Introducing Aardvark: OpenAI’s agentic security researcher https://lobste.rs/s/b2tgba #ai #security
https://openai.com/index/introducing-aardvark/

If batteries are becoming a strategic technology in the C21st, powering everything from laptops to drones, from cars to phones, is the dependence on China across the supply chain now an issue of national security?

Fatih Birol, executive director of the International Energy Agency (writing in the FT) argues it is, and so countries need to speedily diversify their battery supply chains & support local innovation in energy storage.

Not sure any of that can be done quickly!

#batteries #security

Hacking India’s largest automaker: Tata Motors https://lobste.rs/s/ufettb #security
https://eaton-works.com/2025/10/28/tata-motors-hack/

Fix your FODs https://lobste.rs/s/r8jkz9 #nix #security
https://garnix.io/blog/fix-your-fods

Language Models are Injective and Hence Invertible https://lobste.rs/s/ukvfgs #ai #math #security
https://arxiv.org/abs/2510.15511

📣 Call for Participation
W3C will hold a virtual "Workshop on Smart Voice Agents" from 25–27 February 2026 to explore stakeholder needs, use-cases, and gaps in Web standards for voice agents.

Topics include #accessibility, internationalization, modality integration, #trust, #security, and business models. Attendance is free and open to all.
https://www.w3.org/2025/10/smartagents-workshop/

Submit your talk proposal by 27 November!

NPM flooded with malicious packages downloaded more than 86,000 times https://lobste.rs/s/x45btr #nodejs #programming #security
https://arstechnica.com/security/2025/10/npm-flooded-with-malicious-packages-downloaded-more-than-86000-times/

Introducing fnox: A secret manager that pairs well with mise via @kingmob https://lobste.rs/s/xwdzyh #privacy #security
https://fnox.jdx.dev/

I'm Independently Verifying Go's Reproducible Builds https://lobste.rs/s/skxrc9 #go #security
https://www.agwa.name/blog/post/verifying_go_reproducible_builds

We're trying to use @Tutanota for our email needs, but it seems like our email address is getting marked as spam by Gmail. Hopefully it's something we can overcome soon as we try to recruit members!

#Privacy #Security #TutaMail #Tutanota

#Romania & #NATO #allies were notified of #US plans to cut the number of troops stationed on #Europe's eastern flank including soldiers who were to be stationed at Romania's Mihail Kogalniceanu air base, Romania's defense ministry said Wednesday.

Washington's European allies have been told previously by the admin of #Trump that they will need to take more responsibility for their own #security as the #UnitedStates focuses more on its own borders and the Indo-Pacific region.

HTTPS by default https://lobste.rs/s/makjld #browsers #security
https://security.googleblog.com/2025/10/https-by-default.html

Ever wondered how to write an email to your lawyer or doctor? Let's hope they use encryption! 🔒 😎 But why does a business need end-to-end encryption?

✅ Protect sensitive data
✅ Stay GDPR compliant
✅ Build trust

Find out more: ➡️ https://tuta.com/blog/why-companies-need-encryption

#Security #Encryption #Privacy #CyberSecurityMonth #GDPR

Alt...

Encryption Protects Your Business: Personal Data Financial records Trade secrets

TEE.fail: Breaking Trusted Execution Environments via DDR5 Memory Bus Interposition https://lobste.rs/s/3r1zvn #hardware #security
https://tee.fail/

🎤 Upcoming at SeaGL 2025:
📍 02:00 PM on November 08
🗣️ "10 years of Reproducible Builds"
👥 Speaker(s): Chris Lamb
📍 Room: Room 334
🏷️ Track: Security and Privacy
📝 The integrity of software has become an increasingly critical concern in an era where digital system...

#SeaGL2025 #security #reproducible #FLOSS #opensource #linux
🔗 https://pretalx.seagl.org/2025/talk/PETMRE/

What We Talk About When We Talk About Sideloading https://lobste.rs/s/ckm3vb #android #mobile #security
https://f-droid.org/2025/10/28/sideloading.html

Firefox Security & Privacy Newsletter 2025 Q3 https://lobste.rs/s/rzmp5p #browsers #privacy #security
https://attackanddefense.dev/2025/10/28/firefox-security-privacy-newsletter-2025-q3.html

#ChatControl is OFF the table for now. 💪

But the Danish Minister of Justice and chief architect of the current Chat Control proposal, Peter Hummelgaard, wants to bring it back in December.

