, perl-Imager, and tigervnc, x11-server, x11-server-xwayland), Oracle (firefox and kernel), Red Hat (buildah, git-lfs, go-toolset:rhel8, golang, golang-github-openprinting-ipp-usb, grafana, grafana-pcp, gvisor-tap-vsock, java-1.8.0-openjdk, java-17-openjdk, java-21-openjdk, opentelemetry-collector, osbuild-composer, podman, rhc, rhc-wo … ⌘ Read more
ML-KEM + X-Wing Patches Posted For Linux To Help With Post-Quantum Security
Linux cryptography expert Eric Biggers of Google posted a set of patches on Monday for providing proof-of-concept support for ML-KEM and X-Wing for post-quantum cryptography… ⌘ Read more
Straker suspended after suspected US employee fraud
Auckland translation technology company Straker has been suspended from trading on the Australian Securities Exchange after discovering suspected fraud at its United States subsidiary involving at least US$1.5 million (NZ$2.5m) and possibly more.
Straker requested the voluntary suspension on Tuesday, saying it had identified transactions totalling approximately US$1.5m that it was confident had been misappropriated … ⌘ Read more
Mighty Ape making ‘progress’ to profitability
Kogan Group has reported higher profits as it continues to focus on its strategic turnaround of the Mighty Ape subsidiary.
Kogan.com (Kogan Group) released its results for the 10 months ended April 30 2026, on the Australian Securities Exchange (ASX) on Tuesday. ⌘ Read more
Security updates for Monday
Security updates have been issued by Debian (atril, evince, gnutls28, haproxy, haveged, jq, kernel, krb5, libgcrypt20, nodejs, and thunderbird), Fedora (aw-server-rust, awatcher, bind, bind-dyndb-ldap, chromium, composer, docker-buildkit, docker-buildx, dotnet10.0, dotnet8.0, dotnet9.0, evince, firefox, httpd, kernel, nodejs-aw-webui, nss, perl-Apache-Session-Browseable, pie, python-pulp-glue, python-requests, and python3.15), Slackware (kernel), SUSE (apptainer, chromium, cockpit, dnsmasq, … ⌘ Read more
2026 HIPAA Security Rule Update
Article URL: https://medcurity.com/hipaa-security-rule-2026-update/
Comments URL: https://news.ycombinator.com/item?id=48266895
Points: 10
# Comments: 0 ⌘ Read more
Lenovo, Dell, and HP Financially Support Linux Vendor Firmware Service
The It’s FOSS blog has news about the Linux Vendor Firmware Service, which gives hardware vendors a secure portal to upload firmware updates “which can then be downloaded and installed by users through clients such as GNOME Software or fwupdmgr.” (Originally developed in 2015 by GNOME maintainer Richard Hughes…)
The issue, however, o … ⌘ Read more
Quantum ‘Jamming’ Could Help Unlock the Mysteries of Causality
To keep communications secure in a post-quantum world, cryptographers are digging down into the concept of cause and effect. ⌘ Read more
The FBI Wants ‘Near Real-Time’ Access to US License Plate Readers
Plus: Google publishes a live exploit for an unpatched flaw, the feds arrest two men accused of creating thousands of nonconsensual deepfake nudes, and more. ⌘ Read more
FreeBSD 15.1-RC1 Released: Fixes With Now Seeing More AI-Discovered Security Issues
In addition to the recent influx of Linux security vulnerabilities affecting Linux, FreeBSD has also begun receiving security reports via AI/LLM-driven discovery tools. FreeBSD 15.1-RC1 is out today ahead of the planned official release in June and it brings a handful of security fixes out of this new AI-driven security research space… ⌘ Read more
Google API Keys Remain Active After Deletion
Aikido Security found that deleted Google API keys can continue authenticating for a median of about 16 minutes and as long as 23 minutes, despite Google Cloud’s UI claiming that once a key is deleted it can no longer make API requests. Dark Reading reports: Joe Leon, researcher at Belgian startup Aikido Security, recently analyzed the revocation window – the time between a key’s dele … ⌘ Read more
Security updates for Friday
