#self-hosting-security
#self-hosting-security

fromwww.businessinsider.com

US news

How AI is getting better at finding security holes

Tech industry

Cloudflare and GoDaddy team up to help websites fend off Big Tech's AI bot swarm

8 hours ago

Information security

Anthropic caused panic that Mythos will expose cybersecurity weak spots, but one industry veteran says real problem is fixing, not finding, them | Fortune

fromFast Company

Is Mythos a blessing or a curse for cybersecurity? It depends on whom you ask

Claude Mythos AI model may enhance cybersecurity defenses but also poses risks for hackers due to its ability to identify vulnerabilities and create exploits.

Anthropic's Mythos is a wake up call, but experts say the era of AI-driven hacking is already here | Fortune

Anthropic's Mythos AI model is too dangerous to release widely due to its ability to exploit software vulnerabilities.

8 hours ago

Runtime security becomes critical as AI accelerates threats

Artificial intelligence accelerates innovation and cyber threats, necessitating a focus on runtime security for effective enterprise protection.

fromwww.npr.org

fromwww.businessinsider.com

US news

How AI is getting better at finding security holes

Tech industry

Cloudflare and GoDaddy team up to help websites fend off Big Tech's AI bot swarm

Cloudflare and GoDaddy are partnering to help web content creators control AI bot interactions and address revenue loss from AI content scraping.

8 hours ago

Anthropic caused panic that Mythos will expose cybersecurity weak spots, but one industry veteran says real problem is fixing, not finding, them | Fortune

Anthropic's Claude Mythos Preview AI model identifies cybersecurity vulnerabilities, but experts question its impact on fixing existing issues.

fromFast Company

Is Mythos a blessing or a curse for cybersecurity? It depends on whom you ask

Claude Mythos AI model may enhance cybersecurity defenses but also poses risks for hackers due to its ability to identify vulnerabilities and create exploits.

Anthropic's Mythos is a wake up call, but experts say the era of AI-driven hacking is already here | Fortune

Anthropic's Mythos AI model is too dangerous to release widely due to its ability to exploit software vulnerabilities.

This Linux distro offers an easy DNS switcher - but there's more to it that I like

iDealOS is a new MXLinux-based distribution offering two editions, emphasizing choice and the potential for paid Linux models.

#digital-sovereignty

18 hours ago

Europe politics

Digital sovereignty isn't just a buzzword - it's the future

fromTNW | Eu

Software development

France orders all government ministries to ditch Windows for Linux in digital sovereignty push

DevOps

The digital sovereignty dilemma is a false choice - here's how enterprises can have both | Fortune

fromComputerWeekly.com

Breaking the stranglehold: Responses to data sovereignty risk | Computer Weekly

UK and EU initiatives aim to enhance digital sovereignty and reduce reliance on US cloud providers.

fromDri

UX design

The Software Sovereignty Scale

3 weeks ago

Information security

Architecting Portable Systems on Open Standards for Digital Sovereignty

Europe politics

18 hours ago

Digital sovereignty isn't just a buzzword - it's the future

European governments and companies are prioritizing digital sovereignty due to concerns over US control and dependency.

Software development

fromTNW | Eu

France orders all government ministries to ditch Windows for Linux in digital sovereignty push

France is migrating government workstations from Windows to Linux to enhance digital sovereignty and reduce dependencies on non-European technologies.

DevOps

The digital sovereignty dilemma is a false choice - here's how enterprises can have both | Fortune

Organizations must ensure digital sovereignty by balancing local control with global technology access to remain resilient and competitive.

fromComputerWeekly.com

Breaking the stranglehold: Responses to data sovereignty risk | Computer Weekly

UK and EU initiatives aim to enhance digital sovereignty and reduce reliance on US cloud providers.

fromDri

UX design

The Software Sovereignty Scale

3 weeks ago

Architecting Portable Systems on Open Standards for Digital Sovereignty

Digital sovereignty involves having a valid 'Plan B' for critical systems to avoid reliance on single vendors.

more#digital-sovereignty

France's digital agency dumping Windows desktops for Linux

France's DINUM will replace Windows with Linux to reduce dependence on American technology.

France news

France to ditch Windows for Linux to reduce reliance on US tech | TechCrunch

France plans to transition government computers from Microsoft Windows to Linux to reduce reliance on U.S. technology.

France politics

20 hours ago

France's digital agency dumping Windows desktops for Linux

France's DINUM will replace Windows with Linux to reduce dependence on American technology.

