Category: Security

11 June 2026
n8n | n8n@2.25.7

n8n 2 25 7 Editor: node credential picker now fetches workflow scoped credentials, limiting shown credentials to the current workflow and reducing exposure

Read more
10 June 2026
Nextcloud | v34.0.0

Nextcloud v34: stability, collaboration, scale with UX, performance, security hardening, admin upgrade checklist, developer deprecations, app compatibility

Read more
10 June 2026
Talos Linux | v1.13.4

Talos Linux v1 13 4: Linux 6 18 34, kube v1 36 1, etcd v3 6 12, Flannel v0 28 5, Go 1 26 4, bug fixes, OOM QoS improvements, packaging and deps bumps

Read more
10 June 2026
restic | v0.19.0

restic v0 19 0: critical reliability fixes for Windows,Samba,SFTP,rclone, improved exit codes, validation, performance, packing and usability

Read more
10 June 2026
Abuse detection gaps in server fleets

Abuse rarely stays put for long, and a hosting provider abuse problem usually survives because the signals never meet in one place. I have seen enough fleets to know the weak point is not logging, it is the pause between spotting a pattern and doing something about it.

Read more
10 June 2026
Tempo | v3.0.2

Tempo v3 0 2: Security focused rebuild with Go 1 26 3, upgrade recommended for upstream security and bug fixes, CI and builds require it, see issue 7423

Read more
10 June 2026
Grafana | v13.0.2

Grafana v13 0 2: critical CVE patches and permission hardening, git backed provisioning and dashboard fixes, platform updates and runtime bug fixes

Read more
10 June 2026
Nextcloud | v34.0.0

Nextcloud v34: release highlights, security hardening, files and sharing improvements, developer API and app changes, upgrade and rollback guidance

Read more
10 June 2026
Talos Linux | v1.13.4

Talos Linux v1 13 4: kernel 61834, etcd 3612, Flannel 0285, Go 1264, bug fixes, features, CI fixes, try binaries, report issues on GitHub

Read more
10 June 2026
restic | v0.19.0

restic v0 19 0: tightened CLI, fixed exit codes, backend and Windows fixes, faster index and mounts, better pruning and index repair, usability and perf gains

Read more
10 June 2026
Tempo | v3.0.2

Tempo v3 0 2: security update upgrades build toolchain to Go 1 26 3, operators must update builds and CI, test in staging then roll out to production

Read more
10 June 2026
Grafana | v13.0.2

Grafana v13 0 2: security fixes for multiple CVEs, provisioning and Git improvements, runtime updates, dashboard and data source bug fixes, upgrade recommended

Read more
10 June 2026
n8n | n8n@2.25.6

n8n 2 25 6 patch fixes markdown editor copy bug: only highlighted text is copied, preventing accidental extra content, upgrade recommended

Read more
10 June 2026
HomeAssistant Core | 2026.6.2

HomeAssistant Core 2026 6 2: stability and integration fixes, Bluetooth startup reliability, dependency bumps and frontend update, voice TTS media fixes

Read more
9 June 2026
Streaming auth code theft in subscription apps

Streaming auth code theft is dull in the way most real abuse is, a few weak joins, a live session, and suddenly the whole thing can be relayed and resold. I keep coming back to the same point, if the token lives too long, somebody will copy it.

Read more
9 June 2026
Detecting malicious Composer releases in Packagist

Composer supply chain attack is one of those phrases that sounds abstract until a normal looking release starts carrying poisoned code. I trust tags less than I used to, because once they move, history is just decoration.

Read more
9 June 2026
Telegraf | v1.39.0

Telegraf v1 39 0: new inputs gnmi listener for gNMI push telemetry, IO, parser and processor enhancements, bug fixes, dependency bumps and multi OS builds

Read more
9 June 2026
Tempo | v2.10.6

Tempo v2 10 6: security dependency fixes, toolchain Go 1 26 3, OpenCensus receiver removed, Prometheus and OTel deps updated, plan migration and tests

Read more
9 June 2026
Telegraf | v1.39.0

Telegraf update: adds inputs gnmi listener for gNMI telemetry, broad plugin improvements, bug fixes, dependency refreshes and prebuilt packages

Read more
9 June 2026
Tempo | v2.10.6

Tempo v2 10 6: security updates, built with Go 1 26 3, OpenCensus receiver removed migrate to OTLP, Prometheus and OTEL deps upgraded

Read more
8 June 2026
HTTP header injection in CFITSIO filename parsing

CFITSIO Extended Filename Syntax is the bit that makes a harmless-looking path dangerous. Once I let untrusted input reach `fits_open_file`, I am no longer passing a filename, I am handing control to a parser that can fetch, copy, or write before FITS validation even starts.

Read more
7 June 2026
Defensive monitoring for unpatchable systems

large-scale patch releases do not just create risk, they expose how much of your estate is already running on borrowed time. I prefer monitoring that catches odd process chains, strange logins and unexpected traffic, because that is where the trouble usually starts.

Read more
7 June 2026
Nextcloud | v33.0.5

Nextcloud v33 0 5: paste release notes or changelog highlights, I will create 3 to 5 concise posts titled Nextcloud v33 0 5 with short summaries

Read more
7 June 2026
Nextcloud | v33.0.5

Nextcloud version 33 0 5: security and stability patch, files, sharing, sync fixes, app and API compatibility updates, upgrade guidance 2026:06:02

Read more
6 June 2026
IIS server monitoring for BadIIS redirects

BadIIS is the sort of mess that hides in plain sight, because the site still loads while visitors are quietly sent elsewhere. I look for odd IIS log patterns, stray build artefacts, and service changes, then treat the box as untrusted until I can prove otherwise.

Read more