Posts

FOSDEM 2026’s SBOMs and Supply Chains Track Focuses on Practical Software Supply Chain Security

The SBOMs and Supply Chains track at the 2026 FOSDEM conference in Brussels is a full-day series of technical talks and presentations centered on Software Bills of Materials (SBOMs) and broader supply chain concerns in open source ecosystems. Sessions cover real-world SBOM generation and management challenges, integrating vulnerability eXchange (VEX) into development workflows, policy-as-code for active defense, large-scale SBOM collection and use, new standards like SPDX 3.1, semantic modeling of supply chains, and case studies from embedded systems to build-time tooling, giving practitioners insight into both practical tooling and evolving supply chain security practices. https://fosdem.org/2026/schedule/track/sboms-and-supply-chains/
Post a Comment
Read more

Fortinet Releases Patch for Critical SQL Injection Flaw in FortiClientEMS

Fortinet has issued security updates to fix a critical SQL injection vulnerability (CVE-2026-21643) in FortiClientEMS that allows an unauthenticated attacker to send specially crafted HTTP requests and potentially execute arbitrary code or system commands on vulnerable servers, carrying a high severity score. Administrators are urged to immediately upgrade affected 7.4.4 installations to the patched version to prevent compromise, while the broader Fortinet ecosystem continues to face multiple recent serious flaws. https://thehackernews.com/2026/02/fortinet-patches-critical-sqli-flaw.html
Post a Comment
Read more

NPM Revamps Authentication to Reduce Supply-Chain Risk but Vulnerabilities Persist

The article describes how the npm package ecosystem implemented a significant overhaul of its authentication system in December 2025 following high-profile supply-chain attacks, replacing long-lived, broadly scoped tokens with short-lived session-based credentials and promoting OIDC trusted publishing to limit compromise risk. While these changes improve security by expiring credentials faster and encouraging multifactor authentication for publishing, optional MFA bypass and phishing-based credential theft still leave projects vulnerable to malware injection and supply-chain breaches, meaning additional safeguards and best practices are still needed.  https://thehackernews.com/2026/02/npms-update-to-harden-their-supply.html
Post a Comment
Read more

AI Discovers Twelve Previously Unknown OpenSSL Vulnerabilities

The blog post reports that in the January 27, 2026 OpenSSL security release, twelve new zero-day vulnerabilities were disclosed that had not previously been known to the project’s maintainers, and an AI system from a security research team was credited with originally finding and responsibly reporting all of them during 2025. Ten received 2025 CVE identifiers and two received 2026 identifiers, with several long-standing flaws that had eluded decades of manual auditing and fuzzing, and in some cases the AI also proposed accepted patches, signaling a major impact of automated discovery on cybersecurity research and defenses. https://www.schneier.com/blog/archives/2026/02/ai-found-twelve-new-vulnerabilities-in-openssl.html
Post a Comment
Read more

Side-Channel Attacks Threaten the Privacy of Large Language Model Interactions

The essay highlights recent research showing that side-channel attacks can extract sensitive information from large language models by observing indirect signals like response timing, packet sizes, and speculative decoding behavior, even when the communication is encrypted, and the content itself is not visible to an attacker. These studies demonstrate that metadata and implementation details can leak user query topics, language, or confidential data, underscoring an urgent need for better defenses as LLMs are deployed in sensitive contexts. https://www.schneier.com/blog/archives/2026/02/side-channel-attacks-against-llms.html
Post a Comment
Read more

AI Models Now Uncover Hundreds of Previously Unknown Zero-Day Vulnerabilities

Anthropic’s Frontier Red Team explains how the company’s latest AI model, Claude Opus 4.6, has shown an unprecedented ability to autonomously find high-severity zero-day vulnerabilities in widely used open-source code without specialized instructions or tooling, reading and reasoning about code in ways traditional fuzzers do not. In tests it identified and helped validate over 500 previously unknown security flaws across major codebases, and the post also discusses efforts to report and patch these issues while building safeguards to manage the dual-use risks of such powerful automated discovery capabilities.  https://red.anthropic.com/2026/zero-days/
Post a Comment
Read more

Top Post-Quantum Cryptography Solutions and Vendors Ranked for Quantum-Safe Security

The article reviews and ranks nine post-quantum cryptography providers whose products use NIST-approved quantum-resistant algorithms to safeguard systems as quantum computing advances, driven by impending federal mandates and increasing enterprise demand. It evaluates vendors on security strength, performance, ease of integration, deployment history, use-case support, and roadmap, highlighting offerings spanning blockchain protection, enterprise crypto-agility, hardware-level security, PKI lifecycle tools, quantum entropy key systems, and quantum key distribution to address the transition from classical cryptography to quantum-safe defenses.  https://aijourn.com/top-9-post-quantum-cryptography-solutions-compared-pqc-providers-ranked/
Post a Comment
Read more