France news

France to ditch Windows for Linux to reduce reliance on US tech | TechCrunch

France plans to transition government computers from Microsoft Windows to Linux to reduce reliance on U.S. technology.

more#france

fromComputerWeekly.com

5 hours ago

UK reliance on US big tech companies is 'national security risk', claims report | Computer Weekly

The UK is at risk due to over-reliance on US tech companies for critical infrastructure, impacting national security.

#ai-governance

6 hours ago

Fortune

AI agents operate autonomously, creating governance gaps and enterprise risk as organizations struggle to manage their authority and actions.

fromeLearning Industry

15 hours ago

Custom AI Governance Services: The Missing Piece In Your L&D Strategy

Many L&D teams adopt AI tools without ensuring fairness, transparency, and accountability in their training programs.

6 hours ago

Fortune

AI agents operate autonomously, creating governance gaps and enterprise risk as organizations struggle to manage their authority and actions.

fromeLearning Industry

15 hours ago

Custom AI Governance Services: The Missing Piece In Your L&D Strategy

Many L&D teams adopt AI tools without ensuring fairness, transparency, and accountability in their training programs.

Cloudflare introduces new features for building and deploying agents

Cloudflare is transforming AI development with Dynamic Workers, Sandboxes, and Artifacts for secure, scalable, and efficient code execution.

#cybersecurity

fromYahoo Tech

Privacy technologies

Hackers Are Using Your Home Router to Spy on Microsoft 365 Users

fromWIRED

17 hours ago

Silicon Valley

The Dumbest Hack of the Year Exposed a Very Real Problem

14 hours ago

Information security

Weekly Recap: Fiber Optic Spying, Windows Rootkit, AI Vulnerability Hunting and More

Privacy professionals

NHS Scotland-linked domains push pr0n and illegal streams

fromNextgov.com

11 hours ago

FCC selects ioXt Alliance to lead cyber labeling program

ioXt Alliance will lead the FCC's Cyber Trust Mark cybersecurity labeling program for consumer smart devices.

fromZDNET

Your router may be vulnerable to Russian hackers, FBI warns: 5 steps to take now

FBI and NSA warn of Russian hackers targeting vulnerable routers, urging users to update firmware and strengthen passwords.

fromYahoo Tech

Hackers Are Using Your Home Router to Spy on Microsoft 365 Users

Russian spies exploited consumer routers to steal Microsoft 365 credentials from thousands of users, turning home devices into espionage tools.

Silicon Valley

fromWIRED

17 hours ago

The Dumbest Hack of the Year Exposed a Very Real Problem

A cyberattack in Silicon Valley exploited weak passwords to spoof crosswalk button recordings with voices of tech CEOs, raising security concerns.

14 hours ago

Weekly Recap: Fiber Optic Spying, Windows Rootkit, AI Vulnerability Hunting and More

A critical zero-day vulnerability in Adobe Acrobat Reader is actively exploited, alongside state-sponsored cyber threats targeting U.S. infrastructure.

Privacy professionals

NHS Scotland-linked domains push pr0n and illegal streams

Scottish healthcare provider domains have been hijacked to promote adult content and illegal sports streams.

fromNextgov.com

11 hours ago

Information security

FCC selects ioXt Alliance to lead cyber labeling program

fromZDNET

Your router may be vulnerable to Russian hackers, FBI warns: 5 steps to take now

FBI and NSA warn of Russian hackers targeting vulnerable routers, urging users to update firmware and strengthen passwords.

Scarcity, Surveillance, and the Return of Hard Power Week In Review

Bitcoin remains above $71,000, indicating institutional demand and potential for broader adoption amid macroeconomic developments and a 4-year cycle breakout test.

Cryptocurrency

fromnews.bitcoin.com

Bitcoin Developer Unveils Quantum-Resistant Wallet Rescue Prototype

A prototype by Lightning Labs enables bitcoin users to recover funds from wallets threatened by quantum computing.

Cryptocurrency

fromnews.bitcoin.com

Scarcity, Surveillance, and the Return of Hard Power Week In Review

Bitcoin remains above $71,000, indicating institutional demand and potential for broader adoption amid macroeconomic developments and a 4-year cycle breakout test.

Cryptocurrency

fromnews.bitcoin.com

Bitcoin Developer Unveils Quantum-Resistant Wallet Rescue Prototype

A prototype by Lightning Labs enables bitcoin users to recover funds from wallets threatened by quantum computing.

