Linux 7.0 Released
“The new Linux kernel was released and it’s kind of a big deal,” writes longtime Slashdot reader rexx mainframe. “Here is what you can expect.” Linuxiac reports: A key update in Linux 7.0 is the removal of the experimental label from Rust support. That (of course) does not make Rust a dominant language in kernel development, but it is still an important step in its gradual integration into the project. Another notable security-related c … ⌘ Read more
Security updates for Monday
Security updates have been issued by AlmaLinux (fontforge, freerdp, libtiff, nginx, nodejs22, and openssh), Debian (bind9, chromium, firefox-esr, flatpak, gdk-pixbuf, inetutils, mediawiki, and webkit2gtk), Fedora (corosync, libcap, libmicrohttpd, libpng, mingw-exiv2, mupdf, pdns-recursor, polkit, trafficserver, trivy, vim, and yarnpkg), Mageia (libpng12, openssl, python-django, python-tornado, squid, and tomcat), Red Hat (rhc), Slackware (openssl), SUSE (chromedriver, chromium, … ⌘ Read more
Security updates for Friday
Security updates have been issued by AlmaLinux (container-tools:rhel8, fontforge, freerdp, go-toolset:rhel8, gstreamer1-plugins-bad-free, gstreamer1-plugins-base, and gstreamer1-plugins-good, kernel, kernel-rt, libtasn1, mariadb:10.11, mysql:8.4, nginx:1.24, openssh, pcs, python-jinja2, python3.9, ruby:3.1, vim, virt:rhel and virt-devel:rhel, and xmlrpc-c), Debian (libyaml-syck-perl and openssh), Fedora (cockpit, crun, dnsdist, doctl, fido-device-onboard, libcgif, libpng12, libpng15, mbedtls, o … ⌘ Read more
TIL that SSH actually stands for Secure Snake Home, a massively multiplayer snake game playable via the SSH protocol: ssh snakes.run
Of course, no one else was online when I was playing, so…
[$] A flood of useful security reports
The idea of using large language models (LLMs) to discover security problems is
not new. Google’s Project Zero
investigated
the feasibility of using LLMs for security research in 2024. At the time, they
found that models could identify real problems, but required a good deal of
structure and hand-holding to do so on small benchmark problems. In February
2026, Anthropic
published a report
claim … ⌘ Read more
Security updates for Thursday
Security updates have been issued by Debian (firefox-esr, postgresql-13, and tiff), Fedora (bind, bind-dyndb-ldap, cef, opensc, python-biopython, python-pydicom, and roundcubemail), Slackware (mozilla), SUSE (ckermit, cockpit-repos, dnsdist, expat, freerdp, git-cliff, gnutls, heroic-games-launcher, libeverest, openssl-1_1, openssl-3, polkit, python-poetry, python-requests, python311-social-auth-app-django, and SDL2_image-devel), and Ubuntu (dogtag-pki, gdk-pixbuf, linux, linux-aws, … ⌘ Read more
[$] LWN.net Weekly Edition for April 9, 2026
Inside this week’s LWN.net Weekly Edition:
Front: TPM attacks; arithmetic overflow protection; Ubuntu GRUB changes; kernel IPC proposals; fre:ac; Scuttlebutt.
Briefs: Nix vulnerability; OpenSSH 10.3; Sashiko reviews; FreeBSD testing; Gentoo GNU/Hurd; SFC on router ban; Quotes; …
Announcements: Newsletters, conferences, security updates, patches, and more. ⌘ Read more
Nix privilege escalation security advisory
The NixOS project has announced\
a critical vulnerability in many versions of the Nix package
manager’s daemon. The flaw was introduced as part of a fix for a\
prior vulnerability in 2024. According to the advisory,
a … ⌘ Read more
Security updates for Wednesday
Security updates have been issued by Debian (openssl), Fedora (corosync, goose, kea, pspp, and rauc), Mageia (python-pygments, roundcubemail, and tigervnc), SUSE (bind, gimp, google-cloud-sap-agent, govulncheck-vulndb, ignition, ImageMagick, python, python-PyJWT, and python-pyOpenSSL), and Ubuntu (adsys, juju-core, lxd, python-django, and salt). ⌘ Read more
Hugging Face Contributes Safetensors To PyTorch Foundation To Secure AI Model Execution
