Security updates for Tuesday

https://lwn.net/Articles/1071324/ #LWN #Linux #security

#Python #cryptography library (yes, the one that criticizes everything and everyone) is now vibecoded. Our future is truly bright!

Noticed because apparently "Claude" wrote a test that OOM-ed my system. But hey, #RustLang protects against memory errors, so it's fine to vibecode your security critical components.

https://github.com/pyca/cryptography/pull/14782

#security #AI #LLM #NoAI #NoLLM

Security updates for Monday

https://lwn.net/Articles/1071167/ #LWN #Linux #security

Time for some #security fixes.

https://github.com/dani-garcia/vaultwarden/releases/tag/1.36.0

#vaultwarden #bitwarden #selfhosting #selfhosted #homelab #docker #synology

Eden: NHS goes to war against open source

https://lwn.net/Articles/1070864/ #LWN #Linux #security

Releases are still pending, but our repositories all received upgraded kernels to address copy.fail (CVE-2026-31431).

So make sure you upgrade to the latest available kernels.

edge: >= linux-lts-6.18.22
3.23: >= linux-lts-6.18.22
3.22: >= linux-lts-6.12.85
3.21: >= linux-lts-6.12.85
3.20: >= linux-lts-6.6.137
3.19: >= linux-lts-6.6.137
3.18: >= linux-lts-6.1.170
3.17: >= linux-lts-5.15.204

#AlpineLinux #security

🆕 blog! “Responsible Disclosure: Chimoney Android App and KYCaid”

Chimoney is a new "multi-currency wallet" provider. Based out of Canada, it allows users to send money to and from a variety of currencies. It also supports the new Interledger protocol for WebMonetization.

But it has a security flaw which cannot be ignored.

👀 Read more: https://shkspr.mobi/blog/2026/01/responsible-disclosure-chimoney-android-app-and-kycaid/
⸻
#android #CyberSecurity #ResponsibleDisclosure #security #WebMonetization

Security updates for Friday

https://lwn.net/Articles/1070848/ #LWN #Linux #security

He relies on Bab Al-Mandeb to keep critical #aid coming in and fears the consequences if Bab Al-Mandeb’s #security is threatened.

Security updates for Thursday

https://lwn.net/Articles/1070640/ #LWN #Linux #security

Security review of Plasma Login Manager (SUSE Security Team Blog)

https://lwn.net/Articles/1070434/ #LWN #Linux #security #SUSE

Security updates for Wednesday

https://lwn.net/Articles/1070428/ #LWN #Linux #security

"GAO report on DOGE payments access ‘just the tip of the iceberg’:

More than a year after the Department of Government Efficiency began deploying across government, new reports are detailing how agencies dealt with DOGE efforts to access sensitive information..."

When" Federal News Network" becomes a necessary read, you know the Government messed up big time. 😐

https://federalnewsnetwork.com/agency-oversight/2026/04/gao-report-on-doge-payments-access-just-the-tip-of-the-iceberg/
h/t @metacurity
https://infosec.exchange/@metacurity/116487537047751516
#DOGE GAO #privacy #encryption #security

This is such a cunning, shameless, beautiful scam.

Got an email from Equifax (who exposed zillions of records to hackers not long ago if memory serves), the gist of which was:

'Nice credit rating you got there. Be a shame if something happened to it...'

I took the bait and logged in.

The images tell the story.

It's a sublime shakedown.

@pluralistic

#economics #equifax #security #tech

Alt...

email from Equifax warning of people accessing credit info potentially being scammers

Alt...

Link followed to see what can be done about this - the Equifax page provides an option promising help

Alt...

Oh, help is going to cost you $35/month minimum. And if you don't subscribe (which I didn't) and something happens, you can guess they'll blame it on you for not subscribing

Alt...

Maybe an agent can clarify. They've got a bot helper, so I ask it. Nope, no agents available. But you can call a 1-866 number and spend oodles of unpaid time waiting for someone to tell you you're wasting your time (which you already knew).

#Prison for two "local entrepreneurs" in #Hull Northern #England after they ignored #event #licensing and #safety requirements, leading to a lass being killed after she fell from height in an unsafe area of a small #music events venue

They were even caught due to their *own* #CCTV showing the #security failings (so they were prepared to go to all the trouble of installing #surveillance equipment, but not actually looking after their punters)

https://www.itv.com/news/calendar/2026-04-27/men-sentenced-after-womans-death-at-illegal-event

One reason why I don't drive an #Audi #S3 or #RS3 - at least a #GolfGTI is nowadays viewed as "middle aged mans car" and overlooked by the kind of people you *don't* want "admiring" it (as its overshadowed by the #GolfR, which I noped out on as too thirsty and more costly to maintain).

My registration mark also makes my car look older than it actually is..

I also do not leave my keys in easy to find locations, any #burglar would struggle to negotiate my chaotic house in darkness (I live alone, so having a few "trip hazards" around isn't a problem to me)

#crime #cars #security

https://www.itv.com/news/meridian/2026-04-28/gang-who-tried-to-throw-away-car-keys-before-arrest-jailed-for-vehicle-thefts

Security updates for Tuesday

https://lwn.net/Articles/1070184/ #LWN #Linux #security

Even though #AGE beat #GPG in my recent benchmarks, it came close once I disabled the compression that's on by default both via the terminal, and if you just right click a file and click "Encrypt". Kinda makes me think that the "nautilus-seahorse" extension for Gnome/Nautilus should provide a checkbox in the dialog to enable/disable compression. Right now all it asks is whether you want to use a password or PGP recipient, and whether you want to digitally sign the output file.

