“The vulnerability might be in the proof-of-concept”

This is a common pattern I see for reporters to open source projects, where the proof-of-concept itself contains the vulnerability, not the project.

👉 sethmlarson.dev/the-vulnerabil…

#security #opensource #oss #vulnerability

The vulnerability might be in the proof-of-concept

The Security Developer-in-Residence role at the Python Software Foundation is funded by Alpha-Omega. Thanks to Alpha-Omega for sponsoring security in the Python ecosystem. I'm on the...

^{sethmlarson.dev}

Apple: spaceship 🛸
Microsoft: glass tower 🏢
Linux: basement... still runs the internet 🐧😎

Root access > real estate.

Pic source: reddit.com/r/linuxmemes/commen…

📸👇

#Linux #Desktop #FOSS #Privacy #Security #OpenSource #Microsoft #Windows #TechNews #CyberSecurity #UserFreedom #Freedom #Tech #Technology #AI #OS #MacOS #Meme #TechMeme

Since we published our blog post on the future of Accrescent, donations have increased dramatically.

According to the rates in that post, we should now be able to fund full-time development through at least May 2026!

Thank you to our community for your monumental support!

Because of you, we can dedicate ourselves fully to our mission of building a modern Android app store focused on security, privacy, and usability.

If you want to read the original blog post: blog.accrescent.app/posts/the-…

Or if you want to see our plans: blog.accrescent.app/posts/prog…

#accrescent #security #privacy #android #appstore

The Future of Accrescent

Accrescent is a novel Android app store focused on security, privacy, and usability. We’ve been building Accrescent since 2021 to improve the security and freedom of everyday Android users by providing an alternative to Google Play which doesn’t comp…

^{Logan Magee (Accrescent Blog)}

Today is the day! Read all about our development progress, view our roadmap for the future, and check out the new projects we're releasing as open source in our new blog post!

blog.accrescent.app/posts/prog…

Check out our new repositories:

github.com/accrescent/android-…
github.com/accrescent/director…
github.com/accrescent/director…
github.com/accrescent/ina

#android #security #privacy #accrescent #appstore

Progress Update and Roadmap

In our recent post about Accrescent’s financial future and sustainability, we announced that to build trust and transparency with our community, we’d be publishing a follow-up blog post about what we’ve been working on lately and where we’ve been set…

^{Logan Magee (Accrescent Blog)}

Keep an eye out for tomorrow's blog post! We'll be posting a development progress update for the past months and a roadmap for the next few.

#accrescent #security #privacy #appstore #android

We recently discovered a large Monero donation was received in the short time after we updated our article's reported income but before it was posted. We've now updated it to reflect this.

We'll post an update soon on what this means for the project. Thank you for your support!

#accrescent #appstore #security #privacy #android

***infosec specialists are needed in the resistance ***

The world needs tech security specialists to run workshops at public libraries for all ages & abilities to remove spyware, AI, reduce surveillance, understand the issues, & for more advanced, move to Linux, degooglefy, etc.

Libraries will pay good wages for these workshops.
If you have these skills, please consider offering them.

#libraries #library #tech #infosec #privacy #security #activism #antifa #resistance

Accrescent depends completely on donations to run. Today we share a significant update in our new blog post on the future of Accrescent: blog.accrescent.app/posts/the-….

New releases of Accrescent and our developer console are also out, with Android 16 updates and Material 3 changes. Check them out!

github.com/accrescent/accresce…
github.com/accrescent/parcelo/…
github.com/accrescent/console/…

#security #privacy #accrescent #android #appstre

The Future of Accrescent

Accrescent is a novel Android app store focused on security, privacy, and usability. We’ve been building Accrescent since 2021 to improve the security and freedom of everyday Android users by providing an alternative to Google Play which doesn’t comp…

^{Logan Magee (Accrescent Blog)}

So…who hates those Google log-in pop-ups that are seemingly everywhere now? Wanna make them go away?

1. Get uBlock Origin (which you should have already been using):

github.com/gorhill/uBlock

2. Open the plugin and click the settings button.

3. Click on the “my filters” tab and paste this into the input:

||accounts.google.com/gsi/*$xhr,script,3p

That’s it! Worked flawlessly for me.

(Updated URL. Thx @IceWolf
and @emz!)

#Google #Privacy #Security #PopUps #InfoSec #BadGoogle

Don't trust cloud services with your creative work.

#enshittification #privacy #infosec #security #cybersecurity #writing #art

Windows market share in Germany drops to 69.78%, down nearly 10 points in a year 📉

Meanwhile, macOS rises to 19.59%, driven by user demand for privacy & seamless integration 🍏

Linux more than doubles to 5.49%, reflecting growing interest in open-source, secure, and flexible systems 🐧

#Linux #Desktop #FOSS #Privacy #Security #OpenSource #Microsoft #Windows #TechNews #CyberSecurity #UserFreedom #Freedom #Tech #Technology #AI #OS #MacOS

🛡️ "Stop Subverting Sandboxes"
with Michael Catanzaro at #GUADEC2025
📅 25 July 🕒 13:40 CEST 📍 Brescia

🔒 Flatpak can protect users—but not if we keep bypassing it. Michael calls for stronger sandboxing, better portals, and shares GNOME’s new security bounty program.

