Where can I find fellow fedi users that moved to the #Netherlands to work in the #IT sector, especially #security related roles like security analyst or security engineer? 💻 🇳🇱

I am looking forward to connect with you :)

Switzerland Ends #Palantir Contract Over #Data #Sovereignty Risks - #Cybersecurity

#Switzerland’s decision to discontinue the use of Palantir is not a #technology story.

- It's a #risk management story. The platform was not rejected because it failed to perform. On the contrary, it delivered advanced data fusion and operational insight.

It was rejected because the residual sovereignty risk was considered unacceptable.

#security #BigData #insecure #surveillance #SurveillanceCapitalism

[1/2]

This case shows the growing dilemma that many countries now face. In a global supply chain economy, the most capable #digital #platforms are rarely national

- They are built, operated, updated, and legally #governed elsewhere

For #sensitive domains such as #defense, #intelligence, #public #safety, and #critical #infrastructure, this creates a structural tension between performance and control.

https://zendata.security/2026/02/14/switzerland-ends-palantir-contract-over-data-sovereignty-risks/

#BigData #privacy #security #corruption #dictators

[2/2]

In a capitalist society privacy is only as good as it is profitable.

#Privacy #Security #Capitalism

> There is sunshine and rainbows in our future Hank because strong security is simple security. #Passwords stink. Multiffactor authentication (#MFA) where you type in a code stinks. So really we to be secure we have to take the human out of the equation and that means it'll be easier for us.

https://youtu.be/V6pgZKVcKpw?si=NilUbnumkT18R5Y0&t=827

#Yep #Security #WellPut

Windows Defender is being used to hack Windows via @Jeremiah https://lobste.rs/s/hihcnv #security #windows
https://hackingpassion.com/bluehammer-windows-defender-zero-day/

🆕 blog! “FobCam '25 - All my MFA tokens on one page”

Some ideas are timeless. Back in 2004, an anonymous genius set up "FobCam". Tired of having to carry around an RSA SecurID token everywhere, our hero simply left the fob at home with an early webcam pointing at it. And then left the page open for all to see.

Security expert Bruce…

👀 Read more: https://shkspr.mobi/blog/2025/04/fobcam-25-all-my-mfa-tokens-on-one-page/
⸻
#2fa #CyberSecurity #MFA #Satire(Probably) #security

We’ve published the second monthly report (March 2026) for the Cyber Resilience Act Readiness project, part of our ongoing 2026 effort to prepare the FreeBSD community for the European Union’s cybersecurity regulation.

Read the March report: https://github.com/FreeBSDFoundation/all-projects/blob/main/Cyber%20Resilience%20Act%20Readiness/monthly-updates/2026-03.md

#FreeBSD #OpenSource #Security #CyberResilienceAct #CRA #Community

Proton built their entire brand on one promise: Swiss law means government agencies can't touch your data.
Their own Terms of Service, their own infrastructure contracts, and a federal court case from March say otherwise.

https://blog.ppb1701.com/not-even-government-agencies

#bigtech #blog #infosec #privacy #proton #protonmeet #security #surveillance #userhostile #selfhosting

Security updates for Friday

https://lwn.net/Articles/1067200/ #LWN #Linux #security

In the past, many FOSS proponents would mistakenly apply the "many eyes make bugs shallow" quote to all classes of bugs, in particular security ones. That historically hasn't been true because you need security expertise to find security bugs, it's not democratized in the same way as general classes of bugs.