Computer engineer claims he was penalised for flagging Israeli links of firm given 'bananas' server access at top Irish cybersecurity company

A cyber-security firm reprimanded an engineer for discriminatory comments regarding an Israeli company's access to its servers amid concerns about Palestinian genocide.

Privacy professionals

fromArs Technica

Dad stuck in support nightmare after teen lied about age on Discord

Discord failed to provide adequate support for a hacked account belonging to a minor, despite knowing the user's age.

Apple

Security reserchers tricked Apple Intelligence into cursing

Apple Intelligence can be hijacked through prompt injection, exposing millions of users to risk, but a fix was implemented in iOS 26.4 and macOS 26.4.

Digital life

fromEarth911

Guest Idea: Why Sustainable Home Tech Choices Also Need Cybersecurity Awareness

Sustainable technology adoption is rising, but security risks of connected devices are often overlooked, impacting both environmental and digital safety.

fromwww.businessinsider.com

Supermicro launches investigation following case over server exports

Supermicro claims it is not a suspect in the case. However, the company did take action against the individuals involved. Two of them have been placed on leave, while a third person has been fired.

Intellectual property law

fromComputerworld

7 hours ago

The French government eyes alternatives to Windows

DINUM will coordinate a cross-ministerial plan to reduce dependence on suppliers outside Europe. Each ministry will be required to develop its own plan by this fall, covering the following areas: workstations, collaboration tools, antivirus software, artificial intelligence, databases, virtualization, and network equipment.

EU data protection

Silicon Valley

1 day ago

An entrepreneur is transforming a Cold War-era nuclear silo into an underground data center. Look inside.

Nik Halik is transforming a decommissioned nuclear missile silo into a data center for AI.

US news

fromPrivacy International

Dangerous data

US police misuse warrantless access to personal data, leading to wrongful arrests and life-altering consequences for innocent individuals.

React

fromInfoWorld

Local-first browser data gets real

Signals provide a performant alternative for reactive state management in front-end development.

Google Rolls Out DBSC in Chrome 146 to Block Session Theft on Windows

Google's Device Bound Session Credentials enhance security for Chrome users by tying authentication sessions to specific devices, combating session theft.

Python

The State of Trusted Open Source Report

AI is reshaping software development and security, influencing container image usage and vulnerability management.

Privacy professionals

The Hidden ROI of Visibility: Better Decisions, Better Behavior, Better Security

Visibility through security measures can deter undesirable behavior and enhance safety in challenging situations.

DevOps

AWS: Agents shouldn't be secret, so we built a registry

AWS Agent Registry enhances visibility and control over AI agents in corporate environments.

European startups

Amsterdam seeks control over data centers to ensure digital autonomy

Amsterdam seeks control over digital infrastructure amid concerns of dependence on American cloud providers.

1 day ago

How SBOMs and Engineering Discipline Can Help You Avoid Trivy's Compromise

SBOMs are essential for developers to enhance security and comply with new legislative requirements.

Software development

fromThe Verge

Little Snitch's software counter surveillance jumps from Mac to Linux

Little Snitch for Linux offers network monitoring but is not a security tool, revealing fewer connections than on macOS.

Google Rolls Out Cookie Theft Protections in Chrome

Google introduces Device Bound Session Credentials in Chrome to enhance security against session cookie theft.

20 hours ago

OpenAI Revokes macOS App Certificate After Malicious Axios Supply Chain Incident

OpenAI's macOS apps were affected by a supply chain attack, but no user data or internal systems were compromised.

#cloudflare

from24/7 Wall St.

The Real Reason Cloudflare Is Down 11% Today Has Nothing to Do With Insider Selling

Insider selling at Cloudflare is routine and does not indicate trouble; the real concern is competition from Anthropic's new AI offerings.

Cloudflare accelerates post-quantum roadmap

Cloudflare plans to achieve full post-quantum security by 2029, prioritizing authentication systems due to emerging quantum computing threats.

from24/7 Wall St.

The Real Reason Cloudflare Is Down 11% Today Has Nothing to Do With Insider Selling

Insider selling at Cloudflare is routine and does not indicate trouble; the real concern is competition from Anthropic's new AI offerings.

Cloudflare accelerates post-quantum roadmap

Cloudflare plans to achieve full post-quantum security by 2029, prioritizing authentication systems due to emerging quantum computing threats.

