New blog post: PF Firewall on FreeBSD - A Practical Guide

After years of running PF across multiple FreeBSD servers, I've written up the patterns that work: macros, tables, brute-force protection, NAT for jails, and dual-stack filtering.

Covers everything from basic concepts to production configs, plus a sidebar on authpf for bastion hosts.

If you're running FreeBSD and want a firewall that's elegant, powerful, and actually understandable, PF is worth your time.

https://blog.hofstede.it/pf-firewall-on-freebsd-a-practical-guide/

#FreeBSD #PF #Firewall #Security #Jails #SysAdmin #IPv6

GrapheneOS version 2026020600 released:

https://grapheneos.org/releases#2026020600

See the linked release notes for a summary of the improvements over the previous release.

Forum discussion thread:

https://discuss.grapheneos.org/d/31639-grapheneos-version-2026020600-released

#GrapheneOS #privacy #security

Where the web site #security question “what city were you born in?” is never answered honestly.

Alan discovers crypto malware in the Snap Store #linux #security
https://linuxmatters.sh/74/

What are we using for encrypted video conferencing & webinars these days?

Anything EU based worth looking at?

I have Zoom, but would like to move away from it since it's getting rather unstable (like the rest of the US).

#infosec #tech #security #safety #privacy

A friendly reminder to never trust manufacturers privacy protections.

I was recently attempting to get an external camera functioning, so I started polling various video devices sequentially to find out where it appeared and stumbled across a previously unknown (to me at least) camera device, right next to the regular camera that is not affected by the intentional privacy flap or "camera active" LED that comes built in.

I had always assumed this was just a light sensor and didn't think any further about it.

The bandwidth seems to drop dramatically when the other camera is activated by opening the privacy flap, causing more flickering.
This was visible IRL and wasn't just an artifact of recording it on my phone.
I deliberately put my finger over each camera one at a time to confirm the sources being projected.

A friend of mine suggested this may be related to Windows Hello functionality at a guess but still seems weird to not be affected by the privacy flap when its clearly capable of recording video.

dmidecode tells me this is a LENOVO Yoga 9 2-in-1 14ILL10 (P/N:83LC)

Command I used for anyone to replicate the finding. (I was on bog standard Kali, but I'm sure you'll figure out your device names if they change under other distros):
vlc v4l2:///dev/video0 -vv --v4l2-width=320 --v4l2-height=240 & vlc v4l2:///dev/video2 -vv --v4l2-width=320 --v4l2-height=240

#Cyber #Security #Infosec #Lenovo #Privacy #Hacking

https://www.youtube.com/watch?v=_3okhTwa7w4

video: How #AI Agents Ignore 40 Years of #Security Progress

#infosec #cyber #cyber #cybersecurity

For all their faults, this is why I still put Apple on the top of the list.

I see you, GrapheneOS...

FBI Couldn’t Get into WaPo Reporter’s iPhone Because It Had Lockdown Mode Enabled

https://www.404media.co/fbi-couldnt-get-into-wapo-reporters-iphone-because-it-had-lockdown-mode-enabled/

#FBI #ACAB #DOJ #WaPo #iPhone #Apple #LockdownMode #Security #Tech

#FBI stymied by Apple's #LockdownMode after seizing journalist's #iPhone

The Federal Bureau of Investigation has so far been unable to access data from a #WashingtonPost reporter's iPhone because it was protected by Apple's Lockdown Mode when agents seized the device from the reporter's home, the US government said in a court filing.
#apple #security #privacy #journalism

https://arstechnica.com/tech-policy/2026/02/fbi-stymied-by-apples-lockdown-mode-after-seizing-journalists-iphone/

MORE #UKRAINIANS READY TO #CEDE #DONBAS, BUT WITH #SECURITY GUARANTEES: In 2022, more than 80 percent of Ukrainians considered ceding territory to Russia unacceptable. Now, 40 percent are willing to give up #Donbas, but only under the condition of lasting peace and strong security guarantees from #European and #American partners, The New York Times reported. https://www.nytimes.com/2026/02/04/world/europe/ukraine-russia-war-donbas-region.html