Announced today from the PyTorch Conference EU in Paris is word that Hugging Face has contributed their Safetensors project to the PyTorch Foundation, which is an umbrella organization under the Linux Foundation for hosting AI initiatives. Safetensors aims to help mitigate arbitrary code execution risks and more… ⌘ Read more
Russian Government Hackers Broke Into Thousands of Home Routers To Steal Passwords
An anonymous reader quotes a report from TechCrunch: A group of Russian government hackers have hijacked thousands of home and small business routers around the world as part of an ongoing campaign aimed at redirecting victim’s internet traffic to steal their passwords and access tokens, security researchers and … ⌘ Read more
XDG-Desktop-Portal 1.20.4 Released To Protect Against Apps Trashing Arbitrary Host Files
In addition to the release today of Flatpak 1.16.4 for shipping new security fixes including a sandbox escape and the ability to delete host files, XDG-Desktop-Portal 1.20.4 is also now available with another security fix of its own to prevent sandboxed apps from being able to trash arbitrary host files… ⌘ Read more
Anthropic Unveils ‘Claude Mythos’, Powerful AI With Major Cyber Implications
“Anthropic has unveiled Claude Mythos, a new AI model capable of discovering critical vulnerabilities at scale,” writes Slashdot reader wiredmikey. “It’s already powering Project Glasswing, a joint effort with major tech firms to secure critical software. But the same capabilities could also accelerate offensive cyber operation … ⌘ Read more
Flatpak 1.16.4 Brings Important Security Fixes For Sandbox Escape & Deleting Host Files
That Flatbox app sandboxing and distribution system is out today with important security updates… ⌘ Read more
Anthropic Reveals $30 Billion Run Rate, Plans To Use 3.5GW of New Google AI Chips
Anthropic says its annualized revenue run rate has surpassed $30 billion and disclosed plans to secure roughly 3.5 gigawatts of next-generation Google TPU compute starting in 2027. Broadcom will supply the key chips and networking gear for the effort, the company announced. The Register reports: News of the two d … ⌘ Read more
Cloudflare Fast-Tracks Post-Quantum Rollout To 2029
Cloudflare is accelerating its post-quantum security plans and now aims to make its entire platform fully post-quantum secure by 2029. “The updated timeline follows new developments in quantum computing research that suggest current cryptographic standards could be broken sooner than previously expected,” reports SiliconANGLE. From the report: The decision by Cloudflare t … ⌘ Read more
Security updates for Tuesday
Security updates have been issued by AlmaLinux (crun, kernel, and kernel-rt), Debian (dovecot), Fedora (calibre and nextcloud), Mageia (freerdp, polkit-122, python-nltk, python-pyasn1, vim, and xz), Red Hat (edk2 and openssl), SUSE (avahi, cockpit, python-pyOpenSSL, python311, and tar), and Ubuntu (lambdaisland-uri-clojure, linux-gcp, linux-gcp-4.15, linux-gcp-fips, linux-oem-6.17, and linux-realtime-6.17). ⌘ Read more
Linux 7.0-rc7 Adding More Documentation For AI Tools To Send Better Security Bug Reports
For helping with the increase of AI tools scouring the Linux kernel source tree and sending security bug reports, a pull request sent today ahead of the Linux 7.0-rc7 improves the documentation to better guide AI agents – and anyone reading the documentation – how to send better quality bug reports… ⌘ Read more
Top NPM Maintainers Targeted with AI Deepfakes in Massive Supply-Chain Attack, Axios Briefly Compromised
“Hackers briefly turned a widely trusted developer tool into a vehicle for credential-stealing malware that could give attackers ongoing access to infected systems,” the news site Axios.com reported Tuesday, citing security researchers at Google.
The compromised package … ⌘ Read more
Microsoft Pulls Then Re-Issues Windows 11 Preview Update. Also Begins Force-Updating Windows 11
Nine days ago Microsoft released a non-security “preview” update for Windows 11 — not mandatory for the average Windows user, notes ZDNet, “but rather as optional, more for IT admins and power users who want to test them.”
