Ubuntu 26.04 LTS Officially Supporting Cloud-Based Authentication With Authd
Canonical for a while has been developing Authd as an authentication service for external cloud-based identity providers. Authd was designed from the ground-up to provide secure management of identity and access for Ubuntu systems while only with next month’s Ubuntu 26.04 LTS release is it actually hitting the universe archive… ⌘ Read more
A Security Researcher Went ‘Undercover’ on Moltbook - and Found Security Risks
A long-time information security professional “went undercover” on Moltbook, the Reddit-like social media site for AI agents — and shares the risks they saw while posing as another AI bot:
I successfully masqueraded around Moltbook, as the agents didn’t seem to notice a human among them. When I attempted a genuine connect … ⌘ Read more
How Anthropic’s Claude Helped Mozilla to Improve Firefox’s Security
“It took Anthropic’s most advanced artificial-intelligence model about 20 minutes to find its first Firefox browser bug during an internal test of its hacking prowess,” reports the Wall Street Journal.
The Anthropic team submitted it, and Firefox’s developers quickly wrote back: This bug was serious. Could they get on a call? “What else do yo … ⌘ Read more
US Cybersecurity Adds Exploited VMware Aria Operations To KEV Catalog
joshuark writes: The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added a VMware Aria Operations vulnerability tracked as CVE-2026-22719 to its Known Exploited Vulnerabilities catalog, flagging the flaw as exploited in attacks. VMware Aria Operations is an enterprise monitoring platform that helps organizations track t … ⌘ Read more
TikTok Says End-To-End Encryption Makes Users Less Safe
An anonymous reader quotes a report from the BBC: TikTok will not introduce end-to-end encryption (E2EE) – the controversial privacy feature used by nearly all its rivals – arguing it makes users less safe. E2EE means only the sender and recipient of a direct message can view its contents, making it the most secure form of communication available to the general … ⌘ Read more
Linux Preps IBPB-On-Entry Feature For AMD SEV-SNP Guest VMs
Heading toward the Linux 7.0 kernel and marked for back-porting to current stable Linux kernel versions is employing a new SEV-SNP security feature found on AMD Zen 5 processors for enhancing security of guest virtual machines… ⌘ Read more
A Possible US Government iPhone-Hacking Toolkit Is Now In the Hands of Foreign Spies, Criminals
Security researchers say a highly sophisticated iPhone exploitation toolkit dubbed “Coruna,” which possibly originated from a U.S. government contractor, has spread from suspected Russian espionage operations to crypto-stealing criminal campaigns. Apple has patched the exploited vulner … ⌘ Read more
Motorola Partners With GrapheneOS
At MWC 2026, Motorola announced a partnership with the GrapheneOS Foundation to bring the hardened, Google-free Android variant to future devices. Until now, the OS had been designed exclusively for Google Pixel phones. “We are thrilled to be partnering with Motorola to bring GrapheneOS’s industry-leading privacy and security-focused mobile operating system to their next-generation smartphone,” a GrapheneOS … ⌘ Read more
Google Quantum-Proofs HTTPS
An anonymous reader quotes a report from Ars Technica: Google on Friday unveiled its plan for its Chrome browser to secure HTTPS certificates against quantum computer attacks without breaking the Internet. The objective is a tall order. The quantum-resistant cryptographic data needed to transparently publish TLS certificates is roughly 40 times bigger than the classical cryptographic material used today. Today’s X.509 c … ⌘ Read more
CISA Replaces Bumbling Acting Director After a Year
New submitter DeanonymizedCoward shares a report from TechCrunch: The U.S. Cybersecurity and Infrastructure Security Agency (CISA) is reportedly in crisis following major budget cuts, layoffs, and furloughs under the Trump administration, says TechCrunch. The agency has now replaced its acting director, Madhu Gottumukkala, after a turbulent year marked by controversy and i … ⌘ Read more
South Korea Set To Get a Fully Functioning Google Maps
South Korea has reversed a two-decade policy and approved the export of high-precision map data, paving the way for a fully functional Google Maps in the country. Reuters reports: The approval was made “on the condition that strict security requirements are met,” the Ministry of Land, Infrastructure and Transport said in a statement. Those conditions include blurrin … ⌘ Read more
sudo-rs Breaks Historical Norms With Now Enabling Password Feedback By Default
On recent builds of Ubuntu 26.04 when being prompted by sudo for the password, password feedback is now enabled by default to show asterisk (*) characters when inputting your password. Traditionally sudo has not provided password feedback in the name of security to not divulge the length of your password in case anyone is looking/capturing your screen. But upstream sudo-rs has now changed the default behavior in the name of an improv … ⌘ Read more
Firefox 148 Lets You Kill All AI Features in One Click
Mozilla has released Firefox 148 for Windows, macOS and Linux, bringing a new AI Settings section that lets users disable all of the browser’s AI-powered features in one click and then selectively re-enable the ones they actually want, such as the local translation tool that works locally rather than in the cloud.
