the last weeks we saw more and more security issues coming up. Let's talk!

Sorry, a pretty long blog post about this...

https://gyptazy.com/blog/coding-after-ai-are-humans-still-good-enough/

#ai #aicoding #coding #opensource #foss #security #infosec #vulns #developer #devops #engineer #ops #fedi #philosophy

Alt...

Let's talk about AI slops - like this image!

About that... We now have a fourth vulnerability: ssh-keysign-pwn. Despite the first three letters, this is a Linux kernel vuln. PoC already available.

#Linux #Security #Vulnerabilities #InfoSec

OK. With Bitwarden acting every bit the American company it is, are there any drop-in replacements out there? Preferably standalone rather than part of a package. #security #passwordmanager https://www.fastcompany.com/91542655/bitwarden-scrubs-always-free-and-inclusion-values-from-its-website-as-longtime-execs-step-down

Security updates for Friday

https://lwn.net/Articles/1073059/ #LWN #Linux #security

🔐 Catch PSF's PyPI Safety and Security Engineer, @miketheman, talking Trusted Publishing at #OSSummit next week! Learn how to eliminate long-lived credentials from your #PyPI release workflow: no tokens, no secrets, just secure deploys. Tue May 19 @ 11am CDT #Python #SupplyChain #Security
https://osselcna2026.sched.com/event/2JQsc

Fragnesia and ssh-keysign-pwn are the latest Linux security problems https://www.gamingonlinux.com/2026/05/fragnesia-and-ssh-keysign-pwn-are-the-latest-linux-security-problems/

#Linux #OpenSource #Security

Security updates for Thursday

https://lwn.net/Articles/1072838/ #LWN #Linux #security

Benn Jordan at his tech best, again - this time hunting & hacking robot dogs

Robot Dogs Are A Security Nightmare

https://www.youtube.com/watch?v=lA8WuXDXfcI

#BennJordan #AI #Drones #RobotDogs #Security #Malware

Oh right. Ofcourse Bitlocker encryption can be bypassed with a mere thumbdrive.

If you MUST use Windows, then at least Veracrypt that shit.

#Windows #Security #Bitlocker #FDE #Disk #Encryption #Bypass

Copy Fail, Dirty Frag and now Fragnesia...

Upside: if you have already ripped out esp4, esp6 and rxrpc for Dirty Frag, you already have the mitigation in place for Fragnesia.

#Linux #Security #Vulnerabilities

Security updates for Wednesday

https://lwn.net/Articles/1072596/ #LWN #Linux #security

Popular emulator Cemu was recently compromised with malware in Linux downloads https://www.gamingonlinux.com/2026/05/popular-emulator-cemu-was-recently-compromised-with-malware-in-linux-downloads/

#Cemu #OpenSource #Emulation #Linux #Security

@GossiTheDog I never trusted #BitLocker with it's #Govware - #Backdoor anyway!

- Cuz now people put that trust into some #BackBox IC (#TPM) that is usually soldered down on the board that may or may not be #exploitable from the factory (whether due to #bugs, #incompetence or "Export Restrictions #Compliance" is irrelevant for the affected End-Users!)…

- If (for some horrible reason that I refuse to acknowledge as legitimate!) someone needs a #Windows machine BUT with #FullDiskEncryption, they should use the only REAL #FDE: #VeraCrypt!

#CensorBoot never was about #Security…

- Calling it "#SecureBoot" is adopting the enemy's #Propaganda-Speak!

Today I spoke with someone I've known for a very long time. We have a relationship of mutual trust, and when I can, I answer his questions about technology. Today he managed to put me in a difficult position.

He is going through a hard time and would like to do something, but doing it would require him to join a club. This club, although legitimate, legal, and in my eyes perfectly acceptable, could cause him some trouble at work if that information ever came out. Not so much in today's world, but in the world tomorrow may turn into.

Five years ago I would have told him to go ahead, without hesitation. Today, I truly could not reassure him. On the one hand, there is nothing bad or wrong about it. On the other, I no longer trust those who manage our personal data.

A provider has already notified me three times in the past year that my data was involved in a breach. Because of a particular relationship I have with them, I asked for clarification, and they explained that development, which is not managed by them, has become lower quality and that changing company is difficult. At the same time, they are worried about the repercussions.

Now: the fact that I am a customer of that company is not a problem. Even less so my email address, or the hash of my unique password. But if this acquaintance of mine were to be affected by a data breach in that context, he would be taking a serious risk. Much greater than he suspects.

So tonight I'm in limbo. He thanked me and decided not to sign up. I feel guilty, perhaps, for having been overly cautious.

#Security

Security updates for Tuesday

https://lwn.net/Articles/1072498/ #LWN #Linux #security

Stenberg: Mythos finds a curl vulnerability

https://lwn.net/Articles/1072325/ #LWN #Linux #security

Security updates for Monday

https://lwn.net/Articles/1072301/ #LWN #Linux #security

One of the first things I saw upon returning home, staring me in the face at San Francisco airport.