🔗 events.gnome.org/event/259/con…

#Flatpak #GNOME #Sandboxing #Security #FOSS

Sharepoint is in the news again. It is never a good thing when Sharepoint is in the news.

#technology #security #microsoft #sharepoint

washingtonpost.com/technology/…

[aur-general] - [SECURITY] firefox-patch-bin, librewolf-fix-bin and zen-browser-patched-bin AUR packages contained malware

lists.archlinux.org/archives/l…

#security #linux #ArchLinux

I found a vulnerability in git. CVE-2025-48384: Breaking git with a carriage return and cloning RCE - dgl.cx/2025/07/git-clone-submo…

As the post explains this is one of my favourite classes of vulnerability, using characters that are old and sometimes forgotten.

#git #security #rce #ascii

Why is security work unlike any other contribution to an open source project?

We need to re-think the tight association between maintainers and security work if we want sustainable open source security.

Read more: sethmlarson.dev/security-work-…

#opensource #oss #security #supplychain

Open Source Security work isn't “Special”

I gave this keynote at OpenSSF Community Day NA 2025 in Denver, Colorado. There will be a YouTube video recording available at a later date. This talk was given as the Security-Developer-in-...

^{sethmlarson.dev}

Psst 👋 Getting organized will become much easier soon.

Get excited for the next update. 🤩

Here's a sneak peek 🤫

#teaser #calendar #sneakpeek #privacy #security #tuta

Who says you can’t have #privacy and #security in an OS? Meet PureOS — the #Linux OS that respects you.

No ads
No trackers
No #surveillance
No terms of service traps

PureOS supports Purism’s Librem 5 & Liberty Phone.

More Info: puri.sm/posts/what-is-pureos-a…

heise+ | Delta Chat in Russland vor Gericht: Urteil gegen deutsches Entwicklerteam

Russland geht gegen den Messenger Delta Chat vor und nimmt eine Freiburger Firma ins Visier. Die wehrt sich und warnt zugleich die EU.

heise.de/news/Delta-Chat-in-Ru…

#Apps #Datenschutz #IT #Security #news

Delta Chat in Russland vor Gericht: Urteil gegen deutsches Entwicklerteam

^{Keywan Tonekaboni (heise online)}

🔐 "Fixing Desktop Keyrings"
with Dhanuka Warusadura at #GUADEC2025
📅 24 July 🕒 12:30 CEST 📍 Brescia
🧩 GNOME 49 plans to replace gnome-keyring with a new D-Bus Secret Service. Here’s what’s changing.

🔗 events.gnome.org/event/259/con…

#GNOME #Security #Keyring #OpenSource

In some #awesome news, Trump's #AI plans have been leaked on #github, which others have now backed up for themselves.

First reported yesterday by 404 Media, the #tech is to launch on July 4th. Besides a #chatbot, there are APIs to connect to other models, and some other agency tech.

Despite Trump's rush to deploy widespread AI, many experts have valid #security and #privacy concerns regarding access to #confidential #data.

theregister.com/2025/06/10/tru…

#news #technews #trump #unitedstates #uspol

Trump administration's whole-government AI plans leaked on GitHub

Updated: The AI.gov repository and staging site vanished when we asked questions, but don't worry – we captured backups

^{Brandon Vigliarolo (The Register)}

🛡️ "The evolution of Linux targeted cyber threats"
with Pau Hoz at #GUADEC2025
📅 24 July 🕒 11:05 CEST 📍 Brescia

🔍 From supply chain attacks to evasive malware, Pau digs into how Linux threats are evolving—and what it means for FOSS security.

🔗 events.gnome.org/event/259/con…

#Linux #Security #FOSS #CyberThreats

Who says you can’t have #privacy and #security in an OS?

Meet PureOS — the #Linux OS that respects you.

No ads
No trackers
No #surveillance
No terms of service traps

PureOS supports Purism’s Librem 5 & Liberty Phone.

More Info: puri.sm/posts/what-is-pureos-a…

What Is PureOS? A Beginner’s Guide for iOS, Android, and Windows Users – Purism

Purism makes premium phones, laptops, mini PCs and servers running free software on PureOS. Purism products respect people's privacy and freedom while protecting their security.

^{Purism SPC}

Who says you can’t have #privacy and #security in an OS? Meet PureOS — the #Linux OS that respects you.

No ads
No trackers No #surveillance
No terms of service traps

PureOS supports Purism’s Librem 5 & Liberty Phone.