Fake Linux Foundation leader using Slack to phish devs

A malware campaign targets open source developers via Slack, impersonating a Linux Foundation official to steal credentials and compromise systems.

WireGuard VPN developer can't ship software updates after Microsoft locks account | TechCrunch

WireGuard is locked out of its Microsoft developer account, preventing critical software updates for Windows users.

OpenInfra General Manager on sovereignty and kill switches

Carrez calls this 'the survival problem,' and it forms part of his definition of sovereignty - digital, data, AI, and so on. He says, 'A lot of people are just talking about digital sovereignty as like a catchphrase for a bunch of things.'

DevOps

13 hours ago

Hack at Anodot leaves over a dozen breached companies facing extortion | TechCrunch

Hackers stole data from multiple companies after breaching Anodot, exposing customers to extortion and potential data publication.

#wordpress

fromSpeckyboy Design Magazine

How To Protect Media Files Uploaded to WordPress - Speckyboy

The WordPress Media Library has useful features but poses security risks for sensitive files.

Backdoored Smart Slider 3 Pro Update Distributed via Compromised Nextend Servers

Unknown threat actors hijacked the Smart Slider 3 Pro plugin update system to distribute a backdoored version affecting WordPress and Joomla users.

Hackers Targeting Ninja Forms Vulnerability That Exposes WordPress Sites to Takeover

A critical vulnerability in Ninja Forms allows file uploads that could lead to remote code execution on affected websites.

fromSpeckyboy Design Magazine

How To Protect Media Files Uploaded to WordPress - Speckyboy

The WordPress Media Library has useful features but poses security risks for sensitive files.

Backdoored Smart Slider 3 Pro Update Distributed via Compromised Nextend Servers

Unknown threat actors hijacked the Smart Slider 3 Pro plugin update system to distribute a backdoored version affecting WordPress and Joomla users.

Hackers Targeting Ninja Forms Vulnerability That Exposes WordPress Sites to Takeover

A critical vulnerability in Ninja Forms allows file uploads that could lead to remote code execution on affected websites.

Understanding the risks of OpenClaw

OpenClaw is an orchestration layer that requires external services to function effectively, rather than being a standalone cloud platform.

Digital life

fromWIRED

1 month ago

I Set Up My Own NAS Server, and It Was Surprisingly Easy

Setting up a personal NAS server provides private, automated backups and centralized file storage without relying on third-party cloud services or big tech platforms.

Two different attackers poisoned popular open source tools

Two major supply chain attacks in March compromised open source tools, stealing data from numerous organizations.

fromMakeUseOf

2 weeks ago

Self-hosting my own search engine did more than replace Google

Switching to SearXNG transformed search from a passive experience into a customizable tool, prioritizing relevant sources over SEO-driven results.

DevOps

2 weeks ago

Panel: Security Against Modern Threats

Modern threats to software supply chains require resilience by design, integrating security into engineering workflows and empowering developers with the right tools.

fromTNW | Offers

10 Best SOC 2 Compliance Software for 2026

SOC 2 compliance software automates security controls, streamlining the audit process and ensuring readiness in weeks instead of months.

fromNextgov.com

Data is a strategic asset and a strategic vulnerability

Data is a primary strategic asset in national security, transforming into both a powerful tool and a critical vulnerability.

Critical Marimo Flaw Exploited Hours After Public Disclosure

A critical vulnerability in Marimo was exploited within hours of its public disclosure, allowing unauthenticated remote code execution.

fromElectronic Frontier Foundation

Yikes, Encryption's Y2K Moment is Coming Years Early

Google has moved its quantum preparedness deadline for cryptography to 2029 due to advancements in technology.

Orthanc DICOM Vulnerabilities Lead to Crashes, RCE

Nine vulnerabilities in the Orthanc DICOM server allow attackers to crash servers, leak data, and execute arbitrary code remotely.

The Hidden Security Risks of Shadow AI in Enterprises

Shadow AI poses significant risks by allowing unregulated use of AI tools that can expose sensitive data and weaken security controls.

ThreatsDay Bulletin: Hybrid P2P Botnet, 13-Year-Old Apache RCE and 18 More Stories

A new variant of the Phorpiex botnet combines traditional and peer-to-peer communication, facilitating sophisticated malware operations and high-volume spam.

#identity-management

Information security

Shrinking the IAM Attack Surface through Identity Visibility and Intelligence Platforms (IVIP)

Enterprise IAM faces fragmentation, leading to Identity Dark Matter and a significant gap in visibility and security oversight.