LLMs have now changed that. This blog post by Thomas Ptacek does a good job of explaining what is going on:

https://sockpuppet.org/blog/2026/03/30/vulnerability-research-is-cooked/

#security #AI #LLM

[$] A flood of useful security reports

The idea of using large language models (LLMs) to discover security problems is not new. Google's Project Zero investigated the feasibility of using LLMs for security research in 2 [...]

https://lwn.net/Articles/1066581/ #LWN #Linux #security #FOSDEM

Security updates for Thursday

https://lwn.net/Articles/1066972/ #LWN #Linux #security

yes, this happened:

Apr 8 23:46:59 skapet sshd-session[69515]: Failed none for invalid user Can't locate List/Util.pm in @INC (you may need to install the List from 175.199.67.164 port 51226 ssh2

(and several times more, of course)
#ssh #bot #botnet #passwordgroping #passwordguessing #sshgropers #cybercrime #security

Background: "Badness, Enumerated by Robots" https://nxdomain.no/~peter/badness_enumerated_by_robots.html and links therein

The #VeraCrypt and #WireGuard maintainer accounts have been locked out by Microsoft. They are now unable to deliver Windows updates.

https://cybernews.com/security/microsoft-suspends-veracrypt-wireguard-accounts-maintainers/

#security #cybersecurity

From Spain...

"Iran, Sánchez: “No applause for those who set the world on fire and then show up with a bucket of water”"

#Russia #India #China #USA #Economy #Finance #Technology #Security #News #Iran #Israel #War #EU #NATO #Oil #Nuclear #Weapons #Trump #Warcrimes

https://lapresse.us/world/2026/04/08/iran-sanchez-no-applause-for-those-who-set-the-world-on-fire-and-then-show-up-with-a-bucket-of-water/

Nix privilege escalation security advisory

https://lwn.net/Articles/1066813/ #LWN #Linux #security

Security updates for Wednesday

https://lwn.net/Articles/1066809/ #LWN #Linux #security

GrapheneOS version 2026040600 released:

https://grapheneos.org/releases#2026040600

See the linked release notes for a summary of the improvements over the previous release.

Forum discussion thread:

https://discuss.grapheneos.org/d/33898-grapheneos-version-2026040600-released

#GrapheneOS #privacy #security

Nix security advisory: Privilege escalation via symlink following during FOD output registration

https://discourse.nixos.org/t/nix-security-advisory-privilege-escalation-via-symlink-following-during-fod-output-registration/76900

#security #nixpkgs #nixos

BREAKING: reportedly a baby was sighted successfully self-hosting a #chatmail relay after accidentally typing on the keyboard of unsupervised parent's laptop

#selfhosting #selfhost #decentralization #deltachat #arcanechat #email #chatting #chat #encryption #security #security #humor #joke #meme #comedy #programmer_humor #sysAdmin

Security updates for Tuesday

https://lwn.net/Articles/1066665/ #LWN #Linux #security

OpenSSH 10.3/10.3p1 released! https://undeadly.org/cgi?action=article;sid=20260407084719 #openbsd #openssh #ssh #security #cryptography #networking

The Hidden Blast Radius of the Axios Compromise, by @ahmadnassri (@SocketSecurity):

https://socket.dev/blog/hidden-blast-radius-of-the-axios-compromise

#dependencies #npm #security

Security updates for Monday

https://lwn.net/Articles/1066505/ #LWN #Linux #security

Hackers breached the European Commission (The Next Web)

https://lwn.net/Articles/1066371/ #LWN #Linux #security

@nielsa no, that's not what I'm telling you.

I prefer to believe that most people will be thoughtful.

＂… a huge number of bugs. I have so many bugs in the Linux kernel that I can't report because I haven't validated them yet. I'm not going to make some open source developer validate bugs that I haven't checked yet. I'm not going to send them potential slop … I now have … several hundred crashes that they haven't seen because I haven't had time to check them. We need to find a way to fix this …＂

– Nicholas Carlini

#Linux #FreeBSD #security #cybersecurity #infosec #AI #LLMs

Alt...

