Category: Security

13 May 2026
kopia | v0.23.0

Kopia v0 23 0: CLI security, safer storage providers, snapshot policy fixes, performance and reliability improvements, CI and test refinements

Read more
13 May 2026
Telegraf | v1.38.4

Telegraf v1 38 4: Agent logging and service fixes, input and protocol fixes, output and secretstore bug fixes, dependency upgrades and multiarch packages

Read more
13 May 2026
OTel Collector | v0.152.0

OTel Collector v0 152 0: adds drainprocessor to contrib and k8s builds, see contrib and core changelogs and issue 47235, test in staging and review configs

Read more
13 May 2026
Grafana | v13.0.1+security-01

Grafana v13 0 1 security patch: fixes 10 CVEs, apply promptly, test in staging, restrict UI and API access, disable untrusted plugins until patched

Read more
13 May 2026
authentik | version/2026.2.3

authentik 2026 2 3: security and Django updates, OAuth2 and provider fixes, reliability and DB improvements, UI and docs enhancements

Read more
13 May 2026
Caddy | v2.11.3

Caddy v2 11 3: security hardening, admin socket fixes, TLS ACME QUIC updates, reverse proxy and placeholder fixes, observability and UX tweaks, contributors

Read more
13 May 2026
n8n | n8n@2.20.6

n8n release 2 20 6: patch fixes Salesforce node bug so triggers reliably fire on repeated record updates, ensuring workflows run consistently, commit f259afa

Read more
12 May 2026
Traefik | v3.7.1

Traefik v3 7 1: Read migration guide, upgrade for CVE 2026 44774 fix, new CrossProviderNamespaces for k8s providers, CRD cross provider validation fix

Read more
12 May 2026
Traefik | v3.7.1

Traefik v3 7 1: migration required, security fix CVE 2026 44774, new CrossProviderNamespaces for k8s providers, CRD cross provider reference check bug fixed

Read more
10 May 2026
Building an analytics UI from web honeypot logs

I built this from web honeypot logs because the raw output is mostly noise, and the useful part is buried in repetition, timing, and source clusters. The trick is to stop the dashboard turning into a trash fire, and let the patterns speak for themselves.

Read more
9 May 2026
Older clients after root CA rotation

Older clients rarely fail politely after an SSL.com root certificate rotation, and I have seen enough broken TLS to stop trusting “it works on my laptop”. The real problem is usually old trust stores or pinning to a dead hierarchy, which is tedious, predictable, and easy to miss.

Read more
9 May 2026
Local access exposes Microsoft Edge saved passwords

Microsoft Edge cleartext password storage is not a theoretical gripe; once the session is live, the browser can hand over saved credentials far more easily than most people expect. I would treat that as a local access problem first, and a browser problem second.

Read more
8 May 2026
Turning ISC diary entries into detection checks

SANS Internet Storm Center diary indicators are only useful once they stop being a header and start becoming something you can test. I treat the stub as a pointer, not evidence; until there is a domain, hash, or path, it stays out of my detections.

Read more
8 May 2026
React dashboards for DShield web honeypot logs

React dashboards make web honeypot logs readable, but only if you strip out the noise first. I prefer to reduce the stream to a few hard facts, then let the interface show the pattern; anything else is just letting the raw mess take over.

Read more
7 May 2026
Cognito federated login before user persistence

AWS Cognito’s awkward bit is not token issuance, it is timing. If `AWS Cognito PreSignUp_ExternalProvider` is not doing the real gatekeeping, you are already in cleanup territory, and I have no interest in calling that a control.

Read more
7 May 2026
AWS Cognito PreSignUp_ExternalProvider and federated account creation

Federated sign-in in Cognito is less tidy than people assume. If you put the check in the wrong trigger, AWS Cognito PreSignUp_ExternalProvider can still let a user record land before anyone else gets a say, and that is the bit worth fixing.

Read more
15 April 2026
ACL permission models that break as infrastructure grows

I’ve lost enough evenings to home lab automation pitfalls to know the real trouble starts with small defaults, not big failures. ACL permission models that break as infrastructure grows are usually a sign I should have kept names, rules, and restores much simpler from the start.

Read more
13 April 2026
Tenant isolation failures expose financial metadata leakage

Multi-tenant data isolation failures happen when scope checks live at the presentation layer instead of the query layer. Lloyds learned this the hard way; I'll show you why it matters in your homelab too.

Read more
7 April 2026
Stopping lateral movement in homelabs: ACLs, VLAN isolation, and process confinement

A compromised host on a flat network can reach every other node without crossing a single firewall rule. Network perimeter checks are useless if the interior is trusted by default; that is where lateral movement prevention actually matters.

Read more
5 April 2026
Process jails and kernel isolation for untrusted agent code

Running untrusted AI agents in standard Docker containers leaves you exposed to kernel exploits that bypass every namespace and policy you've layered on top. MicroVMs add a hardware boundary that changes the threat model entirely; a container escape reaches the guest kernel, not your host or NAS.

Read more
24 March 2026
Detecting spoofed VPN downloads: a practical approach

The trust UI lies by omission. A valid signature proves only that someone with a private key signed the file, not that the signer is the vendor you intended. Storm-2561 distributes trojanised VPN clients with legitimate signatures issued to shell companies. Four minutes of verification stops it cold.

Read more
15 March 2026
Mitigating Win+X paste attacks with PowerShell settings

Use this blueprint to harden Windows Terminal and PowerShell, reduce exposure and detect post-compromise behaviour. You get clear settings, AppLocker and WDAC guidance, logging checks and audits you can run to implement Win+X paste attack hardening now.

Read more
24 February 2026
Claude Code Security is useful for defenders, not a cybersecurity threat

Anthropic’s Claude Code Security has triggered the usual AI panic headlines, but the real story is simpler. Security teams are being pushed to work at the same speed as modern development, and that is overdue. This is a practical look at where the tool helps, where teams still need discipline, and why this is good for defenders.

Read more
21 February 2026
Mitigating security risks from AI recommendation poisoning

Reduce risk from AI recommendation poisoning with practical controls you can apply to your assistant today. Log incoming AI links, block anonymous memory writes, record provenance for every memory entry, and give users a simple inspector to review and revoke saved preferences; these steps help you detect manipulation and restore reliable...

Read more
20 February 2026
Removing compromised Outlook add-ins to protect your account

Securing Your Outlook Add-ins: Lessons from the AgreeTo Hijack A popular Outlook add-in called AgreeTo was abandoned by its developer and stayed listed in the Microsoft Marketplace. An attacker took over the unowned hosting subdomain, swapped the live content for a phishing kit that copied Microsoft sign-in pages, and harvested credentials from...

Read more