More Info: puri.sm/posts/what-is-pureos-a…

How can #OpenSource and #security be interconnected?
What will be the future of funding the open source-dependent public digital infrastructure?

These and many other questions will guide the discussion of our panelists:
🔸@bagder from #cURL
🔸@melanierieback from @ros
🔸Matteo Mole from @EuropeanCyber SecurityOrganisation
🔸Nicholas Gates from @OpenForumEurope
🔸Mirko Boehm from #TheLinuxFoundation

Join the webinar : europeanopensource.academy/for…

Our monocles crowdfunding is ongoing and we're so grateful for the support so far! Thank you!

monocles empowers you with open-source, community-driven messaging via XMPP, a privacy friendly email service, a cloud and more – for a transparent alternative for your digital life.

Help us create this real ethical digital solution, by the people, for the people. Every contribution makes a huge difference!

Be part of the journey & donate today ✊️: startnext.com/en/monocles

#xmpp #monocles #security

monocles - Privacy is not a feature. It is a right.

Secure communication, fair cloud, ethical hardware - monocles offers a digital solution without tracking, without surveillance, without compromise.

^{startnext.com}

Who says you can’t have #privacy and #security in an OS?

Meet PureOS — the #Linux OS that respects you.

No ads
No trackers
No #surveillance
No terms of service traps

PureOS supports Purism’s Librem 5 & Liberty Phone.

More Info: puri.sm/posts/what-is-pureos-a…

Lightweight open source Google reCaptcha alternative: ALTCHA leverages a proof-of-work mechanism to safeguard your website, APIs, and online services from spam and abuse. Unlike traditional solutions, ALTCHA is self-hosted, does not rely on cookies or fingerprinting, and ensures complete user privacy. It is fully compliant with GDPR, WCAG 2.2 AA-level, and the European Accessibility Act. github.com/altcha-org/altcha

#privacy #webdev #security #opensource

GitHub - altcha-org/altcha: GDPR, WCAG 2.2 AA, and EAA compliant, self-hosted CAPTCHA alternative with PoW mechanism and advanced anti-spam filter.

GDPR, WCAG 2.2 AA, and EAA compliant, self-hosted CAPTCHA alternative with PoW mechanism and advanced anti-spam filter. - altcha-org/altcha

^GitHub

Who says you can’t have #privacy and #security in an OS?

Meet PureOS — the #Linux OS that respects you.

✅No ads
✅No trackers
✅No #surveillance
✅No terms of service traps

Run it on Purism’s Librem 5 & Liberty Phone.

Link - What is #PureOS?: puri.sm/posts/what-is-pureos-a…

cURL-Maintainer: "Habe die Nase voll" – wegen KI-Bug-Reports

Bereits im vergangenen Jahr hat cURL-Entwickler Daniel Stenberg gegen KI-Bug-Reports gewettert. Nun hat der die Nase voll davon.

heise.de/news/cURL-Maintainer-…

#IT #KünstlicheIntelligenz #Security #news

cURL-Maintainer: "Habe die Nase voll" – wegen KI-Bug-Reports

^{Dirk Knop (heise online)}

Long passwords are important.

Source: reddit.com/r/dataisbeautiful/c…

#tech #technology #encryption #password #passwords #Security #cybersecurity #computing #computers #computer

Aufgepasst, wer ein Samsung Smartphone nutzt!

Samsung: Android-Zwischenablage speichert Passwörter zwischen
heise.de/news/Samsung-Android-…

#security #Android

Samsung: Android-Smartphones speichern auch Passwörter zwischen

Die Samsung-Tastatur auf Samsung-Smartphones listet im Verlauf auch alte kopierte Passwörter. Der Hersteller prüft mögliche Änderungen.

^{Dirk Knop (heise online)}

4Chan hacked; Taken down; Emails and IPs leaked

Apparently they were not only running an old, unsecure version of PHP their entire stack was outdated.

the-sun.com/tech/14029069/4cha…

#news #tech #technology #security #privacy #4chan #hack #breach #databreach

4Chan down UPDATES: Thousands of users report issues accessing controversial website...

CONTROVERSIAL website 4Chan has gone down for thousands with users unable to access the message board. More than 1,000 users of the site have logged complaints on the Downdetector website, which me…

^{Allan Glen (The US Sun)}

South Africa gets online system for reporting data breaches

“South Africa’s Information Regulator has launched an online platform for public and private entities to report security compromises. It has instructed all organisations to report any compromises through the system. The system is accessible through ...continues

See gadgeteer.co.za/south-africa-g…

#databreaches #security #southafrica #technology

South Africa gets online system for reporting data breaches

^{Danie (GadgeteerZA)}

@Tutanota users!

"jonahrichie09@gmail.com" does 100% *not* work at Tuta.

Do not under any circumstances click on the attached pdf.

#phishing #security #email

PS. The e-mail was forwarded to abuse@tutao.de as well as marked as phishing. DS