My immediate reaction: Fuck you, Cisco. (Which I guess could be unfair, since I have zero knowledge about what's going on at Cisco specifically. This was just a gut reaction at seeing AI yet again.)

#AI #security #today

Alt...

A big banner handing from the ceiling which says: The infrastructure AI demands. The security IT requires. That's followed by the Cisco logo (which includes the company name) in the lower right-hand corner.

MY FUCKING FAVORITE IS THE WEB FORM PASSWORD FIELD THAT WILL NOT LET YOU PASTE YOUR PASSWORD YOU GUYS ARE SO GODDAM SMART WHAT A SNEAKY MOVE TO FOIL THE BAD GUYS I FEEL SO SECURE YOU FUCKING MORONS

#securitytheater #security #password

My four-month-late #Introduction :
Work: #WordPress #hosting & #Security, #music #festival #IT, #Editor / #Filmmaker, #SmallBusiness

Life: #horror movies, music, #camping, curious and loves to learn, social justice, and to my surprise, a #runner who has #run 15,477 KM Jan 2020 - Dec 2022.

If you stop and look at something the more closely you examine it, the more amazing it becomes.

Married to the wonderful @TAV for over 25 years, furdad to Sprocket the #MinPin, (he/him) #Ottawa, #Canada

Automated #security scanning.

What tools do you use to scan your enviroments for security issues? Why?

Not looking for virusscanners here, more for a bit more enterprisy enviroment?

Are there things i should have a look at?

What is your experience in general?

RT welcome for reach.

#infosec #cyber #cybersecurity #blueteam

Let's Encrypt just stopped the issuance of certificates after an (so far not publicly disclosed) incident:

https://letsencrypt.status.io/pages/incident/55957a99e800baa4470002da/69fe2d6698ca07050eb4b1b3

If anyone encounters issues today with failed certificate renewals: It's probably not your setup.

#letsencrypt #itsec #devops #linux #security #tls

[$] Forgejo "carrot disclosure" raises security questions

An unusual, some might say hostile, approach to disclosing an alleged remote-code-execution (RCE) flaw in the Forgejo software-collaboration platform has sparked a multifaceted con [...]

https://lwn.net/Articles/1071499/ #LWN #Linux #security #Python

killswitch for short-term emergency vulnerability mitigation

https://lwn.net/Articles/1071861/ #LWN #Linux #security

Security updates for Friday

https://lwn.net/Articles/1071859/ #LWN #Linux #security

Linux security flaws Dirty Frag and Copy Fail are a good reminder to stay up to date https://www.gamingonlinux.com/2026/05/linux-security-flaws-dirty-frag-and-copy-fail-are-a-good-reminder-to-stay-up-to-date/

#Linux #OpenSource #Security

Oh good, another high-severity #Linux #security vulnerability that somebody botched the disclosure of, turning it into a high-severity zero-day.

Because #CopyFail wasn't bad enough. Now we've got #DirtyFrag too.

Can #cybersecurity people please stop botching vulnerability disclosure? Thanks.

https://github.com/V4bel/dirtyfrag/blob/master/README.md

#security

Dirty Frag: Universal Linux LPE https://www.openwall.com/lists/oss-security/2026/05/07/8

This is a report on "Dirty Frag", a universal LPE that allows obtaining root privileges on all major distributions. This vulnerability has a similar impact to the previous Copy Fail.

#linux #security

Looks like Instructure got pwned by ShunyHunters. I went to the onion address and it's legit. They've got until May 12, 2026 to pay the ransom or the data gets leaked.

Shown is the screen when logging into Canvas for students to do their homework.

#security #cybersecurity

Alt...

Screenshot from a hacked Canvas page showing the ransom message from ShinyHunters

Dirty Frag: a zero-day universal Linux LPE

https://lwn.net/Articles/1071719/ #LWN #Linux #security

Day 1 at DEVWorld Amsterdam is a wrap 🇳🇱

Back again tomorrow and we’re also sponsoring the photo booth. Stop by, say hi, and build yourself a keycap fidget toy.

#DevWorld #Amsterdam #Tailscale #Networking #DevTools #Cloud #Security #Developers

Security updates for Thursday

https://lwn.net/Articles/1071700/ #LWN #Linux #security

LibreNMS (https://www.librenms.org) has been a faithful companion for years now. It quietly handles the monitoring of my servers, devices, and services without demanding much in return - exactly what you want from a tool whose job is to watch over everything else. It's a solid alternative to heavier solutions like Zabbix, and it gives you alerts, data, and graphs on virtually anything reachable over SNMP.

I usually install it on a host that is not reachable from the outside, then let it poll all the devices through a VPN: a single observation point, clean perimeter. The ability to create multiple dashboards - and to filter them by user - has also let me give clients a transparent window onto their own servers. Transparency, in my experience, is always the better long-term bet.

