Security updates for Tuesday
Security updates have been issued by AlmaLinux (kernel, kernel-rt, libcap, LibRaw, openssh, thunderbird, and tigervnc), Debian (libarchive and lxd), Fedora (chromium, insight, nodejs20, rust-sequoia-git, and uriparser), Mageia (kernel, kmod-virtualbox), Oracle (kernel, libcap, thunderbird, and uek-kernel), Red Hat (.NET 10.0, .NET 8.0, .NET 9.0, fence-agents, sudo, and systemd), Slackware (httpd), SUSE (freerdp, hauler, helm, himmelblau, kernel, libspectre, thunderbird, tri … ⌘ Read more
DHS Demanded Google Surrender Data on Canadian’s Activity, Location Over Anti-ICE Posts
Using a 1930s trade law, Homeland Security targeted the man—who hasn’t entered the US in more than a decade—following posts on X condemning the killings of Renee Good and Alex Pretti. ⌘ Read more
Security updates for Monday
Security updates have been issued by AlmaLinux (kernel, libcap, libtiff, sudo, and thunderbird), Debian (dovecot, imagemagick, incus, kernel, libexif, linux-6.1, openjdk-25, pyasn1, python-aiohttp, and thunderbird), Fedora (chromium, firefox, GitPython, glibc, insight, krb5, nano, nss, openssh, openvpn, perl-CryptX, python3.14, rust-openssl, rust-openssl-sys, rust-sequoia-git, and xen), Oracle (dtrace, fence-agents, grafana-pcp, libcap, libtiff, sudo, and xorg-x11-server-Xwayland), **Red Ha … ⌘ Read more
Costumed Crowd ‘Speedruns’ Scientology Building For Social Media Trend
Last Saturday someone dressed as Jesus “was among the dozens of people in costumes and masks seen on a video forcing open the door of a Scientology building on Hollywood Boulevard,” reports the Los Angeles Times, “after a tug-of-war with a security guard.”
The footage posted on TikTok and Instagram shows the group sprinting up and down … ⌘ Read more
Disneyland Now Uses Face Recognition on Visitors
Plus: The NSA tests Anthropic’s Mythos Preview to find vulnerabilities, a Finnish teen is charged over the Scattered Spider hacking spree, and more. ⌘ Read more
Eden: NHS goes to war against open source
Terence Eden reports
that the UK’s National\
Health Service (NHS) is preparing to close almost all of its open-source repositories as a
response to LLM tools, such as Anthropic’s Mythos, becoming more
sophisticated at finding security vulnerabilities. He does not, to put
it mildly, agree with the decision:
The majority of [code repos … ⌘ Read more
GPT-5.5 Matches Heavily Hyped Mythos Preview In New Cybersecurity Tests
An anonymous reader quotes a report from Ars Technica: Last month, Anthropic made a big deal about the supposedly outsize cybersecurity threat represented by its Mythos Preview model, leading the company to restrict the initial release to “critical industry partners.” But new research from the UK’s AI Security Institute (AISI) suggests … ⌘ Read more
Security updates for Friday
Security updates have been issued by AlmaLinux (fence-agents), Debian (chromium, dovecot, and kernel), Fedora (chromium, dotnet10.0, dotnet8.0, dotnet9.0, emacs, glow, jfrog-cli, openbao, pyp2spec, python3.6, rust-rustls-webpki, vhs, and xen), Oracle (grafana, grafana-pcp, PackageKit, sudo, vim, and xorg-x11-server), Red Hat (rhc), SUSE (avahi, bouncycastle, chromium, container-suseconnect, firewalld, gdk-pixbuf, grafana, java-25-openjdk, kernel, libixml11, libmozjs-140-0, libpng12- … ⌘ Read more
Belgium Plans To Nationalize Nuclear Power Plants
Belgium plans to buy its seven aging nuclear reactors from French power giant Engie in a “full takeover” aimed at securing domestic energy supplies, extending reactor operations, and developing new nuclear capacity. “The move would also mean suspending plans to decommission nuclear operations in Belgium,” reports the BBC. From the report: The move would reverse the phase- … ⌘ Read more
French Prosecutors Link 15-Year-Old To Mega-Breach At State’s Secure Document Agency
French prosecutors say police detained a 15-year-old suspected of using the alias “breach3d” in connection with a cyberattack on France Titres (ANTS), the state agency that handles passports, ID cards, and other secure documents. The breach allegedly involved 12 million to 18 million lines of data offered for … ⌘ Read more
OpenAI Rolls Out ‘Advanced’ Security Mode for At-Risk Accounts
OpenAI is rolling out Advanced Account Security for people concerned that their ChatGPT or Codex accounts could be potential targets of phishing attacks. ⌘ Read more
Security updates for Thursday
Security updates have been issued by AlmaLinux (buildah, firefox, gdk-pixbuf2, giflib, grafana, java-1.8.0-openjdk, java-21-openjdk, LibRaw, OpenEXR, PackageKit, pcs, python3.11, python3.12, python3.9, sudo, tigervnc, vim, xorg-x11-server, xorg-x11-server-Xwayland, yggdrasil, and yggdrasil-worker-package-manager), Debian (calibre, firefox-esr, and openjdk-17), Fedora (asterisk, binaryen, buildah, dokuwiki, lemonldap-ng, libexif, libgcrypt, miniupnpd, openvpn, podman, python3.9, rust-rpm-sequo … ⌘ Read more
[$] LWN.net Weekly Edition for April 30, 2026
Inside this week’s LWN.net Weekly Edition:
Front: Famfs; Python packaging council; Zig concurrency; pages and folios; Strawberry music manager; 7.1 merge window.