The update also patches more than 50 security vulner … ⌘ Read more
AI Can Find Hundreds of Software Bugs – Fixing Them Is Another Story
Anthropic last week promoted Claude Code Security, a research preview capability that uses its Claude Opus 4.6 model to hunt for software vulnerabilities, claiming its red team had surfaced over 500 bugs in production open-source codebases – but security researchers say the real bottleneck was never discovery.
Guy Azari, a former securi … ⌘ Read more
Mesa 26.0.1 Released With Important Security Fix For OOB Memory Access From WebGPU
Mesa 26.0.1 is now available as the first point release of this quarter’s Mesa 26.0 series. Besides the usual bug fixing, Mesa 26.0.1 is more pressing than usual since it contains a security fix for possible out-of-bounds memory access in WebGPU contexts from web browsers… ⌘ Read more
HP Says Memory’s Contribution To PC Costs Just Doubled To 35%
HP has revealed that memory now accounts for 35% of the cost of materials it needs to build a PC, up from between 15 and 18% last quarter. And the company expects RAM’s contribution will rise through the year. From a report: Speaking on the company’s Q1 2026 earnings call, interim CEO Bruce Broussard said the company has secured long-term supply agreemen … ⌘ Read more
FreeRDP 3.23 Addresses 11 CVEs, Improved SDL Client
For those making use of the open-source FreeRDP project for your Remote Desktop Protocol (RDP) needs, FreeRDP 3.23 is out today with 11 CVEs addressed in taking care of various security-related issues that have been uncovered… ⌘ Read more
AMD Posts Linux Patches For SEV-SNP BTB Isolation
It’s quite a mouthful but today AMD posted Linux kernel patches for preparing SEV-SNP BTB isolation support for further enhancing the security of virtual machines (VMs) for confidential computing… ⌘ Read more
Meta AI Security Researcher Said an OpenClaw Agent Ran Amok on Her Inbox
Meta AI security researcher Summer Yue posted a now-viral account on X describing how an OpenClaw agent she had tasked with sorting through her overstuffed email inbox went rogue, deleting messages in what she called a “speed run” while ignoring her repeated commands from her phone to stop.
“I had to RUN to my Mac mini like I was d … ⌘ Read more
@kiwu@twtxt.net I am trying to read our Information Security Office “mind” to grasp what they want. So far they seem to want to get logs from our BIG-IP F5 load balancers into Azure Sentinel, but the Telemetry Streaming plugin normally used for it is on maintenance mode, with deprecations happening on the F5 and Microsoft side soonish. So, yeah… “fun”. Oh, and they want it on production by tomorrow. LOLz!
‘Open Source Registries Don’t Have Enough Money To Implement Basic Security’
Google and Microsoft contributed $5 million to launch Alpha-Omega in 2022 — a Linux Foundation project to help secure the open source supply chain. But its co-founder Michael Winser warns that open source registries are in financial peril, reports The Register, since they’re still relying on non-continuous funding from grants … ⌘ Read more
AppArmor Enhancements Merged For Linux 7.0
The AppArmour security module for the Linux kernel, which most notably is backed by Canonical for Ubuntu, has some small improvements and fixes for Linux 7.0… ⌘ Read more
How Python’s Security Response Team Keeps Python Users Safe
This week the Python Software Foundation explained how they keep Python secure. A new blog post recognizes the volunteers and paid Python Software Foundation staff on the Python Security Response Team (PSRT), who “triage and coordinate vulnerability reports and remediations keeping all Python users safe.”