TechRepublic adds that the update “was to bring ‘production-rea … ⌘ Read more
IBM Teams Up With Arm To Run Arm Workloads On IBM Z Mainframes
IBM and Arm are teaming up to let Arm-based software run on IBM Z mainframes. Network World reports: The two companies plan to work on three things: building virtualization tools so Arm software can run on IBM platforms; making sure Arm applications meet the security and data residency rules that regulated industries must follow; and creating common techn … ⌘ Read more
Microsoft’s Newest Open-Source Project: Runtime Security For AI Agents
Microsoft today announced their newest open-source (MIT-licensed) software project.. the Agent Governance Toolkit. Microsoft is trying their hand at coming up with runtime security governance for autonomous AI agents… ⌘ Read more
Libinput Hit By Worrying Security Issues With Its Lua Plug-In System
Libinput devised a Lua-based plug-in system for modifying devices/events. The Lua plug-in support was introduced last year with libinput 1.30 but unfortunately some security issues have now come to light with the implementation… ⌘ Read more
Cloudflare Announces EmDash As Open-Source ‘Spiritual Successor’ To WordPress
In classic Cloudflare fashion, the CDN provider used April Fool’s Day to unveil an actual, “not a joke” product. Today, the company announced EmDash – an open-source “spiritual successor” to WordPress that aims to solve plugin security. Phoronix reports: With the help of AI coding agents, Cloudflare engineers have been re … ⌘ Read more
Cloudflare Announces EmDash As Open-Source “Spiritual Successor” To WordPress
Cloudflare continues to be full of open-source surprises. Today Cloudflare announced EmDash as an open-source “spiritual successor” to WordPress with an emphasis on better security… ⌘ Read more
Oracle Cuts Thousands of Jobs Across Sales, Engineering, Security
bobthesungeek76036 shares a report from the Register: Oracle laid off thousands of employees on Tuesday as it ramps spending on AI infrastructure projects internally and with major technology partners. The layoffs were carried out via email, according to copies of the message viewed by Business Insider. The email told affected workers they … ⌘ Read more
Top Brussels Official Urges Europeans To Work From Home, Drive Less As Energy Crisis Deepens
A top EU official is urging Europeans to work from home, drive less, and cut air travel as the bloc braces for a prolonged energy crisis triggered by the Gulf conflict. The European Commission is also pushing member states to accelerate renewables and other energy-security measures as oil and … ⌘ Read more
Claude Code’s Source Code Leaks Via npm Source Maps
Grady Martin writes: A security researcher has leaked a complete repository of source code for Anthropic’s flagship command-line tool. The file listing was exposed via a Node Package Manager (npm) mapping, with every target publicly accessible on a Cloudflare R2 storage bucket. $ du -hs .35M .$ find -type f | sed ’s/^.*\.//’ | sort | uniq -c | sort -bVr 1332 ts … ⌘ Read more
Google Moves Post-Quantum Encryption Timeline Up To 2029
Google has moved up its post-quantum encryption migration target to 2029. “This new timeline reflects migration needs for the PQC era in light of progress on quantum computing hardware development, quantum error correction, and quantum factoring resource estimates,” said vice president of security engineering Heather Adkins and senior staff cryptology engineer Sop … ⌘ Read more
Hong Kong Police Can Demand Passwords Under New National Security Rules
An anonymous reader quotes a report from the BBC: Hong Kong police can now demand phone or computer passwords from those who are suspected of breaching the wide-ranging National Security Law (NSL). Those who refuse could face up to a year in jail and a fine of up to $12,700, and individuals who provide “false or misleading informatio … ⌘ Read more
FCC Bans Imports of New Foreign-Made Routers, Citing Security Concerns
New submitter the_skywise shares a report from Reuters: The U.S. Federal Communications Commission said on Monday it was banning the import of all new foreign-made consumer routers, the latest crackdown on Chinese-made electronic gear over security concerns. China is estimated to control at least 60% of the U.S. market for home rout … ⌘ Read more
White House Unveils National AI Policy Framework To Limit State Power
An anonymous reader quotes a report from CNBC: The Trump administration on Friday issued (PDF) a legislative framework for a single national policy on artificial intelligence, aiming to create uniform safety and security guardrails around the nascent technology while preempting states from enacting their own AI rules.
The six-pronged out … ⌘ Read more
Work From Home and Drive More Slowly To Save Energy, IEA Says
As energy prices soar from the Iran conflict, the International Energy Agency is urging governments to cut energy use by taking up measures like remote work and reduced speed limits. The group warns the energy security crisis could persist for months, even if supply routes stabilize. “I believe the world has not yet well understood the depth of the … ⌘ Read more
Rogue AI Triggers Serious Security Incident At Meta
For the second time in the past month, an AI agent went rogue at Meta – this time giving an engineer incorrect advice that briefly exposed sensitive data. The Verge reports: A Meta engineer was using an internal AI agent, which Clayton described as “similar in nature to OpenClaw within a secure development environment,” to analyze a technical question another employee pos … ⌘ Read more
Walmart Wins Patents To Give Algorithms More Sway Over Prices
Walmart has secured patents for systems that use machine learning to forecast demand and automate pricing decisions, “pushing the U.S. retail behemoth into a debate over the use of algorithms to adjust product costs,” reports the Financial Times. From the report: In January Walmart obtained a U.S. patent for a “system and method for dynamically and auto … ⌘ Read more
Intel Ends Work On Open-Source kAFL-Fuzzer For Fuzzing VMs
An Intel project developed the past several years was kAFL-Fuzzer as a hardware-assisted feedback fuzzer for x86 virtual machines (VMs) to help with security. While it saw a lot of work in prior years, development activity slowed down last year and now the project has been formally ended… ⌘ Read more
Ubuntu’s Snap Affected By Local Privilege Escalation Vulnerability
Last week it was security issues with AppArmor to worry about on Ubuntu Linux while this week a “high” rated vulnerability for Ubuntu’s Snap daemon has been revealed… ⌘ Read more
Microsoft, OpenAI & Others Pony Up $12.5M To Strengthen Open-Source Security
The Linux Foundation announced today that $12.5 million USD in grants from the likes of OpenAI, Anthropic, AWS, GitHub, Google, and Microsoft have been collected to invest in strengthening the security of the open-source software ecosystem… ⌘ Read more
Nvidia Bets On OpenClaw, But Adds a Security Layer Via NemoClaw
During today’s Nvidia GTC keynote, the company introduced NemoClaw, a security-focused stack designed to make the autonomous AI agent platform OpenClaw safer. ZDNet explains how it works: NemoClaw installs Nvidia’s OpenShell, a new open-source runtime that keeps agents safer to use by enforcing an organization’s policy-based guardrails. OpenShell ke … ⌘ Read more
How One Company Finally Exposed North Korea’s Massive Remote Workers Scam
NBC News investigates North Korea’s “wide-ranging effort to place remote workers at U.S. companies in order to funnel money back to its coffers and, in some cases, steal sensitive information.”