Screenshot: a frame from https://www.youtube.com/watch?v=1sd26pWhfmg

➡️ #Security in 2025: Make sure your OS is up to date, use trusted apps from trusted sources, use strong passwords, beware of apps with excessive permission requests, be careful with phishing attempts...
➡️ Security in 2026: The most popular app in GitHub requires complete access to your system and personal accounts holding sensitive information, and you must assume your system is compromised 🤦‍♂️

#GenerativeAI makes people dumb 🤷‍♂️
https://arstechnica.com/security/2026/04/heres-why-its-prudent-for-openclaw-users-to-assume-compromise/

For real, many people asked me for their smaller and mid-sized environments, how to handle remote syslog of their nodes. I had some ideas (some of you may have already found my Rust interpretation of this) but I think having this included in #PegaProx as a centralized management interface makes more sense.

So, PegaProx comes with an own syslog server (ipv4/ipv6, udp/tcp, encrypted/unencrypted support) and is wired to the interface within the resources tab. Providing a quick overview of all your logs and filter options. The next thing is wiring it to the notification system of PegaProx, allowing automated alerting. Might be nice to quickly identify when the quorum got lost - all built-in into PegaProx!

#easter #development #coding #python #opensource #foss #pve #proxmox #proxmoxve #virtualization #vmware #alternatives #free #logging #security #gyptazy #proxmoxdatacenter #homelab #enterprise

Alt...

A syslog integration (server & frontend audit) for PegaProx for Proxmox based clusters

Security updates for Friday

https://lwn.net/Articles/1066236/ #LWN #Linux #security

LinkedIn Is Illegally Searching Your Computer

https://browsergate.eu

#tech #technology #BigTech #IT #enshittification #microslop #microsoft #LinkedIn #social #media #SocialMedia #data #security #safety #InfoSec #internet #web

OpenSSH 10.3 released

https://lwn.net/Articles/1065991/ #LWN #Linux #security #OpenSSH

Security updates for Thursday

https://lwn.net/Articles/1066084/ #LWN #Linux #security

Last summer I looked at the Internet exposure of a few #ICS devices that have historically been the subject of attacks by Iranian threat actors. Given continued activity in the region, I refreshed that data and took another look at exposures.

Good news: all four device/software types showed at least a slight decrease in exposures since last June, even if we aren't entirely sure why.

More details + graphs here: https://censys.com/blog/ics-iran-part-2-revisiting-exposure-of-previously-targeted-ics-devices/

#security #infosec

if you like this, I'm aiming to provide at least one #foss project with an app icon every week.

honoured to have gained around 40 supporters in my first jobless month! ❤️

your sponsorship will help me keep this up. :)

https://mastodon.social/@hbons/116166139945148680

#linux #gnome #app #icon #design #security

Peter Sanchez boosted

Hylke Bons 🥜 » 🌐 2026-03-03
@hbons@mastodon.social

hey everyone,

you may have guessed reading between the lines, but I lost my job in the recent tech layoffs…

also burnt out and realised I need to go back to working on stuff I care about.

I hope to gather enough small monthly sponsors to at least cover the bills, so I can:

- 🖥️ create beautiful apps for #Linux / #GNOME

- ✏️ provide free #design support to #OpenSource projects

if you like my work, please consider $1/month to make this possible?

thank you. :)

https://github.com/sponsors/hbons

Meanwhile in the UK, government stitch ups continue unabashed

https://www.theregister.com/2026/04/01/peoples_panel_digital_id/

#DigitalID #IDCard #UKPol #Labour #LabourPOl #WetDreams #IT #Privacy #Security #Control

This article about #anthropic ‘s #claude CLI is also hysterical (in a making me want to give up #security and join a commune kind of hysterical) because of the anthropomorphising of the AI.

What is the most frustrating aspect of LLMs? Many would use the anthropomorphic term “hallucination.” Apparently #hallucinations are bad but “dreams” are good?

When a user goes idle or manually tells Anthropic to sleep at the end of a session, the AutoDream system would tell Claude Code that “you are performing a dream—a reflective pass over your memory files.”

“Why does my code say that Wonder Woman is running a taco truck downtown and I’m the only person who can save her dog?” Oh. Right. It was dreaming.

