#certificate-authorities

#certificate-authorities

I've always had what I would consider a hacker mindset, a curiosity to take things apart, understand them, and use that knowledge to solve problems. That mindset took me on a circuitous route into the cybersecurity industry; after being kicked out of high school for hacking computer systems, I worked a range of jobs, managing office supply companies by day and cracking Wi-Fi networks by night until I started a Digital Forensics degree which led me to the world of security research.

FOSDEM 2026 Amid growing interest in digital sovereignty and getting data out of the corporate cloud and into organizations' ownership, the Matrix open communication protocol is thriving. The project was co-founded by Matthew Hodgson and Amandine le Pape, and The Reg FOSS desk met both at this year's FOSDEM for a chat about what's happening with Matrix. The Register has covered Matrix and its commercial Element side quite a few times over the years,

Never feel that you are totally safe. In July 2025, one company learned the hard way after an AI coding assistant it dearly trusted from Replit ended up breaching a "code freeze" and implemented a command that ended up deleting its entire product database. This was a huge blow to the staff. It effectively meant that months of extremely hard work, comprising 1,200 executive records and 1,196 company records, ended up going away.

can conceal online activity that local or national governments deem illegal - up to and including, say, circumventing ID checks for age verification. Consumers aren't helped by the sheer amount of duds sold in app stores right next to the best VPNs, especially when they're purposefully exploiting moments that have people rushing to shore up their online anonymity. If you've almost decided to start using a VPN, you may be wondering if the services you're looking at are actually safe.

Very few users are in a position to audit what a . Reading code, inspecting traffic or evaluating a security assessment is out of reach for most people. Privacy policies are long and often written to protect the company more than to inform the user. In practice, this leaves visible cues such as badges, rankings and reviews doing most of the work.

I belong to six professional organizations. Or maybe it's 13, 19, 26, or 47. I can't be sure. The ones where I pay dues or volunteer I know well: ASIS International, the Life Safety Alliance, Chartered Security Professionals, and a couple of others. Then come the niche and industry-specific associations like the International Council of Shopping Centers, public-private partnerships such as OSAC and Infragard, and the countless ASIS Communities.

Every Windows PC designed and built since 2011 supports a feature called Secure Boot. This feature, which is on by default on new PCs sold with Windows 10 and Windows 11, acts as a gatekeeper that allows only trusted software to run at startup. If someone tries to tamper with the operating system or boot from an alternate device, Secure Boot blocks that attempt.

If platforms and solutions are not developed and put in place, according to "Quantum Threat: The Trillion-Dollar Security Race is On," there will be no protection against the breaking of public-key encryption in use today. This is ominously referred to as "Q-day." Q-day is coming. The report maintains quantum computers will be able to "perform certain calculations, particularly those required to break today's complex encryption standards, at speeds that are orders of magnitude faster than any supercomputer imaginable."

Web browsers are among the top targets for today's cybercriminals, playing a role in nearly half of all security incidents, new research reveals. According to Palo Alto Networks' 2026 Global Incident Response report, an analysis of 750 major cyber incidents recorded last year across 50 countries found that, in total, 48% of cybercrime events involved browser activity. Individuals trying to connect to the web, including business employees, are exposed to cyberthreats on a daily basis.

An FBI informant helped run the Incognito dark web market and allegedly approved the sale of fentanyl-laced pills, including those from a dealer linked to a confirmed death, WIRED reported this week. Meanwhile, Jeffrey Epstein's ties to Customs and Border Protection officers sparked a Department of Justice probe. Documents say that CBP officers in the US Virgin Islands were still friendly with Epstein years after his 2008 conviction, illustrating the infamous sex offender's tactics for cultivating allies.

For mid-market organizations, cybersecurity is a constant balancing act. Proactive, preventative security measures are essential to protect an expanding attack surface. Combined with effective protection that blocks threats, they play a critical role in stopping cyberattacks before damage is done. The challenge is that many security tools add complexity and cost that most mid-market businesses can't absorb. With limited budgets and lean IT and security teams, organizations often focus on detection and response.

Vulnerabilities discovered by researchers in Dormakaba physical access control systems could have allowed hackers to remotely open doors at major organizations. The security holes were discovered by experts at SEC Consult, a cybersecurity consulting firm under Atos-owned Eviden, in Dormakaba's Exos central management software, a hardware access manager, and registration units that enable entry via a keypad, fingerprint reader, or chip card.

Near-identical password reuse occurs when users make small, predictable changes to an existing password rather than creating a completely new one. While these changes satisfy formal password rules, they do little to reduce real-world exposure. Here are some classic examples: Adding or changing a number Summer2023! → Summer2024! Appending a character Swapping symbols or capitalization Welcome! → Welcome? AdminPass → adminpass Another common scenario occurs when organizations issue a standard starter password to new employees, and instead of replacing it entirely, users make incremental changes over time to remain compliant.