Briefs: GnuPG 2.5.19; Copy Fail; Plasma security; Fedora 44; Ubuntu 26.04; Niri 26.04; pip 26.1; RIP Seth Nickell; RIP Tomáš Kalibera; Quotes; …
Announcements: Newsletters, conferences, security updates, patc … ⌘ Read more
A security bug in AEAD sockets
Security analysis firm Xint has disclosed a security bug in the Linux kernel
that allows for arbitrary 4-byte writes to the page cache, and which has been
present since 2017.
The vulnerability has
been fixed in mainline kernels. A proof-of-concept script demons … ⌘ Read more
Security review of Plasma Login Manager (SUSE Security Team Blog)
SUSE’s Security Team has published a detailed\
blog post on their recent review of the Plasma\
Login Manager version 6.6.2,
which was forked from the SDDM display\
manager.
While most of the code [remains t … ⌘ Read more
Security updates for Wednesday
Security updates have been issued by AlmaLinux (firefox, gdk-pixbuf2, java-17-openjdk, libxml2, python3, python3.11, python3.12, sudo, and webkit2gtk3), Debian (dnsdist, node-tar, pdns, pdns-recursor, and policykit-1), Fedora (chromium, edk2, and vim), Oracle (firefox, gdk-pixbuf2, go-toolset:rhel8, libpng12, LibRaw, libxml2, python, python3, python3.11, python3.12, python3.12-wheel, vim, webkit2gtk3, xorg-x11-server, xorg-x11-server-Xwayland, yggdrasil, and yggdrasil-worker-package-mana … ⌘ Read more
Security updates for Tuesday
Security updates have been issued by Debian (openjdk-21 and webkit2gtk), Fedora (botan3, chromium, cockpit, firefox, flatpak, gum, libarchive, libcoap, mingw-python3, ngtcp2, nss, openssh, openssl, openvpn, PackageKit, python3-docs, python3.11, python3.12, python3.13, python3.14, vim, and xrdp), Oracle (firefox, gdk-pixbuf2, java-1.8.0-openjdk, java-21-openjdk, python3.12, python3.9, sudo, and tigervnc), Red Hat (tigervnc and xorg-x11-server-Xwayland), Slackware (mpg123 and proftpd), * … ⌘ Read more
Supreme Court Reviews Police Use of Cell Location Data To Find Criminals
An anonymous reader quotes a report from the New York Times: When the Call Federal Credit Union outside Richmond, Va., was robbed at gunpoint in 2019, the suspect took $195,000 from the bank’s vault and fled before the police arrived. A detective interviewed witnesses and reviewed the bank’s security footage. But with no leads, the … ⌘ Read more
Security updates for Monday
Security updates have been issued by AlmaLinux (java-25-openjdk, kernel, osbuild-composer, thunderbird, webkit2gtk3, and wireshark), Debian (chromium, distro-info-data, libde265, mbedtls, and thunderbird), Fedora (awstats, bind9-next, bpfman, buildah, calibre, cef, chromium, composer, corosync, coturn, cups, curl, dnsdist, doctl, erlang, fido-device-onboard, flatpak-builder, freetype, glab, goose, jq, kea, libarchive, libcap, libcgif, libgsasl, libinput, libmicrohttpd, libpng, libpng12, libpng1 … ⌘ Read more
What Is Ethernet? Everything You Need to Know About Wired Networks
Ethernet delivers stable, speedy, secure wired connections to the internet and between devices. ⌘ Read more
Here’s How Much San Francisco Tech Companies Pay for Police Protection
A recent attack on Sam Altman’s home and OpenAI offices has put corporate security under renewed scrutiny. Records reveal how much some tech firms spend to arm up. ⌘ Read more
White House Pushed Out New AI Official After Just Four Days on the Job
It’s the U.S. government’s main link to the AI industry, reports The Washington Post, working to assess national security risks of new models like Anthropic’s “Mythos”.