[Webinar] How to Close Identity Gaps in 2026 Before AI Exploits Enterprise Risk

Identity programs are maturing, yet the risk from disconnected applications and AI agents is increasing for enterprises.

Shrinking the IAM Attack Surface through Identity Visibility and Intelligence Platforms (IVIP)

Enterprise IAM faces fragmentation, leading to Identity Dark Matter and a significant gap in visibility and security oversight.

[Webinar] How to Close Identity Gaps in 2026 Before AI Exploits Enterprise Risk

Identity programs are maturing, yet the risk from disconnected applications and AI agents is increasing for enterprises.

more#identity-management

Is 46% of your AI-generated code vulnerable?

46% of AI-generated code contains security vulnerabilities, necessitating integrated governance throughout the software delivery lifecycle.

Data Leakage Vulnerability Patched in OpenSSL

Seven vulnerabilities in OpenSSL have been patched, including a moderate severity flaw that can lead to sensitive data leakage.

New Chaos Variant Targets Misconfigured Cloud Deployments, Adds SOCKS Proxy

Chaos malware targets misconfigured cloud deployments, expanding its reach beyond routers and edge devices.

Anthropic's Claude Mythos Finds Thousands of Zero-Day Flaws Across Major Systems

Anthropic's Project Glasswing uses Claude Mythos to identify and address cybersecurity vulnerabilities, surpassing human capabilities in some instances.

fromReason.com

How to build your own internet in 2026

The internet you experience daily-endless scrolling, algorithmic feeds serving content you didn't ask for, AI-generated slop clogging search results-isn't the only internet available. It's just the one that's easiest to stumble into. You're not stuck with the internet that has evolved alongside the rise of hegemonic platforms. We're 20-plus years into the social internet, and the winners of the last round of audience capture have made clear they're shifting to optimize for social broadcasting instead of networking, to maximize market share and market cap.

Digital life

Evasive Masjesu DDoS Botnet Targets IoT Devices

Masjesu is a botnet targeting IoT devices for DDoS attacks, active since 2023 and primarily advertised on Telegram.

fromSecuritymagazine

Ransomware Response: How Businesses Regain Control Under Pressure

Ransomware attacks create urgent pressure, forcing quick decisions and impacting operations, legal obligations, and overall enterprise strategy.

The Hidden Cost of Recurring Credential Incidents

Credential incidents cause significant operational costs and disruptions, impacting IT teams and overall business productivity beyond just breach prevention.

fromZDNET

5 Linux servers that let you ditch the public cloud and reclaim your privacy - for free

You may have noticed that many European Union (EU) governments and agencies, worried about ceding control to untrustworthy US companies, have been embracing digital sovereignty. Those bodies are turning to running their own cloud and services instead of relying on, say, Microsoft 365 or Google Workspace. If you prize your privacy and want to control your own services, you can take that approach as well.

Privacy technologies

Critical Flowise Vulnerability in Attacker Crosshairs

A critical vulnerability in Flowise allows remote code execution, posing severe security risks to systems and sensitive data.

Over 1,000 Exposed ComfyUI Instances Targeted in Cryptomining Botnet Campaign

A campaign targets ComfyUI instances for cryptocurrency mining and botnet enlistment through remote code execution exploits.

fromSilicon Canals

When militaries share data centers with banks: how Gulf strikes exposed a structural flaw in global cloud infrastructure - Silicon Canals

When civilian banks, logistics platforms, and payment processors share physical data center infrastructure with military AI systems, those facilities become legitimate military targets under international humanitarian law - and the civilian services housed inside lose their legal protection.

Information security

Microsoft Details Cookie-Controlled PHP Web Shells Persisting via Cron on Linux Servers

Threat actors exploit HTTP cookies for PHP web shells on Linux servers, enabling remote code execution with stealthy control mechanisms.

Hackers Exploit CVE-2025-55182 to Breach 766 Next.js Hosts, Steal Credentials

A large-scale credential harvesting operation exploits the React2Shell vulnerability to steal sensitive data from compromised hosts across multiple regions.

fromComputerworld

Jamf warns of massive app insecurities

Mac and iOS users face significant security threats, with many devices vulnerable to attacks and outdated systems.

The Next Cybersecurity Crisis Isn't Breaches-It's Data You Can't Trust

Data integrity now encompasses data trust, emphasizing the importance of reliable data in AI-driven decision-making.