If you use ingress-nginx, update your Kubernetes clusters folks, like right now:

https://github.com/kubernetes/kubernetes/issues/136677

https://github.com/kubernetes/kubernetes/issues/136678

https://github.com/kubernetes/kubernetes/issues/136679

https://github.com/kubernetes/kubernetes/issues/136680

#infosec #k8s #security

when they say videogames are unrealistic because a combination number is written on a note near the safe

#InfoSec #Security #SocialEngineering

"I'm an eighth-generation American, and let me tell you, I wouldn't trust my data, secrets, or services to a US company these days for love or money. Under our current government, we're simply not trustworthy."

#privacy #security #DigitalSovereignty

https://www.theregister.com/2026/01/30/euro_firms_must_ditch_us/

Interesting Git repos of the week:

Threats:

* https://github.com/unicodeveloper/globalthreatmap - the history of conflict mapped with analysis on how it affects modern threats
* https://github.com/narimangharib/starlink-iran-gps-spoofing - analysis of .ir tampering with Starlink

Detection:

* https://github.com/MHaggis/ADTrapper - automated hunting in AD
* https://github.com/NasirzadehMoh/CoLog - hunting with collaborative transformers
* https://github.com/Pr0kythera/Mitre-Attack-Sunburst - visualising ATT&CK

Bugs:

* https://github.com/mistymntncop/CVE-2025-5419 - Chrome popper?

Exploitation:

* https://github.com/thesp0nge/nightcrawler-mitm - stress test your web apps with @thesp0nge
* https://github.com/htrgouvea/nozaki - another HTTP fuzzer
* https://github.com/splunk/attack_range - simulated environments from Splunk

Hard hacks:

* https://github.com/blacktop/ipsw - dicking around with Apple
* https://github.com/checkra1n/PongoOS - alternative booting on Apple hardware

Hardening:

* https://github.com/splunk/DECEIVE - Splunk's work on LLM-based honeypots

Development:

* https://github.com/shortstheory/kioslave-tutorial - writing KDE IO slaves

Nerd:

* https://github.com/zampierilucas/scx_horoscope - a star crossed /proc

#security, #research, #code

In March 2026, Kubernetes will retire Ingress NGINX, a piece of critical infrastructure for about half of cloud native environments... Existing deployments will continue to work, so unless you proactively check, you may not know you are affected until you are compromised:

https://kubernetes.io/blog/2026/01/29/ingress-nginx-statement/

#security #infosec #k8s

"While encryption remains mathematically sound (...) its real-world protections are increasingly bypassed by the privileged position AI systems occupy inside modern user environments."

https://cyberinsider.com/signal-president-warns-ai-agents-are-making-encryption-irrelevant/

#AI #security #privacy

GrapheneOS version 2026012800 released:

https://grapheneos.org/releases#2026012800

See the linked release notes for a summary of the improvements over the previous release.

Forum discussion thread:

https://discuss.grapheneos.org/d/31269-grapheneos-version-2026012800-released

#GrapheneOS #privacy #security

#PSA for #CentOS #CentOS_Stream users - if you need fixed #OpenSSL builds immediately you can use the #CentOS_ProposedUpdates builds (not available for i686 due to Community Build Service limitations)

`sudo dnf install centos-release-proposed_updates && sudo dnf update 'openssl*'`

https://openssl-library.org/news/vulnerabilities/#2026

These are based on the MRs in progress for the official @centos Stream package and will be cleanly upgradable to the final build

#security

https://openssl-library.org/news/vulnerabilities/#2026

NVIDIA security bulletin for January 2026 reveals new GPU driver security issues https://www.gamingonlinux.com/2026/01/nvidia-security-bulletin-for-january-2026-reveals-new-gpu-driver-security-issues/

#NVIDIA #Linux #LinuxGaming #Drivers #Security

Palantir deals with #UK government amount to at least £670m – including £15m contract with nuclear weapons agency

#Britain’s reliance on #Palantir, the controversial #US data surveillance firm, is gaping national #security #vulnerability

- MPs, tech experts said investigation reveals how deeply embedded Palantir is in UK #critical national #infrastructure

[1/3]

#corruption #Outsourcing #military #VasselState

How would Europe cope with a departure of the US from NATO?