We can quit #cybersecurity and just go farm potatoes or something. After 25 years of #appsec one of the most talked-about tech companies invents a daemon process that

makes use of a file-based “memory system” designed to allow for persistent operation across user sessions.

Sure. Just store your system instructions in a random text file.

Why are we installing endpoint protection on this system?

Why do we verify cryptographic signatures on software updates to this system?

Why are we building a zero trust security environment?

Why do we do scan email to avoid social engineering emails?

Our AI-assisted users are gonna YOLO right past all that. And if they can’t get past our #security controls, this agentic Frankenstein will write itself some markdown and work quietly in the background figuring out how to bypass something the user couldn’t bypass on their own.

This is #infosec in 2026

done! drew the rest of the f***ing owl.

#linux #gnome #app #icon #design #security

Alt...

App icon for BitRitter in the GNOME icon style. A light blue shield with a thick darker blue border. Overlayed is a password field.

TLS and SSH rely on Certificate Authorities (CAs) for authentication, but they also present a vector for Man in the Middle attacks. What if you could set up your own CA to reduce your exposure?

➡️ https://fedoramagazine.org/make-a-private-ca-with-step-ca/

#WebDev #Linux #Security #InfoSec #Cybersecurity #Fedora

Security updates for Wednesday

https://lwn.net/Articles/1065814/ #LWN #Linux #security

Great distraction from the Epstein files and the thickening quagmire in Iran — but it's not going to lower gas prices nor help with the midterms:
U.S. plans a witch hunt — err... antifa summit.

Deflect and distract. 🙁
https://www.reuters.com/world/us/us-counterterror-officials-plan-antifa-summit-sources-say-2026-03-31/
h/t @Nonilex
https://masto.ai/@Nonilex/116323980616642754
#AntiFascism #antifa #resist #law #security #fascism #FarRight #authoritarianism #tyranny

Vulnerability Research Is Cooked (sockpuppet.org)

https://lwn.net/Articles/1065586/ #LWN #Linux #security

Security updates for Tuesday

https://lwn.net/Articles/1065585/ #LWN #Linux #security

Running your own identity provider is all fun and games until you're debugging OIDC token flows at 2 AM.

If you want to deploy Keycloak 26 the right way - with proper network isolation, no plaintext passwords, and systemd-native declarative configs. I just published a new deep-dive.

We're ditching compose files and building a production-ready, daemonless stack using Podman Quadlets and systemd.

Read the full guide here: https://blog.hofstede.it/keycloak-26-on-podman-with-quadlets-identity-management-the-systemd-way/

#Linux #Podman #Keycloak #systemd #DevOps #Containers #SelfHosted #RHEL #Security

Axios has been hacked...

https://www.stepsecurity.io/blog/axios-compromised-on-npm-malicious-versions-drop-remote-access-trojan

#security #javascript #frontend

#NPM #axios maintainer has lost control of their account. Malicious versions 1.14.1 and 0.30.4 have been published which include a RAT.

NPM has pulled the effected versions and the payload. Time to clean up and see if you were effected.

StepSecurity has an awesome write up on this issue with #iocs

Link follows this toot.

#CTI #infosec #node #cybersecurity #security #nodejs #js #malware

Keep in contact with colleagues without having to give your phone number

With #ArcaneChat you can also keep separated profiles, one for family and more intimate friends and other for people you don't have so close relation with

#privacy #security #family #friends #autonomy #chatapp #opensource #digitalindependence #autonomy #european #europe

Alt...

ArcaneChat: Welcome to private chatting

"Spain closes its airspace to all US aircraft involved in Iran war"

#Russia #India #China #USA #Economy #Finance #Technology #Security #Hybrid #Iraq #News #Iran #Israel #War #EU #NATO #Oil #Escalation #Spain

https://www.euronews.com/2026/03/30/spain-closes-its-airspace-to-all-us-aircraft-involved-in-iran-war