Together with Uptime-Kuma (https://it-notes.dragas.net/2024/07/22/install-uptime-kuma-freebsd-jail/) (and the good old Nagios/Munin pair), LibreNMS lives in a FreeBSD jail on my monitoring servers and just does its job.

This post walks through a plain installation of LibreNMS on FreeBSD: package-based, no reverse proxy, no HTTPS, no fancy hardening. The goal is to get to a working setup you can build on top of.

Assumptions

• FreeBSD 15.0-RELEASE, in a jail or on a dedicated VM/host
• nginx + php-fpm + MySQL 8.4
• LibreNMS installed from the official package — not via git clone

Installation

pkg install librenms mysql84-server python3 nginx

pkg install php84-opcache

MySQL

cd /usr/local/etc/mysql
cp my.cnf.sample my.cnf

innodb_file_per_table=1
lower_case_table_names=0

service mysql-server enable
service mysql-server start

mysql

CREATE DATABASE librenms CHARACTER SET utf8mb4 COLLATE utf8mb4_unicode_ci;
CREATE USER 'librenms'@'localhost' IDENTIFIED BY 'password';
GRANT ALL PRIVILEGES ON librenms.* TO 'librenms'@'localhost';
exit

php-fpm

listen = /var/run/php-fpm-librenms.sock
listen.owner = www
listen.group = www
listen.mode = 0660

cd /usr/local/etc
cp php.ini-production php.ini

date.timezone = Europe/Rome

nginx

server {
    listen      80;
    #server_name yourServerName
    root        /usr/local/www/librenms/html;
    index       index.php;
    charset utf-8;
    gzip on;
    gzip_types text/css application/javascript text/javascript application/x-javascript image/svg+xml text/plain text/xsd text/xsl text/xml image/x-icon;
    location / {
        try_files $uri $uri/ /index.php?$query_string;
    }
    location /api/v0 {
        try_files $uri $uri/ /api_v0.php?$query_string;
    }
    location ~ \.php$ {
        fastcgi_split_path_info ^(.+\.php)(/.*)$;
        set $path_info $fastcgi_path_info;
        try_files $fastcgi_script_name =404;
        include fastcgi_params;
        fastcgi_param SERVER_SOFTWARE "";
        fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
        fastcgi_param PATH_INFO $path_info;
        fastcgi_index index.php;
        fastcgi_pass unix:/var/run/php-fpm-librenms.sock;
        fastcgi_buffers 256 4k;
        fastcgi_intercept_errors on;
        fastcgi_read_timeout 14400;
    }
    location ~ /\.(?!well-known).* {
        deny all;
    }
}

service nginx enable
service nginx start
service php_fpm enable
service php_fpm start

LibreNMS configuration

cp /usr/local/www/librenms/config.php.default /usr/local/www/librenms/config.php

Create the directory for RRD graphs and set ownership:

mkdir -p /var/db/librenms/rrd
chown -R www:www /var/db/librenms
chmod 775 /var/db/librenms/rrd

cd /usr/local/www/librenms
cp .env.example .env
chown www .env

• DB_DATABASE - librenms
• DB_USERNAME - librenms
• DB_PASSWORD - the one you actually used (not password, please)

INSTALL=true

ls -la /usr/local/www/librenms/storage /usr/local/www/librenms/bootstrap/cache

su -m www -c "php artisan key:generate"

chmod 600 .env

su -m www -c "lnms config:clear"
su -m www -c "lnms config:cache"

Web installer

su -m www -c "lnms config:clear"
su -m www -c "lnms config:cache"

Polling service

service librenms enable
service librenms start

Validate

cd /usr/local/www/librenms
su -m www -c './validate.php'

Next steps

https://it-notes.dragas.net/2026/05/07/monitor-your-services-with-librenms-on-freebsd/

#ITNotes #NoteHUB #freebsd #hosting #jail #monitoring #networking #ownyourdata #security #server #tutorial

[$] LLM-driven security reports disrupt coordinated disclosure

Predictions that LLM tools would cause a surge in reports of security vulnerabilities have, unquestionably, borne out. As expected, maintainers are having to wade through more secu [...]

https://lwn.net/Articles/1070698/ #LWN #Linux #security #Debian #SUSE #RedHat #Gentoo #Python #Git

Security updates for Wednesday

https://lwn.net/Articles/1071466/ #LWN #Linux #security

Time to get a new wallet? Marco Martin releases KeepSecret 1.1, KDE's new password manager.

https://notmart.org/blog/2026/05/keepsecret-1-1/

#passwords #security #OpenSource #FreeSoftware #desktop #keyring

Alt...

KeepSecret main windows, showing two wallets labelled "Login" and "kdewallet". Login is highlighted and shows two test entries for website logins.