Security updates have been issued by AlmaLinux (firefox), Debian (chromium, nss, openvpn, and thunderbird), Fedora (cockpit, kernel, and linux-firmware), Oracle (gdk-pixbuf2, kernel, and libsndfile), SUSE (container-suseconnect, cpp-httplib, dnsmasq, firefox, glibc, GraphicsMagick, java-1_8_0-openj9, kernel, mozjs115, php8, python-urllib3, rekor, rootlesskit, rsync, tiff, ucode-intel, util-linux, and xz), and Ubuntu (bind9, bubblewrap, libarchive, linux-intel-iot-realtime, postgre … ⌘ Read more
Linux Sound Subsystem Also Seeing Many Fixes Driven By AI/LLMs
It’s not only the Linux networking subsystem where many fixes have been appearing – including several notable security fixes for local privilege escalation issues – leading to “craziness” from AI / LLMs. The Linux sound subsystem has also been seeing an uptick in activity with many “assisted-by” patches coming about in recent weeks… ⌘ Read more
Today’s Linux Networking Fixes: “Craziness Continues With No End In Sight”
Driven by AI/LLM bots like Shashiko uncovering new issues within the Linux kernel source tree, including various security vulnerabilities like Dirty Frag, the mailing list has been wild with bug reports and fixes. Today’s networking fixes pull request for Linux 7.1 continues to highlight the ongoing craziness and fears that the worst may be yet to come… ⌘ Read more
说出来我都不信:Linux 漏洞第4、第5爆了 / Nginx 也继续爆漏洞
这是今天(2026年5月21日)早上: 这是今天晚上: 也不知道说什么了,直接看吧。 Linux 第4漏洞:CVE-2026-46333(7.1分) 这是继 Copy Fail(4 月 29 日)、Dirty Frag(5 月 7 日)和 Fragnesia(5 月 13 日)之后,在短短三周内爆出 ⌘ Read more
Security updates for Thursday
Security updates have been issued by AlmaLinux (kernel, kernel-rt, and libsndfile), Debian (bind9, evince, firefox-esr, openjpeg2, pdns, and rsync), Fedora (erlang-cowlib, evince, expat, firefox, kernel, mingw-expat, mysql8.0, mysql8.4, nss, opencryptoki, pgadmin4, proftpd, python-django5, python-django6, python-dotenv, rsync, rust-nu, rustup, and strongswan), Oracle (nginx, nginx:1.24, ruby, ruby:3.3, and squid), Slackware (bind and rsync), SUSE (buildah, distribution, distributi … ⌘ Read more
The Best Home Security System Is Modular (2026)
I’ve had SimpliSafe’s modular, no-contract setup for nearly a decade, and adding on to it has been a cinch. ⌘ Read more
[$] LWN.net Weekly Edition for May 21, 2026
Inside this week’s LWN.net Weekly Edition:
Front: OpenSUSE site age restrictions; Lots of LSFMM+BPF coverage; The tenth OpenPGP email summit.
Briefs: Firefox 151.0; pgBackRest funding; RIP Peter G. Neumann; Quotes; …
Announcements: Newsletters, conferences, security updates, patches, and more. ⌘ Read more
Madison Square Garden Bans Lawyer Representing New York Cop Injured at a Boxing Match
Attorney John Scola is representing a police officer who is suing over injuries allegedly sustained while working security at an MSG property in 2025. ⌘ Read more
Security updates for Wednesday
Security updates have been issued by AlmaLinux (kernel, libpng, nginx, nginx:1.24, ruby, and ruby:3.3), Debian (gnutls28 and linux-6.1), Fedora (dnsmasq, kernel, keylime-agent-rust, perl-Net-CIDR-Lite, python-pysam, python-urllib3, rust-cargo-vendor-filterer, rust-ingredients, rust-oo7-cli, rust-rpki, rust-sevctl, and rust-tealdeer), Mageia (bind), Oracle (bind, giflib, gimp:2.8, kernel, libpng, rsync, ruby, and vim), Slackware (haveged and mozilla), SUSE (cockpit, dnsmasq, e … ⌘ Read more
Valkey 9.1 Delivers More Performance & Enhanced Security
Valkey 9.1 released on Tuesday as the latest version of this popular fork of the Redis in-memory, key-value database… ⌘ Read more
Fedora Retiring Its Deepin Desktop Packages
A year after SUSE decided to remove its Deepin desktop packages over ongoing security concerns, Fedora Linux is now also removing their Deepin packages over similar concerns and lack of activity in maintaining the packages… ⌘ Read more
CISA Admin Leaked AWS GovCloud Keys On Github