Just last year the PSRT published 16 vulnerabi … ⌘ Read more
eCryptfs Sees Renewed Patch Activity With Linux 7.0
We haven’t heard much about eCryptfs in recent years for that stackable in-tree Linux file-system providing per-directory encryption support. The FSCRYPT framework has shown its strong capabilities in recent years with various file-systems, Canonical hasn’t been pursuing its user home directory encryption like it did years ago for the Ubuntu desktop, and full disk encryption is the most secure approach for ensuring data security on your system. But to some surprise wi … ⌘ Read more
Cyber Stocks Slide As Anthropic Unveils ‘Claude Code Security’
An anonymous reader quotes a report from Bloomberg: Shares of cybersecurity software companies tumbled Friday after Anthropic PBC introduced a new security feature into its Claude AI model. Crowdstrike Holdings was the among the biggest decliners, falling as much as 6.5%, while Cloudflare slumped more than 6%. Meanwhile, Zscaler dropped 3.5%, SailPoint s … ⌘ Read more
PayPal Discloses Data Breach That Exposed User Info For 6 Months
PayPal is notifying customers of a data breach after a software error in a loan application exposed their sensitive personal information, including Social Security numbers, for nearly 6 months last year. From a report: The incident affected the PayPal Working Capital (PPWC) loan app, which provides small businesses with quick access to financing. PayP … ⌘ Read more
How Private Equity Debt Left a Leading VPN Open To Chinese Hackers
An anonymous reader quotes a report from Bloomberg: In early 2024, the agency that oversees cybersecurity for much of the US government issued a rare emergency order – disconnect your Connect Secure virtual private network software immediately. Chinese spies had hacked the code and infiltrated nearly two dozen organizations. The directive appli … ⌘ Read more
Cloud Hypervisor 51 Brings Performance Improvements, Better QCOW2 v3 Support
Cloud Hypervisor 51 is now available for this Rust-based VMM focused on secure cloud computing. For what began as an Intel open-source project years ago is continuing to be largely led by Microsoft, Cyberus Tech, Tencent, Ant Group, and others… ⌘ Read more
OpenClaw Security Fears Lead Meta, Other AI Firms To Restrict Its Use
An anonymous reader quotes a report from Wired: Last month, Jason Grad issued a late-night warning to the 20 employees at his tech startup. “You’ve likely seen Clawdbot trending on X/LinkedIn. While cool, it is currently unvetted and high-risk for our environment,” he wrote in a Slack message with a red siren emoji. “Please keep Clawdbot of … ⌘ Read more
Mark Zuckerberg Grilled On Usage Goals and Underage Users At California Trial
An anonymous reader quotes a report from the Wall Street Journal: Meta Chief Executive Mark Zuckerberg faced a barrage of questions about his social-media company’s efforts to secure ever more of its users’ time and attention at a landmark trial in Los Angeles on Wednesday. In sworn testimony, Zuckerberg said Meta’s grow … ⌘ Read more
LLM-Generated Passwords Look Strong but Crack in Hours, Researchers Find
AI security firm Irregular has found that passwords generated by major large language models – Claude, ChatGPT and Gemini – appear complex but follow predictable patterns that make them crackable in hours, even on decades-old hardware. When researchers prompted Anthropic’s Claude Opus 4.6 fifty times in separate conversations, only … ⌘ Read more
Texas Sues TP-Link Over China Links and Security Vulnerabilities
TP-Link is facing legal action from the state of Texas for allegedly misleading consumers with “Made in Vietnam” claims despite China-dominated manufacturing and supply chains, and for marketing its devices as secure despite reported firmware vulnerabilities exploited by Chinese state-sponsored actors. The Register: The Lone Star State’s Attorney … ⌘ Read more
Fake Job Recruiters Hid Malware In Developer Coding Challenges
“A new variation of the fake recruiter campaign from North Korean threat actors is targeting JavaScript and Python developers with cryptocurrency-related tasks,” reports the Register.
Researchers at software supply-chain security company ReversingLabs say that the threat actor creates fake companies in the blockchain and crypto-trading sectors and publ … ⌘ Read more
Apple Patches Decade-Old IOS Zero-Day, Possibly Exploited By Commercial Spyware
This week Apple patched iOS and macOS against what it called “an extremely sophisticated attack against specific targeted individuals.”
Security Week reports that the bugs “could be exploited for information exposure, denial-of-service (DoS), arbitrary file write, privilege escalation, network traffic interception, … ⌘ Read more
Sudden Telnet Traffic Drop. Are Telcos Filtering Ports to Block Critical Vulnerability?
An anonymous reader shared this report from the Register:
Telcos likely received advance warning about January’s critical Telnet vulnerability before its public disclosure, according to threat intelligence biz GreyNoise. Global Telnet traffic “fell off a cliff” on January 14, six days before security a … ⌘ Read more
Israeli Soldiers Accused of Using Polymarket To Bet on Strikes
An anonymous reader shares a report: Israel has arrested several people, including army reservists, for allegedly using classified information to place bets on Israeli military operations on Polymarket. Shin Bet, the country’s internal security agency, said Thursday the suspects used information they had come across during their military service to i … ⌘ Read more
Evaluating The Performance Cost To AMD SEV-SNP On EPYC 9005 VMs
AMD Secure Encrypted Virtualization with Secure Nested Paging (SEV-SNP) provides memory encryption and integrity protections that can be especially useful in modern cloud computing. Typically a 2~10% performance overhead is reported when engaging AMD SEV-SNP for these hardware-backed security protections. In this article is an extensive look at the current AMD SEV-SNP performance impact for confidential computing on EPYC 9005 “Turin” servers. The curr … ⌘ Read more
Windows 11 Notepad Flaw Let Files Execute Silently via Markdown Links
Microsoft has patched a high-severity vulnerability in Windows 11’s Notepad that allowed attackers to silently execute local or remote programs when a user clicked a specially crafted Markdown link, all without triggering any Windows security warning.