To run it they’d hired Collin Burns, who’d worked at OpenAI and then Anthropic. But Burns started work Monday at the Center for AI Standards and Innovation — and then … ⌘ Read more
Discord Sleuths Gained Unauthorized Access to Anthropic’s Mythos
Plus: Spy firms tap into a global telecom weakness to track targets, 500,000 UK health records go up for sale on Alibaba, Apple patches a revealing notification bug, and more. ⌘ Read more
Bitwarden CLI Is the Next Compromise In Checkmarx Supply Chain Campaign
Longtime Slashdot reader Himmy32 writes: Socket Security published an article on the compromise of the Bitwarden CLI client, which was pushed from Bitwarden’s client repository. This breach was the next in a chain of supply-chain attacks that have affected Checkmarx KICS and Aqua Security’s Trivy scanners.
The breach was quickly dete … ⌘ Read more
Google To Invest Up To $40 Billion In Anthropic
Google plans to invest up to $40 billion more in Anthropic, starting with $10 billion now and another $30 billion tied to performance milestones. CNBC reports: Anthropic said the agreement expands on a longstanding partnership between the two companies. Earlier this month, Anthropic secured 5 gigawatts worth of computing capacity as part of an announcement with Google and Broadcom … ⌘ Read more
Security updates for Friday
Security updates have been issued by Fedora (anaconda, dnf5, firefox, flatpak-builder, libexif, minetest, nss, plasma-setup, python-blivet, rpki-client, and xorg-x11-server), Oracle (bind, kernel, osbuild-composer, thunderbird, webkit2gtk3, and wireshark), Red Hat (java-25-openjdk), SUSE (cacti, cacti, cacti-spine, cockpit-machines, cockpit-podman, cockpit-tukit, csync2, flannel, gdk-pixbuf, go1.25-openssl, go1.26-openssl, haproxy, kernel, libcap, libpng16, libtree-sitter0_26, libvirt, ncu … ⌘ Read more
France Confirms Data Breach At Government Agency That Manages Citizens’ IDs
An anonymous reader quotes a report from TechCrunch: The French government agency that handles the issuing and management of citizens’ identity documents, including national IDs, passports, and immigration documents, confirmed Wednesday that it experienced a data breach. In an announcement, the Agence Nationale des Titres Secur … ⌘ Read more
Ubuntu 26.04 LTS released
Ubuntu 26.04 (“Resolute Raccoon”) LTS has been released
on schedule.
This release brings a significant uplift in security, performance,
and usability across desktop, server, and cloud environments. Ubuntu
26.04 LTS introduces TPM-backed full-disk encryption, expanded use of
memory-safe components, improved application permission controls, and
Livepatch support for Arm systems, helping reduce downtime and
strengthe … ⌘ Read more
Security updates for Thursday
Security updates have been issued by AlmaLinux (kernel and osbuild-composer), Debian (cpp-httplib, firefox-esr, gimp, and packagekit), Fedora (chromium, composer, libcap, pgadmin4, pie, python3-docs, python3.14, and sudo), Mageia (gvfs), Oracle (.NET 8.0, delve, freerdp, giflib, ImageMagick, kernel, OpenEXR, and osbuild-composer), SUSE (erlang, giflib, google-guest-agent, GraphicsMagick, ignition, imagemagick, kea, kernel, kissfft, libraw, libssh, ocaml-patch, opam, openCryptoki, … ⌘ Read more
Ubuntu Rust Coreutils Audit Revealed 113 Issues, Ubuntu 26.10 Aims For “100% Rust Coreutils”
Ahead of tomorrow’s Ubuntu 26.04 LTS release, Canonical published a blog post today outlining the state of Rust Coreutils for its premiere in this long-term support (LTS) version. Canonical also commissioned a security audit recently of Rust Coreutils that turned up 44 CVEs and 113 issues in total… ⌘ Read more
↳
In-reply-to
»
The auDA, and some 3rd-party identify service and my Registrar are a joke!
⤋ Read More
@prologic@twtxt.net @bender@twtxt.net Oh dear!
I heard that the USA loves their success story of social security numbers.