As Carlo Masala (BundeswehrU, Munich) argues, fully substituting for the US capabilities in NATO may be the wrong immediate objective; 'It’s not about being as good as the US, which will take us 15 years or even longer. It is just being better than the Russians'!

Framed like this, while the US leaving NATO would be undoubtedly difficult, the immediate problem(s) may be a little less daunting?

#NATO #security #EU
h/t FT

🔐 Aegis Authenticator is a free, open-source 2FA app for Android focused on privacy and security.

Stores all tokens in a locally encrypted vault (AES-256-GCM), works fully offline, supports TOTP & HOTP, and lets you create encrypted backups you control.
Available on F-Droid — no cloud, no tracking.

👉 https://github.com/beemdevelopment/Aegis

🔍 Listed on https://digital-escape-tools-phi.vercel.app/

#Privacy #OpenSource #Security #2FA #Android #FOSS #DeGoogle

@mjg59 Its Important to know....

If you use iOS and iCloud. You want to turn on Advanced Data Protection.
This generates a security key that only you will know. Back it up somewhere secure. It is never shared with Apple.

backups and data are encrypted on your device and even with a proper warrant. Apple would never be able to decrypt the data.

This is one of the features the UK has blocked and is not available there.

https://www.macrumors.com/how-to/enable-advanced-data-protection-icloud/

#Apple #iOS #security #privacy #encryption

Did you know that you can use `bastille verify` to check the integrity of your Bastille releases and templates?

> bastille verify 15.0-RELEASE

> bastille verify template/path

This is a great way to ensure that your deployments are
consistent and secure.

#FreeBSD #BastilleBSD #Security #Automation

More corruption within government - this time with the intention of making the UK dependent upon aUS tech - and as with the (English) NHS providing access to a deeply unpleasant organisation run by people who should not even be allowed to visit the UK.

https://www.opendemocracy.net/en/palantir-ministry-defence-hire-four-officials-2025-record-defence-contract-240-million/

#Corruption #MOD #Palentir #UkPol #AI #Privacy #Security #OpenDemocracy

More reasons not to use #Windows.

I know some people do not have a choice, but with #Microsoft turning over encryption keys to the fed (and that will include #ICE via #Palentir) as well as the eager cooperation of companies like #Amazon, now is the time to lock down your own data. The linked article presents the facts, but some of the comments do provides links to guides that can help you.

https://www.theregister.com/2026/01/23/surrender_as_a_service_microsoft/

#IT #security #Privacy

Not gonna lie.

But now each time i see an "app" that sell themselve as open source, and good for self hosting, with no out of US official mirror, i see their brand ... extremely negatively.

#us #eu #sovereinty #tech #foss #selfhosted #selfhost #privacy #security #mirror

In the wake of the tangerine Tyrant's threats to Greenland & his worsening attitude to NATO, its no surprise the UK Govt. has re-opened talks with the EU about participation in the Security Action for Europe;

previous negotiations broke down on the price the UK was (or wasn't) prepared to pay to participate.

Now with the transatlantic alliance looking less stable, the Govt. has again decided Europe may be a better bet... but will an acceptable price be found?

#security #UK #EU
h/t FT

I know antivirus software is business bullshit, but I don’t know any reliable source that has an explanation of this, I mostly based this knowledge on vibes…

Does anyone have any resources to share about this? Are antiviruses actually useless and dead?

#antivirus #antiviruses #security #cybersecurity

Convenience is the enemy of Sovereignty

#FOSS #OpenSource #GNULinux #GNU #Linux #Privacy #Security #CyberSecurity