An anonymous reader quotes a report from KrebsOnSecurity: Until this past weekend, a contractor for the Cybersecurity & Infrastructure Security Agency (CISA) maintained a public GitHub repository that exposed credentials to several highly privileged AWS GovCloud accounts and a large number of internal CISA systems. Security experts said the public archive included files detailing how … ⌘ Read more
Security updates for Tuesday
Security updates have been issued by AlmaLinux (libpng and nginx), Debian (erlang, netatalk, and nginx), Fedora (mod_md and SDL2_image), Mageia (perl-libwww-perl, perl-HTTP-Message, perl-WWW-Mechanize-Cached, perl-File-XDG, perl-Path-Tiny, perl-YAML-Syck, postgresql15, and rclone), SUSE (agama, alloy, cacti, cloud-init, dnsmasq, emacs, firefox, glibc, go1.25, go1.26, google-cloud-sap-agent, google-guest-agent, ibus-rime, librime, imagemagick, kernel, libsndfile, nginx, ongres-scram, … ⌘ Read more
Europe Tests Laser Links As Satellite Comms Outgrow Radio
Europe is testing laser-based satellite communications through a new mountaintop ground station in Greece, aiming to deliver faster, more secure links than traditional radio systems as bandwidth demand grows. The Register reports: Lithuanian space and defense biz Astrolight says that it has commissioned a new optical ground station in Greece that will support … ⌘ Read more
Nintendo Tries To Obtain Touchscreen-Specific Patent On Monster Capturing
Nintendo is trying to secure a touchscreen-specific monster-catching patent that could be relevant to Palworld Mobile. Japan’s patent office has initially rejected the application for lacking an inventive step over prior art, but the company could appeal or amend the claims. Games Fray reports: The Japan Patent Office (JPO) has no … ⌘ Read more
Linux 7.2 Expected To Introduce “OPENAT2_REGULAR” To Avoid Tricking Secure Programs
Among the VFS patches queued into “-next” branches ahead of next month’s Linux 7.2 merge window is the code for introducing the new OPENAT2_REGULAR flag for the openat2 system call… ⌘ Read more
Sponsored: What matters in private credit investing?
Private credit can offer wholesale investors an alternative source of income and diversification beyond traditional markets. But as with any investment, structure matters. For wholesale investors, key considerations include how lending decisions are made, how risk is managed, and whether fund managers are aligned with investors.
The Merx Private Credit Fund provides access to a diversified portfolio of secured loans to New Zealand busi … ⌘ Read more
Security updates for Monday
Security updates have been issued by AlmaLinux (freerdp, gimp:2.8, jq, kernel, and rsync), Debian (chromium, ffmpeg, firewalld, kernel, nginx, openjpeg2, openssh, php7.4, and redis), Fedora (apptainer, chromium, coturn, dnsmasq, firefox, kernel, libgit2_1.8, libmetal, nginx, nginx-mod-brotli, nginx-mod-fancyindex, nginx-mod-headers-more, nginx-mod-js-challenge, nginx-mod-modsecurity, nginx-mod-naxsi, nginx-mod-vts, open-amp, perl-Net-CIDR-Lite, pgbouncer, pypy, python-jupytext, python-uv-build … ⌘ Read more
Linux AF_ALG Crypto Code Removing Zero-Copy Support Out Of Security Concerns
Given all the recent Linux kernel security concerns and new bugs being discovered, the Linux cryptographic subsystem is proactively dropping zero-copy functionality from AF_ALG due to growing security concerns… ⌘ Read more
An ICE Firearms Trainer Was Involved in At Least 4 Deadly Shootings
David Norman, a former Phoenix police officer who’s described himself as “a fucking savage,” now runs a company that provided training to Homeland Security’s Special Response Teams. ⌘ Read more
Linus Torvalds: AI-Detected Bug Reports Make Kernel Security List ‘Almost Entirely Unmanageable’
Today Linus Torvalds announced another Linux release candidate on the kernel mailing list. But he also highlighted “documentation updates” to address a new problem.
“The continued flood of AI reports has basically made the security list almost entirely unmanageable, with enormous dupl … ⌘ Read more