And working with the FBI, one corporate security/investigations company decided to knowingly hire one of North Korea’s remote workers — th … ⌘ Read more
Does Canada Need Nationalized, Public AI?
While AI CEOs worry governments might nationalize AI, others are advocating for something similar. Canadian security professional Bruce Schneier and Harvard data scientist Nathan Sanders published this call to action in Canada’s most widely-read newspaper (with a readership over 6 million): “Canada Needs Nationalized, Public AI.”
While there are Canadian AI companies, they remain for-profit e … ⌘ Read more
Debian 13.4 Released With Dozens Of Fixes
Debian 13.4 rolled out today with dozens of security fixes and other general bug fixes with the updated install media for Debian 13 Trixie… ⌘ Read more
FreeRDP 3.24 Released With Security Fixes & Improved X11 Client Support
FreeRDP as this open-source and cross-platform Remote Desktop Protocol (RDP) implementation is out with FreeRDP 3.24 to ship new security fixes as well as other improvements… ⌘ Read more
Ubuntu’s AppArmor Hit By Several Security Issues - Can Yield Local Privilege Escalation
The AppArmor Linux kernel security module used notably by Ubuntu Linux and currently maintained by Canonical has been affected by several vulnerabilities made public today… ⌘ Read more
Perplexity’s ‘Personal Computer’ Lets AI Agents Access Your Local Files
Perplexity AI has introduced a “Personal Computer” agent system that can run on a local machine such as a Mac mini, giving its AI agents access to a user’s files and applications to automate tasks. According to CEO Aravind Srinivas, the heavy AI processing runs on Perplexity’s “secure servers” but sensitive actions will require user approval … ⌘ Read more
↳
In-reply-to
»
Anyone else having trouble pulling from git.mills.io? 🤔
⤋ Read More
@prologic@twtxt.net network is very secure! 🤪
China Moves To Curb OpenClaw AI Use At Banks, State Agencies
An anonymous reader quotes a report from Bloomberg: Chinese authorities moved to restrict state-run enterprises and government agencies from running OpenClaw AI apps on office computers, acting swiftly to defuse potential security risks after companies and consumers across China began experimenting with the agentic AI phenomenon. Government agencies and state- … ⌘ Read more
European Consortium Wants Open-Source Alternative To Google Play Integrity
An anonymous reader quotes a report from Heise: Pay securely with an Android smartphone, completely without Google services: This is the plan being developed by the newly founded industry consortium led by the German Volla Systeme GmbH. It is an open-source alternative to Google Play Integrity. This proprietary interface decid … ⌘ Read more
How AI Assistants Are Moving the Security Goalposts
An anonymous reader quotes a report from KrebsOnSecurity: AI-based assistants or “agents” – autonomous programs that have access to the user’s computer, files, online services and can automate virtually any task – are growing in popularity with developers and IT workers. But as so many eyebrow-raising headlines over the past few weeks have shown, these powerful and assert … ⌘ Read more
Anthropic Sues the Pentagon After Being Labeled a Threat To National Security
Anthropic is suing the Department of Defense after the Trump administration labeled the company a “supply chain risk” and canceled its government contracts when Anthropic refused to allow its AI model Claude to be used for domestic surveillance or autonomous weapons. Fortune reports: The lawsuit, filed Monday in the U.S. … ⌘ Read more