@heiseonline@social.heise.de2026-04-01 12:04:00
heise security Tour 2026: Das Programm steht – jetzt Frühbucherpreis sichern!
Die heise security Tour 2026 fokussiert auf Lieferketten-Sicherheit, Identitäts-Management und KI. Sichern Sie sich jetzt Frühbucher-Tickets!
…
@Techmeme@techhub.social2026-04-30 17:25:46
Anthropic's Claude Security, formerly Claude Code Security, is in public beta for Enterprise users; the Opus 4.7-powered tool can scan code for vulnerabilities (Marcus Schuler/Implicator.ai)
https://www.implicator.ai/anthropic-opens-claude-s…
@heiseonline@social.heise.de2026-04-30 21:09:00
@metacurity@infosec.exchange2026-04-01 11:44:05
FBI warns against using Chinese mobile apps due to privacy risks
https://www.bleepingcomputer.com/news/security/fbi-warns-against-using-chinese-mobile-apps-over-to-data-security-risks/
@mgorny@social.treehouse.systems2026-06-01 02:39:46
It's always important to have a consistent #security policy.
For example, a policy of "If somebody filed a CVE, it's an important security issue, and we will fix it as such, no matter how meaningless the fix is. If nobody did, it's just a glorified bug fix, no matter how serious the bug was."
So we've just seen a #pip security release over "installing random packages can overwrite pip's files and pip can lazy-import some of them immediately afterwards", with a fix of "pip will no longer load them until you run it again" (leaving the underlying security issue of "any #Python package can override files installed by any other Python package" as intended behavior). As Eli Schwartz beautifully put it, you are not expected to be using the virtual environment; you should create it, install packages into it (at most once!), and then frame it and put it on the wall to admire.
Now we're seeing a "bug fix" for "malicious entry point names can write outside of virtual environment". If nobody filed a CVE, it's obviously not a security issue at all. At least upstream graced us with fixing it without correcting the spec to forbid that first.
https://github.com/pypa/pip/issues/14000
@servelan@newsie.social2026-05-31 22:56:01
"All right, the president and yourself have been, had such courage in terms of doing things that past presidents, past treasury secretaries would not do. I mean, it's countless and because, I mean, if we're continuing to spend all this money on Medicare, Medicaid, Social Security, we won't have any money left to spend on anything else, right?"
Bartiromo Wants To Destroy Social Security To Pay For Forever Wars | Crooks and Liars
https://crooksandliars.com/2026/05/bartiromo-wants-destroy-social-security
@Techmeme@techhub.social2026-06-01 08:10:38
Grab says it commits to "Taiwan's data security and public trust", after reports of Grab's collaborations with China's Huawei and Alibaba sparked concerns (Kentaro Takeda/Nikkei Asia)
https://asia.nikkei.com/business/techn
@heiseonline@social.heise.de2026-04-01 16:12:00
@Techmeme@techhub.social2026-05-01 18:50:51
The FBI warns of rising cyber cargo theft, where attackers hack freight brokers' accounts and dupe carriers; 2025 cargo theft losses in N. America rose 60% YoY (Pierluigi Paganini/Security Affairs)
https://securityaffairs.com/191556/cyb
@heiseonline@social.heise.de2026-04-01 08:50:00