😡 He now even claims your activism was paid for by Big Tech! 😡

We must keep fighting for #encryption and our right to #privacy 🔒️

Source: https://netzpolitik.org/2025/absurd-und-respektlos-daenischer-justizminister-diskreditiert-chatkontrolle-proteste/

#No2Backdoors #CyberSecurityMonth #CyberSecurity #Security

Alt...

Danish Minister of Justice and chief architect of the current Chat Control proposal, Peter Hummelgaard, wants to bring it back in December

Sandbox Your Program Using FreeBSD's Capsicum https://lobste.rs/s/xapl8y #video #freebsd #osdev #security
https://m.youtube.com/watch?v=Ne4l5U_ETAw

When 'perfect' code fails https://lobste.rs/s/r38zli #javascript #security #web
https://marma.dev/articles/2025/when-perfect-code-fails

An Overview of Attestations in CI https://lobste.rs/s/vflxfb #security
https://github.com/diskuv/dk/blob/V2_4/docs/posts/2025-10-24-overview-ci-attestations.md

An analysis of iBoot’s Image4 parser https://lobste.rs/s/rpiq1m #reversing #security
https://amarioguy.github.io/2025/10/20/iboot_image4_validator.html

Finds FreeBSD's geom shsec ( https://man.freebsd.org/cgi/man.cgi?query=gshsec&sektion=8&n=1 ), a provider that requires all providers to be present to read the data.

Kinda makes me want to expand it to support Shamir's secret sharing ( https://en.wikipedia.org/wiki/Shamir%27s_secret_sharing ). I already implemented a version in Python: https://funkthat.com/gitea/jmg/shamirss

That way you can do n of m shares present to get the secret.

You'd still need all m shares present when you update the share, obviously.

#FreeBSD #Security

Date bug affects Ubuntu 25.10 automatic updates https://lobste.rs/s/bd3leb #rust #security
https://lwn.net/Articles/1043103/

I work in a compliance-oriented industry, and a lot of firms use "secure email" schemes.

The presentation is cringe. Download this attachment, the one Gmail is freaking out about, open it, then enter credentials! Could it look more like a #phishing scam?

They could at least do a "login to a publicized portal" instead and skip the freaky download flow.

The main "#security" feature is preventing future-me from easily searching the text to find their bad guidance when we have a dispute later.

Object-capability Programming in Javascript https://lobste.rs/s/wktkhp #video #javascript #security
https://www.youtube.com/watch?v=YcWXqHPui_w

#BIND #vulnerability #CVE #security #WeveHeardOfIt #ISC #bug #BrokenByDesign #DNS

Alt...

A "Dr. Manhattan 1985" meme image. In the first panel, he stands on the moon, and the title text says "It is 1992, and BIND has critical remote vulnerabilities". In the final panel, he is sitting on the moon, and the text reads "It is 2025, and BIND has critical remote vulnerabilities".

Do Users Verify SSH Keys? (2011) https://lobste.rs/s/wtivay #pdf #security
https://www.usenix.org/system/files/login/articles/105484-Gutmann.pdf

Trump's #shutdown pay plan prioritizes #security personnel over #civilian workers

Trump has ensured that federal #immigration agents, US #BorderPatrol officers, #FBI special agents & active-duty #military personnel continue receiving paychecks during the #GovernmentShutdown, even as hundreds of thousands of civilian #FederalWorkers are furloughed or are working without pay.

#MilitaryState
https://www.reuters.com/legal/litigation/trumps-shutdown-pay-plan-prioritizes-security-personnel-over-civilian-workers-2025-10-23/?utm_source=braze&utm_medium=notifications&utm_campaign=2025_engagement

Fixing UUIDv7 (for database use-cases) https://lobste.rs/s/fqlazn #databases #security
https://brooker.co.za/blog/2025/10/22/uuidv7.html

I spent a year of my life making an ASN.1 compiler in D https://lobste.rs/s/dufqpx #d #programming #security
https://bradley.chatha.dev/blog/dlang-propaganda/asn1-compiler-in-d/

Hacking Formula 1: Accessing Max Verstappen's passport and PII through FIA bugs https://lobste.rs/s/ilcpdo #security
https://ian.sh/fia

All were integral to a secret, multiyear project to erect an invisible #surveillance net across the Barents Sea & other frigid waters where Russian #submarines operate carrying intercontinental ballistic missiles [#ICBM] in case of #nuclear conflict with the #UnitedStates, according to German court records as well as #US & Western #security officials and experts.