Security updates for Wednesday
Security updates have been issued by Debian (firefox-esr, flatpak, ngtcp2, ntfs-3g, packagekit, python-geopandas, simpleeval, strongswan, and xdg-dbus-proxy), Fedora (chromium, cups, curl, jq, opkssh, perl-Net-CIDR-Lite, python-cbor2, python-pillow, tinyproxy, xdg-dbus-proxy, and xorg-x11-server-Xwayland), Slackware (libXpm and mozilla), SUSE (botan, chromium, clamav, cockpit, cockpit-machines, cockpit-packages, cockpit-podman, cockpit-subscriptions, dovecot24, firefox, flatpak, freeipmi … ⌘ Read more
Kernel code removals driven by LLM-created security reports
There are a number of ongoing efforts to remove kernel code, mostly from
the networking subsystem, as an alternative to dealing with the increase in
security-bug reports from large language models. The proposed removals
include ISA\
and PCMCIA Ethernet drivers, a pair\
of PCI drivers, the [ax25 and amat … ⌘ Read more
Firefox: The zero-days are numbered
This\
Firefox blog post reports that the Firefox 150 release includes
fixes for 271 vulnerabilities found by the Claude Mythos preview.
Elite security researchers find bugs that fuzzers can’t largely by
reasoning through the source code. This is effective, but
time-consuming and bottlenecked on scarce human
expertise. Computers were completely incapable of doing this a few
months ago, and now they excel at i … ⌘ Read more
Linux May Drop Old Network Drivers Now That AI-Driven Bug Reports Are Causing A Burden
Old network maintenance drivers are becoming a maintenance burden in the era of fuzzing and predominantly AI-driven bug detection causing an uptick in possible bug/security reports to upstream Linux kernel developers but with these drivers potentially having no actual users… ⌘ Read more
Security updates for Tuesday
Security updates have been issued by AlmaLinux (freerdp, kernel, and kernel-rt), Debian (mupdf, opam, simpleeval, and xdg-dbus-proxy), Mageia (firefox, thunderbird and libtiff), Red Hat (containernetworking-plugins, gvisor-tap-vsock, nodejs22, nodejs:20, nodejs:22, perl-XML-Parser, python3.11, python3.9, runc, and skopeo), and SUSE (bind, buildah, cockpit-subscriptions, container-suseconnect, containerd, corosync, cosign, docker, dovecot24, flatpak, freeipmi, gegl, GraphicsMagick, helm … ⌘ Read more
Security updates for Monday
Security updates have been issued by AlmaLinux (.NET 10.0, .NET 8.0, .NET 9.0, delve, freerdp, giflib, go-rpm-macros, libarchive, and openexr), Debian (gimp, imagemagick, luanti, mapserver, mupdf, opam, perl, pillow, postgresql-13, and tiff), Fedora (aqualung, awstats, curl, incus, mac, mbedtls, mingw-LibRaw, python-msal, python3.11, python3.12, python3.15, smb4k, stb, and usd), Gentoo (DTrace and FUSE), Mageia (gdk-pixbuf2.0, giflib, polkit-122, python-cairosvg, and rsync), Oracle … ⌘ Read more
US Congress Fails to Pass Long-Term FISA Extension, Authorizes It Through April 30
Yesterday the U.S. Congress approved “a short-term extension” of a FISA law that allows wiretaps without a warrant for surveilling foreign targets, reports CNN — but only until April 30. Republican congressional leaders had sought an 18-month extension, but “failed to secure” the votes after “clamoring from some … ⌘ Read more
WireGuard For Windows Reaches v1.0
For those making use of the WireGuard open-source, secure VPN tunnel software, WireGuard For Windows 1.0 is finally available… ⌘ Read more
Security updates for Friday
Security updates have been issued by AlmaLinux (.NET 8.0, .NET 9.0, freerdp, libarchive, and thunderbird), Debian (chromium, openssh, and thunderbird), Fedora (aurorae, bluedevil, breeze-gtk, buildah, cockpit, extra-cmake-modules, flatpak-kcm, grub2-breeze-theme, kactivitymanagerd, kcm_wacomtablet, kde-cli-tools, kde-gtk-config, kdecoration, kdeplasma-addons, kf6, kf6-attica, kf6-baloo, kf6-bluez-qt, kf6-breeze-icons, kf6-frameworkintegration, kf6-kapidox, kf6-karchive, kf6-kauth, kf6-kbookmar … ⌘ Read more
Security updates for Thursday
Security updates have been issued by AlmaLinux (bind, bind9.16, bind9.18, cockpit, fence-agents, firefox, fontforge, git-lfs, grafana, grafana-pcp, kernel, nghttp2, nginx, nginx:1.24, nginx:1.26, nodejs:20, nodejs:22, nodejs:24, pcs, perl-XML-Parser, perl:5.32, resource-agents, squid:4, thunderbird, and vim), Debian (incus, lxd, and python3.9), Fedora (cef, composer, erlang, libpng, micropython, mingw-openexr, moby-engine, NetworkManager-ssh, perl, perl-Devel-Cover, perl-PAR-Packer, polymake, … ⌘ Read more
[$] LWN.net Weekly Edition for April 16, 2026
Inside this week’s LWN.net Weekly Edition:
Front: LLM security reports; OpenWrt One build system; Vim forks; removing read-only THPs; 7.0 statistics; MusicBrainz Picard.