The flaw, tracked as CVE-2026-20841 and fixed in the February 2026 Patch Tuesday upda … ⌘ Read more
Linus Torvalds Rejects MMC Changes For Linux 7.0 Cycle: “Complete Garbage”
The Linux MultiMediaCard “MMC” subsystem was set to see some new hardware support, optimized support for secure erase/trim on some eMMCs, and a variety of other improvements. But all of the MMC changes are rejected and will be for the duration of the Linux 7.0 cycle due to an apparent lack of testing and vetting via linux-next that led Linus Torvalds to calling it “complete garbage” and “untested crap”… ⌘ Read more
Iceland is Planning For the Possibility That Its Climate Could Become Uninhabitable
Iceland in October classified the potential collapse of the Atlantic meridional overturning circulation – the ocean current system that ferries warm water northward from the tropics and essentially functions as the country’s central heating – as a national security risk, a designation that amounts to a form … ⌘ Read more
Google’s Personal Data Removal Tool Now Covers Government IDs
Google on Tuesday expanded its “Results about you” tool to let users request the removal of Search results containing government-issued ID numbers – including driver’s licenses, passports and Social Security numbers – adding to the tool’s existing ability to flag results that surface phone numbers, email addresses, and home addresses.
The update, ann … ⌘ Read more
Intel CPU Microcode 20260210 Brings Security Updates & Functional Fixes
Intel today for Patch Tuesday released several generations worth of CPU microcode updates for addressing multiple security issues and functional issues… ⌘ Read more
Microsoft Begins the First-Ever Secure Boot Certificate Swap Across Windows Ecosystem
Microsoft has begun automatically replacing the original Secure Boot security certificates on Windows devices through regular monthly updates, a necessary move given that the 15-year-old certificates first issued in 2011 are set to expire between late June and October 2026.
Secure Boot, which verifies th … ⌘ Read more
Cyber-Espionage Group Breached Systems in 37 Nations, Security Researchers Say
An anonymous reader shared this report from Bloomberg:
An Asian cyber-espionage group has spent the past year breaking into computer systems belonging to governments and critical infrastructure organizations in more than 37 countries, according to the cybersecurity firm Palo Alto Networks, Inc. The state-aligned attacker … ⌘ Read more
A New Era for Security? Anthropic’s Claude Opus 4.6 Found 500 High-Severity Vulnerabilities
Axios reports:
Anthropic’s latest AI model has found more than 500 previously unknown high-severity security flaws in open-source libraries with little to no prompting, the company shared first with Axios.
Why it matters: The advancement signals an inflection point for how AI tools can help cyber … ⌘ Read more
Moltbook, Reddit, and The Great AI-Bot Uprising That Wasn’t
Monday security researchers at cloud-security platform Wiz discovered a vulnerability that allowed anyone to post to the bots-only social network Moltbook — or even edit and manipulate other existing Moltbook posts. “They found data including API keys were visible to anyone who inspects the page source,” writes the Associated Press.
But had it been disco … ⌘ Read more
Salesforce Shelves Heroku
Salesforce is essentially shutting down Heroku as an evolving product, moving the cloud platform that helped define modern app deployment to a “sustaining engineering model” focused entirely on stability, security and support.
Existing customers on credit card billing see no changes to pricing or service, but enterprise contracts are no longer available to new buyers. Salesforce said it is redirecting engineering investment … ⌘ Read more
FBI Couldn’t Get Into Reporter’s iPhone Because It Had Lockdown Mode Enabled
The FBI has been unable to access a Washington Post reporter’s seized iPhone because it was in Lockdown Mode, a sometimes overlooked feature that makes iPhones broadly more secure, according to recently filed court records. 404Media: The court record shows what devices and data the FBI was able to ultimately access, and whi … ⌘ Read more
Microsoft’s New Open-Source Project: LiteBox As A Rust-Based Sandboxing Library OS
Microsoft engineers and other stakeholders have been developing LiteBox as a security-focused library OS written in the Rust programming language and leveraging Linux Virtualization Based Security “LVBS”. The design is for LiteBox to operate as a secure kernel protecting the normal guest kernel via virtualization hardware… ⌘ Read more
Russian Spy Satellites Have Intercepted EU Communications Satellites
European security officials believe two Russian space vehicles have intercepted the communications of at least a dozen key satellites over the continent. From a report: Officials believe that the likely interceptions, which have not previously been reported, risk not only compromising sensitive information transmitted by the satellites … ⌘ Read more