#law #finance #business #tech #money #power #complicity #geopolitics #Russia

#Russia acquired #WesternTechnology to protect its #nuclear submarine fleet

Russia is protecting its nuclear submarine fleet in the #Arctic with an undersea #surveillance system built using high-tech equipment acquired from #US & #Europe companies through a secret procurement network, acc/to newly uncovered financial records, court documents & Western #security officials.

#law #finance #business #tech #money #power #complicity #geopolitics
https://www.washingtonpost.com/world/2025/10/23/russia-nuclear-subs-western-technology-surevillance/

Element: setHTML() method on MDN https://lobste.rs/s/jgwhwy #security #web
https://developer.mozilla.org/en-US/docs/Web/API/Element/setHTML

“GlassWorm isn't just another supply chain attack. It's using stealth techniques we've never seen before - invisible Unicode characters that make malicious code literally disappear from code editors. Combine that with blockchain-based C2 infra that can't be taken down, Google Calendar as a backup command server, and a full remote access trojan that turns every infected dev into a criminal proxy node.”

#technology #attack #security #cybersecurity #malware #vscode

https://www.koi.ai/blog/glassworm-first-self-propagating-worm-using-invisible-code-hits-openvsx-marketplace

What’s the problem with pipe-curl-into-sh? https://lobste.rs/s/ymcbwl #security

The emulator's gambit: Executing code from non-executable memory https://lobste.rs/s/lta18l #reversing #security
https://redops.at/en/blog/the-emulators-gambit-executing-code-from-non-executable-memory

GlassWorm: First Self-Propagating Worm Using Invisible Code Hits OpenVSX Marketplace https://lobste.rs/s/degq8m #security
https://www.koi.ai/blog/glassworm-first-self-propagating-worm-using-invisible-code-hits-openvsx-marketplace

How Minecraft servers can track you across accounts and IPs using resource packs https://lobste.rs/s/ppakny #security
https://alaggydev.github.io/posts/cytooxien/

TARmageddon (CVE-2025-62518) highlights the challenges of open source abandonware https://lobste.rs/s/tbmns8 #rust #security
https://edera.dev/stories/tarmageddon

Microsoft says it’s starting to test ads inside the Start menu on Windows 11. The software maker will use the Recommended section of the Start menu, which usually shows file recommendations, to suggest apps from the Microsoft Store. Trillion dollar corporation is so poor. They need more money by selling your data to the highest bidder. wtf? #privacy #security https://www.theverge.com/2024/4/12/24128640/microsoft-windows-11-start-menu-ads-app-recommendations

Alt...

The headline reads: Microsoft starts testing ads in the Windows 11 Start menu / The app recommendations from Windows 10 are coming to Windows 11 soon.

The Day My Smart Vacuum Turned Against Me https://lobste.rs/s/aovn8c #privacy #reversing #security
https://codetiger.github.io/blog/the-day-my-smart-vacuum-turned-against-me/

xubuntu.org might be compromised https://old.reddit.com/r/Ubuntu/comments/1oa4549/xubuntuorg_might_be_compromised/

The malware check the clipboard for crypto wallet addresses and then replace them with attacker addresses.

#linux #security

Seriously, #Signal / @signalapp is bad and everyone who relies on @Mer__edith et. al. to not break when handed a duely issued warrant (or being held at gunpoint) by #US authorities is as dellusional as the users of #ANØM and #EncroChat!

There's no valid excuse to collect #PII like a #PhoneNumber!

• And Signal being not just able but entirely willing to "restrict services" based off the presumed location of the users is just a big red flag.

If they took #Security seriously, they'd use #XMPP+#OMEMO over #Tor and let users have 100% #SelfCustody of all the keys as well as completely #decentralize, including the ability to #SelfHost on @torproject.

https://www.youtube.com/watch?v=tJoO2uWrX1M&t=887s

How I Almost Got Hacked By A 'Job Interview' https://lobste.rs/s/zfelwy #practices #security
https://blog.daviddodda.com/how-i-almost-got-hacked-by-a-job-interview