Briefs: OpenSSL 4.0.0; Relicensing; Servo; Zig 0.16.0; Quotes; …
Announcements: Newsletters, conferences, security updates, patches, and more. ⌘ Read more
Cal.com Is Going Closed Source Because of AI
Cal is moving its flagship scheduling software from open source to a proprietary license, arguing that AI coding tools now make it much easier for attackers to scan public codebases for vulnerabilities. “Open source security always relied on people to find and fix any problems,” said Peer Richelsen, co-founder of Cal. “Now AI attackers are flaunting that transparency.” CEO Bailey Pumflee … ⌘ Read more
Arch Linux’s Archinstall 4.2 Fixes Botched Disk Encryption Security
Archinstall 4.2 is now available as the latest update to this very convenient, text-based Arch Linux OS installer… ⌘ Read more
Anna’s Archive Loses $322 Million Spotify Piracy Case Without a Fight
An anonymous reader quotes a report from TorrentFreak: Spotify and several major record labels, including UMG, Sony, and Warner, secured a $322 million default judgment against the unknown operators of Anna’s Archive. The shadow library failed to appear in court and briefly released millions of tracks that were scraped from Spotify via Bit … ⌘ Read more
Security updates for Wednesday
Security updates have been issued by AlmaLinux (capstone, cockpit, firefox, git-lfs, golang-github-openprinting-ipp-usb, kea, kernel, nghttp2, nodejs24, openexr, perl-XML-Parser, rsync, squid, and vim), Debian (imagemagick, systemd, and thunderbird), Slackware (libexif and xorg), SUSE (bind, clamav, firefox, freerdp2, giflib, go1.25, go1.26, helm, ignition, libpng16, libssh, oci-cli, rust1.92, strongswan, sudo, xorg-x11-server, and xwayland), and Ubuntu (rust-tar and rustc, rustc-1.7 … ⌘ Read more
FCC Grants Netgear Conditional Approval For Routers
The FCC has granted (PDF) Netgear the first exemption from its foreign-made router ban, allowing the company to keep selling new consumer router models made outside the U.S. through Oct. 1, 2027. PCMag reports: The Defense Department reviewed Netgear’s application for an exemption and found that its products “do not pose risks to US national security.” The FCC’s order do … ⌘ Read more
Security updates for Tuesday
Security updates have been issued by Debian (gdk-pixbuf, gst-plugins-bad1.0, and xdg-dbus-proxy), Fedora (chromium, deepin-image-viewer, dtk6gui, dtkgui, efl, elementary-photos, entangle, flatpak, freeimage, geeqie, gegl04, gthumb, ImageMagick, kf5-kimageformats, kf5-libkdcraw, kf6-kimageformats, kstars, libkdcraw, libpasraw, LibRaw, luminance-hdr, nomacs, OpenImageIO, OpenImageIO2.5, photoqt, python-cryptography, rawtherapee, shotwell, siril, swayimg, vips, and webkitgtk), Red Hat (firefox an … ⌘ Read more
Linux 7.0 Released
“The new Linux kernel was released and it’s kind of a big deal,” writes longtime Slashdot reader rexx mainframe. “Here is what you can expect.” Linuxiac reports: A key update in Linux 7.0 is the removal of the experimental label from Rust support. That (of course) does not make Rust a dominant language in kernel development, but it is still an important step in its gradual integration into the project. Another notable security-related c … ⌘ Read more
Security updates for Monday
Security updates have been issued by AlmaLinux (fontforge, freerdp, libtiff, nginx, nodejs22, and openssh), Debian (bind9, chromium, firefox-esr, flatpak, gdk-pixbuf, inetutils, mediawiki, and webkit2gtk), Fedora (corosync, libcap, libmicrohttpd, libpng, mingw-exiv2, mupdf, pdns-recursor, polkit, trafficserver, trivy, vim, and yarnpkg), Mageia (libpng12, openssl, python-django, python-tornado, squid, and tomcat), Red Hat (rhc), Slackware (openssl), SUSE (chromedriver, chromium, … ⌘ Read more