#Security

Alt...

A screenshot of the dialog you are presented with when you right click a file in Gnome nautilus and click "encrypt".

Security updates for Monday

https://lwn.net/Articles/1069938/ #LWN #Linux #security

Kommentar: Kein Hack, nur Ignoranz

Spitzenpolitiker sind auf eine Phishing-Attacke hereingefallen, die über Signal ausgeführt wird. So kann es nicht weitergehen, meint Falk Steiner.

https://www.heise.de/meinung/Kommentar-Kein-Hack-nur-Ignoranz-11272211.html?wt_mc=sm.red.ho.mastodon.mastodon.md_beitraege.md_beitraege&utm_source=mastodon

#Bundesregierung #Journal #Security #Signal #Spionage #news

«Librecast - Decentralisation and Privacy with Multicast»

Do any of you know this and use it? What is this good for and is it almost like the Gemini protocol?

🌐 https://librecast.net
@librecast

#librecast #gemini #internet #web #internet #privacy #muticast #askfedi #decentralization #geminiprotocol #privacy #security

GnuPG 2.5.19 released

https://lwn.net/Articles/1069552/ #LWN #Linux #security

Security updates for Friday

https://lwn.net/Articles/1069549/ #LWN #Linux #security

What is Security Theater?

#Security #theater refers to highly visible security measures that create the #illusion of increased #safety but don’t stop #threats.

The term is often used disparagingly to describe #superficial security practices that don’t reduce risk. Simply put, security #theatre is all about #appearances, not #results.

https://www.techtarget.com/whatis/definition/security-theater

#SecurityTheatre #ignorance #incompetent #IT #CriticalThinking #Internet #banking #airports #QuestionAuthority

#Bitwarden CLI 2026.4.0 compromised in a supply chain attack.

https://socket.dev/blog/bitwarden-cli-compromised

Looks like the window was incredibly small and the impact minimal. A CVE is still being issued.

https://community.bitwarden.com/t/bitwarden-statement-on-checkmarx-supply-chain-incident/96127

> "The issue affected the npm distribution mechanism for the CLI during that limited window, not the integrity of the legitimate Bitwarden CLI codebase or stored vault data."

No need to panic, but I have a feeling we'll see a lot more of this. Recall XZ and SSH?

#security #cybersecurity

Security updates for Thursday

https://lwn.net/Articles/1069356/ #LWN #Linux #security

Iran is claiming that the US used backdoors into networking kit to disturb their communications. The Chinese press are just loving it, after all they are the ones (the US says) who are putting all of those backdoors in.

https://www.theregister.com/2026/04/21/iran_claims_us_used_backdoors

#IT #Networking #Backdoors #Security #USA #China

Things you learn…

Apart from Mandelson’s close links to Chinese companies, I was surprised to find that he was a director of a company, Sistema which holds share in and is closely linked to RTI - a Russian arms manufacturer. Add to that his liking of holidays with any oligarch with a large boat as well as Epstein and his team of kleptocrats, and he was not considered a security risk? He seems to be happy to sell us all to the highest bidder.
#Mandelson #Starmer #Epstein #Russia #China #Security

And now a funny commentary. This guy from India or Russia or whatever spent quite literally 3-4 HOURS with my 93-year-old mom trying to get her to install stuff, share her screen, and get through a password change. In that time she managed to install 2 apps and change TWO passwords. That’s it.

He should have been some kind of priest, rabbi, or imam or something. Patience. Of. A. Saint. Sad to think of this amazing super power going to waste on a life of crime.

I have to do these things with her and I can’t get them done any faster than that. But I don’t have the stamina to go 4 hours in the ring with her. 😜 This guy is impressive.
#identitytheft #malvertising #security

On my KDE desktop, "Windows Key + R" pulls up the Spectacle tool to start/stop a region recording.

Sorry boss, no dice at your trojan install. Nice try though.

#security #cybersecurity

Alt...

Fake Cloudflare captcha modal dialog trying to trick the user into installing a trojan on a Windows machine.

The government cannot be your child's parent. You cannot protect your children from the fact that bad things exist in the world.

You'll never be able to protect your children from Sex Drugs and Rock 'n Roll, by pretending they don't exist. (banning things just forces those things to fester in the dark… where you cannot police them… enter the dark web, which is easy as pie to access).

https://www.eff.org/deeplinks/2025/12/age-verification-coming-internet-we-built-you-resource-hub-fight-back

#linux #privacy #security

[$] Dependency-cooldown discussions warm up

Efforts to introduce malicious code into the open-source supply chain have been on the rise in recent years, and there is no indication that they will abate anytime soon. These att [...]

https://lwn.net/Articles/1068692/ #LWN #Linux #security #Debian #Rust #Python

Security updates for Wednesday

https://lwn.net/Articles/1069105/ #LWN #Linux #security